diff --git a/doc/npf.md b/doc/npf.md index 3db13ee7..21605762 100644 --- a/doc/npf.md +++ b/doc/npf.md @@ -130,7 +130,12 @@ where ## TLS -TLS fingerprints are formed from packets containing a TLS Client Hello message. There are two formats defined. The newer one, "tls/1", sorts the extensions into lexicographic order, to compensate for the randomization of those fields introduced by some TLS clients. The older one, "tls", does not sort those extensions into order. +TLS fingerprints are formed from packets containing a TLS Client Hello message. There are three fingerprint formats defined. The format "tls/1", sorts the extensions into lexicographic order, to compensate for the randomization of those fields introduced by some TLS clients. The recent format "tls/2" sort only the selected extensions in lexicographic order. The older one, "tls", does not sort those extensions into order. + +The "tls/2" fingerprint format is +``` + "tls/2" (TLS_Version) (TLS_Ciphersuite) [(selected_TLS_Extension)*] +``` The "tls/1" fingerprint format is @@ -160,9 +165,8 @@ where DEGREASE(extension[0:2]) otherwise. ``` -`QUIC_extension` is as defined below. - The function DEGREASE takes as input a two-byte value and returns a two-byte value. +The function DEGREASE takes as input a two-byte value and returns a two-byte value. ``` DEGREASE(x) = 0x0a0a if x is in TLS_GREASE, and @@ -184,13 +188,66 @@ TLS_EXT_FIXED = { }. ``` +selected_TLS_Extension chooses only a subset of extensions from TLS_extension as defined below, + +``` + selected_TLS_Extension = extension if DEGREASE(extension[0:2]) is in TLS_EXT_FIXED, + ENCODE(extension[0:2]) if ENCODE(extension[0:2]) is in TLS_EXT_INCLUDE, +``` + +The function ENCODE is defined as below +``` +ENCODE(x) = DEGREASE(x) if DEGREASE(x) is in TLS_EXT_INCLUDE + ENCODE_UNASSIGNED(x) if x is in TLS_UNASSIGNED + ENCODE_PRIVATE(x) if x is in TLS_PRIVATE + +``` + +The function ENCODE_UNASSIGNED and ENCODE_PRIVATE accepts a 2 byte value and returns a two byte value and is defined as below, +``` +ENCODE_UNASSIGNED(x) = 0x003e if x is in TLS_UNASSIGNED, + x otherwise +``` + +``` +ENCODE_PRIVATE(x) = 0xff00 if x is in TLS_PRIVATE, + x otherwise +``` + +The set TLS_EXT_INCLUDE, TLS_UNASSIGNEDm TLS_PRIVATE is defined as + +``` +TLS_EXT_INCLUDE = { + 0x0000, 0x0001, 0x0002, 0x0003, 0x0004, 0x0005, 0x0006, 0x0007, + 0x0008, 0x0009, 0x000a, 0x000b, 0x000c, 0x000d, 0x000e, 0x000f + 0x0010, 0x0011, 0x0012, 0x0013, 0x0014, 0x0016, 0x0017, 0x0018, + 0x0019, 0x001a, 0x001b, 0x001c, 0x001d, 0x001e, 0x001f, 0x0020, + 0x0021, 0x0022, 0x0024, 0x0025, 0x0026, 0x0027, 0x0028, 0x002b, + 0x002c, 0x002d, 0x002e, 0x002f, 0x0030, 0x0031, 0x0032, 0x0033, + 0x0034, 0x0035, 0x0036, 0x0037, 0x0038, 0x0039, 0x003a, 0x003b, + 0x003c, 0x003d, 0x003e, 0x0a0a, 0x3374, 0x5500, 0x754f, 0x7550, + 0xfd00, 0xfe0d, 0xff00, 0xff01, 0xff03, 0xffce +} + +TLS_UNASSIGNED = set of all extensions under the category "Unassigned" as per IANA + +TLS_PRIVATE = set of all extensions under the category "Reserved for Private Use" as per IANA +``` ## QUIC -QIUC fingerprints are computed from the QUIC Initial Packet. To compute this fingerprint, it is necessary to remove header protection, decrypt the QUIC Frames, reassemble the CRYPTO Frame, and then process the TLS Client Hello in that frame. If there is no CRYPTO Frame in the packet, it is not possible to compute a fingerprint. The fingerprint format is +QIUC fingerprints are computed from the QUIC Initial Packet. To compute this fingerprint, it is necessary to remove header protection, decrypt the QUIC Frames, reassemble the CRYPTO Frame, and then process the TLS Client Hello in that frame. If there is no CRYPTO Frame in the packet, it is not possible to compute a fingerprint. There are two quic fingerprint formats. The newer format "quic/1" sorts the selected extensions in lexicographic order while the older format "quic" sorts all extensions in lexicographic order. + +The "quic/1" format is + +``` +"quic/1" (QUIC_Version) (TLS_Version) (TLS_Ciphersuites) [(Selected_QUIC_Extension)* ] +``` + +The older format "quic" is ``` "quic/" (QUIC_Version) (TLS_Version) (TLS_Ciphersuites) [ QUIC_Extension* ] @@ -223,7 +280,13 @@ An example of a QUIC fingerprint is ``` quic/(ff00001d)(0303)(0a0a130113021303)[(0a0a)(0a0a)(0000)(000500050100000000)(000a000c000a0a0a001d001700180019)(000d0018001604030804040105030203080508050501080606010201)(0010000e000c0568332d32390568332d3237)(0012)(001b0003020001)(002b0005040a0a0304)(002d00020101)(0033)((ffa5)[(04)(05)(06)(07)(09)(0e)(0f)])] ``` +- `Selected_QUIC_Extension` chooses only a subset of Quic Extensions and is defined as below +``` +Selected_QUIC_Extension = extension if DEGREASE(extension[0:2]) is in TLS_EXT_FIXED, + QTP(extension) if extension[0:2] is in { 0x0039, 0xffa5 }, + ENCODE(extension[0:2]) if ENCODE(extension[0:2]) is in TLS_EXT_INCLUDE, +``` ## HTTP @@ -344,3 +407,4 @@ A secondary goal is to handle fingerprints generated from truncated protocol mes The JA3 fingerprinting system has a relatively compact representation, consisting of 32 hex characters, but it only applies to TLS, is not reversible, and does not utilize GREASE information. The original mercury fingerprinting system is reversible, utilizes GREASE, and applies to multiple protocols, but it does not contain an explicit indication of the protocol, and is not compact. Neither system allows to indicate versioning information that would enable the details of the fingerprinting scheme to adapt over time. This note defines a fingerprint naming scheme that aims to provide the benefits of both systems, along with explicit information about protocols and versions, drawing inspiration from the [Common Platform Enumeration](https://nvd.nist.gov/products/cpe) naming system. + diff --git a/doc/tls_extn_sort_autogen.md b/doc/tls_extn_sort_autogen.md new file mode 100644 index 00000000..fedc7d83 --- /dev/null +++ b/doc/tls_extn_sort_autogen.md @@ -0,0 +1,167 @@ +# Autogeneration of C++ helper code to sort TLS extensions + +## Sorting TLS extensions in fingerprint string +The TLS fingerprint string consists of TLS version, cipher suites and TLS extensions. The TLS extensions in fingerprints are sorted starting from fingerprint format 1 and above. In general the time complexity to sort is O(nlogn). Sorting can be done in linear time if the values to be sorted are known before hand. For tls extension use case, modified version of counting sort is used. + +### Algorithm for sorting tls extensions in linear time: + +1. Prepare tls_include_list which contains the list of TLS extensions that are part of the fingerprint string. +2. Sort the tls_include_list and use hash table to store the sorted indices of each extension in tls_include_list. +2. Create an auxiliary array of the size of tls_include_list to store the extension and its count and initialize the count to zero. +3. For each extension in the input, get the sorted index of the extension by performing hash table lookup. Store the extension in the retrieved index of auxiliary array and increment the count. +4. Now do the final pass in the auxiliary array to read the count of each element. While the count is positive, print the element and decrement the count to get the sorted tls extensions. + +The hash table mentioned above needs rework as when there is modification to the TLS extension include list. + +Mercury package provides tls_csv utility which can generate C++ classes and supporting apis required to sort tls extensions based on the above mentioned algorithm. The autogeneration code for tls_csv utility is present under src/tables folder in the mercury repository and source code is present in src/tables/tls_extension_generator.cc. + +## How to use tls_csv utility to generate C++ classes + +tls_csv utility can be run as below + +``` + ./tls_csv outfile= include_extensions= : [ : ... ] +``` + `outfile` - writes the header file with name + + `include_extensions` - reads the input text file + + `` - input csv file + + `` - name of the class name in the output header file + + + +### CSV files containing tls extension type code and name +The tls_csv reads one or more CSV files which contains the mapping between tls extension type code and the name. The Makefile in the src/tables has the changes to download the csv files from the IANA site. + +Sample csv file +``` +Value,Extension Name,TLS 1.3,DTLS-Only,Recommended,Reference +0,server_name,"CH, EE, CR",N,Y,[RFC6066][RFC9261] +1,max_fragment_length,"CH, EE",N,N,[RFC6066][RFC8449] +2,client_certificate_url,-,N,Y,[RFC6066] +``` +The tls_csv utility uses the values from the first two columns - Value and Extension Name. + +### Text file with TLS extensions that need to be part of fingerprint string +It also reads a text file which contains the comma separated list of tls extensions that needs to be part of the fingerprint. The extensions values can also contain a range of tls extensions whose format is [start_range-end_range] + +Example: + +> 0-20,22-34,36-40,43-62,2570 + +Mercury package has the input text file local_include_extension.txt and is present in the path src/tables/source. This file needs to be edited for any change in the tls extensions include list. + +## Compiling tls_csv utility +The Makefile in src/folder has the required changes to compile tls_csv utility. + +To compile the changes, do either of the below + +> make + +This will compile both csv and tls_csv utility + + +> make tls + +This will compile the tls_csv utility only. + +## Running tls_csv utility + +Let us see how to run the tls_csv file and understand its output +``` +./tls_csv outfile=tls_extensions.h verbose=true dir=source include_extensions=local_include_extension.txt tls-extensiontype-values-1.csv:tls_extensions_assign +``` +Running the tls_csv will write the header file tls_extensions.h and it will create the class with name tls_extensions_assign. + +Let us understand the autogenerated code with a sample output from tls_csv utility. + +``` +// tls_extensions.h +// +// this file was autogenerated at 2024-02-14T10:17:23Z +// you should edit the source file(s) instead of this one +// +// source files: +// tls-extensiontype-values-1.csv +// + +#ifndef TLS_EXTENSIONS_H +#define TLS_EXTENSIONS_H + +#include + +class tls_extensions_assign{ + static std::unordered_map& get_mapping_index() { + static std::unordered_map mapping_index = { + { 0, 0}, + { 1, 1}, + { 2, 2}, + { 3, 3}, + { 4, 4}, + { 5, 5}, + { 6, 6}, + .... + .... + { 65037, 65}, + { 65280, 66}, + { 65281, 67}, + { 65283, 68}, + { 65486, 69}, + }; + return mapping_index; + } + +public: + static constexpr uint16_t include_list_len = 70; + + tls_extensions_assign() {} + + static int32_t get_index(uint16_t type) { + static const std::unordered_map &mapping_index = get_mapping_index(); + auto it = mapping_index.find(type); + if (it != mapping_index.end()) { + return(it->second); + } + return -1; + } + + static constexpr uint16_t smallest_private_extn = 65280; + + static constexpr uint16_t smallest_unassigned_extn = 62; + +}; + + +#endif // TLS_EXTENSIONS_H +``` + +Let us look at how the class is created by reading the input files. + +#### Step 1 +The text file local_include_extension.txt is read and parsed to create a list of tls extensions and sort the list. The sorted list is used to created the unordered map that is present in the output file with type code as the key and its position in the sorted list as the value. + +#### Step 2 +A static variable include_list_len is initialized with the length of tls extensions include list. + +#### Step 3 +The input csv file tls-extensiontype-values-1.csv is parsed to find the smallest tls extension in Unassigned and Reserved for Private Use range. These values are used to initialize the two static variables smallest_unassigned_extn and smallest_private_extn in the class. + +### Step 4 +Add required helper functions to complete the class. + +Member function get_index() + + +`Input Parameter` - tls extension type code +`Output Parameters` - Returns the index of the sorted position of the tls extension code in the tls extension include list. + - Returns -1 if the extension is not part of the tls extension include list. + +## References +Counting Sort - https://www.geeksforgeeks.org/counting-sort/ + + + + + diff --git a/src/intercept.cc b/src/intercept.cc index 72850848..a60af419 100644 --- a/src/intercept.cc +++ b/src/intercept.cc @@ -826,7 +826,7 @@ class intercept { } pkt_proc_ctx->analysis.fp.init(); - std::visit(compute_fingerprint{pkt_proc_ctx->analysis.fp, pkt_proc_ctx->global_vars.tls_fingerprint_format}, (is_tcp ? tcp_proto : udp_proto)); + std::visit(compute_fingerprint{pkt_proc_ctx->analysis.fp, pkt_proc_ctx->global_vars.fp_format}, (is_tcp ? tcp_proto : udp_proto)); if (pkt_proc_ctx->analysis.fp.get_type() != fingerprint_type_unknown) { @@ -916,7 +916,7 @@ class intercept { } pkt_proc_ctx->analysis.fp.init(); - std::visit(compute_fingerprint{pkt_proc_ctx->analysis.fp, pkt_proc_ctx->global_vars.tls_fingerprint_format}, (is_tcp ? tcp_proto : udp_proto)); + std::visit(compute_fingerprint{pkt_proc_ctx->analysis.fp, pkt_proc_ctx->global_vars.fp_format}, (is_tcp ? tcp_proto : udp_proto)); if (pkt_proc_ctx->analysis.fp.get_type() != fingerprint_type_unknown) { pkt_proc_ctx->analysis.fp.write(record); } diff --git a/src/libmerc/Makefile.in b/src/libmerc/Makefile.in index d8fb1fff..60f76736 100644 --- a/src/libmerc/Makefile.in +++ b/src/libmerc/Makefile.in @@ -92,6 +92,7 @@ LIBMERC_H += smb1.h LIBMERC_H += smb2.h LIBMERC_H += bencode.h LIBMERC_H += bittorrent.h +LIBMERC_H += tls_extensions.h # asn1/oid.cc and asn1/oid.h are auto-built from ASN1 files in the # asn1 subdirectory; this is a pattern target that builds both files diff --git a/src/libmerc/analysis.h b/src/libmerc/analysis.h index 67a597ce..5c6b6f5f 100644 --- a/src/libmerc/analysis.h +++ b/src/libmerc/analysis.h @@ -785,6 +785,7 @@ class classifier { std::vector fp_types; size_t tls_fingerprint_format = 0; + size_t quic_fingerprint_format = 0; bool first_line = true; // the common object holds data that is common across all @@ -810,6 +811,8 @@ class classifier { size_t get_tls_fingerprint_format() const { return tls_fingerprint_format; } + size_t get_quic_fingerprint_format() const { return quic_fingerprint_format; } + static std::pair get_fingerprint_type_and_version(const std::string &s) { fingerprint_type type = fingerprint_type_unknown; unsigned int version = 0; @@ -918,7 +921,9 @@ class classifier { std::pair fingerprint_type_and_version = get_fingerprint_type_and_version(fp_string.c_str()); if (fp_type_code != fingerprint_type_and_version.first) { - printf_err(log_warning, "fingerprint type of str_repr '%s' does not match fp_type, ignorning JSON line\n", fp_string.c_str()); + printf_err(log_warning, + "fingerprint type of str_repr '%s' does not match fp_type, ignorning JSON line\n", + fp_string.c_str()); return; } @@ -929,7 +934,23 @@ class classifier { tls_fingerprint_format = fingerprint_type_and_version.second; } else { if (fingerprint_type_and_version.second != tls_fingerprint_format) { - printf_err(log_warning, "fingerprint version with inconsistent format, ignoring JSON line\n"); + printf_err(log_warning, + "%s fingerprint version with inconsistent format, ignoring JSON line\n", + fp_type_string.c_str()); + return; + } + } + first_line = false; + } + + if (fingerprint_type_and_version.first == fingerprint_type_quic) { + if (first_line == true) { + quic_fingerprint_format = fingerprint_type_and_version.second; + } else { + if (fingerprint_type_and_version.second != quic_fingerprint_format) { + printf_err(log_warning, + "%s fingerprint version with inconsistent format, ignoring JSON line\n", + fp_type_string.c_str()); return; } } diff --git a/src/libmerc/global_config.h b/src/libmerc/global_config.h index a2866fbd..290fe911 100644 --- a/src/libmerc/global_config.h +++ b/src/libmerc/global_config.h @@ -28,6 +28,94 @@ struct global_config; static void setup_extended_fields(global_config* lc, const std::string& config); +class fingerprint_format { + static constexpr const char* protocol_delim = ","; + static constexpr const char* format_delim = "/"; + +public: + size_t tls_fingerprint_format; + size_t quic_fingerprint_format; + + fingerprint_format() : + tls_fingerprint_format{0}, + quic_fingerprint_format{0} { } + + void set_tls_fingerprint_format(size_t format_version) { + tls_fingerprint_format = format_version; + } + + void set_quic_fingerprint_format(size_t format_version) { + quic_fingerprint_format = format_version; + } + + bool get_protocol_and_set_fp_format(std::string &format_str) { + std::string protocol; + std::string format_version; + + size_t pos = 0; + + pos = format_str.find(fingerprint_format::format_delim); + + if (pos != std::string::npos) { + protocol = format_str.substr(0, pos); + format_version = format_str.substr(pos+1); + } else { + protocol = format_str; + } + + if (protocol == "tls") { + if (format_version == "") { + tls_fingerprint_format = 0; + } else if (format_version == "1") { + tls_fingerprint_format = 1; + } else if (format_version == "2") { + tls_fingerprint_format = 2; + } else { + printf_err(log_warning, "warning: unknown fingerprint format: %s; using default instead\n", format_str.c_str()); + return false; + } + } else if (protocol == "quic") { + if (format_version == "") { + quic_fingerprint_format = 0; + } else if (format_version == "1") { + quic_fingerprint_format = 1; + } else { + printf_err(log_warning, "warning: unknown fingerprint format: %s; using default instead\n", format_str.c_str()); + return false; + } + } else { + printf_err(log_warning, "warning: unknown fingerprint format: %s; using default instead\n", format_str.c_str()); + return false; + } + return true; + } + + bool set_fingerprint_format(const std::string &format_string) { + if (!format_string.empty()) { + std::string token; + size_t start_pos = 0; + size_t current_pos = 0; + while ((current_pos = format_string.find(fingerprint_format::protocol_delim, start_pos)) != std::string::npos) { + token = format_string.substr(start_pos, current_pos); + token.erase(std::remove_if(token.begin(), token.end(), isspace), token.end()); + start_pos = current_pos + 1; + + if (!get_protocol_and_set_fp_format(token)) { + return false; + } + } + + if (start_pos < format_string.length()) { + token = format_string.substr(start_pos); + if (!get_protocol_and_set_fp_format(token)) { + return false; + } + } + } + return true; + } +}; + struct global_config : public libmerc_config { private: @@ -39,9 +127,7 @@ struct global_config : public libmerc_config { // extended configs std::string temp_proto_str; bool tcp_reassembly = false; /* reassemble tcp segments */ - size_t tls_fingerprint_format = 0; // default fingerprint format - - void set_tls_fingerprint_format(size_t format) { tls_fingerprint_format = format; } + fingerprint_format fp_format; // default fingerprint format global_config() : libmerc_config(), tcp_reassembly{false} {}; global_config(const libmerc_config& c) : libmerc_config(c), tcp_reassembly{false} { @@ -104,6 +190,7 @@ struct global_config : public libmerc_config { { "openvpn_tcp", false }, { "mysql", false }, { "tofsee", false }, + { "socks", false }, }; bool set_protocols(const std::string& data) { @@ -137,17 +224,6 @@ struct global_config : public libmerc_config { return true; } - bool set_fingerprint_format(const std::string &s) { - if (s == "tls") { - tls_fingerprint_format = 0; - } else if (s == "tls/1") { - tls_fingerprint_format = 1; - } else { - printf_err(log_warning, "warning: unknown fingerprint format: %s; using default instead\n", s.c_str()); - return false; - } - return true; - } }; static void setup_extended_fields(global_config* lc, const std::string& config) { @@ -155,7 +231,7 @@ static void setup_extended_fields(global_config* lc, const std::string& config) std::vector options = { {"select", "-s", "--select", SETTER_FUNCTION(&lc){ lc->set_protocols(s); }}, {"resources", "", "", SETTER_FUNCTION(&lc){ lc->set_resource_file(s); }}, - {"format", "", "", SETTER_FUNCTION(&lc){ lc->set_fingerprint_format(s); }}, + {"format", "", "", SETTER_FUNCTION(&lc){ lc->fp_format.set_fingerprint_format(s); }}, {"tcp-reassembly", "", "", SETTER_FUNCTION(&lc){ lc->tcp_reassembly = true; }} }; diff --git a/src/libmerc/pkt_proc.cc b/src/libmerc/pkt_proc.cc index 3a9b8f90..66e108ab 100644 --- a/src/libmerc/pkt_proc.cc +++ b/src/libmerc/pkt_proc.cc @@ -269,6 +269,15 @@ void stateful_pkt_proc::set_tcp_protocol(protocol &x, case tcp_msg_type_tofsee_initial_message: x.emplace(pkt); break; + case tcp_msg_type_socks4: + x.emplace(pkt); + break; + case tcp_msg_type_socks5_hello: + x.emplace(pkt); + break; + case tcp_msg_type_socks5_req_resp: + x.emplace(pkt); + break; default: if (is_new && global_vars.output_tcp_initial_data) { x.emplace(pkt); @@ -628,7 +637,7 @@ size_t stateful_pkt_proc::ip_write_json(void *buffer, // process transport/application protocol // if (std::visit(is_not_empty{}, x)) { - std::visit(compute_fingerprint{analysis.fp, global_vars.tls_fingerprint_format}, x); + std::visit(compute_fingerprint{analysis.fp, global_vars.fp_format}, x); bool output_analysis = false; if (global_vars.do_analysis && analysis.fp.get_type() != fingerprint_type_unknown) { output_analysis = std::visit(do_analysis{k, analysis, c}, x); @@ -849,7 +858,7 @@ bool stateful_pkt_proc::analyze_ip_packet(const uint8_t *packet, // process protocol data element // if (std::visit(is_not_empty{}, x)) { - std::visit(compute_fingerprint{analysis.fp, global_vars.tls_fingerprint_format}, x); + std::visit(compute_fingerprint{analysis.fp, global_vars.fp_format}, x); if (global_vars.do_analysis && analysis.fp.get_type() != fingerprint_type_unknown) { // re-initialize the structure that holds analysis results diff --git a/src/libmerc/pkt_proc.h b/src/libmerc/pkt_proc.h index eec81620..ef8ab0a2 100644 --- a/src/libmerc/pkt_proc.h +++ b/src/libmerc/pkt_proc.h @@ -64,9 +64,13 @@ struct mercury { // set fingerprint formats to match those in the resource file // - size_t resources_tls_format = c->get_tls_fingerprint_format(); - global_vars.set_tls_fingerprint_format(resources_tls_format); - printf_err(log_info, "setting tls fingerprint format to match resource file (format: %zu)\n", resources_tls_format); + size_t format = c->get_tls_fingerprint_format(); + global_vars.fp_format.set_tls_fingerprint_format(format); + printf_err(log_info, "setting tls fingerprint format to match resource file (format: %zu)\n", format); + + format = c->get_quic_fingerprint_format(); + global_vars.fp_format.set_quic_fingerprint_format(format); + printf_err(log_info, "setting quic fingerprint format to match resource file (format: %zu)\n", format); } } diff --git a/src/libmerc/pkt_proc_util.h b/src/libmerc/pkt_proc_util.h index 269f2d28..03d38c8a 100644 --- a/src/libmerc/pkt_proc_util.h +++ b/src/libmerc/pkt_proc_util.h @@ -44,6 +44,9 @@ class smtp_client; class smtp_server; class dnp3; class tofsee_initial_message; +class socks5_req_resp; +class socks5_hello; +class socks4_req; class unknown_initial_packet; class quic_init; // start of udp protocols struct wireguard_handshake_init; @@ -99,7 +102,10 @@ using protocol = std::variant; // class unknown_initial_packet represents the initial data field of a @@ -240,9 +246,9 @@ struct write_metadata { struct compute_fingerprint { fingerprint &fp_; - size_t format_version; + fingerprint_format format_version; - compute_fingerprint(fingerprint &fp, size_t format=0) : fp_{fp}, format_version{format} { + compute_fingerprint(fingerprint &fp, fingerprint_format _format_version) : fp_{fp}, format_version{_format_version} { fp.init(); } @@ -252,7 +258,11 @@ struct compute_fingerprint { } void operator()(tls_client_hello &msg) { - msg.compute_fingerprint(fp_, format_version); + msg.compute_fingerprint(fp_, format_version.tls_fingerprint_format); + } + + void operator()(quic_init &msg) { + msg.compute_fingerprint(fp_, format_version.quic_fingerprint_format); } void operator()(std::monostate &) { } diff --git a/src/libmerc/proto_identify.h b/src/libmerc/proto_identify.h index 8b2317b0..f5bf5797 100644 --- a/src/libmerc/proto_identify.h +++ b/src/libmerc/proto_identify.h @@ -42,6 +42,7 @@ #include "bittorrent.h" #include "mysql.hpp" #include "tofsee.hpp" +#include "socks.h" enum tcp_msg_type { tcp_msg_type_unknown = 0, @@ -64,6 +65,9 @@ enum tcp_msg_type { tcp_msg_type_bittorrent, tcp_msg_type_mysql_server, tcp_msg_type_tofsee_initial_message, + tcp_msg_type_socks4, + tcp_msg_type_socks5_hello, + tcp_msg_type_socks5_req_resp, }; enum udp_msg_type { @@ -138,6 +142,18 @@ class protocol_identifier { { return (200 == pkt.length()); } + case tcp_msg_type_socks4: + { + return (socks4_req::get_payload_length(pkt) == pkt.length()); + } + case tcp_msg_type_socks5_hello: + { + return (socks5_hello::get_payload_length(pkt) == pkt.length()); + } + case tcp_msg_type_socks5_req_resp: + { + return (socks5_req_resp::get_payload_length(pkt) == pkt.length()); + } default: return true; } @@ -411,6 +427,14 @@ class traffic_selector { udp.add_protocol(quic_initial_packet::matcher, udp_msg_type_quic); } + if (protocols["socks"] || protocols["all"]) { + tcp4.add_protocol(socks4_req::matcher, tcp_msg_type_socks4); + tcp4.add_protocol(socks5_hello::matcher, tcp_msg_type_socks5_hello); + //tcp4.add_protocol(socks5_usr_pass::matcher, tcp_msg_type_socks5_usr_pass); + //tcp4.add_protocol(socks5_gss::matcher, tcp_msg_type_socks5_gss); + tcp4.add_protocol(socks5_req_resp::matcher, tcp_msg_type_socks5_req_resp); + } + // add tofsee, but keep at the absolute end of matcher lists, as tofsee only // has a length based matcher if (protocols["tofsee"] || protocols["all"]) { diff --git a/src/libmerc/quic.h b/src/libmerc/quic.h index c6d15af8..c02b288d 100644 --- a/src/libmerc/quic.h +++ b/src/libmerc/quic.h @@ -1300,7 +1300,6 @@ struct quic_hdr_fp { class quic_client_hello : public tls_client_hello { public: void fingerprint(struct buffer_stream &buf, size_t format_version) const { - (void)format_version; if (is_not_empty() == false) { return; } @@ -1320,8 +1319,11 @@ class quic_client_hello : public tls_client_hello { /* * copy extensions vector */ - extensions.fingerprint_quic_tls(buf, tls_role::client); - + if (format_version == 1) { + extensions.fingerprint_format2(buf, tls_role::client); + } else { + extensions.fingerprint_quic_tls(buf, tls_role::client); + } } }; @@ -1524,7 +1526,7 @@ class quic_init { quic_record.close(); } - void compute_fingerprint(class fingerprint &fp) const { + void compute_fingerprint(class fingerprint &fp, size_t format_version) const { // fingerprint format: quic:(quic_version)(tls fingerprint) // @@ -1536,10 +1538,10 @@ class quic_init { } if (hello.is_not_empty()) { - fp.set_type(fingerprint_type_quic); + fp.set_type(fingerprint_type_quic, format_version); quic_hdr_fp hdr_fp(initial_packet.version); fp.add(hdr_fp); - fp.add(hello, 0); // note: using quic format=0 + fp.add(hello, format_version); fp.final(); } } diff --git a/src/libmerc/socks.h b/src/libmerc/socks.h new file mode 100644 index 00000000..b589d716 --- /dev/null +++ b/src/libmerc/socks.h @@ -0,0 +1,587 @@ +/* + * socks.h + * + * Copyright (c) 2021 Cisco Systems, Inc. All rights reserved. License at + * https://github.com/cisco/mercury/blob/master/LICENSE + */ + +/* + * \file socks.h + * + * \brief interface file for SOCKS4, SOCKS5, and sub-auth code + */ +#ifndef SOCKS_H +#define SOCKS_H + +#include "json_object.h" +#include "match.h" +#include "protocol.h" + +#include + +// SOCKS4_a and SOCKS4_c(SOCKS4_a with domain name) +// + +// socks4_req +// 0 1 2 3 +// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | VER | CMD | Dst port | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | Dst IP | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | | +// + ID(Var bytes null term) .... + +// | | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | | +// + Domain(Var bytes null term) .... + +// | | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// +class socks4_req : public base_protocol { + encoded version; + encoded cmd; + encoded port; + encoded ip; + datum id; + datum domain; + bool socks4a; // true if extended ver of SOCKS4_c, called SOCKS4_a, with domain name + bool is_valid; + + void parse(datum &pkt) { + id.parse_up_to_delim(pkt, 0x00); + if (id.data_end == pkt.data_end) { + // delim not found + return; + } + if (id.data_end == (pkt.data_end-1)) { + // no domain name + is_valid = true; + return; + } + pkt.skip(1); // skip 0x00 + domain.parse_up_to_delim(pkt, 0x00); + if (domain.data_end == pkt.data_end) { + // delim not found + return; + } + if (domain.data_end == (pkt.data_end-1)) { + is_valid = true; + socks4a = true; + return; + } + // did not reach pkt end + is_valid = false; + return; + } + +public: + socks4_req(datum &pkt) : + version{pkt}, + cmd{pkt}, + port{pkt}, + ip{pkt, true}, + id{nullptr,nullptr}, + domain{nullptr,nullptr}, + socks4a{false}, + is_valid{false} { parse(pkt); } + + static constexpr mask_and_value<4> matcher{ + { 0xff, 0xfc, 0x00, 0x00 }, + { 0x04, 0x00, 0x00, 0x00 } + }; + + // For SOCKS4, skipping the ver, cmd, port, ip, user-id follows (printable ASCII) and null byte + // followed by optional domain name and null byte + // check first and last byte of id for ascii printable and null termination + static ssize_t get_payload_length(datum pkt) { + ssize_t len = pkt.length(); + pkt.skip(8); + if (!pkt.is_not_empty()) { + return 0; + } + if ((pkt.length() == 1 && *pkt.data == 0x00) + || ((*pkt.data>=32 || *pkt.data==0x00) && *(pkt.data_end-2)>=32 && *(pkt.data_end-1)==0x00)) { + return len; + } + else { + return 0; + } + } + + uint8_t get_code() const {return cmd;} + + const char* get_code_str() const { + switch (cmd) { + case 0x01 : return "CONNECT"; + case 0x02 : return "BIND"; + default : return nullptr; + } + } + + void write_json(struct json_object &record, bool output_metadata) { + if (!is_valid) { + return; + } + json_object socks4_pkt(record, "socks4"); + type_codes code(*this); + socks4_pkt.print_key_value("cmd", code); + socks4_pkt.print_key_int("port",port); + if (output_metadata) { + uint32_t ip_val = (ip.value()); + socks4_pkt.print_key_ipv4_addr("ip",(uint8_t*)&ip_val); + } + socks4_pkt.print_key_json_string("id",id); + if (socks4a) { + if (output_metadata) { + socks4_pkt.print_key_bool("socks4a", true); + } + socks4_pkt.print_key_json_string("domain",domain); + } + socks4_pkt.close(); + } + + bool is_not_empty() const { return (is_valid); } +}; + + + +// SOCKS5 +// +struct socks5_auth_code { + encoded code; + + socks5_auth_code(datum &code_list) : code{code_list} {} + + uint8_t get_code() const { return code.value(); } + + const char* get_code_str() const { + switch (code) { + case 0x00 : return "NO_AUTH"; + case 0x01 : return "GSSAPI"; + case 0x02 : return "USER_PASS"; + case 0x03 : return "CHALLENGE_HANDSHAKE_AUTH"; + case 0x04 : return "UNASSIGNED"; + case 0x05 : return "CHALLENGE_RESPONSE_AUTH"; + case 0x06 : return "SSL"; + case 0x07 : return "NDS"; + case 0x08 : return "MULTI_AUTH_FRAMEWORK"; + case 0x09 : return "JSON_FRAMEWORK_BLOCK"; + case 0x86 : return "SSL"; + default : + if (code < 0x7F) { + return "UNASSIGNED"; + } + else if (code < 0xFE) { + return "PRIVATE"; + } + else return "NO_MATCH"; + } + } + + void write_json(struct json_array &record) { + record.print_string(get_code_str()); + } +}; + +// socks5_hello +// 0 1 2 3 +// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | VER | NAUTH(x) | | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +// | AUTHS (x Bytes) .... | +// + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// + +class socks5_hello : public base_protocol { + encoded version; + encoded nauth; + datum auths; + bool valid; + +public: + socks5_hello(datum &pkt) : + version{pkt}, + nauth{pkt}, + auths{pkt,nauth}, + valid{true} {} + + static constexpr mask_and_value<4> matcher{ + { 0xff, 0xf0, 0x00, 0x00 }, + { 0x05, 0x00, 0x00, 0x00 } + }; + + bool is_not_empty() const { return (valid); } + + static ssize_t get_payload_length(datum pkt) { + pkt.skip(1); + return 1 + 1 + encoded{pkt}.value(); + } + + void write_json(json_object &record, bool metadata) { + if (!valid) { + return; + } + json_object socks_pkt(record, "socks5"); + if (metadata) { + socks_pkt.print_key_int("nauth", nauth); + } + json_array auth_list(socks_pkt,"auth_list"); + while (auths.is_not_empty()) { + socks5_auth_code code(auths); + code.write_json(auth_list); + } + auth_list.close(); + socks_pkt.close(); + } +}; + +// socks5_usr_pass +// 0 1 2 3 +// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | VER | IDLENH(x) | | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +// | ID (x Bytes) .... | +// + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | | PWLEN(y) | | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +// | PW (y Bytes) .... | +// + +-+-+-+-+-+-+-+-+ +// | | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// + +class socks5_usr_pass { + encoded version; + encoded id_len; + datum id; + encoded pw_len; + datum pw; + bool valid; + +public: + socks5_usr_pass(datum &pkt) : + version{pkt}, + id_len{pkt}, + id{pkt,id_len}, + pw_len{pkt}, + pw{pkt,pw_len}, + valid{true} {} + + static constexpr mask_and_value<4> matcher{ + { 0xff, 0x00, 0x00, 0x00 }, + { 0x01, 0x00, 0x00, 0x00 } + }; + + static ssize_t get_payload_length(datum pkt) { + ssize_t len = 3; + pkt.skip(1); + len += encoded{pkt}.value(); + pkt.skip(len-3); + len += encoded{pkt}.value(); + return len; + } + + bool is_not_empty() { return valid; } + + void write_json(json_object &record, bool metadata) { + if (!valid) { + return; + } + json_object auth_pkt{record,"socks5_usrpass"}; + if (metadata) { + auth_pkt.print_key_int("id_len",id_len); + } + auth_pkt.print_key_json_string("id",id); + if (metadata) { + auth_pkt.print_key_int("pw_len",pw_len); + } + auth_pkt.print_key_json_string("pw",pw); + auth_pkt.close(); + } +}; + +// socks5_gss +// 0 1 2 3 +// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | VER | MTYPE | LEN(x) | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | | +// + DATA (x Bytes) .... + +// | | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// + +class socks5_gss { + encoded ver; + encoded mtype; + encoded tok_len; + datum tok; + bool valid; + +public: + socks5_gss(datum &pkt): + ver{pkt}, + mtype{pkt}, + tok_len{pkt}, + tok{pkt,tok_len.value()}, + valid{true} {} + + static constexpr mask_and_value<4> matcher{ + { 0xff, 0xfc, 0x00, 0x00 }, + { 0x01, 0x00, 0x00, 0x00 } + }; + + static ssize_t get_payload_length(datum pkt) { + pkt.skip(2); + return 2 + 2 + encoded{pkt}.value(); + } + + bool is_not_empty() { return valid; } + + const char* get_code_str() const { + switch (mtype) { + case 0x00 : return "null"; + case 0x01 : return "auth"; + case 0x02 : return "security_level"; + case 0x03 : return "enc_msg"; + default : return "null"; + } + } + + void write_json(json_object &record, bool metadata) { + if (!valid) { + return; + } + json_object auth_pkt{record,"socks5_gss"}; + auth_pkt.print_key_string("mtype",get_code_str()); + if (metadata) { + auth_pkt.print_key_int("msg_len",tok_len); + } + auth_pkt.close(); + } +}; + +struct socks5_domain { + encoded len; + datum domain; + + socks5_domain(datum &pkt) : len{pkt}, domain{pkt,len.value()} {} + + void write_json(json_object &record) { + record.print_key_json_string("domain",domain); + } +}; + +namespace socks_var { + template struct overloaded : Ts... { using Ts::operator()...; }; + template overloaded(Ts...) -> overloaded; +}; + +struct socks5_addr { + using var_addr = std::variant, datum, socks5_domain>; + encoded type; + var_addr addr; + + void write_json_addr(socks5_domain &domain, json_object &o) { domain.write_json(o); } + + void write_json_addr(encoded &ip, json_object &o) { + uint32_t ip_val = (ip.value()); + o.print_key_ipv4_addr("ipv4",(uint8_t*)&ip_val); + } + + void write_json_add(datum &ip, json_object &o){ + o.print_key_ipv6_addr("ipv6",ip.begin()); + } + + void write_json_addr(std::monostate &, json_object &o) { + o.print_key_string("addr","invalid"); + } + + template void write_json_addr(T &,json_object &o ) { + o.print_key_string("addr","invalid"); + } + + socks5_addr (datum &pkt) : type{pkt} { + switch (type) { + case 0x01 : { + addr.emplace >(pkt,true); + break; + } + case 0x03 : { + addr.emplace(pkt); + break; + } + case 0x04 : { + addr.emplace(pkt,16); + break; + } + default : { + addr.emplace(); + break; + } + } + } + + void write_json(json_object &record, bool metadata) { + if (metadata) { + record.print_key_int("addr_type",type); + } + std::visit(socks_var::overloaded{ + [&](auto &address) { + write_json_addr(address,record); + }, + }, addr); + } + +}; + +// socks5_req_resp +// 0 1 2 3 +// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | VER | CMD | RSV | | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +// | ADDR(4/16/Var bytes) .... | +// + +-+-+-+-+-+-+-+-+ +// | | Port | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +// | | +// +-+-+-+-+-+-+-+-+ +// +class socks5_req_resp : public base_protocol { + encoded version; + encoded cmd; + encoded rsv; + socks5_addr addr; + encoded dst_port; + bool valid; + +public: + socks5_req_resp(datum &pkt) : + version{pkt}, + cmd{pkt}, + rsv{pkt}, + addr{pkt}, + dst_port{pkt}, + valid{true} {} + + bool is_not_empty() { return valid; } + + static constexpr mask_and_value<4> matcher{ + { 0xff, 0xf0, 0xff, 0xf8 }, + { 0x05, 0x00, 0x00, 0x00 } + }; + + static ssize_t get_payload_length(datum pkt) { + ssize_t len = pkt.length(); + pkt.skip(4); + encodeddom_len{pkt}; + if ((len == 10) || (len == 22) || (len == (7 + dom_len))) { + return len; + } + else { + return 0; + } + } + + const char *get_cmd_str() const { + switch(cmd) { + case 0x00 : return "request_granted"; + case 0x01 : return "tcp_conn_or_gen_failure"; + case 0x02 : return "tcp_bind_or_not_allowed"; + case 0x03 : return "udp_port_or_net_unreach"; + case 0x04 : return "host_unreach"; + case 0x05 : return "conn_refused"; + case 0x06 : return "ttl_expire"; + case 0x07 : return "proto_err"; + case 0x08 : return "addr_unsupp"; + default : return "NULL"; + } + } + + void write_json(json_object &record, bool metadata) { + json_object socks5_pkt{record, "socks5_req_resp"}; + socks5_pkt.print_key_string("cmd",get_cmd_str()); + addr.write_json(socks5_pkt,metadata); + socks5_pkt.print_key_int("dst_port",dst_port); + socks5_pkt.close(); + } +}; + +namespace { + + [[maybe_unused]] int socks5_req_resp_fuzz_test(const uint8_t *data, size_t size) { + struct datum pkt_data{data, data+size}; + char buffer[8192]; + struct buffer_stream buf_json(buffer, sizeof(buffer)); + struct json_object record(&buf_json); + + socks5_req_resp socks_pkt{pkt_data}; + if (socks_pkt.is_not_empty()) { + socks_pkt.write_json(record, true); + } + return 0; + } + + [[maybe_unused]] int socks4_req_fuzz_test(const uint8_t *data, size_t size) { + struct datum pkt_data{data, data+size}; + char buffer[8192]; + struct buffer_stream buf_json(buffer, sizeof(buffer)); + struct json_object record(&buf_json); + + socks4_req socks_pkt{pkt_data}; + if (socks_pkt.is_not_empty()) { + socks_pkt.write_json(record, true); + } + return 0; + } + + [[maybe_unused]] int socks5_hello_fuzz_test(const uint8_t *data, size_t size) { + struct datum pkt_data{data, data+size}; + char buffer[8192]; + struct buffer_stream buf_json(buffer, sizeof(buffer)); + struct json_object record(&buf_json); + + socks5_hello socks_pkt{pkt_data}; + if (socks_pkt.is_not_empty()) { + socks_pkt.write_json(record, true); + } + return 0; + } + + [[maybe_unused]] int socks5_usr_pass_fuzz_test(const uint8_t *data, size_t size) { + struct datum pkt_data{data, data+size}; + char buffer[8192]; + struct buffer_stream buf_json(buffer, sizeof(buffer)); + struct json_object record(&buf_json); + + socks5_usr_pass socks_pkt{pkt_data}; + if (socks_pkt.is_not_empty()) { + socks_pkt.write_json(record, true); + } + return 0; + } + + [[maybe_unused]] int socks5_gss_fuzz_test(const uint8_t *data, size_t size) { + struct datum pkt_data{data, data+size}; + char buffer[8192]; + struct buffer_stream buf_json(buffer, sizeof(buffer)); + struct json_object record(&buf_json); + + socks5_gss socks_pkt{pkt_data}; + if (socks_pkt.is_not_empty()) { + socks_pkt.write_json(record, true); + } + return 0; + } + +}; + +#endif // SOCKS_H diff --git a/src/libmerc/tls.cc b/src/libmerc/tls.cc index 03f6358e..6b38f844 100644 --- a/src/libmerc/tls.cc +++ b/src/libmerc/tls.cc @@ -11,6 +11,7 @@ #include "x509.h" #include "quic.h" #include "fingerprint.h" +#include "tls_extensions.h" /* TLS Constants */ @@ -366,8 +367,12 @@ struct tls_extension { struct datum value; const uint8_t *type_ptr; const uint8_t *length_ptr; + uint16_t cnt; //No.of extensions of the same type + uint16_t encoded_type; - tls_extension(struct datum &p) : type{0}, length{0}, value{NULL, NULL}, type_ptr{NULL}, length_ptr{NULL} { + tls_extension() : type{0}, length{0}, value{NULL, NULL}, type_ptr{NULL}, length_ptr{NULL}, cnt{0} { } + + tls_extension(struct datum &p) : type{0}, length{0}, value{NULL, NULL}, type_ptr{NULL}, length_ptr{NULL}, cnt{0} { type_ptr = p.data; if (p.read_uint16(&type) == false) { return; } @@ -378,23 +383,130 @@ struct tls_extension { value.data_end = value.data + length; p.data += length; } + + encoded_type = type; } bool is_not_empty() { return value.is_not_empty(); } - bool is_grease() const { return degrease_uint16(type) == 0x0a0a;} + bool is_grease() const { + return ((type & 0x0f0f) == 0x0a0a); + } + + bool is_private_extension() const { + return((type == 65280) || (type >= 65282)); + } + + bool is_unassigned_extension() const { + return (type >=62 && type <= 65279 && !is_grease()); + } + + + void fingerprint_format1(struct buffer_stream &b, enum tls_role role, bool use_encoded_type = false) { + uint16_t extension_type = type; + if (use_encoded_type) { + extension_type = encoded_type; + } + if (uint16_match(extension_type, static_extension_types, num_static_extension_types) == true) { + if (extension_type == type_supported_groups) { + // fprintf(stderr, "I am degreasing supported groups\n"); + b.write_char('('); + b.write_hex_uint(extension_type); + write_length(b); + write_degreased_value(b, L_NamedGroupListLen); + b.write_char(')'); + + } else if (type == type_supported_versions) { + // fprintf(stderr, "I am degreasing supported versions\n"); + b.write_char('('); + b.write_hex_uint(extension_type); + //write_degreased_type(b); + write_length(b); + if (role == tls_role::client) { + write_degreased_value(b, L_ProtocolVersionListLen); + } else { + write_degreased_value(b, 0); + } + b.write_char(')'); + + } else if (type == type_quic_transport_parameters || type == type_quic_transport_parameters_draft) { + b.write_char('('); + b.write_char('('); + b.write_hex_uint(extension_type); + //write_degreased_type(b); + b.write_char(')'); - void write_degreased_type(struct buffer_stream &b) { + // sort quic transport parameter ids, then write them + // into the fingerprint + // + std::vector id_vector; + while (value.is_not_null()) { + quic_transport_parameter qtp{value}; + if (qtp.is_not_empty()) { + //b.write_char('('); + //qtp.write_id(b); + //b.write_char(')'); + id_vector.push_back(qtp.get_id()); + } + } + std::sort(id_vector.begin(), + id_vector.end(), + [](const variable_length_integer_datum &a, const variable_length_integer_datum &b) { + if (a.is_grease()) { + if (b.is_grease()) { + return false; + } + return 0x1b < b.value(); + } else if (b.is_grease()) { + return a.value() < 0x1b; + } + return a.cmp(b) < 0; + } + ); + b.write_char('['); + for (const auto &id : id_vector) { + b.write_char('('); + if (!id.is_grease()) { + id.write(b); + } else { + // write out the smallest GREASE value (0x1b == 27) + b.write_char('1'); + b.write_char('b'); + } + b.write_char(')'); + } + b.write_char(']'); + b.write_char(')'); + + + } else { + b.write_char('('); + b.write_hex_uint(extension_type); + //write_degreased_type(b); + write_length(b); + write_value(b); + b.write_char(')'); + } + } else { + b.write_char('('); + b.write_hex_uint(extension_type); + //write_degreased_type(b); + b.write_char(')'); + } + + } + + void write_degreased_type(struct buffer_stream &b) const { if (type_ptr) { raw_as_hex_degrease(b, type_ptr, sizeof(uint16_t)); } } - void write_length(struct buffer_stream &b) { + void write_length(struct buffer_stream &b) const { if (length_ptr) { raw_as_hex_degrease(b, length_ptr, sizeof(uint16_t)); } } - void write_degreased_value(struct buffer_stream &b, ssize_t ungreased_len) { + void write_degreased_value(struct buffer_stream &b, ssize_t ungreased_len) const { if (value.is_not_empty()) { size_t skip_len; size_t greased_len; @@ -409,12 +521,20 @@ struct tls_extension { raw_as_hex_degrease(b, value.data + skip_len, greased_len); } } - void write_value(struct buffer_stream &b) { + void write_value(struct buffer_stream &b) const { if (value.is_not_empty()) { b.raw_as_hex(value.data, value.length()); } } + void write_raw_features(writeable &buf) const { + buf.copy('['); + buf.write_quote_enclosed_hex(type_ptr, sizeof(type)); + buf.copy(','); + buf.write_quote_enclosed_hex(value); + buf.copy(']'); + } + }; void tls_extensions::fingerprint(struct buffer_stream &b, enum tls_role role) const { @@ -526,92 +646,97 @@ void tls_extensions::fingerprint_quic_tls(struct buffer_stream &b, enum tls_role b.write_char('['); for (auto &x : tls_ext_vec) { - if (uint16_match(x.type, static_extension_types, num_static_extension_types) == true) { - if (x.type == type_supported_groups) { - // fprintf(stderr, "I am degreasing supported groups\n"); - b.write_char('('); - x.write_degreased_type(b); - x.write_length(b); - x.write_degreased_value(b, L_NamedGroupListLen); - b.write_char(')'); + x.fingerprint_format1(b, role); + } + b.write_char(']'); +} - } else if (x.type == type_supported_versions) { - // fprintf(stderr, "I am degreasing supported versions\n"); - b.write_char('('); - x.write_degreased_type(b); - x.write_length(b); - if (role == tls_role::client) { - x.write_degreased_value(b, L_ProtocolVersionListLen); - } else { - x.write_degreased_value(b, 0); - } - b.write_char(')'); +void tls_extensions::fingerprint_format2(struct buffer_stream &b, enum tls_role role) const { - } else if (x.type == type_quic_transport_parameters || x.type == type_quic_transport_parameters_draft) { - b.write_char('('); - b.write_char('('); - x.write_degreased_type(b); - b.write_char(')'); + struct datum ext_parser{this->data, this->data_end}; + std::array, tls_extensions_assign::include_list_len> extensions_list; - // sort quic transport parameter ids, then write them - // into the fingerprint - // - std::vector id_vector; - while (x.value.is_not_null()) { - quic_transport_parameter qtp{x.value}; - if (qtp.is_not_empty()) { - //b.write_char('('); - //qtp.write_id(b); - //b.write_char(')'); - id_vector.push_back(qtp.get_id()); - } - } - std::sort(id_vector.begin(), - id_vector.end(), - [](const variable_length_integer_datum &a, const variable_length_integer_datum &b) { - if (a.is_grease()) { - if (b.is_grease()) { - return false; - } - return 0x1b < b.value(); - } else if (b.is_grease()) { - return a.value() < 0x1b; - } - return a.cmp(b) < 0; - } - ); - b.write_char('['); - for (const auto &id : id_vector) { - b.write_char('('); - if (!id.is_grease()) { - id.write(b); - } else { - // write out the smallest GREASE value (0x1b == 27) - b.write_char('1'); - b.write_char('b'); - } - b.write_char(')'); - } - b.write_char(']'); - b.write_char(')'); + int32_t index = -1; + + // Store the sorted index of all extensions + while (ext_parser.length() > 0) { - } else { - b.write_char('('); - x.write_degreased_type(b); - x.write_length(b); - x.write_value(b); - b.write_char(')'); + tls_extension x{ext_parser}; + if (x.value.data == NULL) { + break; + } + + index = tls_extensions_assign::get_index(x.type); + + if (index == -1) { + if (x.is_grease()) { + x.encoded_type = 0x0a0a; + } else if (x.is_private_extension()) { + // Unknown private extensions will be encoded as the + // smallest extension in private extension range + x.encoded_type = tls_extensions_assign::smallest_private_extn; + } else if (x.is_unassigned_extension()) { + // Unknown unassigned extensions will be encoded as the + // smallest extension in the unassigned range + x.encoded_type = tls_extensions_assign::smallest_unassigned_extn; } - } else { - b.write_char('('); - x.write_degreased_type(b); - b.write_char(')'); + index = tls_extensions_assign::get_index(x.encoded_type); } + if (index >= 0) { + int cnt = extensions_list[index][0].cnt; + + if (cnt < tls_extensions::max_repeat_extensions) { + extensions_list[index][cnt] = x; + extensions_list[index][0].cnt++; + } + } } - b.write_char(']'); + b.write_char('['); + for (int extn = 0; extn < tls_extensions_assign::include_list_len; extn++) { + uint8_t extn_cnt = extensions_list[extn][0].cnt; + if (extn_cnt > 1) { + std::sort(extensions_list[extn].begin(), extensions_list[extn].begin() + extensions_list[extn][0].cnt, + [](const tls_extension &a, const tls_extension &b) { + if (a.is_grease()) { + if (b.is_grease()) { + return false; + } + return 0x0a0a < b.type; + } else if (b.is_grease()) { + return a.type < 0x0a0a; + } + if (a.length != b.length) { + return a.length < b.length; + } + return a.value.cmp(b.value) < 0; + } + ); + } + for (int count = 0; count < extn_cnt; count++) { + tls_extension &x = extensions_list[extn][count]; + x.fingerprint_format1(b, role, true); + } + } + b.write_char(']'); +} + +void tls_extensions::write_raw_features(writeable &buf) const { + buf.copy('['); + struct datum ext_parser{this->data, this->data_end}; + bool first_extension = true; + while (ext_parser.length() > 0) { + if (!first_extension) { + buf.copy(','); + } else { + first_extension = false; + } + tls_extension x{ext_parser}; + x.write_raw_features(buf); + } + buf.copy(']'); } void tls_extensions::print_session_ticket(struct json_object &o, const char *key) const { @@ -712,6 +837,16 @@ void tls_client_hello::parse(struct datum &p) { return; } +void tls_client_hello::write_raw_features(writeable &buf) const { + buf.copy('['); + buf.write_quote_enclosed_hex(protocol_version); + buf.copy(','); + buf.write_quote_enclosed_hex(ciphersuite_vector); + buf.copy(','); + extensions.write_raw_features(buf); + buf.copy(']'); +} + void tls_client_hello::write_json(struct json_object &record, bool output_metadata) const { if (ciphersuite_vector.is_not_readable()) { @@ -738,6 +873,9 @@ void tls_client_hello::write_json(struct json_object &record, bool output_metada extensions.print_alpn(tls_client, "application_layer_protocol_negotiation"); extensions.print_session_ticket(tls_client, "session_ticket"); } + data_buffer<2048> buf; + write_raw_features(buf); + tls_client.print_key_json_string("features", buf.contents()); tls_client.close(); tls.close(); } @@ -757,7 +895,7 @@ void tls_client_hello::fingerprint(struct buffer_stream &buf, size_t format_vers } if (format_version == 0) { ; - } else if (format_version == 1) { + } else if (format_version >= 1 && format_version <= 2) { buf.write_uint8(format_version); buf.write_char('/'); } else { @@ -783,6 +921,9 @@ void tls_client_hello::fingerprint(struct buffer_stream &buf, size_t format_vers extensions.fingerprint(buf, tls_role::client); } else if (format_version == 1) { extensions.fingerprint_quic_tls(buf, tls_role::client); + } else if (format_version == 2) { + assert(tls_extensions::unit_test() == true); + extensions.fingerprint_format2(buf, tls_role::client); } } diff --git a/src/libmerc/tls.h b/src/libmerc/tls.h index 6df8d434..c42216e5 100644 --- a/src/libmerc/tls.h +++ b/src/libmerc/tls.h @@ -308,6 +308,8 @@ enum class tls_role { client, server }; struct tls_extensions : public datum { + static constexpr uint16_t max_repeat_extensions = 3; + tls_extensions() = default; tls_extensions(const uint8_t *data, const uint8_t *data_end) : datum{data, data_end} {} @@ -323,16 +325,48 @@ struct tls_extensions : public datum { void print_session_ticket(struct json_object &o, const char *key) const; void fingerprint_quic_tls(struct buffer_stream &b, enum tls_role role) const; + void fingerprint_format2(struct buffer_stream &b, enum tls_role role) const; + void set_meta_data(datum &server_name, datum &user_agent, datum& alpn) const; void fingerprint(struct buffer_stream &b, enum tls_role role) const; + void write_raw_features(writeable &buf) const; + datum get_supported_groups() const; -}; +#ifndef NDEBUG + static bool unit_test() { + uint8_t extensions[] = { + 0x00, 0x3f, 0x00, 0x01, 0x01, //check if unassigned extension is encoded correctly + 0xff, 0x2b, 0x00, 0x01, 0x01, //check if private extensions is encoded correctly + 0x1a, 0x1a, 0x00, 0x00, //Grease extension 1 + 0x2a, 0x2a, 0x00, 0x00, //Grease extension 2 + 0xff, 0x2b, 0x00, 0x01, 0x02, // Private extension repeated second time + 0xff, 0x2b, 0x00, 0x01, 0x02, // Private extension repeated third time + 0xff, 0x2b, 0x00, 0x01, 0x02 // Private extension repeated fourth time + }; + + unsigned char expected_json[] = "[(003e)(0a0a)(0a0a)(ff00)(ff00)(ff00)]"; + datum exts_data{extensions, extensions + sizeof(extensions)}; + + tls_extensions exts{exts_data.data, exts_data.data_end}; + + char buffer[200]; + struct buffer_stream buf(buffer, sizeof(buffer)); + exts.fingerprint_format2(buf, tls_role::client); + if (memcmp(expected_json, buf.dstr, sizeof(expected_json) - 1)) { + fprintf(stdout, "Test failed\n"); + return false; + } + return true; + + } +#endif //NDEBUG +}; struct tls_client_hello : public base_protocol { struct datum protocol_version; @@ -362,6 +396,8 @@ struct tls_client_hello : public base_protocol { void write_json(struct json_object &record, bool output_metadata) const; + void write_raw_features(writeable &buf) const; + bool do_analysis(const struct key &k_, struct analysis_context &analysis_, classifier *c); static constexpr mask_and_value<8> matcher{ diff --git a/src/libmerc/tls_extensions.h b/src/libmerc/tls_extensions.h new file mode 100644 index 00000000..e6c28ee2 --- /dev/null +++ b/src/libmerc/tls_extensions.h @@ -0,0 +1,114 @@ +// tls_extensions.h +// +// this file was autogenerated at 2024-02-14T10:17:23Z +// you should edit the source file(s) instead of this one +// +// source files: +// tls-extensiontype-values-1.csv +// + +#ifndef TLS_EXTENSIONS_H +#define TLS_EXTENSIONS_H + +#include + +class tls_extensions_assign{ + static std::unordered_map& get_mapping_index() { + static std::unordered_map mapping_index = { + { 0, 0}, + { 1, 1}, + { 2, 2}, + { 3, 3}, + { 4, 4}, + { 5, 5}, + { 6, 6}, + { 7, 7}, + { 8, 8}, + { 9, 9}, + { 10, 10}, + { 11, 11}, + { 12, 12}, + { 13, 13}, + { 14, 14}, + { 15, 15}, + { 16, 16}, + { 17, 17}, + { 18, 18}, + { 19, 19}, + { 20, 20}, + { 22, 21}, + { 23, 22}, + { 24, 23}, + { 25, 24}, + { 26, 25}, + { 27, 26}, + { 28, 27}, + { 29, 28}, + { 30, 29}, + { 31, 30}, + { 32, 31}, + { 33, 32}, + { 34, 33}, + { 36, 34}, + { 37, 35}, + { 38, 36}, + { 39, 37}, + { 40, 38}, + { 43, 39}, + { 44, 40}, + { 45, 41}, + { 46, 42}, + { 47, 43}, + { 48, 44}, + { 49, 45}, + { 50, 46}, + { 51, 47}, + { 52, 48}, + { 53, 49}, + { 54, 50}, + { 55, 51}, + { 56, 52}, + { 57, 53}, + { 58, 54}, + { 59, 55}, + { 60, 56}, + { 61, 57}, + { 62, 58}, + { 2570, 59}, + { 13172, 60}, + { 21760, 61}, + { 30031, 62}, + { 30032, 63}, + { 64768, 64}, + { 65037, 65}, + { 65280, 66}, + { 65281, 67}, + { 65283, 68}, + { 65486, 69}, + }; + return mapping_index; + } + +public: + static constexpr uint16_t include_list_len = 70; + + tls_extensions_assign() {} + + static int32_t get_index(uint16_t type) { + static const std::unordered_map &mapping_index = get_mapping_index(); + auto it = mapping_index.find(type); + if (it != mapping_index.end()) { + return(it->second); + } + return -1; + } + + static constexpr uint16_t smallest_private_extn = 65280; + + static constexpr uint16_t smallest_unassigned_extn = 62; + +}; + + +#endif // TLS_EXTENSIONS_H + diff --git a/src/mercury.c b/src/mercury.c index b943eaad..056d5bcc 100644 --- a/src/mercury.c +++ b/src/mercury.c @@ -115,6 +115,7 @@ char mercury_extended_help[] = " smb SMB v1 and v2\n" " stun STUN messages\n" " ssdp SSDP (UPnP)\n" + " socks SOCKS4,SOCKS5 messages\n" " tcp TCP headers\n" " tcp.message TCP initial message\n" " tcp.syn_ack TCP syn ack message\n" @@ -161,8 +162,13 @@ char mercury_extended_help[] = " [-f or --fingerprint].\n" "\n" " \"--format=f\" reports fingerprints with formats(s) f, where f is either a\n" - " fingerprint protocol and format like \"tls/1\", or is a sequence of protocol\n" - " and format strings.\n" + " fingerprint protocol and format like \"tls/1\", or is a comma separated\n" + " list of below fingerprint protocol and format strings.\n" + " tls\n" + " tls/1\n" + " tls/2\n" + " quic\n" + " quic/1\n" "\n" " \"[-l or --limit] l\" rotates output files so that each file has at most\n" " l records or packets; filenames include a sequence number, date and time.\n" diff --git a/src/tables/Makefile b/src/tables/Makefile index a528b032..447ba15f 100644 --- a/src/tables/Makefile +++ b/src/tables/Makefile @@ -6,13 +6,19 @@ protocol_libs += stun_params.h protocol_libs += hpke_params.h .PHONY: all -all: csv $(protocol_libs) +all: csv tls $(protocol_libs) + +.PHONY: tls +tls: tls_csv tls_extensions.h # build csv processing utility # -csv: csv.cc csv.h +csv: csv.cc tls_extension_generator.cc csv.h $(CXX) -Wall csv.cc -o csv +tls_csv: tls_extension_generator.cc csv.h + $(CXX) -Wall tls_extension_generator.cc -o tls_csv + # IKEv2 table generation # # wget -O - https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml 2> /dev/null | grep "[^\"]*\.csv" -o @@ -105,6 +111,16 @@ $(STUN): stun_params.h: $(STUN) csv ./csv outfile=$@ verbose=true dir=source $(STUN_CMD) +TLS += tls-extensiontype-values-1.csv +TLS_CMD += include_extensions=local_include_extension.txt tls-extensiontype-values-1.csv:tls_extensions_assign + +.PHONY: $(TLS) +$(TLS): + wget -N -P source/ https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values-1.csv + +tls_extensions.h: $(TLS) tls_csv + ./tls_csv outfile=$@ verbose=true dir=source $(TLS_CMD) + # HPKE # HPKE += hpke-kem-ids.csv @@ -125,8 +141,8 @@ hpke_params.h: $(HPKE) csv # housekeeping # clean: - rm -f csv Makefile~ csv.h~ csv.cc~ - find source/ -type f ! -name 'local*.csv' -delete + rm -f csv tls_csv Makefile~ csv.h~ csv.cc~ + find source/ -type f ! -name 'local*' -delete distclean: clean rm -f $(protocol_libs) diff --git a/src/tables/source/local_include_extension.txt b/src/tables/source/local_include_extension.txt new file mode 100644 index 00000000..f3e6977c --- /dev/null +++ b/src/tables/source/local_include_extension.txt @@ -0,0 +1 @@ +0-20,22-34,36-40,43-61,62,2570,13172,21760,30031,30032,64768,65037,65280,65281,65283,65486 diff --git a/src/tables/tls_extension_generator.cc b/src/tables/tls_extension_generator.cc new file mode 100644 index 00000000..ef544269 --- /dev/null +++ b/src/tables/tls_extension_generator.cc @@ -0,0 +1,294 @@ +// csv.cc +// +// Comma-Separated Value (CSV) format processing for IANA (and +// similar) files + +#include +#include +#include +#include +#include +#include +#include + +#include "csv.h" + +void write_preamble(const std::string &filename, + const std::string &preprocname, + std::vector> file_and_class, + FILE *f=stdout) { + + std::time_t timenow = time(NULL); + static char timestamp[128] = { '\0' }; + strftime(timestamp, sizeof(timestamp) - 1, "%Y-%m-%dT%H:%M:%SZ", gmtime(&timenow)); + fprintf(f, + "// %s\n" + "//\n" + "// this file was autogenerated at %s\n" + "// you should edit the source file(s) instead of this one\n" + "//\n" + "// source files:\n", + filename.c_str(), + timestamp); + for (const auto &fc : file_and_class) { + fprintf(f, "// %s\n", std::get<0>(fc).c_str()); + } + fprintf(f, + "//\n\n" + "#ifndef %s\n" + "#define %s\n\n" + "#include \n\n", + preprocname.c_str(), + preprocname.c_str()); +} + +void write_postamble(const char *filename, FILE *f=stdout) { + fprintf(f, "\n#endif // %s\n\n", filename); +} + +void write_class(const std::vector> ¶ms, + const char *classname, + const char *sname, + std::vector& extensions, + FILE *f=stdout) { + + int smallest_private = 65536; + int smallest_unassigned = 65536; + + fprintf(f, + "class %s{\n" + " static std::unordered_map& get_mapping_index() {\n" + " static std::unordered_map mapping_index = {\n", + classname); + + int index = 0; + for (const auto& t : extensions) { + fprintf(f," { %d, %d},\n", t, index); + index++; + } + fprintf(f, + " };\n" + " return mapping_index;\n" + " }\n\n" + "public:\n" + " static constexpr uint16_t include_list_len = %zu;\n\n" + " tls_extensions_assign() {}\n\n" + " static int32_t get_index(uint16_t type) {\n" + " static const std::unordered_map &mapping_index = get_mapping_index();\n" + " auto it = mapping_index.find(type);\n" + " if (it != mapping_index.end()) {\n" + " return(it->second);\n" + " }\n" + " return -1;\n" + " }\n\n", + extensions.size()); + + for (const auto &p : params) { + if (std::get<0>(p).compare("Reserved for Private Use") == 0) { + std::string value = std::get<1>(p); + size_t range_delim = value.find("-"); + if (range_delim != std::string::npos) { + int lower_range = std::stoi(value.substr(0, range_delim)); + if (lower_range < smallest_private) { + smallest_private = lower_range; + } + } else { + int val = std::stoi(value); + if (val < smallest_private) { + smallest_private = val; + } + } + } + } + fprintf(f, " static constexpr uint16_t smallest_private_extn = %d;\n\n", smallest_private); + + + for (const auto &p : params) { + if (std::get<0>(p).compare("Unassigned") == 0) { + std::string value = std::get<1>(p); + size_t range_delim = value.find("-"); + if (range_delim != std::string::npos) { + int lower_range = std::stoi(value.substr(0, range_delim)); + if (lower_range < smallest_unassigned) { + smallest_unassigned = lower_range; + } + } else { + int val = std::stoi(value); + if (val < smallest_unassigned) { + smallest_unassigned = val; + } + } + } + } + fprintf(f, " static constexpr uint16_t smallest_unassigned_extn = %d;\n\n", smallest_unassigned); + + fprintf(f, + "};\n\n"); +} + +void csv_file_add_mappings(std::vector> ¶ms, + std::string filename) { + std::ifstream f(filename); + csv::get_next_line(f); // ignore first line + while(f) { + + std::vector csv_line = csv::get_next_line(f); + if (csv_line.size() > 2) { + + std::string value{csv_line[0]}; + std::string keyword{csv_line[1]}; + + if (keyword.compare("Unassigned") == 0 || keyword.compare("Reserved for Private Use") == 0) { + params.emplace_back(keyword, value); + } + } + }; + +} + +void process_iana_csv_file(std::string filename, + const std::string &classname, + const std::string &sname, + FILE *outfile, + std::vector& extensions, + bool verbose=false) { + + std::string altfile; + size_t comma = filename.find(","); + if (comma != std::string::npos) { + altfile = filename.substr(0, comma); + filename = filename.substr(comma+1); + } + + std::vector> params; + csv_file_add_mappings(params, filename); + if (altfile != "") { + csv_file_add_mappings(params, altfile); + } + + write_class(params, classname.c_str(), sname.c_str(), extensions, outfile); + +} + +void populate_include_list_extensions(std::string incl_extensions_file, std::vector& extensions) { + std::ifstream in(incl_extensions_file); + std::string _include_extensions; + + if (std::getline(in, _include_extensions)) { + std::istringstream include_extensions(_include_extensions); + + // Temporary string to hold each token + std::string token; + + // Delimiter character (in this case, comma) + char delimiter = ','; + + // Iterate through the string stream and split based on the delimiter + while (std::getline(include_extensions, token, delimiter)) { + size_t delimiterPos = token.find('-'); + + // Check if the delimiter was found + if (delimiterPos != std::string::npos) { + // Extract the two substrings based on the delimiter position + int firstPart = std::stoi(token.substr(0, delimiterPos)); + int secondPart = std::stoi(token.substr(delimiterPos + 1)); + + for (int i = firstPart; i <= secondPart; i++) { + extensions.push_back(i); + } + } else { + extensions.push_back(std::stoi(token)); + } + } + } + + //Ensure the extensions are sorted + std::sort(extensions.begin(),extensions.end()); +} + +void usage(const char *progname) { + fprintf(stderr, "usage: %s outfile= include_extensions= : [ : ... ]\n", progname); + exit(EXIT_FAILURE); +} + +int main(int argc, char *argv[]) { + + // process command line arguments + // + bool verbose = false; + std::string outfilename; + std::string dirname; + std::string incl_extensions_file; + std::string class_name; + + std::vector> file_and_class; + for (int i=1; i extensions; + + populate_include_list_extensions(incl_extensions_file, extensions); + // create preprocessor names for #defines + // + std::string preproc{outfilename}; + std::replace(preproc.begin(), preproc.end(), '.', '_'); + std::transform(preproc.begin(), preproc.end(), preproc.begin(), ::toupper); + + // write out preambles, tables, and postamble + // + write_preamble(outfilename, preproc, file_and_class, outfile); + for (const auto &fc : file_and_class) { + process_iana_csv_file(std::get<0>(fc), std::get<1>(fc), std::get<2>(fc), outfile, extensions, verbose); + } + write_postamble(preproc.c_str(), outfile); + + return 0; +} diff --git a/test/data/top-https.json b/test/data/top-https.json index b2c1327e..80a5d1cc 100644 --- a/test/data/top-https.json +++ b/test/data/top-https.json @@ -3,49 +3,49 @@ {"dns":{"base64":"90CBgAABAAEADQANBmdvb2dsZQNjb20AABwAAcAMABwAAQAAAAUAECYH+LBABAgQAAAAAAAAIA7AEwACAAEAAAAFABQBYwxndGxkLXNlcnZlcnMDbmV0AMATAAIAAQAAAAUABAFpwEbAEwACAAEAAAAFAAQBZsBGwBMAAgABAAAABQAEAWHARsATAAIAAQAAAAUABAFswEbAEwACAAEAAAAFAAQBa8BGwBMAAgABAAAABQAEAW3ARsATAAIAAQAAAAUABAFlwEbAEwACAAEAAAAFAAQBYsBGwBMAAgABAAAABQAEAWjARsATAAIAAQAAAAUABAFnwEbAEwACAAEAAAAFAAQBasBGwBMAAgABAAAABQAEAWTARsCEAAEAAQAAAAUABMAFBh7A1AABAAEAAAAFAATAIQ4ewEQAAQABAAAABQAEwBpcHsEUAAEAAQAAAAUABMAfUB7AxAABAAEAAAAFAATADF4ewHQAAQABAAAABQAEwCMzHsD0AAEAAQAAAAUABMAqXR7A5AABAAEAAAAFAATANnAewGQAAQABAAAABQAEwCusHsEEAAEAAQAAAAUABMAwTx7ApAABAAEAAAAFAATANLIewJQAAQABAAAABQAEwCmiHsC0AAEAAQAAAAUABMA3Ux4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":37225,"event_start":1565200314.223537} {"dns":{"base64":"2PuBgAABAAEADQAOBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAAAUABKzZD07AEwACAAEAAAAFABQBaQxndGxkLXNlcnZlcnMDbmV0AMATAAIAAQAAAAUABAFhwDrAEwACAAEAAAAFAAQBbcA6wBMAAgABAAAABQAEAWvAOsATAAIAAQAAAAUABAFqwDrAEwACAAEAAAAFAAQBY8A6wBMAAgABAAAABQAEAWLAOsATAAIAAQAAAAUABAFnwDrAEwACAAEAAAAFAAQBbMA6wBMAAgABAAAABQAEAWXAOsATAAIAAQAAAAUABAFowDrAEwACAAEAAAAFAAQBZMA6wBMAAgABAAAABQAEAWbAOsBYAAEAAQAAAAUABMAFBh7AqAABAAEAAAAFAATAIQ4ewJgAAQABAAAABQAEwBpcHsD4AAEAAQAAAAUABMAfUB7A2AABAAEAAAAFAATADF4ewQgAAQABAAAABQAEwCMzHsC4AAEAAQAAAAUABMAqXR7A6AABAAEAAAAFAATANnAewDgAAQABAAAABQAEwCusHsCIAAEAAQAAAAUABMAwTx7AeAABAAEAAAAFAATANLIewMgAAQABAAAABQAEwCmiHsBoAAEAAQAAAAUABMA3Ux7AWAAcAAEAAAAFABAgAQUDqD4AAAAAAAAAAgAw"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":40385,"event_start":1565200314.223559} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.15.78","protocol":6,"src_port":38790,"dst_port":443,"event_start":1565200314.224204} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.78","protocol":6,"src_port":38790,"dst_port":443,"event_start":1565200314.266206} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000d00000a676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020805c0a9ffdbbf9105e81c0d7b1bcccf206d0c67996badc5bf4ff673caa8e3f3c\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.78","protocol":6,"src_port":38790,"dst_port":443,"event_start":1565200314.266206} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.15.78","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":38790,"event_start":1565200314.317713} {"dns":{"base64":"luQBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":46063,"dst_port":53,"event_start":1565200314.423451} {"dns":{"base64":"k/4BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAAcAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":56316,"dst_port":53,"event_start":1565200314.423636} {"dns":{"base64":"k/6BgAABAAEADQANA3d3dwZnb29nbGUDY29tAAAcAAHADAAcAAEAAAAFABAmB/iwQAQIAgAAAAAAACAEwBcAAgABAAAABQAUAWsMZ3RsZC1zZXJ2ZXJzA25ldADAFwACAAEAAAAFAAQBbcBKwBcAAgABAAAABQAEAWnASsAXAAIAAQAAAAUABAFowErAFwACAAEAAAAFAAQBasBKwBcAAgABAAAABQAEAWLASsAXAAIAAQAAAAUABAFhwErAFwACAAEAAAAFAAQBY8BKwBcAAgABAAAABQAEAWbASsAXAAIAAQAAAAUABAFswErAFwACAAEAAAAFAAQBZMBKwBcAAgABAAAABQAEAWfASsAXAAIAAQAAAAUABAFlwErAuAABAAEAAAAFAATABQYewKgAAQABAAAABQAEwCEOHsDIAAEAAQAAAAUABMAaXB7A+AABAAEAAAAFAATAH1AewRgAAQABAAAABQAEwAxeHsDYAAEAAQAAAAUABMAjMx7BCAABAAEAAAAFAATAKl0ewIgAAQABAAAABQAEwDZwHsB4AAEAAQAAAAUABMArrB7AmAABAAEAAAAFAATAME8ewEgAAQABAAAABQAEwDSyHsDoAAEAAQAAAAUABMApoh7AaAABAAEAAAAFAATAN1Me"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":56316,"event_start":1565200314.453475} {"dns":{"base64":"luSBgAABAAEADQAOA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAAFAASs2QfkwBcAAgABAAAABQAUAWkMZ3RsZC1zZXJ2ZXJzA25ldADAFwACAAEAAAAFAAQBY8A+wBcAAgABAAAABQAEAW3APsAXAAIAAQAAAAUABAFowD7AFwACAAEAAAAFAAQBZcA+wBcAAgABAAAABQAEAWvAPsAXAAIAAQAAAAUABAFhwD7AFwACAAEAAAAFAAQBYsA+wBcAAgABAAAABQAEAWzAPsAXAAIAAQAAAAUABAFqwD7AFwACAAEAAAAFAAQBZMA+wBcAAgABAAAABQAEAWfAPsAXAAIAAQAAAAUABAFmwD7ArAABAAEAAAAFAATABQYewLwAAQABAAAABQAEwCEOHsBcAAEAAQAAAAUABMAaXB7A7AABAAEAAAAFAATAH1AewIwAAQABAAAABQAEwAxeHsEMAAEAAQAAAAUABMAjMx7A/AABAAEAAAAFAATAKl0ewHwAAQABAAAABQAEwDZwHsA8AAEAAQAAAAUABMArrB7A3AABAAEAAAAFAATAME8ewJwAAQABAAAABQAEwDSyHsDMAAEAAQAAAAUABMApoh7AbAABAAEAAAAFAATAN1MewKwAHAABAAAABQAQIAEFA6g+AAAAAAAAAAIAMA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":46063,"event_start":1565200314.456423} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.7.228","protocol":6,"src_port":55912,"dst_port":443,"event_start":1565200314.456864} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.228","protocol":6,"src_port":55912,"dst_port":443,"event_start":1565200314.496049} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001100000e7777772e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00204492fb896193e839ecc7241e09656e38ca2b30f7505385a2fceed992bd150029\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.228","protocol":6,"src_port":55912,"dst_port":443,"event_start":1565200314.496049} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.7.228","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":55912,"event_start":1565200314.548679} {"dns":{"base64":"/x8BAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":53467,"dst_port":53,"event_start":1565200314.706119} {"dns":{"base64":"K9EBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":43273,"dst_port":53,"event_start":1565200314.706323} {"dns":{"base64":"/x+BgAABAAEADQAOCGZhY2Vib29rA2NvbQAAAQABwAwAAQABAAAABQAEHw1CI8AVAAIAAQAAAAUAFAFiDGd0bGQtc2VydmVycwNuZXQAwBUAAgABAAAABQAEAWfAPMAVAAIAAQAAAAUABAFpwDzAFQACAAEAAAAFAAQBZcA8wBUAAgABAAAABQAEAWjAPMAVAAIAAQAAAAUABAFswDzAFQACAAEAAAAFAAQBasA8wBUAAgABAAAABQAEAW3APMAVAAIAAQAAAAUABAFkwDzAFQACAAEAAAAFAAQBY8A8wBUAAgABAAAABQAEAWvAPMAVAAIAAQAAAAUABAFmwDzAFQACAAEAAAAFAAQBYcA8wQoAAQABAAAABQAEwAUGHsA6AAEAAQAAAAUABMAhDh7A2gABAAEAAAAFAATAGlwewMoAAQABAAAABQAEwB9QHsB6AAEAAQAAAAUABMAMXh7A+gABAAEAAAAFAATAIzMewFoAAQABAAAABQAEwCpdHsCKAAEAAQAAAAUABMA2cB7AagABAAEAAAAFAATAK6wewKoAAQABAAAABQAEwDBPHsDqAAEAAQAAAAUABMA0sh7AmgABAAEAAAAFAATAKaIewLoAAQABAAAABQAEwDdTHsEKABwAAQAAAAUAECABBQOoPgAAAAAAAAACADA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":53467,"event_start":1565200314.741388} {"dns":{"base64":"K9GBgAABAAEADQANCGZhY2Vib29rA2NvbQAAHAABwAwAHAABAAAABQAQKgMogPEDAIP6zrAMAAAl3sAVAAIAAQAAAAUAFAFrDGd0bGQtc2VydmVycwNuZXQAwBUAAgABAAAABQAEAWbASMAVAAIAAQAAAAUABAFswEjAFQACAAEAAAAFAAQBZ8BIwBUAAgABAAAABQAEAWrASMAVAAIAAQAAAAUABAFpwEjAFQACAAEAAAAFAAQBaMBIwBUAAgABAAAABQAEAWLASMAVAAIAAQAAAAUABAFhwEjAFQACAAEAAAAFAAQBbcBIwBUAAgABAAAABQAEAWPASMAVAAIAAQAAAAUABAFkwEjAFQACAAEAAAAFAAQBZcBIwNYAAQABAAAABQAEwAUGHsDGAAEAAQAAAAUABMAhDh7A9gABAAEAAAAFAATAGlwewQYAAQABAAAABQAEwB9QHsEWAAEAAQAAAAUABMAMXh7AZgABAAEAAAAFAATAIzMewIYAAQABAAAABQAEwCpdHsC2AAEAAQAAAAUABMA2cB7ApgABAAEAAAAFAATAK6wewJYAAQABAAAABQAEwDBPHsBGAAEAAQAAAAUABMA0sh7AdgABAAEAAAAFAATAKaIewOYAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":43273,"event_start":1565200314.742571} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"31.13.66.35","protocol":6,"src_port":47178,"dst_port":443,"event_start":1565200314.743008} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"facebook.com"}},"src_ip":"192.168.113.237","dst_ip":"31.13.66.35","protocol":6,"src_port":47178,"dst_port":443,"event_start":1565200314.785467} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"facebook.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000f00000c66616365626f6f6b2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020569c09730bb312fcb3796ff7d656c45a3236a81eaca707befac515bce1c6cd16\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"31.13.66.35","protocol":6,"src_port":47178,"dst_port":443,"event_start":1565200314.785467} {"fingerprints":{"tls_server":"tls_server/(0303)(1303)((002b00020304)(0033))"},"src_ip":"31.13.66.35","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47178,"event_start":1565200314.828378} {"dns":{"base64":"jiwBAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":55332,"dst_port":53,"event_start":1565200314.962244} {"dns":{"base64":"ddcBAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":45008,"dst_port":53,"event_start":1565200314.962424} {"dns":{"base64":"jiyBgAABAAIADQANA3d3dwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAAAUAEQlzdGFyLW1pbmkEYzEwcsAQwC4AAQABAAAABQAEHw1dI8AZAAIAAQAAAAUAFAFlDGd0bGQtc2VydmVycwNuZXQAwBkAAgABAAAABQAEAWfAXcAZAAIAAQAAAAUABAFhwF3AGQACAAEAAAAFAAQBaMBdwBkAAgABAAAABQAEAWrAXcAZAAIAAQAAAAUABAFjwF3AGQACAAEAAAAFAAQBbcBdwBkAAgABAAAABQAEAWnAXcAZAAIAAQAAAAUABAFiwF3AGQACAAEAAAAFAAQBZsBdwBkAAgABAAAABQAEAWTAXcAZAAIAAQAAAAUABAFrwF3AGQACAAEAAAAFAAQBbMBdwIsAAQABAAAABQAEwAUGHsDrAAEAAQAAAAUABMAhDh7AuwABAAEAAAAFAATAGlwewQsAAQABAAAABQAEwB9QHsBbAAEAAQAAAAUABMAMXh7A+wABAAEAAAAFAATAIzMewHsAAQABAAAABQAEwCpdHsCbAAEAAQAAAAUABMA2cB7A2wABAAEAAAAFAATAK6wewKsAAQABAAAABQAEwDBPHsEbAAEAAQAAAAUABMA0sh7BKwABAAEAAAAFAATAKaIewMsAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":55332,"event_start":1565200314.996736} {"dns":{"base64":"ddeBgAABAAIADQAMA3d3dwhmYWNlYm9vawNjb20AABwAAcAMAAUAAQAAAAUAEQlzdGFyLW1pbmkEYzEwcsAQwC4AHAABAAAABQAQKgMogPE0AYP6zrAMAAAl3sAZAAIAAQAAAAUAFAFjDGd0bGQtc2VydmVycwNuZXQAwBkAAgABAAAABQAEAWLAacAZAAIAAQAAAAUABAFtwGnAGQACAAEAAAAFAAQBYcBpwBkAAgABAAAABQAEAWzAacAZAAIAAQAAAAUABAFmwGnAGQACAAEAAAAFAAQBZcBpwBkAAgABAAAABQAEAWnAacAZAAIAAQAAAAUABAFqwGnAGQACAAEAAAAFAAQBa8BpwBkAAgABAAAABQAEAWjAacAZAAIAAQAAAAUABAFkwGnAGQACAAEAAAAFAAQBZ8BpwKcAAQABAAAABQAEwAUGHsCHAAEAAQAAAAUABMAhDh7AZwABAAEAAAAFAATAGlwewScAAQABAAAABQAEwB9QHsDXAAEAAQAAAAUABMAMXh7AxwABAAEAAAAFAATAIzMewTcAAQABAAAABQAEwCpdHsEXAAEAAQAAAAUABMA2cB7A5wABAAEAAAAFAATAK6wewPcAAQABAAAABQAEwDBPHsEHAAEAAQAAAAUABMA0sh7AtwABAAEAAAAFAATAKaIe"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":45008,"event_start":1565200314.997173} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"31.13.93.35","protocol":6,"src_port":38876,"dst_port":443,"event_start":1565200314.997544} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.facebook.com"}},"src_ip":"192.168.113.237","dst_ip":"31.13.93.35","protocol":6,"src_port":38876,"dst_port":443,"event_start":1565200315.059717} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.facebook.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00130000107777772e66616365626f6f6b2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020734e8bd196f7ee93eb2c76656e6ceab1da394d08107573b2bbe3d0818ca02620\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"31.13.93.35","protocol":6,"src_port":38876,"dst_port":443,"event_start":1565200315.059717} {"fingerprints":{"tls_server":"tls_server/(0303)(1303)((002b00020304)(0033))"},"src_ip":"31.13.93.35","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":38876,"event_start":1565200315.118917} {"dns":{"base64":"1MsBAAABAAAAAAAAB3lvdXR1YmUDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":46227,"dst_port":53,"event_start":1565200315.629697} {"dns":{"base64":"MY4BAAABAAAAAAAAB3lvdXR1YmUDY29tAAAcAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":36848,"dst_port":53,"event_start":1565200315.629866} {"dns":{"base64":"1MuBgAABAAEADQAOB3lvdXR1YmUDY29tAAABAAHADAABAAEAAAAFAASs2Q9OwBQAAgABAAAABQAUAWwMZ3RsZC1zZXJ2ZXJzA25ldADAFAACAAEAAAAFAAQBasA7wBQAAgABAAAABQAEAWfAO8AUAAIAAQAAAAUABAFowDvAFAACAAEAAAAFAAQBa8A7wBQAAgABAAAABQAEAWHAO8AUAAIAAQAAAAUABAFlwDvAFAACAAEAAAAFAAQBY8A7wBQAAgABAAAABQAEAWTAO8AUAAIAAQAAAAUABAFmwDvAFAACAAEAAAAFAAQBYsA7wBQAAgABAAAABQAEAWnAO8AUAAIAAQAAAAUABAFtwDvAmQABAAEAAAAFAATABQYewOkAAQABAAAABQAEwCEOHsC5AAEAAQAAAAUABMAaXB7AyQABAAEAAAAFAATAH1AewKkAAQABAAAABQAEwAxeHsDZAAEAAQAAAAUABMAjMx7AaQABAAEAAAAFAATAKl0ewHkAAQABAAAABQAEwDZwHsD5AAEAAQAAAAUABMArrB7AWQABAAEAAAAFAATAME8ewIkAAQABAAAABQAEwDSyHsA5AAEAAQAAAAUABMApoh7BCQABAAEAAAAFAATAN1MewJkAHAABAAAABQAQIAEFA6g+AAAAAAAAAAIAMA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":46227,"event_start":1565200315.666539} {"dns":{"base64":"MY6BgAABAAEADQANB3lvdXR1YmUDY29tAAAcAAHADAAcAAEAAAAFABAmB/iwQAQIEAAAAAAAACAOwBQAAgABAAAABQAUAWMMZ3RsZC1zZXJ2ZXJzA25ldADAFAACAAEAAAAFAAQBasBHwBQAAgABAAAABQAEAWHAR8AUAAIAAQAAAAUABAFtwEfAFAACAAEAAAAFAAQBZcBHwBQAAgABAAAABQAEAWvAR8AUAAIAAQAAAAUABAFpwEfAFAACAAEAAAAFAAQBZ8BHwBQAAgABAAAABQAEAWjAR8AUAAIAAQAAAAUABAFiwEfAFAACAAEAAAAFAAQBZsBHwBQAAgABAAAABQAEAWTAR8AUAAIAAQAAAAUABAFswEfAdQABAAEAAAAFAATABQYewOUAAQABAAAABQAEwCEOHsBFAAEAAQAAAAUABMAaXB7BBQABAAEAAAAFAATAH1AewJUAAQABAAAABQAEwAxeHsD1AAEAAQAAAAUABMAjMx7AxQABAAEAAAAFAATAKl0ewNUAAQABAAAABQAEwDZwHsC1AAEAAQAAAAUABMArrB7AZQABAAEAAAAFAATAME8ewKUAAQABAAAABQAEwDSyHsEVAAEAAQAAAAUABMApoh7AhQABAAEAAAAFAATAN1Me"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36848,"event_start":1565200315.688744} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.15.78","protocol":6,"src_port":38798,"dst_port":443,"event_start":1565200315.689080} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"youtube.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.78","protocol":6,"src_port":38798,"dst_port":443,"event_start":1565200315.728867} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"youtube.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000e00000b796f75747562652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020c9381923c2a00340a86633eb0882beb83504a6265e8aed883570a2c87ef5d00e\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.78","protocol":6,"src_port":38798,"dst_port":443,"event_start":1565200315.728867} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.15.78","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":38798,"event_start":1565200315.778220} {"dns":{"base64":"gCQBAAABAAAAAAAAA3d3dwd5b3V0dWJlA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":50189,"dst_port":53,"event_start":1565200315.890089} {"dns":{"base64":"mcgBAAABAAAAAAAAA3d3dwd5b3V0dWJlA2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":56627,"dst_port":53,"event_start":1565200315.890272} {"dns":{"base64":"mciBgAABAAIADQAMA3d3dwd5b3V0dWJlA2NvbQAAHAABwAwABQABAAAABQAWCnlvdXR1YmUtdWkBbAZnb29nbGXAGMAtABwAAQAAAAUAECYH+LBABAgHAAAAAAAAIA7AGAACAAEAAAAFABQBZwxndGxkLXNlcnZlcnMDbmV0AMAYAAIAAQAAAAUABAFpwG3AGAACAAEAAAAFAAQBYcBtwBgAAgABAAAABQAEAWbAbcAYAAIAAQAAAAUABAFiwG3AGAACAAEAAAAFAAQBa8BtwBgAAgABAAAABQAEAWPAbcAYAAIAAQAAAAUABAFlwG3AGAACAAEAAAAFAAQBZMBtwBgAAgABAAAABQAEAWrAbcAYAAIAAQAAAAUABAFtwG3AGAACAAEAAAAFAAQBbMBtwBgAAgABAAAABQAEAWjAbcCbAAEAAQAAAAUABMAFBh7AuwABAAEAAAAFAATAIQ4ewNsAAQABAAAABQAEwBpcHsD7AAEAAQAAAAUABMAfUB7A6wABAAEAAAAFAATADF4ewKsAAQABAAAABQAEwCMzHsBrAAEAAQAAAAUABMAqXR7BOwABAAEAAAAFAATANnAewIsAAQABAAAABQAEwCusHsELAAEAAQAAAAUABMAwTx7AywABAAEAAAAFAATANLIewSsAAQABAAAABQAEwCmiHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":56627,"event_start":1565200315.920843} {"dns":{"base64":"gCSBgAABAA0ADQABA3d3dwd5b3V0dWJlA2NvbQAAAQABwAwABQABAAAABQAWCnlvdXR1YmUtdWkBbAZnb29nbGXAGMAtAAEAAQAAAAUABKzZDO7ALQABAAEAAAAFAASs2Q9uwC0AAQABAAAABQAErNkHzsAtAAEAAQAAAAUABKzZDU7ALQABAAEAAAAFAASs2aSOwC0AAQABAAAABQAErNkN7sAtAAEAAQAAAAUABKzZpK7ALQABAAEAAAAFAASs2QnOwC0AAQABAAAABQAErNkHrsAtAAEAAQAAAAUABKzZB47ALQABAAEAAAAFAASs2Q9OwC0AAQABAAAABQAErNkF7sAYAAIAAQAAAAUAFAFnDGd0bGQtc2VydmVycwNuZXQAwBgAAgABAAAABQAEAWHBEcAYAAIAAQAAAAUABAFswRHAGAACAAEAAAAFAAQBasERwBgAAgABAAAABQAEAW3BEcAYAAIAAQAAAAUABAFkwRHAGAACAAEAAAAFAAQBacERwBgAAgABAAAABQAEAWvBEcAYAAIAAQAAAAUABAFjwRHAGAACAAEAAAAFAAQBZsERwBgAAgABAAAABQAEAWXBEcAYAAIAAQAAAAUABAFiwRHAGAACAAEAAAAFAAQBaMERwS8AAQABAAAABQAEwAUGHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":50189,"event_start":1565200315.920880} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.5.238","protocol":6,"src_port":39104,"dst_port":443,"event_start":1565200315.921718} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.youtube.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.5.238","protocol":6,"src_port":39104,"dst_port":443,"event_start":1565200315.967432} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.youtube.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f7777772e796f75747562652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020be0b45ef01e460e963be6c6a6b4a3a417b32b6e3948eb2446a2e3056b49b457f\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.5.238","protocol":6,"src_port":39104,"dst_port":443,"event_start":1565200315.967432} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.5.238","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":39104,"event_start":1565200316.015600} {"dns":{"base64":"10oBAAABAAAAAAAAB3R3aXR0ZXIDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":36511,"dst_port":53,"event_start":1565200317.289839} {"dns":{"base64":"1DgBAAABAAAAAAAAB3R3aXR0ZXIDY29tAAAcAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":35429,"dst_port":53,"event_start":1565200317.289914} {"dns":{"base64":"10qBgAABAAIADQANB3R3aXR0ZXIDY29tAAABAAHADAABAAEAAAAFAARo9CpBwAwAAQABAAAABQAEaPQqAcAUAAIAAQAAAAUAFAFhDGd0bGQtc2VydmVycwNuZXQAwBQAAgABAAAABQAEAWbAS8AUAAIAAQAAAAUABAFiwEvAFAACAAEAAAAFAAQBZ8BLwBQAAgABAAAABQAEAWnAS8AUAAIAAQAAAAUABAFqwEvAFAACAAEAAAAFAAQBbMBLwBQAAgABAAAABQAEAWvAS8AUAAIAAQAAAAUABAFtwEvAFAACAAEAAAAFAAQBaMBLwBQAAgABAAAABQAEAWXAS8AUAAIAAQAAAAUABAFjwEvAFAACAAEAAAAFAAQBZMBLwEkAAQABAAAABQAEwAUGHsB5AAEAAQAAAAUABMAhDh7BCQABAAEAAAAFAATAGlwewRkAAQABAAAABQAEwB9QHsD5AAEAAQAAAAUABMAMXh7AaQABAAEAAAAFAATAIzMewIkAAQABAAAABQAEwCpdHsDpAAEAAQAAAAUABMA2cB7AmQABAAEAAAAFAATAK6wewKkAAQABAAAABQAEwDBPHsDJAAEAAQAAAAUABMA0sh7AuQABAAEAAAAFAATAKaIewNkAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36511,"event_start":1565200317.290768} {"dns":{"base64":"1DiBgAABAAAAAQAAB3R3aXR0ZXIDY29tAAAcAAHADAAGAAEAAAAFADwDbnMxA3AyNgZkeW5lY3QDbmV0AAp6b25lLWFkbWluBmR5bmRuc8AUd6KRMQAADhAAAAJYAAk6gAAAADw="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":35429,"event_start":1565200317.321305} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"104.244.42.65","protocol":6,"src_port":42708,"dst_port":443,"event_start":1565200317.321610} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"twitter.com"}},"src_ip":"192.168.113.237","dst_ip":"104.244.42.65","protocol":6,"src_port":42708,"dst_port":443,"event_start":1565200317.365401} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"twitter.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000e00000b747769747465722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020c81253b2a53f659ff93c558972a49012973e7492b2b48a32925f260de3b0c93b\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"104.244.42.65","protocol":6,"src_port":42708,"dst_port":443,"event_start":1565200317.365401} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGcTCCBVmgAwIBAgIQB6JxQM/Z/JSUJ1FPhVVCbzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTAzMDcwMDAwMDBaFw0yMDAzMDcxMjAwMDBaMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRYwFAYDVQQKEw1Ud2l0dGVyLCBJbmMuMQ0wCwYDVQQLEwRhdGxhMRQwEgYDVQQDEwt0d2l0dGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOZX2kcltfrcPTyfAAFtIAgTueiAqeU/k6M3OArrOTRJGLuLCsvj3a+O2Y4cxBvPyhsAgbM+nLlXtf0ziH5SDjJzLO6mVK6T71xZOjI8z01HVkbwqOnFVGPD82XygX4W1oajOt4d1wMpOZoc6B/Lh+y7QCFUvM+xdMD085JyrWZvaGw3oQQq4DbrDBaoWCbSzdbbuRk1xpgctN2xd5rF/n5Mg4UkGByTR/NEfB9luVio+bbTo4tPiKRbwO2nzoGGWMaS8T+UEtTpel3YXPpUsP2fkcPFzpht6eYrOi7qhtaugW8pes3jyPhxxp93tvNH2Or7SaBg6cM6mEiIjN2Ez8sCAwEAAaOCAv4wggL6MB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBSENo9/S2lF5zjBaIIQ7RVsnpEMaTAnBgNVHREEIDAeggt0d2l0dGVyLmNvbYIPd3d3LnR3aXR0ZXIuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWlZVWG+AAAEAwBIMEYCIQCZOt2dMF/436CEFe7BC/fYroy24FfWkERqHaL2fSOmSgIhAKmrYz3oS314+5Mt3tvlAtKZtUMACoNIkUdQ8Wzqpir8AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFpWVVjAwAABAMARzBFAiAQbTBEz6oSpOcpBz1JnXW4hWGRGkV2pwssM9ITkAA81QIhAJPBH6YLyk8idL0ntAig+St39IOsIRyKAosS+wqOwyOCMA0="}]}},"reassembly_properties":{"truncated":true},"src_ip":"104.244.42.65","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42708,"event_start":1565200317.419283} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGcTCCBVmgAwIBAgIQB6JxQM/Z/JSUJ1FPhVVCbzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTAzMDcwMDAwMDBaFw0yMDAzMDcxMjAwMDBaMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRYwFAYDVQQKEw1Ud2l0dGVyLCBJbmMuMQ0wCwYDVQQLEwRhdGxhMRQwEgYDVQQDEwt0d2l0dGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOZX2kcltfrcPTyfAAFtIAgTueiAqeU/k6M3OArrOTRJGLuLCsvj3a+O2Y4cxBvPyhsAgbM+nLlXtf0ziH5SDjJzLO6mVK6T71xZOjI8z01HVkbwqOnFVGPD82XygX4W1oajOt4d1wMpOZoc6B/Lh+y7QCFUvM+xdMD085JyrWZvaGw3oQQq4DbrDBaoWCbSzdbbuRk1xpgctN2xd5rF/n5Mg4UkGByTR/NEfB9luVio+bbTo4tPiKRbwO2nzoGGWMaS8T+UEtTpel3YXPpUsP2fkcPFzpht6eYrOi7qhtaugW8pes3jyPhxxp93tvNH2Or7SaBg6cM6mEiIjN2Ez8sCAwEAAaOCAv4wggL6MB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBSENo9/S2lF5zjBaIIQ7RVsnpEMaTAnBgNVHREEIDAeggt0d2l0dGVyLmNvbYIPd3d3LnR3aXR0ZXIuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWlZVWG+AAAEAwBIMEYCIQCZOt2dMF/436CEFe7BC/fYroy24FfWkERqHaL2fSOmSgIhAKmrYz3oS314+5Mt3tvlAtKZtUMACoNIkUdQ8Wzqpir8AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFpWVVjAwAABAMARzBFAiAQbTBEz6oSpOcpBz1JnXW4hWGRGkV2pwssM9ITkAA81QIhAJPBH6YLyk8idL0ntAig+St39IOsIRyKAosS+wqOwyOCMA0GCSqGSIb3DQEBCwUAA4IBAQCh0yFFh1vTQMpEgFLa6I5hoheo/LkG6MuWHrRI4raGkQtGbXdbYtudOx8bpb3K12l/B9OcZZWhWiW47pjOgxdny1zkJjyaAc1iye0gt/dKBc8WRtlagBlC9C8tWkhvanppbnc02DvwX97kDWwUFhqFcHLTZhWIB3Q2ztp2XAFMqGFR9YzxmgCugJGVa1RuyY/VViiOFManXW0aPilm8o+cjWN94x510w6osrwiOSpZAJyMQgPCFaCVcLO/2OIPj4SMYsW1Tx9CGdqz5fufSavzmE+t1FJYWgn0YSZ5G3+I4tkMM4rbmDZQIQatunC9SRfZte4tT4yg6LSsLwoQRCjZ"},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"104.244.42.65","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42708,"event_start":1565200317.419555} {"dns":{"base64":"mYUBAAABAAAAAAAACW1pY3Jvc29mdANjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":51332,"dst_port":53,"event_start":1565200317.804832} @@ -53,7 +53,7 @@ {"dns":{"base64":"mYWBgAABAAUABAAFCW1pY3Jvc29mdANjb20AAAEAAcAMAAEAAQAAAAUABA1NobPADAABAAEAAAAFAAQoccjJwAwAAQABAAAABQAEKHBIzcAMAAEAAQAAAAUABChMBA/ADAABAAEAAAAFAARo15Q/wAwAAgABAAAABQAOA25zMgRtc2Z0A25ldADADAACAAEAAAAFAAYDbnM0wH/ADAACAAEAAAAFAAYDbnMxwH/ADAACAAEAAAAFAAYDbnMzwH/AewABAAEAAAAFAATQVAI1wLkAAQABAAAABQAEwd1xNcCnABwAAQAAAAUAECYgAAAAMAAAAAAAAAAAAFPAewAcAAEAAAAFABAmIAAAADIAAAAAAAAAAABTwLkAHAABAAAABQAQJiAAAAA0AAAAAAAAAAAAUw=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":51332,"event_start":1565200317.805690} {"dns":{"base64":"G5qBgAABAAAAAQAACW1pY3Jvc29mdANjb20AABwAAcAMAAYAAQAAAAUAKwNuczEEbXNmdANuZXQABm1zbmhzdMAMeFi6BgAAHCAAAAJYACTqAAAADhA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":59157,"event_start":1565200317.836652} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"13.77.161.179","protocol":6,"src_port":60570,"dst_port":443,"event_start":1565200317.837161} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"microsoft.com"}},"src_ip":"192.168.113.237","dst_ip":"13.77.161.179","protocol":6,"src_port":60570,"dst_port":443,"event_start":1565200317.943160} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"microsoft.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d6d6963726f736f66742e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020891dd88c9a9dc1eb37f35c68408e0307e50d5eea2882257bb90ee7b6e000d401\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"13.77.161.179","protocol":6,"src_port":60570,"dst_port":443,"event_start":1565200317.943160} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIISXDCCEESgAwIBAgITFgAFDAsp4tFASrt9zwAAAAUMCzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwHhcNMTkwNTE3MDIyOTE1WhcNMjEwNTE3MDIyOTE1WjAaMRgwFgYDVQQDDA8qLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmepkIe+jvvXqtZVvd5Gt1L0xFOI+0SniOz35tKL8glkd5X2iUcuN4mPYlNC3LzhDv2H5JeTq0YrRKdfZPb8IzJCgmwELeNySYndxkUTw2HURcPj9o7AyANqviu9b6qR4A6WI6KTkyyc2lojPiuXKtQ10jBtCHNi03UqrLN1i0ZTa4KlfoSEOu39aT/pakk7RrFC57Tqnx48zKOazmBLUOxfaIrCux3JTOaM77VMunfJfSS2R+mMrWr+TQ1s0vyZqf+eBmC3367185InVjNkr7H900I3QVkrATuX2rEOVLwfUF2DurJEazSZDU0SmoTu00Pd4g2SlVSo9xCJqpWtSJAgMBAAGjgg4nMIIOIzB4BgkqhkiG9w0BCQ8EazBpMA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQMEAQIwCwYJYIZIAWUDBAEFMAcGBSsOAwIHMAoGCCqGSIb3DQMHMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWrDqHFNAAAEAwBIMEYCIQD0dwPwU8gcb9ykPsUQ950AxBU1+EHkeJggADmu7bZTKAIhAOU36VVQj80s9Mpk4GLViRJ93sytOdczGm3kfL/6VWFmAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqw6hxSgAABAMARzBFAiEAiDoIHVLz/u85x/JYsnNb/Yntc9kpd6D6at50Y0euGtwCIFfJLvQPHvrjEzGDJQ3ldUKG63aIBPKTE/M9SkEJ41W5AHYAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFqw6hxYQAABAMARzBFAiEA+r5693PaDGW3WBBz1/aQ8V/LuFF4WLkwhaHWsQrPPF0CIFBrAZYpgqAiOf5enLTqpMk9FTDtJHhegtocUWCCaNRtAHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFqw6hyMAAABAMARzBFAiEAtGpR5a6NxYG4"}]}},"reassembly_properties":{"truncated":true},"src_ip":"13.77.161.179","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":60570,"event_start":1565200318.067614} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIISXDCCEESgAwIBAgITFgAFDAsp4tFASrt9zwAAAAUMCzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwHhcNMTkwNTE3MDIyOTE1WhcNMjEwNTE3MDIyOTE1WjAaMRgwFgYDVQQDDA8qLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmepkIe+jvvXqtZVvd5Gt1L0xFOI+0SniOz35tKL8glkd5X2iUcuN4mPYlNC3LzhDv2H5JeTq0YrRKdfZPb8IzJCgmwELeNySYndxkUTw2HURcPj9o7AyANqviu9b6qR4A6WI6KTkyyc2lojPiuXKtQ10jBtCHNi03UqrLN1i0ZTa4KlfoSEOu39aT/pakk7RrFC57Tqnx48zKOazmBLUOxfaIrCux3JTOaM77VMunfJfSS2R+mMrWr+TQ1s0vyZqf+eBmC3367185InVjNkr7H900I3QVkrATuX2rEOVLwfUF2DurJEazSZDU0SmoTu00Pd4g2SlVSo9xCJqpWtSJAgMBAAGjgg4nMIIOIzB4BgkqhkiG9w0BCQ8EazBpMA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQMEAQIwCwYJYIZIAWUDBAEFMAcGBSsOAwIHMAoGCCqGSIb3DQMHMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWrDqHFNAAAEAwBIMEYCIQD0dwPwU8gcb9ykPsUQ950AxBU1+EHkeJggADmu7bZTKAIhAOU36VVQj80s9Mpk4GLViRJ93sytOdczGm3kfL/6VWFmAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqw6hxSgAABAMARzBFAiEAiDoIHVLz/u85x/JYsnNb/Yntc9kpd6D6at50Y0euGtwCIFfJLvQPHvrjEzGDJQ3ldUKG63aIBPKTE/M9SkEJ41W5AHYAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFqw6hxYQAABAMARzBFAiEA+r5693PaDGW3WBBz1/aQ8V/LuFF4WLkwhaHWsQrPPF0CIFBrAZYpgqAiOf5enLTqpMk9FTDtJHhegtocUWCCaNRtAHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFqw6hyMAAABAMARzBFAiEAtGpR5a6NxYG4jDqqjKRptlN/4oKgcG3NddgjY85aiQoCIDtZfPIsKvvi7Dp915kJN2KWpSAjxRyrj3f9VYRdO3HSMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUDy1hz6AvvPkrcPW9hiSibjry2agwCwYDVR0PBAQDAgSwMIIJTwYDVR0RBIIJRjCCCUKCCG1zZG4uY29tggh4Ym94LmNvbYIKKi5saXZlLmNvbYIKKi5tc2RuLmNvbYIKZ2lnamFtLmNvbYIKd2luZG93cy5ubIIKd2luaGVjLmNvbYIKd2luaGVjLm5ldIILKi5henVyZS5iaXqCCyouYXp1cmUubmV0ggsqLmdldGllLmNvbYILKi5tc2RuMi5jb22CCyoubmV0ZnguY29tggsqLnZzc2RrLmNvbYILc3VyZmFjZS5jb22CC3dpbmRvd3MuY29tggwqLmdpZ2phbS5jb22CDCoubXNkbnR2LmNvbYIMKi53aW5kb3dzLm5sggwqLndpbmhlYy5jb22CDCoud2luaGVjLm5ldIIMaG9sb2xlbnMuY29tggxtaWNyb3NvZnQuYXqCDG1pY3Jvc29mdC5iZYIMbWljcm9zb2Z0LmJ5ggxtaWNyb3NvZnQuY2GCDG1pY3Jvc29mdC5jaIIMbWljcm9zb2Z0LmNsggxtaWNyb3NvZnQuY3qCDG1pY3Jvc29mdC5kZYIMbWljcm9zb2Z0LmRrggxtaWNyb3NvZnQuZWWCDG1pY3Jvc29mdC5lc4IMbWljcm9zb2Z0LmV1ggxtaWNyb3NvZnQuZmmCDG1pY3Jvc29mdC5nZYIMbWljcm9zb2Z0LmdyggxtaWNyb3NvZnQuaHWCDG1pY3Jvc29mdC5pc4IMbWljcm9zb2Z0Lml0ggxtaWNyb3NvZnQuanCCDG1pY3Jvc29mdC5sdIIMbWljcm9zb2Z0Lmx1ggxtaWNyb3NvZnQubHaCDG1pY3Jvc29mdC5tZIIMbWljcm9zb2Z0LnBsggxtaWNyb3NvZnQucHSCDG1pY3Jvc29mdC5yb4IMbWljcm9zb2Z0LnJzggxtaWNyb3NvZnQucnWCDG1pY3Jvc29mdC5zZYIMbWljcm9zb2Z0LnNpggxtaWNyb3NvZnQudHaCDG1pY3Jvc29mdC51YYIMbWljcm9zb2Z0LnV6ggxtaWNyb3NvZnQudm6CDSouYml6dGFsay5vcmeCDSouaHlwZXItdi5jb22CDSoubXNkbm1hZy5jb22CDSouc3VyZmFjZS5jb22CDSoudm9ydC1leC5jb22CDSoud2luZG93cy5iaXqCDSoud2luZG93cy5jb22CDWltYWdpbmVjdXAucGyCDW1pY3Jvc29mdC5jYXSCDW1pY3Jvc29mdC5jb22CDiouZnVzZWxhYnMuY29tgg4qLmhvbG9sZW5zLmNvbYIOKi5taWNyb3NvZnQuY2GCDioubWljcm9zb2Z0LmN6gg4qLm1pY3Jvc29mdC5kZYIOKi5taWNyb3NvZnQuZXWCDioubWljcm9zb2Z0Lml0gg4qLm1pY3Jvc29mdC5qcIIOKi5taWNyb3NvZnQucGyCDioubWljcm9zb2Z0LnJ1gg4qLm1zZG53aWtpLmNvbYIPKi5nYW1ldm9pY2UuY29tgg8qLmltYWdpbmVjdXAucGyCDyoubWFjb2ZmaWNlLmNvbYIPKi5taWNyb3NvZnQuY29tghAqLm1pY3Jvc29mdC5iYW5kghAqLm1zbGVhcm5pbmcuY29tghAqLm1zbGVhcm5pbmcub3JnghAqLnBvd2VycG9pbnQuY29tghAqLnNoYXJlcG9pbnQubmV0ghEqLm15bWljcm9zb2Z0LmNvbYIRbWljcm9zb2Z0ZWRnZS5jb22CEW1pY3Jvc29mdGxpbmMuY29tghIqLmFwcHJlYWRpbmVzcy5jb22CEiouZGVwbG95b2ZmaWNlLmNvbYISKi5vZmZpY2V3ZWJhcHAuY29tghIqLnBhcnRuZXJndWlkZS5jb22CEiouc2NyaXB0anVua2llLmNvbYISKi5zeXNpbnRlcm5hbHMuY29tghJtaWNyb3NvZnRjbG91ZC5jb22CEyoubGFzdGRldmVsb3Blci5jb22CEyoubWljcm9zb2Z0YmFuZC5jb22CEyoubWljcm9zb2Z0ZWRnZS5jb22CEyoubWljcm9zb2Z0bGluYy5jb22CEyoubXNkbmdlZWtzcGVhay5jb22CEyouc3RhcnR1cGNlbnRlci5jb22CEyoud2luZG93c21vYmlsZS5jb22CFCouY2xpZW50c2VjdXJpdHkuY29tghQqLmNsaWVudHNlY3VyaXR5Lm5ldIIUKi5jbGllbnRzZWN1cml0eS5vcmeCFCoubWljcm9zb2Z0Y2xvdWQuY29tghQqLnBvd2VycG9pbnRsaXZlLmNvbYIUKi53aW5kb3dzY2F0YWxvZy5jb22CFSoubWljcm9zb2Z0aGVhbHRoLmNvbYIVKi5teXdpbmRvd3Ntb2JpbGUuY29tghUqLnBvd2VycG9pbnRyYWRpby5jb22CFSouc2hhcmVwb2ludHBlZGlhLmNvbYIVKi53aW5kb3dzZGVmZW5kZXIuY29tghUqLndpbmRvd3NkZWZlbmRlci5uZXSCFSoud2luZG93c2RlZmVuZGVyLm9yZ4IVKi53aW5kb3dzZW1iZWRkZWQuY29tghYqLm1pY3Jvc29mdHN1cmZhY2UuY29tghYqLm1pY3Jvc29mdHdpbmRvd3MuY29tghYqLm1vYmlsZXBjcGFydG5lcnMuY29tghZ3aW5kb3dzbWFya2V0cGxhY2UuY29tghcqLmRldmVsb3BvbmJpbmdtYXBzLmNvbYIXKi5taWNyb3NvZnRiaXpzcGFyay5jb22CFyoubWljcm9zb2Z0ZHluYW1pY3MuY29tghcqLm1pY3Jvc29mdGxlYXJuaW5nLm5ldIIXKi5taWNyb3NvZnRsZWFybmluZy5vcmeCFyoud2luZG93c3Bvd2Vyc2hlbGwub3JnghgqLm1pY3Jvc29mdGl0YWNhZGVteS5jb22CGCoucGFydG5lcnNpbmxlYXJuaW5nLmNvbYIYKi53aW5kb3dzbWFya2V0cGxhY2UuY29tghoqLm1pY3Jvc29mdGdhbWVzdHVkaW9zLmNvbYIbKi5tc3NoYXJlcG9pbnRjb21tdW5pdHkuY29tghsqLm15c2hhcmVwb2ludGNvbW11bml0eS5jb22CHCouYnVzaW5lc3NyZWFkeWxpY2Vuc2luZy5jb22CHCoucmV0YWlsZXhwZXJpZW5jZWNlbnRlci5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBR6e4zBz+egyhzUa/r74TPDDxqinTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBACrMnCZR6pFRSGNDpUy1NYBlfZBFb94OgEhu+Prmq390badYhGb9opwkd+1TohltyGTAJqdaxP7ubmqYjAquEj6eZ1B9JvgelFNhDxeyaE5imUSH/J2+P7HXh4hE/acZAQtE6J6AhohLogWgvjidwlocqdlD7RT14RFW4faLgvAGJAa1zyNAlIhOY2LAb/VA6jmKv13XKnxA+iQ0dMQFBmvEpuH5bX3D8BQ3R3WLlZN6NJ9HuVhvJ7lv9UT0nYAWNGf2jOwH2MsBOeEN9q0mXTeEizfJUc2O9JOUPiJXtvvVvHmnZdF3Mk8ENL/f5k/jk+2PagfjFBQqVJJ1XBH+ndXesbEp6RkBytF/8ubvIAa9Kuel7FJjQTN8eVik2GNnQICHISgYXj8V5MKd/AmrWwBivRY5PAL0IKWjlZ39WWH7smocPgCuHqM7usme7I5ToujwomY9Z7XoewARy+sOt9qgZJ9QaPlKVXB3m+8fxjGtnyP+kBkBtX6ATkai4lcQg/Au+w9JWZZqNjCjU2dRq2GVz2uSAq/k8kKMcEr7kUlS96k9OxkH4LMhcaF/6/fZzEK/urLWlydQ8QuGlfgZkU3L8iFxVtZETFZQNYPR1KjylPhWKR3V1FtM2dtJ6nWC5UNhJHDkPsRnfp7gEvH7VgqVqMgAxIOxGqicYL66amu/"},{"base64":"MIIFtDCCBJygAwIBAgIQC2qzsD6xqfbEYJJqqM3+szANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTIzOFoXDTI0MDUyMDEyNTIzOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq+XrXaNrOZ71NIgSux1SJl19CQvGeY6rtw7fGbLd7g/27vRW5Ebikg/iZwvjHHGk1EFztMuZFo6/d32wrx5s7XEuwwh3Sl6Sruxa0EiB0MXpoPV6jx6NXtOtksDaxpE1MSC5OQTNECo8lx0AnpkYGAnPS5fkyfwA8AxanTboskDBSqyEKKo9Rhgrp4qs9K9LqH5JQsdiIMDmpztd65Afu4rYnJDjOrFswpTOPjJry3GzQS65xeFd2FkngvvhSA1+6ATx+QEnQfqUWn3FMLu2utcRm4j6AcxuS5K5+Hg8y5xomhZmiNCTsCqDLpcRHX6BIGHksLmbnG5TlZUixtm9dRC62XWMPD8d0Jb4M0V7ex9UM+VIl6cFJKLb0dyVriAqfZaJSHuSetAksd5IEfdnPLTf+Fhg9U97NGjm/awmCLbzLEPbT8QW0JsMcYexB2uG3Y+gsftm2tjL6fLwZeWO2BzqL7otZPFe0BtQsgyFSs87yC4qanWMwK5c2enAfH182pzjvUqwYAeCK31dyBCvLmKM3Jr94dm5WUiXQhrDUIELH4Mia+SbvCkigv2AUVx1Xw41wt1/L3pnnz2OW4y7r530zAz7qB+dIcHz51IaXc4UV21QuEnusQsn0uJpJxJuxsAmPuekKxuLUzgG+hqHOuBLf5kWTlk9WWnxcadlZRsCAwEAAaOCAUIwggE+MB0GA1UdDgQWBBR6e4zBz+egyhzUa/r74TPDDxqinTAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAR/nIGOiEKN27I9SkiAmKeRQ7t+gaf77+eJDUX/jmIsrsB4Xjf0YuX/bd38YpyT0k66LMp13SH5LnzF2CHiJJVgr3ZfRNIfwaQOolm552W95XNYA/X4cr2du76mzVIoZh90pMqT4EWx6iWu9El86ZvUNoAmyqo9DUA4/0sO+3lFZt/Fg/Hjsk2IJTwHQG5ElBQmYHgKEIsjnj/7cae1eTK6aCqs0hPpF/kixj/EwItkBE2GGYoOiKa3pXxWe6fbSoXdZNQwwUS1d5ktLa829d2Wf6l1uVW4f5GXDuK+OwO++8SkJHOIBKBujxS43/jQPQMQSBmhxjaMmng9tyPKPK9"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"13.77.161.179","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":60570,"event_start":1565200318.068724} {"dns":{"base64":"CNIBAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":40531,"dst_port":53,"event_start":1565200318.294385} @@ -61,7 +61,7 @@ {"dns":{"base64":"CNKBgAABAAQADQAFA3d3dwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAAFACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAAUANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAAFABkGZTEzNjc4BGRzcGIKYWthbWFpZWRnZcBNwKEAAQABAAAABQAEF8EmYMBNAAIAAQAAAAUAEQFnDGd0bGQtc2VydmVyc8BNwE0AAgABAAAABQAEAWzA2MBNAAIAAQAAAAUABAFmwNjATQACAAEAAAAFAAQBYsDYwE0AAgABAAAABQAEAWTA2MBNAAIAAQAAAAUABAFtwNjATQACAAEAAAAFAAQBYcDYwE0AAgABAAAABQAEAWrA2MBNAAIAAQAAAAUABAFowNjATQACAAEAAAAFAAQBY8DYwE0AAgABAAAABQAEAWnA2MBNAAIAAQAAAAUABAFrwNjATQACAAEAAAAFAAQBZcDYwUMAAQABAAAABQAEwAUGHsETAAEAAQAAAAUABMAhDh7BcwABAAEAAAAFAATAGlwewSMAAQABAAAABQAEwB9QHsGjAAEAAQAAAAUABMAMXh4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":40531,"event_start":1565200318.328999} {"dns":{"base64":"WnWBgAABAAUADAAAA3d3dwltaWNyb3NvZnQDY29tAAAcAAHADAAFAAEAAAAFACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAAUANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAAFABkGZTEzNjc4BGRzcGIKYWthbWFpZWRnZcBNwKEAHAABAAAABQAQJgAUHgACAagAAAAAAAA1bsChABwAAQAAAAUAECYAFB4AAgGKAAAAAAAANW7ArQACAAEAAAAFAAoHbnM3LTE5NMCtwK0AAgABAAAABQAJBmExLTE5MsCtwK0AAgABAAAABQAKB25zMy0xOTTArcCtAAIAAQAAAAUACgdhMTEtMTkywK3ArQACAAEAAAAFAAYDbGEzwK3ArQACAAEAAAAFAAYDbGExwK3ArQACAAEAAAAFAAoHbnM1LTE5NMCtwK0AAgABAAAABQAKB2ExMy0xOTLArcCtAAIAAQAAAAUABwRsYXIywK3ArQACAAEAAAAFAAkGYTYtMTkywK3ArQACAAEAAAAFAAoHYTEyLTE5MsCtwK0AAgABAAAABQAKB25zNi0xOTTArQ=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":43609,"event_start":1565200318.397349} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"23.193.38.96","protocol":6,"src_port":33868,"dst_port":443,"event_start":1565200318.398426} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.microsoft.com"}},"src_ip":"192.168.113.237","dst_ip":"23.193.38.96","protocol":6,"src_port":33868,"dst_port":443,"event_start":1565200318.436809} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.microsoft.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00140000117777772e6d6963726f736f66742e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00205404f78b395491165a10d41833fec7fb2d67649f669b59b21e2800c240c69e16\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"23.193.38.96","protocol":6,"src_port":33868,"dst_port":443,"event_start":1565200318.436809} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHnzCCBYegAwIBAgITFgAAoiZScXH3VKzEFgAAAACiJjANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwHhcNMTgwMTE2MjEyNDAyWhcNMjAwMTE2MjEyNDAyWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEaMBgGA1UEAxMRd3d3Lm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM6uKEPBupNS4BXRWdhU6RzawVP27lFo4eiAOloEHaXYM1DoPUJxxt+uyhwkk8yIZFKLK9AKX0qtqTVFOh3TFk77uGJKlfyugpVs+5sGGffhd0y2cGSyOltJLcf/v31tRjeN/xNi9CeHtcK46ksqgp9kdTDd1IuxDO9fN45LRPZkRuOpNyyXAHlMyVDO4Xfgt8CYH/ssmr1ZqYr98dO9iAiU+eFrz6huBCAJfFzMXWznbpwrsd41TjE5zPJkHaB9BOKuLZySfEQhIRewexFtJXlT88Kj6SfIoe2naZxqDW/tQVVzRxID092mXdVEjL2MZ6GocNk1pPezqY8wOUjgA7AgMBAAGjggL7MIIC9zCBmQYDVR0RBIGRMIGOghVwcml2YWN5Lm1pY3Jvc29mdC5jb22CEWMucy1taWNyb3NvZnQuY29tgg1taWNyb3NvZnQuY29tghFpLnMtbWljcm9zb2Z0LmNvbYIYc3RhdGljdmlldy5taWNyb3NvZnQuY29tghF3d3cubWljcm9zb2Z0LmNvbYITd3d3cWEubWljcm9zb2Z0LmNvbTAdBgNVHQ4EFgQUMqJLlf7sAXZDo1IX+BIPkeyx9OcwHwYDVR0jBBgwFoAUenuMwc/noMoc1Gv6++Ezww8aop0wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3JsMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBgg="}]}},"reassembly_properties":{"truncated":true},"src_ip":"23.193.38.96","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":33868,"event_start":1565200318.475364} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHnzCCBYegAwIBAgITFgAAoiZScXH3VKzEFgAAAACiJjANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwHhcNMTgwMTE2MjEyNDAyWhcNMjAwMTE2MjEyNDAyWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEaMBgGA1UEAxMRd3d3Lm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM6uKEPBupNS4BXRWdhU6RzawVP27lFo4eiAOloEHaXYM1DoPUJxxt+uyhwkk8yIZFKLK9AKX0qtqTVFOh3TFk77uGJKlfyugpVs+5sGGffhd0y2cGSyOltJLcf/v31tRjeN/xNi9CeHtcK46ksqgp9kdTDd1IuxDO9fN45LRPZkRuOpNyyXAHlMyVDO4Xfgt8CYH/ssmr1ZqYr98dO9iAiU+eFrz6huBCAJfFzMXWznbpwrsd41TjE5zPJkHaB9BOKuLZySfEQhIRewexFtJXlT88Kj6SfIoe2naZxqDW/tQVVzRxID092mXdVEjL2MZ6GocNk1pPezqY8wOUjgA7AgMBAAGjggL7MIIC9zCBmQYDVR0RBIGRMIGOghVwcml2YWN5Lm1pY3Jvc29mdC5jb22CEWMucy1taWNyb3NvZnQuY29tgg1taWNyb3NvZnQuY29tghFpLnMtbWljcm9zb2Z0LmNvbYIYc3RhdGljdmlldy5taWNyb3NvZnQuY29tghF3d3cubWljcm9zb2Z0LmNvbYITd3d3cWEubWljcm9zb2Z0LmNvbTAdBgNVHQ4EFgQUMqJLlf7sAXZDo1IX+BIPkeyx9OcwHwYDVR0jBBgwFoAUenuMwc/noMoc1Gv6++Ezww8aop0wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3JsMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCARowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAsGA1UdDwQEAwIEsDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAZQDBGHkYWARoiApsKcns0lfEuovFuh9CQ3ZMVTDjDhvls0IcuddtEvETXdB+h8+vgIx4jC7SmsRrpEH28X06qEZCMd1vPP/rEI9ZYwAnzabB/HRkGsPHv/hkjVbhcsqYVkPyD9MYc+cgRE0Nggh+l2fIuSxrMvFw0iLsE/7ZkyiZFWfLkddu/be7gjoYIbNyS6E2HQkHlexz9QBUMHERUYBuqey+c1l45WTgLJUWsqeIZJ01oekLkdkR4tg1pZbnFjDeRBqFLnUU1RMHlgKodJYPMzBCkZGRk0mCZJDJcZv62HNdT/Zuz4yHLz6KQcjpVZacYyqeBBqJtus5zSJKP8l9MqZYbihsmAlXZdeXPwiB+YEeGGEGi2iDV39eSs6rPCL1BYZ5kvfoBdSfTAPmviK4ezCUuBL/k4YulsrquoAC/Sz+xFVEBK+qdYXczxgFMxXnx6XjxkKGYrf33g6e/9XexHsyWolQhrmbZE3GrTmH9hbqh0bg+95qhk0oq+iDWy3Lj5ZnexabBg/r+szxTNmPp0LIvMcM1YW9hkAyDYuDSB0Yee/p+ByJUeMIT55F/YO/Qtqc7Z2vNvnq/229nly2lg8AVwDliH30hloIffEXMY3xJWwDUG6Uj++g+838tBwUOF9wrBIwh9pI8EQLW9HUROzSg8ALy7tgVWuowFo="},{"base64":"MIIFtDCCBJygAwIBAgIQC2qzsD6xqfbEYJJqqM3+szANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTIzOFoXDTI0MDUyMDEyNTIzOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq+XrXaNrOZ71NIgSux1SJl19CQvGeY6rtw7fGbLd7g/27vRW5Ebikg/iZwvjHHGk1EFztMuZFo6/d32wrx5s7XEuwwh3Sl6Sruxa0EiB0MXpoPV6jx6NXtOtksDaxpE1MSC5OQTNECo8lx0AnpkYGAnPS5fkyfwA8AxanTboskDBSqyEKKo9Rhgrp4qs9K9LqH5JQsdiIMDmpztd65Afu4rYnJDjOrFswpTOPjJry3GzQS65xeFd2FkngvvhSA1+6ATx+QEnQfqUWn3FMLu2utcRm4j6AcxuS5K5+Hg8y5xomhZmiNCTsCqDLpcRHX6BIGHksLmbnG5TlZUixtm9dRC62XWMPD8d0Jb4M0V7ex9UM+VIl6cFJKLb0dyVriAqfZaJSHuSetAksd5IEfdnPLTf+Fhg9U97NGjm/awmCLbzLEPbT8QW0JsMcYexB2uG3Y+gsftm2tjL6fLwZeWO2BzqL7otZPFe0BtQsgyFSs87yC4qanWMwK5c2enAfH182pzjvUqwYAeCK31dyBCvLmKM3Jr94dm5WUiXQhrDUIELH4Mia+SbvCkigv2AUVx1Xw41wt1/L3pnnz2OW4y7r530zAz7qB+dIcHz51IaXc4UV21QuEnusQsn0uJpJxJuxsAmPuekKxuLUzgG+hqHOuBLf5kWTlk9WWnxcadlZRsCAwEAAaOCAUIwggE+MB0GA1UdDgQWBBR6e4zBz+egyhzUa/r74TPDDxqinTAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAR/nIGOiEKN27I9SkiAmKeRQ7t+gaf77+eJDUX/jmIsrsB4Xjf0YuX/bd38YpyT0k66LMp13SH5LnzF2CHiJJVgr3ZfRNIfwaQOolm552W95XNYA/X4cr2du76mzVIoZh90pMqT4EWx6iWu9El86ZvUNoAmyqo9DUA4/0sO+3lFZt/Fg/Hjsk2IJTwHQG5ElBQmYHgKEIsjnj/7cae1eTK6aCqs0hPpF/kixj/EwItkBE2GGYoOiKa3pXxWe6fbSoXdZNQwwUS1d5ktLa829d2Wf6l1uVW4f5GXDuK+OwO++8SkJHOIBKBujxS43/jQPQMQSBmhxjaMmng9tyPKPK9"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"23.193.38.96","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":33868,"event_start":1565200318.475686} {"dns":{"base64":"95cBAAABAAAAAAAACGxpbmtlZGluA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":44500,"dst_port":53,"event_start":1565200318.887409} @@ -69,7 +69,7 @@ {"dns":{"base64":"95eBgAABAAEADQAOCGxpbmtlZGluA2NvbQAAAQABwAwAAQABAAAABQAEbK4KCsAVAAIAAQAAAAUAFAFqDGd0bGQtc2VydmVycwNuZXQAwBUAAgABAAAABQAEAWPAPMAVAAIAAQAAAAUABAFnwDzAFQACAAEAAAAFAAQBaMA8wBUAAgABAAAABQAEAWvAPMAVAAIAAQAAAAUABAFkwDzAFQACAAEAAAAFAAQBZcA8wBUAAgABAAAABQAEAWHAPMAVAAIAAQAAAAUABAFtwDzAFQACAAEAAAAFAAQBacA8wBUAAgABAAAABQAEAWzAPMAVAAIAAQAAAAUABAFmwDzAFQACAAEAAAAFAAQBYsA8wLoAAQABAAAABQAEwAUGHsEKAAEAAQAAAAUABMAhDh7AWgABAAEAAAAFAATAGlwewJoAAQABAAAABQAEwB9QHsCqAAEAAQAAAAUABMAMXh7A+gABAAEAAAAFAATAIzMewGoAAQABAAAABQAEwCpdHsB6AAEAAQAAAAUABMA2cB7A2gABAAEAAAAFAATAK6wewDoAAQABAAAABQAEwDBPHsCKAAEAAQAAAAUABMA0sh7A6gABAAEAAAAFAATAKaIewMoAAQABAAAABQAEwDdTHsC6ABwAAQAAAAUAECABBQOoPgAAAAAAAAACADA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":44500,"event_start":1565200318.888279} {"dns":{"base64":"2z6BgAABAAEADQANCGxpbmtlZGluA2NvbQAAHAABwAwAHAABAAAABQAQJiABCcACAAAAAAAAbK4KCsAVAAIAAQAAAAUAFAFpDGd0bGQtc2VydmVycwNuZXQAwBUAAgABAAAABQAEAWPASMAVAAIAAQAAAAUABAFqwEjAFQACAAEAAAAFAAQBYcBIwBUAAgABAAAABQAEAWjASMAVAAIAAQAAAAUABAFtwEjAFQACAAEAAAAFAAQBZcBIwBUAAgABAAAABQAEAWbASMAVAAIAAQAAAAUABAFrwEjAFQACAAEAAAAFAAQBZ8BIwBUAAgABAAAABQAEAWLASMAVAAIAAQAAAAUABAFswEjAFQACAAEAAAAFAAQBZMBIwIYAAQABAAAABQAEwAUGHsD2AAEAAQAAAAUABMAhDh7AZgABAAEAAAAFAATAGlwewRYAAQABAAAABQAEwB9QHsC2AAEAAQAAAAUABMAMXh7AxgABAAEAAAAFAATAIzMewOYAAQABAAAABQAEwCpdHsCWAAEAAQAAAAUABMA2cB7ARgABAAEAAAAFAATAK6wewHYAAQABAAAABQAEwDBPHsDWAAEAAQAAAAUABMA0sh7BBgABAAEAAAAFAATAKaIewKYAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":34101,"event_start":1565200318.924396} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"108.174.10.10","protocol":6,"src_port":38906,"dst_port":443,"event_start":1565200318.924781} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"linkedin.com"}},"src_ip":"192.168.113.237","dst_ip":"108.174.10.10","protocol":6,"src_port":38906,"dst_port":443,"event_start":1565200318.963027} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"linkedin.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000f00000c6c696e6b6564696e2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00201d194f31d76a937d4000fd482165c70888bf544bd9b3b774dd333e1f00a90850\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"108.174.10.10","protocol":6,"src_port":38906,"dst_port":443,"event_start":1565200318.963027} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHTTCCBjWgAwIBAgIQAXBEMNrkYNTuijQQnLcKBDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwNTMwMDAwMDAwWhcNMjAwOTAxMDAwMDAwWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEdMBsGA1UEChMUTGlua2VkSW4gQ29ycG9yYXRpb24xGTAXBgNVBAMTEHd3dy5saW5rZWRpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7EIO7ZCS57AL7mW79kZ0rR3rfWYksMQnt1NQGfbLI88qxIqg6DMp8TNteTfeWQKpy0JFm4zTNjaSmA0UxKLBPERe67/gGAT1xjINNUx/iOFcj1H7y/1gs7SVsJ6JFmCgPIXID8AeOtHYe8dzVpYPAEXIYi93H58menJa11h5gl3Pfh9nkp9J5B3YK9reXIulcu6Kp8YCLcVT+LIrQzO8S46mHsh9sjLOoDeM5nk7C2+kjgFPE00wYweECBFjnzDaFimJa7W6NiZdrTMbJiV0QSlYWCtBm/ex8oRnv69aHwqGU9aFDYXXYe8soq4UzBoxUeUKrILYdTX4csK+VHoMLAgMBAAGjggQAMIID/DAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUlN2Cs4TYrUJ+AeD/6tPeT+VBk80wTAYDVR0RBEUwQ4IQd3d3LmxpbmtlZGluLmNvbYIPbWVkaWEubGljZG4uY29tghBzdGF0aWMubGljZG4uY29tggxsaW5rZWRpbi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAfQGCisGAQQB1nkCBAIEggHkBIIB4AHeAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFjskR9OAAABAMARzBFAiApWVtfQZ+QMpPq3tkEwLmmHnjQnwsQhJ464m1ibJbwyAIhAORfUeW72J63+NpMIXi+AGfoBQ9xeYNwbXfxKlTLmDgHAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFjskR+DQAABAMARjBEAiAK5UFiJQhsItiNIhbXgGWA7QeY0Bf22ZM2s1PYJppHkQIgTGViCUQ8gNEqBBl66H1M9t34DzpHObUkzVMqVVJejV4AdAC72d+8H4pxtZOU"}]}},"reassembly_properties":{"truncated":true},"src_ip":"108.174.10.10","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":38906,"event_start":1565200319.004705} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHTTCCBjWgAwIBAgIQAXBEMNrkYNTuijQQnLcKBDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwNTMwMDAwMDAwWhcNMjAwOTAxMDAwMDAwWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEdMBsGA1UEChMUTGlua2VkSW4gQ29ycG9yYXRpb24xGTAXBgNVBAMTEHd3dy5saW5rZWRpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7EIO7ZCS57AL7mW79kZ0rR3rfWYksMQnt1NQGfbLI88qxIqg6DMp8TNteTfeWQKpy0JFm4zTNjaSmA0UxKLBPERe67/gGAT1xjINNUx/iOFcj1H7y/1gs7SVsJ6JFmCgPIXID8AeOtHYe8dzVpYPAEXIYi93H58menJa11h5gl3Pfh9nkp9J5B3YK9reXIulcu6Kp8YCLcVT+LIrQzO8S46mHsh9sjLOoDeM5nk7C2+kjgFPE00wYweECBFjnzDaFimJa7W6NiZdrTMbJiV0QSlYWCtBm/ex8oRnv69aHwqGU9aFDYXXYe8soq4UzBoxUeUKrILYdTX4csK+VHoMLAgMBAAGjggQAMIID/DAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUlN2Cs4TYrUJ+AeD/6tPeT+VBk80wTAYDVR0RBEUwQ4IQd3d3LmxpbmtlZGluLmNvbYIPbWVkaWEubGljZG4uY29tghBzdGF0aWMubGljZG4uY29tggxsaW5rZWRpbi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAfQGCisGAQQB1nkCBAIEggHkBIIB4AHeAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFjskR9OAAABAMARzBFAiApWVtfQZ+QMpPq3tkEwLmmHnjQnwsQhJ464m1ibJbwyAIhAORfUeW72J63+NpMIXi+AGfoBQ9xeYNwbXfxKlTLmDgHAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFjskR+DQAABAMARjBEAiAK5UFiJQhsItiNIhbXgGWA7QeY0Bf22ZM2s1PYJppHkQIgTGViCUQ8gNEqBBl66H1M9t34DzpHObUkzVMqVVJejV4AdAC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWOyRH4EAAAEAwBFMEMCHz9v4I8sB4+5kYsyF3ZhCj9qq32Cl08uxKCguUuGeAQCIF0bVhp2DAoQuY3ZGURzxUFYb3nH88AmTZLetYEDlm0nAHcAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFjskR/igAABAMASDBGAiEAoAXrwTz48+EEBF+8CnLw8FAT938F+kve/9m6XjuxFdECIQCU6M6OSiUCxlV3y06YoCPqaFpLDpTAujd8x5o2xIRs2TANBgkqhkiG9w0BAQsFAAOCAQEAERzOZXblnmBzczHgqL1Mcr9bt1tkYc9LwHF31Lf2Ky2UR09Dl9p/dWYPxJeVkuEYYhdFyeFBOCW2Xc/S4QtyBRxXFof/AvCoDImEShLI4YazoqBZGgfJsilc9bcVGuULdXuFUgc0HZYbOBD1zLms99NdPKiJQTAFF67cey0Uy9WPQStyxQ3am+wkQrlmtqb2pltH+ZXFGHP6CZ+4cirf85/KseKqffZ4eGxNYn9ZEwzNiCk9lTiZzp0eO7ovzH2FTHI8EZEbfid0EaULYN0YbGLHhdrZq8tPbXNl6ghkH2UFHp/EglHQS2mbwlv6WjourfH/qEzcgeANfrNMEgMicQ=="},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"108.174.10.10","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":38906,"event_start":1565200319.004903} {"dns":{"base64":"mG4BAAABAAAAAAAAA3d3dwhsaW5rZWRpbgNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":43639,"dst_port":53,"event_start":1565200319.095856} @@ -77,7 +77,7 @@ {"dns":{"base64":"mG6BgAABAAMADQAMA3d3dwhsaW5rZWRpbgNjb20AAAEAAcAMAAUAAQAAAAUACgd3d3ctc3JjwBDALgAFAAEAAAAFAAsIcG9wLWVkYTbADMBEAAEAAQAAAAUABGyuC0HAGQACAAEAAAAFABQBZQxndGxkLXNlcnZlcnMDbmV0AMAZAAIAAQAAAAUABAFrwG3AGQACAAEAAAAFAAQBacBtwBkAAgABAAAABQAEAW3AbcAZAAIAAQAAAAUABAFmwG3AGQACAAEAAAAFAAQBY8BtwBkAAgABAAAABQAEAWTAbcAZAAIAAQAAAAUABAFqwG3AGQACAAEAAAAFAAQBaMBtwBkAAgABAAAABQAEAWHAbcAZAAIAAQAAAAUABAFnwG3AGQACAAEAAAAFAAQBbMBtwBkAAgABAAAABQAEAWLAbcELAAEAAQAAAAUABMAFBh7BOwABAAEAAAAFAATAIQ4ewMsAAQABAAAABQAEwBpcHsDbAAEAAQAAAAUABMAfUB7AawABAAEAAAAFAATADF4ewLsAAQABAAAABQAEwCMzHsEbAAEAAQAAAAUABMAqXR7A+wABAAEAAAAFAATANnAewJsAAQABAAAABQAEwCusHsDrAAEAAQAAAAUABMAwTx7AiwABAAEAAAAFAATANLIewSsAAQABAAAABQAEwCmiHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":43639,"event_start":1565200319.096641} {"dns":{"base64":"M3KBgAABAAMADQALA3d3dwhsaW5rZWRpbgNjb20AABwAAcAMAAUAAQAAAAUACgd3d3ctc3JjwBDALgAFAAEAAAAFAAsIcG9wLWVkYTbADMBEABwAAQAAAAUAECYgARlQ4wEBAAAAAGyuC0HAGQACAAEAAAAFABQBYgxndGxkLXNlcnZlcnMDbmV0AMAZAAIAAQAAAAUABAFnwHnAGQACAAEAAAAFAAQBZsB5wBkAAgABAAAABQAEAWHAecAZAAIAAQAAAAUABAFkwHnAGQACAAEAAAAFAAQBa8B5wBkAAgABAAAABQAEAWXAecAZAAIAAQAAAAUABAFjwHnAGQACAAEAAAAFAAQBbcB5wBkAAgABAAAABQAEAWrAecAZAAIAAQAAAAUABAFswHnAGQACAAEAAAAFAAQBacB5wBkAAgABAAAABQAEAWjAecC3AAEAAQAAAAUABMAFBh7AdwABAAEAAAAFAATAIQ4ewPcAAQABAAAABQAEwBpcHsDHAAEAAQAAAAUABMAfUB7A5wABAAEAAAAFAATADF4ewKcAAQABAAAABQAEwCMzHsCXAAEAAQAAAAUABMAqXR7BRwABAAEAAAAFAATANnAewTcAAQABAAAABQAEwCusHsEXAAEAAQAAAAUABMAwTx7A1wABAAEAAAAFAATANLIe"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":53706,"event_start":1565200319.096651} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"108.174.11.65","protocol":6,"src_port":47924,"dst_port":443,"event_start":1565200319.097269} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.linkedin.com"}},"src_ip":"192.168.113.237","dst_ip":"108.174.11.65","protocol":6,"src_port":47924,"dst_port":443,"event_start":1565200319.166463} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.linkedin.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00130000107777772e6c696e6b6564696e2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00207ed8d57dc1127c2bb147f3fbe1af8ff6113761463e905bf8be337b178af0171e\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"108.174.11.65","protocol":6,"src_port":47924,"dst_port":443,"event_start":1565200319.166463} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHTTCCBjWgAwIBAgIQAXBEMNrkYNTuijQQnLcKBDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwNTMwMDAwMDAwWhcNMjAwOTAxMDAwMDAwWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEdMBsGA1UEChMUTGlua2VkSW4gQ29ycG9yYXRpb24xGTAXBgNVBAMTEHd3dy5saW5rZWRpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7EIO7ZCS57AL7mW79kZ0rR3rfWYksMQnt1NQGfbLI88qxIqg6DMp8TNteTfeWQKpy0JFm4zTNjaSmA0UxKLBPERe67/gGAT1xjINNUx/iOFcj1H7y/1gs7SVsJ6JFmCgPIXID8AeOtHYe8dzVpYPAEXIYi93H58menJa11h5gl3Pfh9nkp9J5B3YK9reXIulcu6Kp8YCLcVT+LIrQzO8S46mHsh9sjLOoDeM5nk7C2+kjgFPE00wYweECBFjnzDaFimJa7W6NiZdrTMbJiV0QSlYWCtBm/ex8oRnv69aHwqGU9aFDYXXYe8soq4UzBoxUeUKrILYdTX4csK+VHoMLAgMBAAGjggQAMIID/DAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUlN2Cs4TYrUJ+AeD/6tPeT+VBk80wTAYDVR0RBEUwQ4IQd3d3LmxpbmtlZGluLmNvbYIPbWVkaWEubGljZG4uY29tghBzdGF0aWMubGljZG4uY29tggxsaW5rZWRpbi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAfQGCisGAQQB1nkCBAIEggHkBIIB4AHeAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFjskR9OAAABAMARzBFAiApWVtfQZ+QMpPq3tkEwLmmHnjQnwsQhJ464m1ibJbwyAIhAORfUeW72J63+NpMIXi+AGfoBQ9xeYNwbXfxKlTLmDgHAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFjskR+DQAABAMARjBEAiAK5UFiJQhsItiNIhbXgGWA7QeY0Bf22ZM2s1PYJppHkQIgTGViCUQ8gNEqBBl66H1M9t34DzpHObUkzVMqVVJejV4AdAC72d+8H4pxtZOU"}]}},"reassembly_properties":{"truncated":true},"src_ip":"108.174.11.65","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47924,"event_start":1565200319.231324} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHTTCCBjWgAwIBAgIQAXBEMNrkYNTuijQQnLcKBDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwNTMwMDAwMDAwWhcNMjAwOTAxMDAwMDAwWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEdMBsGA1UEChMUTGlua2VkSW4gQ29ycG9yYXRpb24xGTAXBgNVBAMTEHd3dy5saW5rZWRpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7EIO7ZCS57AL7mW79kZ0rR3rfWYksMQnt1NQGfbLI88qxIqg6DMp8TNteTfeWQKpy0JFm4zTNjaSmA0UxKLBPERe67/gGAT1xjINNUx/iOFcj1H7y/1gs7SVsJ6JFmCgPIXID8AeOtHYe8dzVpYPAEXIYi93H58menJa11h5gl3Pfh9nkp9J5B3YK9reXIulcu6Kp8YCLcVT+LIrQzO8S46mHsh9sjLOoDeM5nk7C2+kjgFPE00wYweECBFjnzDaFimJa7W6NiZdrTMbJiV0QSlYWCtBm/ex8oRnv69aHwqGU9aFDYXXYe8soq4UzBoxUeUKrILYdTX4csK+VHoMLAgMBAAGjggQAMIID/DAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUlN2Cs4TYrUJ+AeD/6tPeT+VBk80wTAYDVR0RBEUwQ4IQd3d3LmxpbmtlZGluLmNvbYIPbWVkaWEubGljZG4uY29tghBzdGF0aWMubGljZG4uY29tggxsaW5rZWRpbi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAfQGCisGAQQB1nkCBAIEggHkBIIB4AHeAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFjskR9OAAABAMARzBFAiApWVtfQZ+QMpPq3tkEwLmmHnjQnwsQhJ464m1ibJbwyAIhAORfUeW72J63+NpMIXi+AGfoBQ9xeYNwbXfxKlTLmDgHAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFjskR+DQAABAMARjBEAiAK5UFiJQhsItiNIhbXgGWA7QeY0Bf22ZM2s1PYJppHkQIgTGViCUQ8gNEqBBl66H1M9t34DzpHObUkzVMqVVJejV4AdAC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWOyRH4EAAAEAwBFMEMCHz9v4I8sB4+5kYsyF3ZhCj9qq32Cl08uxKCguUuGeAQCIF0bVhp2DAoQuY3ZGURzxUFYb3nH88AmTZLetYEDlm0nAHcAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFjskR/igAABAMASDBGAiEAoAXrwTz48+EEBF+8CnLw8FAT938F+kve/9m6XjuxFdECIQCU6M6OSiUCxlV3y06YoCPqaFpLDpTAujd8x5o2xIRs2TANBgkqhkiG9w0BAQsFAAOCAQEAERzOZXblnmBzczHgqL1Mcr9bt1tkYc9LwHF31Lf2Ky2UR09Dl9p/dWYPxJeVkuEYYhdFyeFBOCW2Xc/S4QtyBRxXFof/AvCoDImEShLI4YazoqBZGgfJsilc9bcVGuULdXuFUgc0HZYbOBD1zLms99NdPKiJQTAFF67cey0Uy9WPQStyxQ3am+wkQrlmtqb2pltH+ZXFGHP6CZ+4cirf85/KseKqffZ4eGxNYn9ZEwzNiCk9lTiZzp0eO7ovzH2FTHI8EZEbfid0EaULYN0YbGLHhdrZq8tPbXNl6ghkH2UFHp/EglHQS2mbwlv6WjourfH/qEzcgeANfrNMEgMicQ=="},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"108.174.11.65","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47924,"event_start":1565200319.231660} {"dns":{"base64":"q7UBAAABAAAAAAAACWluc3RhZ3JhbQNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":42910,"dst_port":53,"event_start":1565200319.813362} @@ -85,21 +85,21 @@ {"dns":{"base64":"PW6BgAABAAgADQACCWluc3RhZ3JhbQNjb20AABwAAcAMABwAAQAAAAUAECQG2gD/AAAAAAAAAGsXC33ADAAcAAEAAAAFABAkBtoA/wAAAAAAAAA0FqRWwAwAHAABAAAABQAQJAbaAP8AAAAAAAAAEtHyZsAMABwAAQAAAAUAECQG2gD/AAAAAAAAADQXkOjADAAcAAEAAAAFABAkBtoA/wAAAAAAAAA0BvAwwAwAHAABAAAABQAQJAbaAP8AAAAAAAAAA9BSHsAMABwAAQAAAAUAECQG2gD/AAAAAAAAADZZH7/ADAAcAAEAAAAFABAkBtoA/wAAAAAAAAA27LMfwBYAAgABAAAABQAUAWUMZ3RsZC1zZXJ2ZXJzA25ldADAFgACAAEAAAAFAAQBasENwBYAAgABAAAABQAEAWLBDcAWAAIAAQAAAAUABAFmwQ3AFgACAAEAAAAFAAQBY8ENwBYAAgABAAAABQAEAWjBDcAWAAIAAQAAAAUABAFpwQ3AFgACAAEAAAAFAAQBZ8ENwBYAAgABAAAABQAEAWTBDcAWAAIAAQAAAAUABAFswQ3AFgACAAEAAAAFAAQBbcENwBYAAgABAAAABQAEAWHBDcAWAAIAAQAAAAUABAFrwQ3BywABAAEAAAAFAATABQYewTsAAQABAAAABQAEwCEOHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":50970,"event_start":1565200319.844569} {"dns":{"base64":"q7WBgAABAAgADQAICWluc3RhZ3JhbQNjb20AAAEAAcAMAAEAAQAAAAUABDQsMCbADAABAAEAAAAFAAQ0A2ZYwAwAAQABAAAABQAEA1uH18AMAAEAAQAAAAUABAPTtdjADAABAAEAAAAFAAQDXGuJwAwAAQABAAAABQAEIsVczMAMAAEAAQAAAAUABAPREtDADAABAAEAAAAFAAQDXHeAwBYAAgABAAAABQAUAWQMZ3RsZC1zZXJ2ZXJzA25ldADAFgACAAEAAAAFAAQBa8CtwBYAAgABAAAABQAEAWXArcAWAAIAAQAAAAUABAFtwK3AFgACAAEAAAAFAAQBbMCtwBYAAgABAAAABQAEAWLArcAWAAIAAQAAAAUABAFjwK3AFgACAAEAAAAFAAQBZ8CtwBYAAgABAAAABQAEAWbArcAWAAIAAQAAAAUABAFpwK3AFgACAAEAAAAFAAQBYcCtwBYAAgABAAAABQAEAWrArcAWAAIAAQAAAAUABAFowK3BWwABAAEAAAAFAATABQYewQsAAQABAAAABQAEwCEOHsEbAAEAAQAAAAUABMAaXB7AqwABAAEAAAAFAATAH1AewNsAAQABAAAABQAEwAxeHsE7AAEAAQAAAAUABMAjMx7BKwABAAEAAAAFAATAKl0ewXsAAQABAAAABQAEwDZwHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":42910,"event_start":1565200319.844591} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"52.44.48.38","protocol":6,"src_port":53570,"dst_port":443,"event_start":1565200319.845155} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"instagram.com"}},"src_ip":"192.168.113.237","dst_ip":"52.44.48.38","protocol":6,"src_port":53570,"dst_port":443,"event_start":1565200319.885187} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"instagram.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d696e7374616772616d2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020e7e0dcde0a046cfcab1237bd8136818a96c5e00e4a80972f23a12fcac4f74349\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"52.44.48.38","protocol":6,"src_port":53570,"dst_port":443,"event_start":1565200319.885187} {"fingerprints":{"tls_server":"tls_server/(0303)(1303)((002b00020304)(0033))"},"src_ip":"52.44.48.38","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":53570,"event_start":1565200319.935389} {"dns":{"base64":"oGMBAAABAAAAAAAAA3d3dwlpbnN0YWdyYW0DY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":40723,"dst_port":53,"event_start":1565200320.049847} {"dns":{"base64":"bdQBAAABAAAAAAAAA3d3dwlpbnN0YWdyYW0DY29tAAAcAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":54015,"dst_port":53,"event_start":1565200320.050025} {"dns":{"base64":"bdSBgAABAAIADQALA3d3dwlpbnN0YWdyYW0DY29tAAAcAAHADAAFAAEAAAAFACAPei1wNDItaW5zdGFncmFtBGMxMHIIZmFjZWJvb2vAGsAvABwAAQAAAAUAECoDKIDyNAHl+s6wDAAARCDAGgACAAEAAAAFABQBaQxndGxkLXNlcnZlcnMDbmV0AMAaAAIAAQAAAAUABAFlwHnAGgACAAEAAAAFAAQBYsB5wBoAAgABAAAABQAEAWfAecAaAAIAAQAAAAUABAFrwHnAGgACAAEAAAAFAAQBYcB5wBoAAgABAAAABQAEAWzAecAaAAIAAQAAAAUABAFtwHnAGgACAAEAAAAFAAQBZsB5wBoAAgABAAAABQAEAWPAecAaAAIAAQAAAAUABAFkwHnAGgACAAEAAAAFAAQBasB5wBoAAgABAAAABQAEAWjAecDXAAEAAQAAAAUABMAFBh7ApwABAAEAAAAFAATAIQ4ewRcAAQABAAAABQAEwBpcHsEnAAEAAQAAAAUABMAfUB7AlwABAAEAAAAFAATADF4ewQcAAQABAAAABQAEwCMzHsC3AAEAAQAAAAUABMAqXR7BRwABAAEAAAAFAATANnAewHcAAQABAAAABQAEwCusHsE3AAEAAQAAAAUABMAwTx7AxwABAAEAAAAFAATANLIe"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":54015,"event_start":1565200320.084374} {"dns":{"base64":"oGOBgAABAAIADQAMA3d3dwlpbnN0YWdyYW0DY29tAAABAAHADAAFAAEAAAAFACAPei1wNDItaW5zdGFncmFtBGMxMHIIZmFjZWJvb2vAGsAvAAEAAQAAAAUABB8NXa7AGgACAAEAAAAFABQBaQxndGxkLXNlcnZlcnMDbmV0AMAaAAIAAQAAAAUABAFqwG3AGgACAAEAAAAFAAQBa8BtwBoAAgABAAAABQAEAWPAbcAaAAIAAQAAAAUABAFhwG3AGgACAAEAAAAFAAQBbcBtwBoAAgABAAAABQAEAWbAbcAaAAIAAQAAAAUABAFlwG3AGgACAAEAAAAFAAQBaMBtwBoAAgABAAAABQAEAWfAbcAaAAIAAQAAAAUABAFkwG3AGgACAAEAAAAFAAQBbMBtwBoAAgABAAAABQAEAWLAbcC7AAEAAQAAAAUABMAFBh7BOwABAAEAAAAFAATAIQ4ewKsAAQABAAAABQAEwBpcHsEbAAEAAQAAAAUABMAfUB7A6wABAAEAAAAFAATADF4ewNsAAQABAAAABQAEwCMzHsELAAEAAQAAAAUABMAqXR7A+wABAAEAAAAFAATANnAewGsAAQABAAAABQAEwCusHsCLAAEAAQAAAAUABMAwTx7AmwABAAEAAAAFAATANLIewSsAAQABAAAABQAEwCmiHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":40723,"event_start":1565200320.084392} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"31.13.93.174","protocol":6,"src_port":50634,"dst_port":443,"event_start":1565200320.084987} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.instagram.com"}},"src_ip":"192.168.113.237","dst_ip":"31.13.93.174","protocol":6,"src_port":50634,"dst_port":443,"event_start":1565200320.139625} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.instagram.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00140000117777772e696e7374616772616d2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002059c042390c82040fa8f9da8dd4d9568690aa6b04055c23aa250739d75383e559\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"31.13.93.174","protocol":6,"src_port":50634,"dst_port":443,"event_start":1565200320.139625} {"fingerprints":{"tls_server":"tls_server/(0303)(1303)((002b00020304)(0033))"},"src_ip":"31.13.93.174","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":50634,"event_start":1565200320.196482} {"dns":{"base64":"tpEBAAABAAAAAAAACXdpa2lwZWRpYQNvcmcAAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":45506,"dst_port":53,"event_start":1565200320.441793} {"dns":{"base64":"IBEBAAABAAAAAAAACXdpa2lwZWRpYQNvcmcAABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":36230,"dst_port":53,"event_start":1565200320.441976} {"dns":{"base64":"tpGBgAABAAEABgAKCXdpa2lwZWRpYQNvcmcAAAEAAcAMAAEAAQAAAAUABNBQmuDAFgACAAEAAAAFABkCYTADb3JnC2FmaWxpYXMtbnN0BGluZm8AwBYAAgABAAAABQAFAmMwwD7AFgACAAEAAAAFABUCZDADb3JnC2FmaWxpYXMtbnN0wBbAFgACAAEAAAAFAAUCYTLAPsAWAAIAAQAAAAUABQJiMMB0wBYAAgABAAAABQAFAmIywHTAOwABAAEAAAAFAATHEzgBwJIAAQABAAAABQAEx/lwAcBgAAEAAQAAAAUABMcTNQHAcQABAAEAAAAFAATHEzkBwDsAHAABAAAABQAQIAEFAAAOAAAAAAAAAAAAAcCSABwAAQAAAAUAECABBQAAQAAAAAAAAAAAAAHAowAcAAEAAAAFABAgAQUAAAwAAAAAAAAAAAABwLQAHAABAAAABQAQIAEFAABIAAAAAAAAAAAAAcBgABwAAQAAAAUAECABBQAACwAAAAAAAAAAAAHAcQAcAAEAAAAFABAgAQUAAA8AAAAAAAAAAAAB"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":45506,"event_start":1565200320.487189} {"dns":{"base64":"IBGBgAABAAEABgAMCXdpa2lwZWRpYQNvcmcAABwAAcAMABwAAQAAAAUAECYgAAAIYe0aAAAAAAAAAAHAFgACAAEAAAAFABkCYTADb3JnC2FmaWxpYXMtbnN0BGluZm8AwBYAAgABAAAABQAFAmEywErAFgACAAEAAAAFABUCZDADb3JnC2FmaWxpYXMtbnN0wBbAFgACAAEAAAAFAAUCYzDASsAWAAIAAQAAAAUABQJiMMCAwBYAAgABAAAABQAFAmIywIDARwABAAEAAAAFAATHEzgBwGwAAQABAAAABQAEx/lwAcCvAAEAAQAAAAUABMcTNgHAwAABAAEAAAAFAATH+XgBwJ4AAQABAAAABQAExxM1AcB9AAEAAQAAAAUABMcTOQHARwAcAAEAAAAFABAgAQUAAA4AAAAAAAAAAAABwGwAHAABAAAABQAQIAEFAABAAAAAAAAAAAAAAcCvABwAAQAAAAUAECABBQAADAAAAAAAAAAAAAHAwAAcAAEAAAAFABAgAQUAAEgAAAAAAAAAAAABwJ4AHAABAAAABQAQIAEFAAALAAAAAAAAAAAAAcB9ABwAAQAAAAUAECABBQAADwAAAAAAAAAAAAE="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36230,"event_start":1565200320.525287} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"208.80.154.224","protocol":6,"src_port":51344,"dst_port":443,"event_start":1565200320.525880} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"wikipedia.org"}},"src_ip":"192.168.113.237","dst_ip":"208.80.154.224","protocol":6,"src_port":51344,"dst_port":443,"event_start":1565200320.565853} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"wikipedia.org","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d77696b6970656469612e6f7267\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020107f7f807a8a19e09a5f5fd659f73f5ebc0a3269212aaae9a86e2b31234a1018\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"208.80.154.224","protocol":6,"src_port":51344,"dst_port":443,"event_start":1565200320.565853} {"fingerprints":{"tls_server":"tls_server/(0303)(cca9)((ff01)(000b000403000102)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIIMTCCBxmgAwIBAgIMFkDF1F0uxNlMfXxqMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgxMTA4MjEyMTA0WhcNMTkxMTIyMDc1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNVBAMMDyoud2lraXBlZGlhLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGd1rS7GauMxJ15BmViShjVMjwQJNjjw+OUhnIaqE5QF/q6c/LIvVh4N3473a7J52JcfmlfCrXvDthHzaZNEneKjggWVMIIFkTAOBgNVHQ8BAf8EBAMCA4gwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMIICxQYDVR0RBIICvDCCAriCDyoud2lraXBlZGlhLm9yZ4INd2lraW1lZGlhLm9yZ4INbWVkaWF3aWtpLm9yZ4INd2lraWJvb2tzLm9yZ4IMd2lraWRhdGEub3Jnggx3aWtpbmV3cy5vcmeCDXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeCDndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4IXd2lraW1lZGlhZm91bmRhdGlvbi5vcmeCBncud2lraYISd21mdXNlcmNvbnRlbnQub3JnghEqLm0ud2lraXBlZGlhLm9yZ4IPKi53aWtpbWVkaWEub3JnghEqLm0ud2lraW1lZGlhLm9yZ4IWKi5wbGFuZXQud2lraW1lZGlhLm9yZ4IPKi5tZWRpYXdpa2kub3JnghEqLm0ubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IOKi53aWtpZGF0YS5vcmeCECoubS53aWtpZGF0YS5vcmeCDioud2lraW5ld3Mub3JnghAqLm0ud2lraW5ld3Mub3Jngg8qLndpa2lxdW90ZS5vcmeCESoubS53aWtpcXVvdGUub3JnghAqLndpa2lzb3VyY2Uub3JnghIqLm0ud2lraXNvdXJjZS5vcmeCESoud2lraXZlcnNpdHkub3JnghMqLm0ud2lraXZlcnNpdHkub3JnghAqLndpa2l2b3lhZ2Uub3JnghIq"}]}},"reassembly_properties":{"truncated":true},"src_ip":"208.80.154.224","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":51344,"event_start":1565200320.613668} {"fingerprints":{"tls_server":"tls_server/(0303)(cca9)((ff01)(000b000403000102)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIIMTCCBxmgAwIBAgIMFkDF1F0uxNlMfXxqMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgxMTA4MjEyMTA0WhcNMTkxMTIyMDc1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNVBAMMDyoud2lraXBlZGlhLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGd1rS7GauMxJ15BmViShjVMjwQJNjjw+OUhnIaqE5QF/q6c/LIvVh4N3473a7J52JcfmlfCrXvDthHzaZNEneKjggWVMIIFkTAOBgNVHQ8BAf8EBAMCA4gwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMIICxQYDVR0RBIICvDCCAriCDyoud2lraXBlZGlhLm9yZ4INd2lraW1lZGlhLm9yZ4INbWVkaWF3aWtpLm9yZ4INd2lraWJvb2tzLm9yZ4IMd2lraWRhdGEub3Jnggx3aWtpbmV3cy5vcmeCDXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeCDndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4IXd2lraW1lZGlhZm91bmRhdGlvbi5vcmeCBncud2lraYISd21mdXNlcmNvbnRlbnQub3JnghEqLm0ud2lraXBlZGlhLm9yZ4IPKi53aWtpbWVkaWEub3JnghEqLm0ud2lraW1lZGlhLm9yZ4IWKi5wbGFuZXQud2lraW1lZGlhLm9yZ4IPKi5tZWRpYXdpa2kub3JnghEqLm0ubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IOKi53aWtpZGF0YS5vcmeCECoubS53aWtpZGF0YS5vcmeCDioud2lraW5ld3Mub3JnghAqLm0ud2lraW5ld3Mub3Jngg8qLndpa2lxdW90ZS5vcmeCESoubS53aWtpcXVvdGUub3JnghAqLndpa2lzb3VyY2Uub3JnghIqLm0ud2lraXNvdXJjZS5vcmeCESoud2lraXZlcnNpdHkub3JnghMqLm0ud2lraXZlcnNpdHkub3JnghAqLndpa2l2b3lhZ2Uub3JnghIqLm0ud2lraXZveWFnZS5vcmeCECoud2lrdGlvbmFyeS5vcmeCEioubS53aWt0aW9uYXJ5Lm9yZ4IZKi53aWtpbWVkaWFmb3VuZGF0aW9uLm9yZ4IUKi53bWZ1c2VyY29udGVudC5vcmeCDXdpa2lwZWRpYS5vcmcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSt4NNfC33t2i98DfZjjYpZGMJsijAfBgNVHSMEGDAWgBSW3mHxvRwWKVMcwMx9O4MAQOYafDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZvUzN/YAAAQDAEcwRQIgBATdvSzbd5NwGdtkmJ5SEvEPn6A8hgAsk6GSP6hzWcgCIQDKfHQNtObs/hHPfLgXsVkcnHIbjlNwmWeiukGtGHZFMgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZvUzN8cAAAQDAEcwRQIgYalEnXtd/fPhjq9SXPoSPRhaMmeDs0IMN5o5Y6QTKfUCIQClR1uj+B56K4tGh/mws4qugG1qSD9zfvmx8roKik3HHDANBgkqhkiG9w0BAQsFAAOCAQEAUEJyg/AZo+owG5J/LIk8EIDnyOcanmfgvdjMg8KnpBvh8l3Wb4HmOudluJhIeIbCUMwzEzSGqYQQ78n4wtjLaLwaDgL4WzHOVec2k+rbfmPT6MUCtdlz1PK5/WY9JQyQq6vy+tm3a6Wijy6M8U/TdrJubK5X03SFfRb0pDuFdr2fnkctLRnyCb1w0XHwGXjEcGm1LY42YKwdvbj3WIqumeSEuG4MZtquW6NURKELSil03G/hRHRAHHGx3zXes/jJcpH2GPX9eY9B+R1oHmCE2QF5Y/Bh+uNA2+2Iuj/6UJAOw/Z/8+qZcnLWWnK2Dwzc34C/AUD+Wb71oUcr60+pPg=="},{"base64":"MIIEYjCCA0qgAwIBAgILBAAAAAABMYnGRMkwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwODAyMTAwMDAwWhcNMjIwODAyMTAwMDAwWjBmMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw5sPyOTf8xwpZ0gww5TP37ATsKYScpH1SPvAzSFdMijAi5GXAt9yYidT4vw+JxsjFU127/ys+r741bnSkbZEyLKNtWbwajjlkOT8gy85vnm6JnIY0h4f1c2aRoZHVrR1H3CnNR/4YASrnrqiOpX2MoKCjoSSaJiGXoNJPc367RzknsFI5sStc7rKd+kFAK5AaXUppxDZIje+H7+4/Ue5f7co6jkZjHZTCXpGLmJWQmu6Z0cbTcPSh41ICjir9QhiwHERa1uK2OrkmthCk0g7XO6fM7+FrXbn4Dw1ots2Qh5Sk94ZdqSvL41+bPE+SeATv+WUuYCIOEHc+ldK72y8QIDAQABo4IBKTCCASUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJbeYfG9HBYpUxzAzH07gwBA5hp8MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAugYpwLQZjCERwJQRnrs91NVDQPafuyULI2i1Gvf6VGTMKxP5IfBEreHoFVjb7v3bok3MGI8Nmm3DawGhMfCNvABAzDlfh2FRbfSV6uoVNT5AhcBi1aE0/niqqLJaOfM3Qfuc6D5xSlvr+GlYoeDGk3fpumeS62VYkHBzQn2v9CMmeReq+qS7meVEb2WB58rrVcj0ticRIXSUvGu3dGIpxM2uR/LmQlt4hgVhy5CqeYnfBH6xJnBLjUAfhHvA+wfmyLdOkfQ1A+3o60EQF0m0YsinLPLhTI8DLPMWN11n8aQ5eUmjwF3MVfkhgA/7zuIpalhQ6abX6xwyNrVip8H65g=="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"208.80.154.224","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":51344,"event_start":1565200320.614434} {"dns":{"base64":"xBoBAAABAAAAAAAAA3d3dwl3aWtpcGVkaWEDb3JnAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":42538,"dst_port":53,"event_start":1565200320.713805} @@ -107,7 +107,7 @@ {"dns":{"base64":"xBqBgAABAAIABgAMA3d3dwl3aWtpcGVkaWEDb3JnAAABAAHADAAFAAEAAAAFABEEZHluYQl3aWtpbWVkaWHAGsAvAAEAAQAAAAUABNBQmuDAGgACAAEAAAAFABUCYjIDb3JnC2FmaWxpYXMtbnN0wBrAGgACAAEAAAAFABkCYTIDb3JnC2FmaWxpYXMtbnN0BGluZm8AwBoAAgABAAAABQAFAmMwwIDAGgACAAEAAAAFAAUCZDDAX8AaAAIAAQAAAAUABQJhMMCAwBoAAgABAAAABQAFAmIwwF/AxAABAAEAAAAFAATHEzgBwH0AAQABAAAABQAEx/lwAcDVAAEAAQAAAAUABMcTNgHAXAABAAEAAAAFAATH+XgBwKIAAQABAAAABQAExxM1AcCzAAEAAQAAAAUABMcTOQHAxAAcAAEAAAAFABAgAQUAAA4AAAAAAAAAAAABwH0AHAABAAAABQAQIAEFAABAAAAAAAAAAAAAAcDVABwAAQAAAAUAECABBQAADAAAAAAAAAAAAAHAXAAcAAEAAAAFABAgAQUAAEgAAAAAAAAAAAABwKIAHAABAAAABQAQIAEFAAALAAAAAAAAAAAAAcCzABwAAQAAAAUAECABBQAADwAAAAAAAAAAAAE="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":42538,"event_start":1565200320.745323} {"dns":{"base64":"jPqBgAABAAIABgAMA3d3dwl3aWtpcGVkaWEDb3JnAAAcAAHADAAFAAEAAAAFABEEZHluYQl3aWtpbWVkaWHAGsAvABwAAQAAAAUAECYgAAAIYe0aAAAAAAAAAAHAGgACAAEAAAAFABkCYzADb3JnC2FmaWxpYXMtbnN0BGluZm8AwBoAAgABAAAABQAVAmIyA29yZwthZmlsaWFzLW5zdMAawBoAAgABAAAABQAFAmIwwJDAGgACAAEAAAAFAAUCYTLAa8AaAAIAAQAAAAUABQJkMMCQwBoAAgABAAAABQAFAmEwwGvA4QABAAEAAAAFAATHEzgBwL8AAQABAAAABQAEx/lwAcCuAAEAAQAAAAUABMcTNgHAjQABAAEAAAAFAATH+XgBwGgAAQABAAAABQAExxM1AcDQAAEAAQAAAAUABMcTOQHA4QAcAAEAAAAFABAgAQUAAA4AAAAAAAAAAAABwL8AHAABAAAABQAQIAEFAABAAAAAAAAAAAAAAcCuABwAAQAAAAUAECABBQAADAAAAAAAAAAAAAHAjQAcAAEAAAAFABAgAQUAAEgAAAAAAAAAAAABwGgAHAABAAAABQAQIAEFAAALAAAAAAAAAAAAAcDQABwAAQAAAAUAECABBQAADwAAAAAAAAAAAAE="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":44457,"event_start":1565200320.756902} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"208.80.154.224","protocol":6,"src_port":51346,"dst_port":443,"event_start":1565200320.757754} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.wikipedia.org"}},"src_ip":"192.168.113.237","dst_ip":"208.80.154.224","protocol":6,"src_port":51346,"dst_port":443,"event_start":1565200320.804450} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.wikipedia.org","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00140000117777772e77696b6970656469612e6f7267\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00205b3a195bb238e48f49cbbc354f02d157ce3e8b542570be130dec4dc6e68bf16f\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"208.80.154.224","protocol":6,"src_port":51346,"dst_port":443,"event_start":1565200320.804450} {"fingerprints":{"tls_server":"tls_server/(0303)(cca9)((ff01)(000b000403000102)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIIMTCCBxmgAwIBAgIMFkDF1F0uxNlMfXxqMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgxMTA4MjEyMTA0WhcNMTkxMTIyMDc1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNVBAMMDyoud2lraXBlZGlhLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGd1rS7GauMxJ15BmViShjVMjwQJNjjw+OUhnIaqE5QF/q6c/LIvVh4N3473a7J52JcfmlfCrXvDthHzaZNEneKjggWVMIIFkTAOBgNVHQ8BAf8EBAMCA4gwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMIICxQYDVR0RBIICvDCCAriCDyoud2lraXBlZGlhLm9yZ4INd2lraW1lZGlhLm9yZ4INbWVkaWF3aWtpLm9yZ4INd2lraWJvb2tzLm9yZ4IMd2lraWRhdGEub3Jnggx3aWtpbmV3cy5vcmeCDXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeCDndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4IXd2lraW1lZGlhZm91bmRhdGlvbi5vcmeCBncud2lraYISd21mdXNlcmNvbnRlbnQub3JnghEqLm0ud2lraXBlZGlhLm9yZ4IPKi53aWtpbWVkaWEub3JnghEqLm0ud2lraW1lZGlhLm9yZ4IWKi5wbGFuZXQud2lraW1lZGlhLm9yZ4IPKi5tZWRpYXdpa2kub3JnghEqLm0ubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IOKi53aWtpZGF0YS5vcmeCECoubS53aWtpZGF0YS5vcmeCDioud2lraW5ld3Mub3JnghAqLm0ud2lraW5ld3Mub3Jngg8qLndpa2lxdW90ZS5vcmeCESoubS53aWtpcXVvdGUub3JnghAqLndpa2lzb3VyY2Uub3JnghIqLm0ud2lraXNvdXJjZS5vcmeCESoud2lraXZlcnNpdHkub3JnghMqLm0ud2lraXZlcnNpdHkub3JnghAqLndpa2l2b3lhZ2Uub3JnghIq"}]}},"reassembly_properties":{"truncated":true},"src_ip":"208.80.154.224","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":51346,"event_start":1565200320.851523} {"fingerprints":{"tls_server":"tls_server/(0303)(cca9)((ff01)(000b000403000102)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIIMTCCBxmgAwIBAgIMFkDF1F0uxNlMfXxqMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgxMTA4MjEyMTA0WhcNMTkxMTIyMDc1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNVBAMMDyoud2lraXBlZGlhLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGd1rS7GauMxJ15BmViShjVMjwQJNjjw+OUhnIaqE5QF/q6c/LIvVh4N3473a7J52JcfmlfCrXvDthHzaZNEneKjggWVMIIFkTAOBgNVHQ8BAf8EBAMCA4gwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMIICxQYDVR0RBIICvDCCAriCDyoud2lraXBlZGlhLm9yZ4INd2lraW1lZGlhLm9yZ4INbWVkaWF3aWtpLm9yZ4INd2lraWJvb2tzLm9yZ4IMd2lraWRhdGEub3Jnggx3aWtpbmV3cy5vcmeCDXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeCDndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4IXd2lraW1lZGlhZm91bmRhdGlvbi5vcmeCBncud2lraYISd21mdXNlcmNvbnRlbnQub3JnghEqLm0ud2lraXBlZGlhLm9yZ4IPKi53aWtpbWVkaWEub3JnghEqLm0ud2lraW1lZGlhLm9yZ4IWKi5wbGFuZXQud2lraW1lZGlhLm9yZ4IPKi5tZWRpYXdpa2kub3JnghEqLm0ubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IOKi53aWtpZGF0YS5vcmeCECoubS53aWtpZGF0YS5vcmeCDioud2lraW5ld3Mub3JnghAqLm0ud2lraW5ld3Mub3Jngg8qLndpa2lxdW90ZS5vcmeCESoubS53aWtpcXVvdGUub3JnghAqLndpa2lzb3VyY2Uub3JnghIqLm0ud2lraXNvdXJjZS5vcmeCESoud2lraXZlcnNpdHkub3JnghMqLm0ud2lraXZlcnNpdHkub3JnghAqLndpa2l2b3lhZ2Uub3JnghIqLm0ud2lraXZveWFnZS5vcmeCECoud2lrdGlvbmFyeS5vcmeCEioubS53aWt0aW9uYXJ5Lm9yZ4IZKi53aWtpbWVkaWFmb3VuZGF0aW9uLm9yZ4IUKi53bWZ1c2VyY29udGVudC5vcmeCDXdpa2lwZWRpYS5vcmcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSt4NNfC33t2i98DfZjjYpZGMJsijAfBgNVHSMEGDAWgBSW3mHxvRwWKVMcwMx9O4MAQOYafDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZvUzN/YAAAQDAEcwRQIgBATdvSzbd5NwGdtkmJ5SEvEPn6A8hgAsk6GSP6hzWcgCIQDKfHQNtObs/hHPfLgXsVkcnHIbjlNwmWeiukGtGHZFMgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZvUzN8cAAAQDAEcwRQIgYalEnXtd/fPhjq9SXPoSPRhaMmeDs0IMN5o5Y6QTKfUCIQClR1uj+B56K4tGh/mws4qugG1qSD9zfvmx8roKik3HHDANBgkqhkiG9w0BAQsFAAOCAQEAUEJyg/AZo+owG5J/LIk8EIDnyOcanmfgvdjMg8KnpBvh8l3Wb4HmOudluJhIeIbCUMwzEzSGqYQQ78n4wtjLaLwaDgL4WzHOVec2k+rbfmPT6MUCtdlz1PK5/WY9JQyQq6vy+tm3a6Wijy6M8U/TdrJubK5X03SFfRb0pDuFdr2fnkctLRnyCb1w0XHwGXjEcGm1LY42YKwdvbj3WIqumeSEuG4MZtquW6NURKELSil03G/hRHRAHHGx3zXes/jJcpH2GPX9eY9B+R1oHmCE2QF5Y/Bh+uNA2+2Iuj/6UJAOw/Z/8+qZcnLWWnK2Dwzc34C/AUD+Wb71oUcr60+pPg=="},{"base64":"MIIEYjCCA0qgAwIBAgILBAAAAAABMYnGRMkwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwODAyMTAwMDAwWhcNMjIwODAyMTAwMDAwWjBmMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw5sPyOTf8xwpZ0gww5TP37ATsKYScpH1SPvAzSFdMijAi5GXAt9yYidT4vw+JxsjFU127/ys+r741bnSkbZEyLKNtWbwajjlkOT8gy85vnm6JnIY0h4f1c2aRoZHVrR1H3CnNR/4YASrnrqiOpX2MoKCjoSSaJiGXoNJPc367RzknsFI5sStc7rKd+kFAK5AaXUppxDZIje+H7+4/Ue5f7co6jkZjHZTCXpGLmJWQmu6Z0cbTcPSh41ICjir9QhiwHERa1uK2OrkmthCk0g7XO6fM7+FrXbn4Dw1ots2Qh5Sk94ZdqSvL41+bPE+SeATv+WUuYCIOEHc+ldK72y8QIDAQABo4IBKTCCASUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJbeYfG9HBYpUxzAzH07gwBA5hp8MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAugYpwLQZjCERwJQRnrs91NVDQPafuyULI2i1Gvf6VGTMKxP5IfBEreHoFVjb7v3bok3MGI8Nmm3DawGhMfCNvABAzDlfh2FRbfSV6uoVNT5AhcBi1aE0/niqqLJaOfM3Qfuc6D5xSlvr+GlYoeDGk3fpumeS62VYkHBzQn2v9CMmeReq+qS7meVEb2WB58rrVcj0ticRIXSUvGu3dGIpxM2uR/LmQlt4hgVhy5CqeYnfBH6xJnBLjUAfhHvA+wfmyLdOkfQ1A+3o60EQF0m0YsinLPLhTI8DLPMWN11n8aQ5eUmjwF3MVfkhgA/7zuIpalhQ6abX6xwyNrVip8H65g=="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"208.80.154.224","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":51346,"event_start":1565200320.851714} {"dns":{"base64":"FOMBAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":49777,"dst_port":53,"event_start":1565200321.058045} @@ -115,7 +115,7 @@ {"dns":{"base64":"FOOBgAABAAMADQANBWFwcGxlA2NvbQAAAQABwAwAAQABAAAABQAEEbJgO8AMAAEAAQAAAAUABBGOoDvADAABAAEAAAAFAAQRrOAvwBIAAgABAAAABQAUAWEMZ3RsZC1zZXJ2ZXJzA25ldADAEgACAAEAAAAFAAQBYsBZwBIAAgABAAAABQAEAWXAWcASAAIAAQAAAAUABAFnwFnAEgACAAEAAAAFAAQBbcBZwBIAAgABAAAABQAEAWjAWcASAAIAAQAAAAUABAFqwFnAEgACAAEAAAAFAAQBbMBZwBIAAgABAAAABQAEAWvAWcASAAIAAQAAAAUABAFjwFnAEgACAAEAAAAFAAQBacBZwBIAAgABAAAABQAEAWTAWcASAAIAAQAAAAUABAFmwFnAVwABAAEAAAAFAATABQYewHcAAQABAAAABQAEwCEOHsD3AAEAAQAAAAUABMAaXB7BFwABAAEAAAAFAATAH1AewIcAAQABAAAABQAEwAxeHsEnAAEAAQAAAAUABMAjMx7AlwABAAEAAAAFAATAKl0ewLcAAQABAAAABQAEwDZwHsEHAAEAAQAAAAUABMArrB7AxwABAAEAAAAFAATAME8ewOcAAQABAAAABQAEwDSyHsDXAAEAAQAAAAUABMApoh7ApwABAAEAAAAFAATAN1Me"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":49777,"event_start":1565200321.094171} {"dns":{"base64":"BvqBgAABAAAAAQAABWFwcGxlA2NvbQAAHAABwAwABgABAAAABQApBWFkbnMxwAwKaG9zdG1hc3RlcsAMd8/meAAAA4QAAAOEAB7DAAABUeQ="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":53304,"event_start":1565200321.094206} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"17.178.96.59","protocol":6,"src_port":47956,"dst_port":443,"event_start":1565200321.094698} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"apple.com"}},"src_ip":"192.168.113.237","dst_ip":"17.178.96.59","protocol":6,"src_port":47956,"dst_port":443,"event_start":1565200321.185602} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"apple.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000c0000096170706c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002045856ffc4ea1684f0e913b38752627e148856378d48f1f61d49335a43458d827\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"17.178.96.59","protocol":6,"src_port":47956,"dst_port":443,"event_start":1565200321.185602} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIH8zCCBtugAwIBAgIQCntZYuAq75f9bqCozf4GOzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDcyMDAwMDAwMFoXDTIwMDcyMDEyMDAwMFowgeMxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMRowGAYDVQQLExFJbnRlcm5ldCBTZXJ2aWNlczEWMBQGA1UEAxMNd3d3LmFwcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJVaWbq7ReuQNs4LNpYlxNwolxVkFREluDtvvHdC0dEGXxyl1Htd77fa3WdGsXrckZm/WA6OrGFDi0oxqGsmzqt8UhoL/8u0cMtLo22L3SakDlZNVdsZzHfuWwRkYRWiazWn8y90SECimUDM71NfqdrZAmYtWTah/EIeH0c4W3bv1ZD9qbXlGog3rlqTY2oi2faxAZuTJY2snOgnX50LvNUiHo5IzUuweD/dhPun02Y6hUd0FIJQ4ekA+CtBsf7Ji2Sc42nXeGtiW+0WYsmLzTxSnPdUcp+ad8S9ndCeWokM6dl3Iv177dJIn4aQ71x1TgagkjBYZ1GWjFo2hcbKJ0CAwEAAaOCBA4wggQKMB8GA1UdIwQYMBaAFD3TUKXWoK3u80pgCmXTIdT4+NYPMB0GA1UdDgQWBBT2nT+05RGAUUXkbIsK8871kncHUjCCATYGA1UdEQSCAS0wggEpghRleHRlbnNpb25zLmFwcGxlLmNvbYISZmVlZGJhY2suYXBwbGUuY29tghFnZW5zZXJ2LmFwcGxlLmNvbYIOaGVscC5hcHBsZS5jb22CEWhlbHBvc3guYXBwbGUuY29tghBoZWxwcXQuYXBwbGUuY29tghBpbWFnZXMuYXBwbGUuY29tghdpdHVuZXNwYXJ0bmVyLmFwcGxlLmNvbYIRcHJvaGVscC5hcHBsZS5jb22CEHJlYmF0ZS5hcHBsZS5jb22CG3NhZmFyaS1leHRlbnNpb25zLmFwcGxlLmNvbYIadHJhY2tpbmdzaGlwbWVudC5hcHBsZS5jb22CEnRyYWlsZXJzLmFwcGxlLmNvbYIJYXBwbGUuY29tgg13d3cuYXBwbGUuY29tMA4GA1UdDwE="}]}},"reassembly_properties":{"truncated":true},"src_ip":"17.178.96.59","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47956,"event_start":1565200321.282621} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIH8zCCBtugAwIBAgIQCntZYuAq75f9bqCozf4GOzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDcyMDAwMDAwMFoXDTIwMDcyMDEyMDAwMFowgeMxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMRowGAYDVQQLExFJbnRlcm5ldCBTZXJ2aWNlczEWMBQGA1UEAxMNd3d3LmFwcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJVaWbq7ReuQNs4LNpYlxNwolxVkFREluDtvvHdC0dEGXxyl1Htd77fa3WdGsXrckZm/WA6OrGFDi0oxqGsmzqt8UhoL/8u0cMtLo22L3SakDlZNVdsZzHfuWwRkYRWiazWn8y90SECimUDM71NfqdrZAmYtWTah/EIeH0c4W3bv1ZD9qbXlGog3rlqTY2oi2faxAZuTJY2snOgnX50LvNUiHo5IzUuweD/dhPun02Y6hUd0FIJQ4ekA+CtBsf7Ji2Sc42nXeGtiW+0WYsmLzTxSnPdUcp+ad8S9ndCeWokM6dl3Iv177dJIn4aQ71x1TgagkjBYZ1GWjFo2hcbKJ0CAwEAAaOCBA4wggQKMB8GA1UdIwQYMBaAFD3TUKXWoK3u80pgCmXTIdT4+NYPMB0GA1UdDgQWBBT2nT+05RGAUUXkbIsK8871kncHUjCCATYGA1UdEQSCAS0wggEpghRleHRlbnNpb25zLmFwcGxlLmNvbYISZmVlZGJhY2suYXBwbGUuY29tghFnZW5zZXJ2LmFwcGxlLmNvbYIOaGVscC5hcHBsZS5jb22CEWhlbHBvc3guYXBwbGUuY29tghBoZWxwcXQuYXBwbGUuY29tghBpbWFnZXMuYXBwbGUuY29tghdpdHVuZXNwYXJ0bmVyLmFwcGxlLmNvbYIRcHJvaGVscC5hcHBsZS5jb22CEHJlYmF0ZS5hcHBsZS5jb22CG3NhZmFyaS1leHRlbnNpb25zLmFwcGxlLmNvbYIadHJhY2tpbmdzaGlwbWVudC5hcHBsZS5jb22CEnRyYWlsZXJzLmFwcGxlLmNvbYIJYXBwbGUuY29tgg13d3cuYXBwbGUuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG/WwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFsDybfogAABAMARzBFAiANYeCK4RsTjJyWm00Myizu96qqHAW1JHwjyO7TihtGiQIhAIzHukiG871pfYoOc2B2JqRwcH+BkLZVkCkIfTcrDl9LAHUAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFsDybf4AAABAMARjBEAiA+YJNS/bLKIyT+cpt9NtxKSQSW4/ctVA7wcTBjv2jlLQIgLKt5ld2x1FFDSjldkX+u/mfaIzk8apZ9F/lJeTTf3KIwDQYJKoZIhvcNAQELBQADggEBAGcYjzS/MA7CsV+3FgW5qoz7hNp3M1H1kha1PipJY32edcbWR6DhraZwpb1xfcB8NCIi6IZ/66rhMQvljs4eK5dGMDD25qMeWnFxeby6eqvGig7deN2vZkUoqMElv+WTDwZMy+W+QxZWgRzi5u0x/oM3iIAdSjZ2Oihb7QLMj4li+cIEXv70G8DftG5W7za1+lgySo9kK72mKwbmAr5OEDirSatO9MINGFFqVlIzP1z87wqenvj/13NYjHILzAzhkMlhA2EynbpnoJHlrjLlCOe+HMz1PGzvTa7sA4eBJ0vhcolQ8Tg0K01oglkzQpg3PENgk2pJWaToKO2SB1C7Dgo="},{"base64":"MIIEtjCCA56gAwIBAgIQDHmpRLCMEZUgkmFf4msdgzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowdTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTE0MDIGA1UEAxMrRGlnaUNlcnQgU0hBMiBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdTpARR+JmmFkhLZyeqk0nQOe0MsLAAh/FnKIaFjI5j2ryxQDji0/XspQUYuD0+xZkXMuwYjPrxDKZkIYXLBxA0sFKIKx9om9KxjxKws9LniB8f7zh3VFNfgHk/LhqqqB5LKw2rt2O5Nbd9FLxZS99RStKh4gzikIKHaq7q12TWmFXo/a8aUGxUvBHy/Urynbt/DvTVvo4WiRJV2MBxNO723C3sxIclho3YIeSwTQyJ3DkmF93215SF2AQhcJ1vb/9cuhnhRctWVyh+HA1BV6q3uCe7seT6Ku8hI3UarS2bhjWMnHe1c63YlC3k8wyd7sFOYn4XwHGeLN7x+RAoGTMCAwEAAaOCAUkwggFFMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAWgBSxPsNpA/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbhhgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs1OG9d4Q3A84ytciagRpKkk47RpqF/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi/hw15UJGQmxg7kVkn8TUoE6smftX3eg=="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"17.178.96.59","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47956,"event_start":1565200321.283427} {"dns":{"base64":"xd4BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":37364,"dst_port":53,"event_start":1565200321.512636} @@ -123,7 +123,7 @@ {"dns":{"base64":"J3GBgAABAAUADQABA3d3dwVhcHBsZQNjb20AABwAAcAMAAUAAQAAAAUAGwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AMArAAUAAQAAAAUALwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0C2dsb2JhbHJlZGlyBmFrYWRuc8BBwFIABQABAAAABQAZBWU2ODU4BWRzY2U5CmFrYW1haWVkZ2XAQcCNABwAAQAAAAUAECYAFB4AAgGYAAAAAAAAGsrAjQAcAAEAAAAFABAmABQeAAIBhAAAAAAAABrKwJkAAgABAAAABQAKB25zNy0xOTTAmcCZAAIAAQAAAAUACgdhMTItMTkywJnAmQACAAEAAAAFAAoHYTI4LTE5MsCZwJkAAgABAAAABQAKB25zNS0xOTTAmcCZAAIAAQAAAAUACgduczYtMTk0wJnAmQACAAEAAAAFAAYDbGExwJnAmQACAAEAAAAFAAoHbnMzLTE5NMCZwJkAAgABAAAABQAJBmExLTE5MsCZwJkAAgABAAAABQAKB2ExMy0xOTLAmcCZAAIAAQAAAAUABwRsYXIywJnAmQACAAEAAAAFAAYDbGEzwJnAmQACAAEAAAAFAAkGYTYtMTkywJnAmQACAAEAAAAFAAoHYTExLTE5MsCZwVgAAQABAAAABQAEuBqhwA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":56935,"event_start":1565200321.548794} {"dns":{"base64":"xd6BgAABAAQADQAGA3d3dwVhcHBsZQNjb20AAAEAAcAMAAUAAQAAAAUAGwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AMArAAUAAQAAAAUALwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0C2dsb2JhbHJlZGlyBmFrYWRuc8BBwFIABQABAAAABQAZBWU2ODU4BWRzY2U5CmFrYW1haWVkZ2XAQcCNAAEAAQAAAAUABLgzga7AQQACAAEAAAAFABEBZgxndGxkLXNlcnZlcnPAQcBBAAIAAQAAAAUABAFtwMTAQQACAAEAAAAFAAQBZcDEwEEAAgABAAAABQAEAWLAxMBBAAIAAQAAAAUABAFhwMTAQQACAAEAAAAFAAQBbMDEwEEAAgABAAAABQAEAWjAxMBBAAIAAQAAAAUABAFpwMTAQQACAAEAAAAFAAQBa8DEwEEAAgABAAAABQAEAWTAxMBBAAIAAQAAAAUABAFqwMTAQQACAAEAAAAFAAQBZ8DEwEEAAgABAAAABQAEAWPAxMEPAAEAAQAAAAUABMAFBh7A/wABAAEAAAAFAATAIQ4ewY8AAQABAAAABQAEwBpcHsFfAAEAAQAAAAUABMAfUB7A7wABAAEAAAAFAATADF4ewMIAAQABAAAABQAEwCMzHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":37364,"event_start":1565200321.548812} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"184.51.129.174","protocol":6,"src_port":50196,"dst_port":443,"event_start":1565200321.549929} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.apple.com"}},"src_ip":"192.168.113.237","dst_ip":"184.51.129.174","protocol":6,"src_port":50196,"dst_port":443,"event_start":1565200321.585675} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.apple.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d7777772e6170706c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002013a4af48a5b3d8f4ee0d73b2c581b8ab96fab3df1ae41ca74266ca7f8e137613\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"184.51.129.174","protocol":6,"src_port":50196,"dst_port":443,"event_start":1565200321.585675} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIG8TCCBdmgAwIBAgIQD45OTJz1XqX+Lpsrfv/ejzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDMwNzAwMDAwMFoXDTIwMDMwNzEyMDAwMFowge4xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMSUwIwYDVQQLExxJbnRlcm5ldCBTZXJ2aWNlcyBmb3IgQWthbWFpMRYwFAYDVQQDEw13d3cuYXBwbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7V5dxoW+5Sp4eh93H0IX6sHjda7JOHrgz5/rukdCz2N1JtNMjmwvx7wcuzfJpaDTj+o9AsjoBqGnK0x7kVW8UavnyLiopkk+lEXxAJAmubWvtaAiQSwQUovZ8JHlQHZg/cKx/tBVw08YfSAADItBLC3BCsDhLt74R4SyNk4DX3eQ9vVg2KolEOs3OAN/S0Y2di5m/hjkmzHs1SrbYJDXoNWreZwB9qyHiHNDCOBI8AmsQUBg5JynzL0vx10yMi5C12kvRjDTbhe6HKa6vLViU4nHSu+5+A8lL7R6XAX75P0TRxv/YG9A8g8tUzg/IYdNCLEb09qr1Z6UaUOjol7x6QIDAQABo4IDATCCAv0wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFNj1/23cljBcrYB1/87F950Wc8sWMCoGA1UdEQQjMCGCEGltYWdlcy5hcHBsZS5jb22CDXd3dy5hcHBsZS5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHQ="}]}},"reassembly_properties":{"truncated":true},"src_ip":"184.51.129.174","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":50196,"event_start":1565200321.628019} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIG8TCCBdmgAwIBAgIQD45OTJz1XqX+Lpsrfv/ejzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDMwNzAwMDAwMFoXDTIwMDMwNzEyMDAwMFowge4xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMSUwIwYDVQQLExxJbnRlcm5ldCBTZXJ2aWNlcyBmb3IgQWthbWFpMRYwFAYDVQQDEw13d3cuYXBwbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7V5dxoW+5Sp4eh93H0IX6sHjda7JOHrgz5/rukdCz2N1JtNMjmwvx7wcuzfJpaDTj+o9AsjoBqGnK0x7kVW8UavnyLiopkk+lEXxAJAmubWvtaAiQSwQUovZ8JHlQHZg/cKx/tBVw08YfSAADItBLC3BCsDhLt74R4SyNk4DX3eQ9vVg2KolEOs3OAN/S0Y2di5m/hjkmzHs1SrbYJDXoNWreZwB9qyHiHNDCOBI8AmsQUBg5JynzL0vx10yMi5C12kvRjDTbhe6HKa6vLViU4nHSu+5+A8lL7R6XAX75P0TRxv/YG9A8g8tUzg/IYdNCLEb09qr1Z6UaUOjol7x6QIDAQABo4IDATCCAv0wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFNj1/23cljBcrYB1/87F950Wc8sWMCoGA1UdEQQjMCGCEGltYWdlcy5hcHBsZS5jb22CDXd3dy5hcHBsZS5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAkGA1UdEwQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWlYQtEGAAAEAwBHMEUCIGiBDFSIRXrGhLhlm/2cNID2OJHvz1j5/fNQb62OoK3oAiEAzjKdWz2ii7YESO4BJmzTUKHqfyUMACpCbUINE8CphbwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWlYQtFEAAAEAwBHMEUCIEvUZFLTUvA+2NQ9xUBy7cMEjDwWRl04ArqiHlKq4dq2AiEAo14va8y5NNmkAHDhOpm0DSVt01l3wpiMaqCup+EGczIwDQYJKoZIhvcNAQELBQADggEBAD/ZoRmzfFalieWiMzPj/Lsp29dpdjEvaZeQoQwRC1rLq0FmspvfcdbckpG2F4vTnIM83HynKV26OJebDQfgRsonX0GgwIQeRwDch3n9rz40wm2xRwxSFIGssmy0MLJBYXcHlgVbJjailMJww83BFawzDWBo+hmVPigU3hkV8ktDqwC/VOOvWikPMsvMvn8HMPbZSeYnH8A7nD0u0WzFtg6NF9xIXB/Bfku6jEPKr5l2iJukaGD6wtOH7zkWjEk2LAn5Byoue2E+dnbvdJalrv9rTPd/lkG+nAlBuooc/cJK4QqofnuomKgBXavv2zaz5pNdJwwmwzOTdK95geXURk4="},{"base64":"MIIEtjCCA56gAwIBAgIQDHmpRLCMEZUgkmFf4msdgzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowdTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTE0MDIGA1UEAxMrRGlnaUNlcnQgU0hBMiBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdTpARR+JmmFkhLZyeqk0nQOe0MsLAAh/FnKIaFjI5j2ryxQDji0/XspQUYuD0+xZkXMuwYjPrxDKZkIYXLBxA0sFKIKx9om9KxjxKws9LniB8f7zh3VFNfgHk/LhqqqB5LKw2rt2O5Nbd9FLxZS99RStKh4gzikIKHaq7q12TWmFXo/a8aUGxUvBHy/Urynbt/DvTVvo4WiRJV2MBxNO723C3sxIclho3YIeSwTQyJ3DkmF93215SF2AQhcJ1vb/9cuhnhRctWVyh+HA1BV6q3uCe7seT6Ku8hI3UarS2bhjWMnHe1c63YlC3k8wyd7sFOYn4XwHGeLN7x+RAoGTMCAwEAAaOCAUkwggFFMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAWgBSxPsNpA/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbhhgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs1OG9d4Q3A84ytciagRpKkk47RpqF/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi/hw15UJGQmxg7kVkn8TUoE6smftX3eg=="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"184.51.129.174","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":50196,"event_start":1565200321.628488} {"dns":{"base64":"gpYBAAABAAAAAAAABHBsdXMGZ29vZ2xlA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":49368,"dst_port":53,"event_start":1565200321.807857} @@ -131,21 +131,21 @@ {"dns":{"base64":"/zOBgAABAAEADQANBHBsdXMGZ29vZ2xlA2NvbQAAHAABwAwAHAABAAAABQAQJgf4sEAECBAAAAAAAAAgDsAYAAIAAQAAAAUAFAFhDGd0bGQtc2VydmVycwNuZXQAwBgAAgABAAAABQAEAWrAS8AYAAIAAQAAAAUABAFpwEvAGAACAAEAAAAFAAQBbMBLwBgAAgABAAAABQAEAWfAS8AYAAIAAQAAAAUABAFiwEvAGAACAAEAAAAFAAQBZcBLwBgAAgABAAAABQAEAWTAS8AYAAIAAQAAAAUABAFowEvAGAACAAEAAAAFAAQBY8BLwBgAAgABAAAABQAEAW3AS8AYAAIAAQAAAAUABAFrwEvAGAACAAEAAAAFAAQBZsBLwEkAAQABAAAABQAEwAUGHsCpAAEAAQAAAAUABMAhDh7A6QABAAEAAAAFAATAGlwewMkAAQABAAAABQAEwB9QHsC5AAEAAQAAAAUABMAMXh7BGQABAAEAAAAFAATAIzMewJkAAQABAAAABQAEwCpdHsDZAAEAAQAAAAUABMA2cB7AeQABAAEAAAAFAATAK6wewGkAAQABAAAABQAEwDBPHsEJAAEAAQAAAAUABMA0sh7AiQABAAEAAAAFAATAKaIewPkAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":50088,"event_start":1565200321.844081} {"dns":{"base64":"gpaBgAABAAEADQAOBHBsdXMGZ29vZ2xlA2NvbQAAAQABwAwAAQABAAAABQAErNkPTsAYAAIAAQAAAAUAFAFtDGd0bGQtc2VydmVycwNuZXQAwBgAAgABAAAABQAEAWbAP8AYAAIAAQAAAAUABAFswD/AGAACAAEAAAAFAAQBYcA/wBgAAgABAAAABQAEAWnAP8AYAAIAAQAAAAUABAFlwD/AGAACAAEAAAAFAAQBY8A/wBgAAgABAAAABQAEAWfAP8AYAAIAAQAAAAUABAFowD/AGAACAAEAAAAFAAQBYsA/wBgAAgABAAAABQAEAWTAP8AYAAIAAQAAAAUABAFqwD/AGAACAAEAAAAFAAQBa8A/wH0AAQABAAAABQAEwAUGHsDdAAEAAQAAAAUABMAhDh7ArQABAAEAAAAFAATAGlwewO0AAQABAAAABQAEwB9QHsCdAAEAAQAAAAUABMAMXh7AXQABAAEAAAAFAATAIzMewL0AAQABAAAABQAEwCpdHsDNAAEAAQAAAAUABMA2cB7AjQABAAEAAAAFAATAK6wewP0AAQABAAAABQAEwDBPHsENAAEAAQAAAAUABMA0sh7AbQABAAEAAAAFAATAKaIewD0AAQABAAAABQAEwDdTHsB9ABwAAQAAAAUAECABBQOoPgAAAAAAAAACADA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":49368,"event_start":1565200321.844379} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.15.78","protocol":6,"src_port":38824,"dst_port":443,"event_start":1565200321.844698} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"plus.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.78","protocol":6,"src_port":38824,"dst_port":443,"event_start":1565200321.884634} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"plus.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f706c75732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020a9445473edce2a37860c07d18bec5e5a4e61d19317405323b0c75c4095271546\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.78","protocol":6,"src_port":38824,"dst_port":443,"event_start":1565200321.884634} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.15.78","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":38824,"event_start":1565200321.934416} {"dns":{"base64":"eDwBAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":39152,"dst_port":53,"event_start":1565200322.061311} {"dns":{"base64":"vTUBAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":51559,"dst_port":53,"event_start":1565200322.061512} {"dns":{"base64":"vTWBgAABAAEADQANCGFjY291bnRzBmdvb2dsZQNjb20AABwAAcAMABwAAQAAAAUAECYH+LBABAgUAAAAAAAAIA3AHAACAAEAAAAFABQBZgxndGxkLXNlcnZlcnMDbmV0AMAcAAIAAQAAAAUABAFowE/AHAACAAEAAAAFAAQBY8BPwBwAAgABAAAABQAEAWHAT8AcAAIAAQAAAAUABAFswE/AHAACAAEAAAAFAAQBZcBPwBwAAgABAAAABQAEAWrAT8AcAAIAAQAAAAUABAFkwE/AHAACAAEAAAAFAAQBbcBPwBwAAgABAAAABQAEAWfAT8AcAAIAAQAAAAUABAFiwE/AHAACAAEAAAAFAAQBacBPwBwAAgABAAAABQAEAWvAT8CNAAEAAQAAAAUABMAFBh7A/QABAAEAAAAFAATAIQ4ewH0AAQABAAAABQAEwBpcHsDNAAEAAQAAAAUABMAfUB7ArQABAAEAAAAFAATADF4ewE0AAQABAAAABQAEwCMzHsDtAAEAAQAAAAUABMAqXR7AbQABAAEAAAAFAATANnAewQ0AAQABAAAABQAEwCusHsC9AAEAAQAAAAUABMAwTx7BHQABAAEAAAAFAATANLIewJ0AAQABAAAABQAEwCmiHsDdAAEAAQAAAAUABMA3Ux4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":51559,"event_start":1565200322.111139} {"dns":{"base64":"eDyBgAABAAEADQANCGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAAAUABKzZpI3AHAACAAEAAAAFABQBagxndGxkLXNlcnZlcnMDbmV0AMAcAAIAAQAAAAUABAFiwEPAHAACAAEAAAAFAAQBZsBDwBwAAgABAAAABQAEAWTAQ8AcAAIAAQAAAAUABAFowEPAHAACAAEAAAAFAAQBa8BDwBwAAgABAAAABQAEAWfAQ8AcAAIAAQAAAAUABAFpwEPAHAACAAEAAAAFAAQBYcBDwBwAAgABAAAABQAEAWzAQ8AcAAIAAQAAAAUABAFjwEPAHAACAAEAAAAFAAQBbcBDwBwAAgABAAAABQAEAWXAQ8DRAAEAAQAAAAUABMAFBh7AYQABAAEAAAAFAATAIQ4ewPEAAQABAAAABQAEwBpcHsCBAAEAAQAAAAUABMAfUB7BEQABAAEAAAAFAATADF4ewHEAAQABAAAABQAEwCMzHsCxAAEAAQAAAAUABMAqXR7AkQABAAEAAAAFAATANnAewMEAAQABAAAABQAEwCusHsBBAAEAAQAAAAUABMAwTx7AoQABAAEAAAAFAATANLIewOEAAQABAAAABQAEwCmiHsEBAAEAAQAAAAUABMA3Ux4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":39152,"event_start":1565200322.115491} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":56988,"dst_port":443,"event_start":1565200322.115771} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":56988,"dst_port":443,"event_start":1565200322.155639} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00160000136163636f756e74732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00201e555491cc0242c0953ca912855820368a58ac54645bc8632cdd57ed92fea327\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":56988,"dst_port":443,"event_start":1565200322.155639} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.141","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56988,"event_start":1565200322.206517} {"dns":{"base64":"mjsBAAABAAAAAAAABWFkb2JlA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":33679,"dst_port":53,"event_start":1565200322.506985} {"dns":{"base64":"cD0BAAABAAAAAAAABWFkb2JlA2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":58319,"dst_port":53,"event_start":1565200322.507159} {"dns":{"base64":"cD2BgAABAAAAAQAABWFkb2JlA2NvbQAAHAABwAwABgABAAAABQAwDGFkb2JlLWRucy0wMcAMCmhvc3RtYXN0ZXLADAAAF30AAAcIAAACWAAk6gAAAAEs"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":58319,"event_start":1565200322.541163} {"dns":{"base64":"mjuBgAABAAIADQANBWFkb2JlA2NvbQAAAQABwAwAAQABAAAABQAEwWjXOsAMAAEAAQAAAAUABMCTgszAEgACAAEAAAAFABQBZgxndGxkLXNlcnZlcnMDbmV0AMASAAIAAQAAAAUABAFowEnAEgACAAEAAAAFAAQBbcBJwBIAAgABAAAABQAEAWLAScASAAIAAQAAAAUABAFlwEnAEgACAAEAAAAFAAQBasBJwBIAAgABAAAABQAEAWvAScASAAIAAQAAAAUABAFkwEnAEgACAAEAAAAFAAQBacBJwBIAAgABAAAABQAEAWHAScASAAIAAQAAAAUABAFjwEnAEgACAAEAAAAFAAQBbMBJwBIAAgABAAAABQAEAWfAScDnAAEAAQAAAAUABMAFBh7AhwABAAEAAAAFAATAIQ4ewPcAAQABAAAABQAEwBpcHsDHAAEAAQAAAAUABMAfUB7AlwABAAEAAAAFAATADF4ewEcAAQABAAAABQAEwCMzHsEXAAEAAQAAAAUABMAqXR7AZwABAAEAAAAFAATANnAewNcAAQABAAAABQAEwCusHsCnAAEAAQAAAAUABMAwTx7AtwABAAEAAAAFAATANLIewQcAAQABAAAABQAEwCmiHsB3AAEAAQAAAAUABMA3Ux4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":33679,"event_start":1565200322.541182} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"193.104.215.58","protocol":6,"src_port":60736,"dst_port":443,"event_start":1565200322.541707} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"adobe.com"}},"src_ip":"192.168.113.237","dst_ip":"193.104.215.58","protocol":6,"src_port":60736,"dst_port":443,"event_start":1565200322.674115} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"adobe.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000c00000961646f62652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020d80b8a18cc803147148e087943847b3d267727668a757d71ba17e6ef21ee6f65\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"193.104.215.58","protocol":6,"src_port":60736,"dst_port":443,"event_start":1565200322.674115} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(000a000400020017)(000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIGLzCCBRegAwIBAgIQBLgdEPzovoRDZiFcyFagRzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTcxMjAxMDAwMDAwWhcNMTkxMjA2MTIwMDAwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMSMwIQYDVQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEhMB8GA1UECxMYSVQgTG9hZCBCYWxhbmNlciBTZXJ2aWNlMRswGQYDVQQDExJyZWRpcmVjdC5hZG9iZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ+AXhfq3SFNOkC/hISYptY/6WjBD8HyijBSxrMRcAk+k7CeE3LYMDzKZR8/Zir91LSgrDNI5XscKxdGHRC7kYHZpSLwGjkficBCOj+7RKhyzYErI6Q+M2NjeYz2+enCzFo2CLhymNDBHpzL1jTAokdOV1CB4oeo0WJoLNLXXG/H7QdNCpEgt1RwWO/xO6/ZAVyHe8UOHJ0xS09NXGVV/8prkTPtZZOyjEPdMxInYGWjuSCLcaRUE+1wfjSErUwiUOMWR2M1DjuunAy+tD0pXnWcR186H4iWQJ66bc0ihsm6zIo2v9b6cm0vvT+zV7zCNwMzrHrq8mYuA5lAQS0fLbAgMBAAGjggK7MIICtzAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUVNfxXsNkIlFAdWmRw+BrlbXXo5owgf4GA1UdEQSB9jCB84IScmVkaXJlY3QuYWRvYmUuY29tghl0cmlnZ2VyY2FtcGFpZ24uYWRvYmUuY29tghJjYW1wYWlnbi5hZG9iZS5jb22CFnd3dy5lY2hvc2lnbi5hZG9iZS5jb22CEmVjaG9zaWduLmFkb2JlLmNvbYIVY29tbXVuaXRpZXMuYWRvYmUuY29tgg5lcmVnLmFkb2JlLmNvbYIWd3d3LmNyZWF0aXZlLmFkb2JlLmNvbYIJYWRvYmUuY29tghJ3aWtpZG9jcy5hZG9iZS5jb22CE3RyYW5zbGF0ZS5hZG9iZS5jb22CD3RydXN0LmFkb2JlLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB9/prkxMFbQ9c1ZU8AWA=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"193.104.215.58","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":60736,"event_start":1565200322.813528} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(000a000400020017)(000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIGLzCCBRegAwIBAgIQBLgdEPzovoRDZiFcyFagRzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTcxMjAxMDAwMDAwWhcNMTkxMjA2MTIwMDAwWjCBmjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMSMwIQYDVQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEhMB8GA1UECxMYSVQgTG9hZCBCYWxhbmNlciBTZXJ2aWNlMRswGQYDVQQDExJyZWRpcmVjdC5hZG9iZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ+AXhfq3SFNOkC/hISYptY/6WjBD8HyijBSxrMRcAk+k7CeE3LYMDzKZR8/Zir91LSgrDNI5XscKxdGHRC7kYHZpSLwGjkficBCOj+7RKhyzYErI6Q+M2NjeYz2+enCzFo2CLhymNDBHpzL1jTAokdOV1CB4oeo0WJoLNLXXG/H7QdNCpEgt1RwWO/xO6/ZAVyHe8UOHJ0xS09NXGVV/8prkTPtZZOyjEPdMxInYGWjuSCLcaRUE+1wfjSErUwiUOMWR2M1DjuunAy+tD0pXnWcR186H4iWQJ66bc0ihsm6zIo2v9b6cm0vvT+zV7zCNwMzrHrq8mYuA5lAQS0fLbAgMBAAGjggK7MIICtzAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUVNfxXsNkIlFAdWmRw+BrlbXXo5owgf4GA1UdEQSB9jCB84IScmVkaXJlY3QuYWRvYmUuY29tghl0cmlnZ2VyY2FtcGFpZ24uYWRvYmUuY29tghJjYW1wYWlnbi5hZG9iZS5jb22CFnd3dy5lY2hvc2lnbi5hZG9iZS5jb22CEmVjaG9zaWduLmFkb2JlLmNvbYIVY29tbXVuaXRpZXMuYWRvYmUuY29tgg5lcmVnLmFkb2JlLmNvbYIWd3d3LmNyZWF0aXZlLmFkb2JlLmNvbYIJYWRvYmUuY29tghJ3aWtpZG9jcy5hZG9iZS5jb22CE3RyYW5zbGF0ZS5hZG9iZS5jb22CD3RydXN0LmFkb2JlLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB9/prkxMFbQ9c1ZU8AWEtaUYGrdBMxwUZ/0z3KJaQA26/tsaWnKmTE0819bNhbKzyNnBAJqY670FLLiNnH1uPhLtSKFIK08j6+3gNWV+b1xCsr62oOHaH30T3Z6l1X8mVhsESR77opxYH4qEPKbAijh8xR0nS9mGVTqtOj3sCqWgU3C4JysqHzVeoudR+EmJTGPDcXXiwijaBINOGw6S7/hwqikQQZ9UG3euBAIB9IGoDurpvMmuR+ElFtEZY+Vm3hDIePuM2EN6ahoYYSE4PATAlxDmiQ7Yst7BdCAEyzqxeELmguQ9UyxRWsw9LGy9ZyVt1znk8iiO5a17FT50uc"},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"193.104.215.58","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":60736,"event_start":1565200322.813848} {"dns":{"base64":"N34BAAABAAAAAAAAA3d3dwVhZG9iZQNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":34513,"dst_port":53,"event_start":1565200323.091225} @@ -153,7 +153,7 @@ {"dns":{"base64":"N36BgAABAAQADQAEA3d3dwVhZG9iZQNjb20AAAEAAcAMAAUAAQAAAAUAKwxzc2wtZGVsaXZlcnkFYWRvYmUKY29tLWlvbi1jbgdlZGdla2V5A25ldADAKwAFAAEAAAAFAD8Mc3NsLWRlbGl2ZXJ5BWFkb2JlCmNvbS1pb24tY24HZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwFHAYgAFAAEAAAAFABgFZTc5MzMEZHNjYQpha2FtYWllZGdlwFHArQABAAEAAAAFAAS4MiOhwFEAAgABAAAABQARAWsMZ3RsZC1zZXJ2ZXJzwFHAUQACAAEAAAAFAAQBbcDjwFEAAgABAAAABQAEAWbA48BRAAIAAQAAAAUABAFnwOPAUQACAAEAAAAFAAQBasDjwFEAAgABAAAABQAEAWnA48BRAAIAAQAAAAUABAFowOPAUQACAAEAAAAFAAQBYcDjwFEAAgABAAAABQAEAWzA48BRAAIAAQAAAAUABAFiwOPAUQACAAEAAAAFAAQBY8DjwFEAAgABAAAABQAEAWXA48BRAAIAAQAAAAUABAFkwOPBXgABAAEAAAAFAATABQYewX4AAQABAAAABQAEwCEOHsGOAAEAAQAAAAUABMAaXB7BrgABAAEAAAAFAATAH1Ae"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":34513,"event_start":1565200323.137992} {"dns":{"base64":"LX+BgAABAAUADAAAA3d3dwVhZG9iZQNjb20AABwAAcAMAAUAAQAAAAUAKwxzc2wtZGVsaXZlcnkFYWRvYmUKY29tLWlvbi1jbgdlZGdla2V5A25ldADAKwAFAAEAAAAFAD8Mc3NsLWRlbGl2ZXJ5BWFkb2JlCmNvbS1pb24tY24HZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwFHAYgAFAAEAAAAFABgFZTc5MzMEZHNjYQpha2FtYWllZGdlwFHArQAcAAEAAAAFABAmABQeAAIBkwAAAAAAAB79wK0AHAABAAAABQAQJgAUHgACAaUAAAAAAAAe/cC4AAIAAQAAAAUABgNsYTPAuMC4AAIAAQAAAAUACgduczYtMTk0wLjAuAACAAEAAAAFAAoHbnM3LTE5NMC4wLgAAgABAAAABQAJBmE2LTE5MsC4wLgAAgABAAAABQAKB25zNS0xOTTAuMC4AAIAAQAAAAUACgdhMTMtMTkywLjAuAACAAEAAAAFAAoHYTExLTE5MsC4wLgAAgABAAAABQAKB2EyOC0xOTLAuMC4AAIAAQAAAAUACgdhMTItMTkywLjAuAACAAEAAAAFAAkGYTEtMTkywLjAuAACAAEAAAAFAAcEbGFyMsC4wLgAAgABAAAABQAGA2xhMcC4"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":58696,"event_start":1565200323.187086} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"184.50.35.161","protocol":6,"src_port":56932,"dst_port":443,"event_start":1565200323.187537} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.adobe.com"}},"src_ip":"192.168.113.237","dst_ip":"184.50.35.161","protocol":6,"src_port":56932,"dst_port":443,"event_start":1565200323.228088} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.adobe.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d7777772e61646f62652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020630f931821f5bdc7ead78e5a86f3ed13c4d45971aca1ed84eae8f4e5aed02e1f\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"184.50.35.161","protocol":6,"src_port":56932,"dst_port":443,"event_start":1565200323.228088} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGNzCCBR+gAwIBAgIQCg503M6e7LVhG69g0BbsbzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA2MDAwMDAwWhcNMjAwMjA1MTIwMDAwWjB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMQswCQYDVQQLEwJJUzEUMBIGA1UEAwwLKi5hZG9iZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxHy02hH5awt6eB0ZB5yfF3ZQO+955tDn+W6IfR+yLQFIi931YwkIxAM7M2VD1bm760h29lI6RiYFpiW0oPUnkt8zEpdayi2OHH5Ap6nQSDlEHW9BQpMXLBVep0HG6e8Qz2uiW84K8qlERWRBoDf7LZkJ+j3VGVPX50rD4BW1SjiHw5Hil+mb9tR6z2OMHFhoMYMYhOL4HSRnv3Nj4Xg1f1BfKwYVt4KZe1rnUmqJFVXk0iwdPv71JYh96Rj1CeaYCSG3PhL1CctmEtzfeVFX++kCM1PXeQsJtGEGiITu2FBBFzdheqTxdC9/LOnM9WgmqhVYoScwqo43O34sUx2oJAgMBAAGjggLhMIIC3TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUKL0O8nlF4pVkpaFcldo1cKl5FJQwIQYDVR0RBBowGIILKi5hZG9iZS5jb22CCWFkb2JlLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFm6OYBSAAABAMARjBEAiAGzoFtL3H38sDIqCoGUtHh+mft+u6+95qWVkiz6tc="}]}},"reassembly_properties":{"truncated":true},"src_ip":"184.50.35.161","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56932,"event_start":1565200323.269655} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGNzCCBR+gAwIBAgIQCg503M6e7LVhG69g0BbsbzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA2MDAwMDAwWhcNMjAwMjA1MTIwMDAwWjB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMQswCQYDVQQLEwJJUzEUMBIGA1UEAwwLKi5hZG9iZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxHy02hH5awt6eB0ZB5yfF3ZQO+955tDn+W6IfR+yLQFIi931YwkIxAM7M2VD1bm760h29lI6RiYFpiW0oPUnkt8zEpdayi2OHH5Ap6nQSDlEHW9BQpMXLBVep0HG6e8Qz2uiW84K8qlERWRBoDf7LZkJ+j3VGVPX50rD4BW1SjiHw5Hil+mb9tR6z2OMHFhoMYMYhOL4HSRnv3Nj4Xg1f1BfKwYVt4KZe1rnUmqJFVXk0iwdPv71JYh96Rj1CeaYCSG3PhL1CctmEtzfeVFX++kCM1PXeQsJtGEGiITu2FBBFzdheqTxdC9/LOnM9WgmqhVYoScwqo43O34sUx2oJAgMBAAGjggLhMIIC3TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUKL0O8nlF4pVkpaFcldo1cKl5FJQwIQYDVR0RBBowGIILKi5hZG9iZS5jb22CCWFkb2JlLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFm6OYBSAAABAMARjBEAiAGzoFtL3H38sDIqCoGUtHh+mft+u6+95qWVkiz6tckEAIgNIqKfTS1ssN9aslsQmNTqxw00g0VQRqLRx/yqDpOEmAAdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWbo5gIhAAAEAwBHMEUCIFCsSzZXC6mRE0/g7xTRXY94byQOwpjY13VAd0nv+VdIAiEA0hop7zM0YHyWGkiK1emLlPEj8tpv2L0uo/eC5AfqdMAwDQYJKoZIhvcNAQELBQADggEBAApznoYz6ONoMxctjevgb6j9S3Nne3QdHSbAHzQeYzClDxIJNp/Ob+38tShcMwpu2lBFb0QL3QNRwOZ5xQk4O0h+ul0t1YVDKJw9Mz2qwuOt4mUp+u764vmHDrvZxJxGQ/c6oTsm4biRKBZbI6PTXwz61DhsQ2jtWNATNGWDsdv6MS2F12blpNFdOVzXVOWRb+E7fbZC9VU0l760VFrYB/UuLJ7xb7+3fN04l1KFQE2wtfwdbVZEdYe72eNxIZDmIPxFFotlyzhdsWoGV3WGXTbjVzc3vb3SRQ3E4QTouANow1YA3wwRJWEarmiPN7L+P4sMrDAYF2im1b2YY2Iem+Y="},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"184.50.35.161","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56932,"event_start":1565200323.270041} {"dns":{"base64":"ZTwBAAABAAAAAAAAAmVuCXdpa2lwZWRpYQNvcmcAAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":58038,"dst_port":53,"event_start":1565200323.465109} @@ -161,7 +161,7 @@ {"dns":{"base64":"oo2BgAABAAIABgAMAmVuCXdpa2lwZWRpYQNvcmcAABwAAcAMAAUAAQAAAAUAEQRkeW5hCXdpa2ltZWRpYcAZwC4AHAABAAAABQAQJiAAAAhh7RoAAAAAAAAAAcAZAAIAAQAAAAUAFQJiMANvcmcLYWZpbGlhcy1uc3TAGcAZAAIAAQAAAAUABQJkMMBqwBkAAgABAAAABQAZAmEyA29yZwthZmlsaWFzLW5zdARpbmZvAMAZAAIAAQAAAAUABQJhMMCcwBkAAgABAAAABQAFAmMwwJzAGQACAAEAAAAFAAUCYjLAasC+AAEAAQAAAAUABMcTOAHAmQABAAEAAAAFAATH+XABwGcAAQABAAAABQAExxM2AcDgAAEAAQAAAAUABMf5eAHAzwABAAEAAAAFAATHEzUBwIgAAQABAAAABQAExxM5AcC+ABwAAQAAAAUAECABBQAADgAAAAAAAAAAAAHAmQAcAAEAAAAFABAgAQUAAEAAAAAAAAAAAAABwGcAHAABAAAABQAQIAEFAAAMAAAAAAAAAAAAAcDgABwAAQAAAAUAECABBQAASAAAAAAAAAAAAAHAzwAcAAEAAAAFABAgAQUAAAsAAAAAAAAAAAABwIgAHAABAAAABQAQIAEFAAAPAAAAAAAAAAAAAQ=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":60058,"event_start":1565200323.504307} {"dns":{"base64":"ZTyBgAABAAIABgAKAmVuCXdpa2lwZWRpYQNvcmcAAAEAAcAMAAUAAQAAAAUAEQRkeW5hCXdpa2ltZWRpYcAZwC4AAQABAAAABQAE0FCa4MAZAAIAAQAAAAUAGQJhMANvcmcLYWZpbGlhcy1uc3QEaW5mbwDAGQACAAEAAAAFABUCYjIDb3JnC2FmaWxpYXMtbnN0wBnAGQACAAEAAAAFAAUCZDDAg8AZAAIAAQAAAAUABQJiMMCDwBkAAgABAAAABQAFAmMwwF7AGQACAAEAAAAFAAUCYTLAXsBbAAEAAQAAAAUABMcTOAHA1AABAAEAAAAFAATH+XABwMMAAQABAAAABQAExxM1AcChAAEAAQAAAAUABMcTOQHAWwAcAAEAAAAFABAgAQUAAA4AAAAAAAAAAAABwNQAHAABAAAABQAQIAEFAABAAAAAAAAAAAAAAcCyABwAAQAAAAUAECABBQAADAAAAAAAAAAAAAHAgAAcAAEAAAAFABAgAQUAAEgAAAAAAAAAAAABwMMAHAABAAAABQAQIAEFAAALAAAAAAAAAAAAAcChABwAAQAAAAUAECABBQAADwAAAAAAAAAAAAE="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":58038,"event_start":1565200323.504438} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"208.80.154.224","protocol":6,"src_port":51360,"dst_port":443,"event_start":1565200323.504965} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"en.wikipedia.org"}},"src_ip":"192.168.113.237","dst_ip":"208.80.154.224","protocol":6,"src_port":51360,"dst_port":443,"event_start":1565200323.548513} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"en.wikipedia.org","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"0013000010656e2e77696b6970656469612e6f7267\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020e4eb77be4c7492c02105cdc0d48f89179ef37f27b3366f2860c120183e546d58\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"208.80.154.224","protocol":6,"src_port":51360,"dst_port":443,"event_start":1565200323.548513} {"fingerprints":{"tls_server":"tls_server/(0303)(cca9)((ff01)(000b000403000102)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIIMTCCBxmgAwIBAgIMFkDF1F0uxNlMfXxqMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgxMTA4MjEyMTA0WhcNMTkxMTIyMDc1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNVBAMMDyoud2lraXBlZGlhLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGd1rS7GauMxJ15BmViShjVMjwQJNjjw+OUhnIaqE5QF/q6c/LIvVh4N3473a7J52JcfmlfCrXvDthHzaZNEneKjggWVMIIFkTAOBgNVHQ8BAf8EBAMCA4gwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMIICxQYDVR0RBIICvDCCAriCDyoud2lraXBlZGlhLm9yZ4INd2lraW1lZGlhLm9yZ4INbWVkaWF3aWtpLm9yZ4INd2lraWJvb2tzLm9yZ4IMd2lraWRhdGEub3Jnggx3aWtpbmV3cy5vcmeCDXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeCDndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4IXd2lraW1lZGlhZm91bmRhdGlvbi5vcmeCBncud2lraYISd21mdXNlcmNvbnRlbnQub3JnghEqLm0ud2lraXBlZGlhLm9yZ4IPKi53aWtpbWVkaWEub3JnghEqLm0ud2lraW1lZGlhLm9yZ4IWKi5wbGFuZXQud2lraW1lZGlhLm9yZ4IPKi5tZWRpYXdpa2kub3JnghEqLm0ubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IOKi53aWtpZGF0YS5vcmeCECoubS53aWtpZGF0YS5vcmeCDioud2lraW5ld3Mub3JnghAqLm0ud2lraW5ld3Mub3Jngg8qLndpa2lxdW90ZS5vcmeCESoubS53aWtpcXVvdGUub3JnghAqLndpa2lzb3VyY2Uub3JnghIqLm0ud2lraXNvdXJjZS5vcmeCESoud2lraXZlcnNpdHkub3JnghMqLm0ud2lraXZlcnNpdHkub3JnghAqLndpa2l2b3lhZ2Uub3JnghIq"}]}},"reassembly_properties":{"truncated":true},"src_ip":"208.80.154.224","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":51360,"event_start":1565200323.593652} {"fingerprints":{"tls_server":"tls_server/(0303)(cca9)((ff01)(000b000403000102)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIIMTCCBxmgAwIBAgIMFkDF1F0uxNlMfXxqMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgxMTA4MjEyMTA0WhcNMTkxMTIyMDc1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNVBAMMDyoud2lraXBlZGlhLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGd1rS7GauMxJ15BmViShjVMjwQJNjjw+OUhnIaqE5QF/q6c/LIvVh4N3473a7J52JcfmlfCrXvDthHzaZNEneKjggWVMIIFkTAOBgNVHQ8BAf8EBAMCA4gwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMIICxQYDVR0RBIICvDCCAriCDyoud2lraXBlZGlhLm9yZ4INd2lraW1lZGlhLm9yZ4INbWVkaWF3aWtpLm9yZ4INd2lraWJvb2tzLm9yZ4IMd2lraWRhdGEub3Jnggx3aWtpbmV3cy5vcmeCDXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeCDndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4IXd2lraW1lZGlhZm91bmRhdGlvbi5vcmeCBncud2lraYISd21mdXNlcmNvbnRlbnQub3JnghEqLm0ud2lraXBlZGlhLm9yZ4IPKi53aWtpbWVkaWEub3JnghEqLm0ud2lraW1lZGlhLm9yZ4IWKi5wbGFuZXQud2lraW1lZGlhLm9yZ4IPKi5tZWRpYXdpa2kub3JnghEqLm0ubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IOKi53aWtpZGF0YS5vcmeCECoubS53aWtpZGF0YS5vcmeCDioud2lraW5ld3Mub3JnghAqLm0ud2lraW5ld3Mub3Jngg8qLndpa2lxdW90ZS5vcmeCESoubS53aWtpcXVvdGUub3JnghAqLndpa2lzb3VyY2Uub3JnghIqLm0ud2lraXNvdXJjZS5vcmeCESoud2lraXZlcnNpdHkub3JnghMqLm0ud2lraXZlcnNpdHkub3JnghAqLndpa2l2b3lhZ2Uub3JnghIqLm0ud2lraXZveWFnZS5vcmeCECoud2lrdGlvbmFyeS5vcmeCEioubS53aWt0aW9uYXJ5Lm9yZ4IZKi53aWtpbWVkaWFmb3VuZGF0aW9uLm9yZ4IUKi53bWZ1c2VyY29udGVudC5vcmeCDXdpa2lwZWRpYS5vcmcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSt4NNfC33t2i98DfZjjYpZGMJsijAfBgNVHSMEGDAWgBSW3mHxvRwWKVMcwMx9O4MAQOYafDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZvUzN/YAAAQDAEcwRQIgBATdvSzbd5NwGdtkmJ5SEvEPn6A8hgAsk6GSP6hzWcgCIQDKfHQNtObs/hHPfLgXsVkcnHIbjlNwmWeiukGtGHZFMgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZvUzN8cAAAQDAEcwRQIgYalEnXtd/fPhjq9SXPoSPRhaMmeDs0IMN5o5Y6QTKfUCIQClR1uj+B56K4tGh/mws4qugG1qSD9zfvmx8roKik3HHDANBgkqhkiG9w0BAQsFAAOCAQEAUEJyg/AZo+owG5J/LIk8EIDnyOcanmfgvdjMg8KnpBvh8l3Wb4HmOudluJhIeIbCUMwzEzSGqYQQ78n4wtjLaLwaDgL4WzHOVec2k+rbfmPT6MUCtdlz1PK5/WY9JQyQq6vy+tm3a6Wijy6M8U/TdrJubK5X03SFfRb0pDuFdr2fnkctLRnyCb1w0XHwGXjEcGm1LY42YKwdvbj3WIqumeSEuG4MZtquW6NURKELSil03G/hRHRAHHGx3zXes/jJcpH2GPX9eY9B+R1oHmCE2QF5Y/Bh+uNA2+2Iuj/6UJAOw/Z/8+qZcnLWWnK2Dwzc34C/AUD+Wb71oUcr60+pPg=="},{"base64":"MIIEYjCCA0qgAwIBAgILBAAAAAABMYnGRMkwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwODAyMTAwMDAwWhcNMjIwODAyMTAwMDAwWjBmMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw5sPyOTf8xwpZ0gww5TP37ATsKYScpH1SPvAzSFdMijAi5GXAt9yYidT4vw+JxsjFU127/ys+r741bnSkbZEyLKNtWbwajjlkOT8gy85vnm6JnIY0h4f1c2aRoZHVrR1H3CnNR/4YASrnrqiOpX2MoKCjoSSaJiGXoNJPc367RzknsFI5sStc7rKd+kFAK5AaXUppxDZIje+H7+4/Ue5f7co6jkZjHZTCXpGLmJWQmu6Z0cbTcPSh41ICjir9QhiwHERa1uK2OrkmthCk0g7XO6fM7+FrXbn4Dw1ots2Qh5Sk94ZdqSvL41+bPE+SeATv+WUuYCIOEHc+ldK72y8QIDAQABo4IBKTCCASUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJbeYfG9HBYpUxzAzH07gwBA5hp8MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAugYpwLQZjCERwJQRnrs91NVDQPafuyULI2i1Gvf6VGTMKxP5IfBEreHoFVjb7v3bok3MGI8Nmm3DawGhMfCNvABAzDlfh2FRbfSV6uoVNT5AhcBi1aE0/niqqLJaOfM3Qfuc6D5xSlvr+GlYoeDGk3fpumeS62VYkHBzQn2v9CMmeReq+qS7meVEb2WB58rrVcj0ticRIXSUvGu3dGIpxM2uR/LmQlt4hgVhy5CqeYnfBH6xJnBLjUAfhHvA+wfmyLdOkfQ1A+3o60EQF0m0YsinLPLhTI8DLPMWN11n8aQ5eUmjwF3MVfkhgA/7zuIpalhQ6abX6xwyNrVip8H65g=="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"208.80.154.224","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":51360,"event_start":1565200323.593859} {"dns":{"base64":"YvYBAAABAAAAAAAABml0dW5lcwVhcHBsZQNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":52922,"dst_port":53,"event_start":1565200323.996782} @@ -169,14 +169,14 @@ {"dns":{"base64":"YvaBgAABAAQADQAHBml0dW5lcwVhcHBsZQNjb20AAAEAAcAMAAUAAQAAAAUAKAppdHVuZXMtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADALgAFAAEAAAAFABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFHAYgAFAAEAAAAFABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFHAiQABAAEAAAAFAAS4MvbFwFEAAgABAAAABQARAWsMZ3RsZC1zZXJ2ZXJzwFHAUQACAAEAAAAFAAQBZcC/wFEAAgABAAAABQAEAW3Av8BRAAIAAQAAAAUABAFhwL/AUQACAAEAAAAFAAQBZsC/wFEAAgABAAAABQAEAWrAv8BRAAIAAQAAAAUABAFowL/AUQACAAEAAAAFAAQBZ8C/wFEAAgABAAAABQAEAWnAv8BRAAIAAQAAAAUABAFiwL/AUQACAAEAAAAFAAQBZMC/wFEAAgABAAAABQAEAWPAv8BRAAIAAQAAAAUABAFswL/A+gABAAEAAAAFAATABQYewVoAAQABAAAABQAEwCEOHsF6AAEAAQAAAAUABMAaXB7BagABAAEAAAAFAATAH1AewNoAAQABAAAABQAEwAxeHsEKAAEAAQAAAAUABMAjMx7BOgABAAEAAAAFAATAKl0e"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":52922,"event_start":1565200324.034333} {"dns":{"base64":"wOCBgAABAAYADQACBml0dW5lcwVhcHBsZQNjb20AABwAAcAMAAUAAQAAAAUAKAppdHVuZXMtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADALgAFAAEAAAAFABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFHAYgAFAAEAAAAFABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFHAiQAcAAEAAAAFABAmABQeAAIBigAAAAAAAAKhwIkAHAABAAAABQAQJgAUHgACAYgAAAAAAAACocCJABwAAQAAAAUAECYAFB4AAgGJAAAAAAAAAqHAUQACAAEAAAAFABEBagxndGxkLXNlcnZlcnPAUcBRAAIAAQAAAAUABAFiwQPAUQACAAEAAAAFAAQBbMEDwFEAAgABAAAABQAEAWjBA8BRAAIAAQAAAAUABAFpwQPAUQACAAEAAAAFAAQBZcEDwFEAAgABAAAABQAEAWPBA8BRAAIAAQAAAAUABAFmwQPAUQACAAEAAAAFAAQBZ8EDwFEAAgABAAAABQAEAWvBA8BRAAIAAQAAAAUABAFtwQPAUQACAAEAAAAFAAQBYcEDwFEAAgABAAAABQAEAWTBA8G+AAEAAQAAAAUABMAFBh7BHgABAAEAAAAFAATAIQ4e"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":51162,"event_start":1565200324.034356} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"184.50.246.197","protocol":6,"src_port":46026,"dst_port":443,"event_start":1565200324.035181} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"itunes.apple.com"}},"src_ip":"192.168.113.237","dst_ip":"184.50.246.197","protocol":6,"src_port":46026,"dst_port":443,"event_start":1565200324.068345} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"itunes.apple.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00130000106974756e65732e6170706c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00208770101eaeb3548b8b17443ae8696b9ad326dcbdbb9cb23686eebafab77b730b\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"184.50.246.197","protocol":6,"src_port":46026,"dst_port":443,"event_start":1565200324.068345} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((002b00020304)(0033))"},"src_ip":"184.50.246.197","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":46026,"event_start":1565200324.110532} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"17.178.96.59","protocol":6,"src_port":47972,"dst_port":443,"event_start":1565200324.284597} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"apple.com"}},"src_ip":"192.168.113.237","dst_ip":"17.178.96.59","protocol":6,"src_port":47972,"dst_port":443,"event_start":1565200324.382348} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"apple.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000c0000096170706c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00201bb8cbeec336637a43d044af887fb9b7bf4b09fdd3769ffe7199e6e6c549a20d\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"17.178.96.59","protocol":6,"src_port":47972,"dst_port":443,"event_start":1565200324.382348} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIH8zCCBtugAwIBAgIQCntZYuAq75f9bqCozf4GOzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDcyMDAwMDAwMFoXDTIwMDcyMDEyMDAwMFowgeMxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMRowGAYDVQQLExFJbnRlcm5ldCBTZXJ2aWNlczEWMBQGA1UEAxMNd3d3LmFwcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJVaWbq7ReuQNs4LNpYlxNwolxVkFREluDtvvHdC0dEGXxyl1Htd77fa3WdGsXrckZm/WA6OrGFDi0oxqGsmzqt8UhoL/8u0cMtLo22L3SakDlZNVdsZzHfuWwRkYRWiazWn8y90SECimUDM71NfqdrZAmYtWTah/EIeH0c4W3bv1ZD9qbXlGog3rlqTY2oi2faxAZuTJY2snOgnX50LvNUiHo5IzUuweD/dhPun02Y6hUd0FIJQ4ekA+CtBsf7Ji2Sc42nXeGtiW+0WYsmLzTxSnPdUcp+ad8S9ndCeWokM6dl3Iv177dJIn4aQ71x1TgagkjBYZ1GWjFo2hcbKJ0CAwEAAaOCBA4wggQKMB8GA1UdIwQYMBaAFD3TUKXWoK3u80pgCmXTIdT4+NYPMB0GA1UdDgQWBBT2nT+05RGAUUXkbIsK8871kncHUjCCATYGA1UdEQSCAS0wggEpghRleHRlbnNpb25zLmFwcGxlLmNvbYISZmVlZGJhY2suYXBwbGUuY29tghFnZW5zZXJ2LmFwcGxlLmNvbYIOaGVscC5hcHBsZS5jb22CEWhlbHBvc3guYXBwbGUuY29tghBoZWxwcXQuYXBwbGUuY29tghBpbWFnZXMuYXBwbGUuY29tghdpdHVuZXNwYXJ0bmVyLmFwcGxlLmNvbYIRcHJvaGVscC5hcHBsZS5jb22CEHJlYmF0ZS5hcHBsZS5jb22CG3NhZmFyaS1leHRlbnNpb25zLmFwcGxlLmNvbYIadHJhY2tpbmdzaGlwbWVudC5hcHBsZS5jb22CEnRyYWlsZXJzLmFwcGxlLmNvbYIJYXBwbGUuY29tgg13d3cuYXBwbGUuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG/WwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQ=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"17.178.96.59","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47972,"event_start":1565200324.478242} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIH8zCCBtugAwIBAgIQCntZYuAq75f9bqCozf4GOzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDcyMDAwMDAwMFoXDTIwMDcyMDEyMDAwMFowgeMxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMRowGAYDVQQLExFJbnRlcm5ldCBTZXJ2aWNlczEWMBQGA1UEAxMNd3d3LmFwcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJVaWbq7ReuQNs4LNpYlxNwolxVkFREluDtvvHdC0dEGXxyl1Htd77fa3WdGsXrckZm/WA6OrGFDi0oxqGsmzqt8UhoL/8u0cMtLo22L3SakDlZNVdsZzHfuWwRkYRWiazWn8y90SECimUDM71NfqdrZAmYtWTah/EIeH0c4W3bv1ZD9qbXlGog3rlqTY2oi2faxAZuTJY2snOgnX50LvNUiHo5IzUuweD/dhPun02Y6hUd0FIJQ4ekA+CtBsf7Ji2Sc42nXeGtiW+0WYsmLzTxSnPdUcp+ad8S9ndCeWokM6dl3Iv177dJIn4aQ71x1TgagkjBYZ1GWjFo2hcbKJ0CAwEAAaOCBA4wggQKMB8GA1UdIwQYMBaAFD3TUKXWoK3u80pgCmXTIdT4+NYPMB0GA1UdDgQWBBT2nT+05RGAUUXkbIsK8871kncHUjCCATYGA1UdEQSCAS0wggEpghRleHRlbnNpb25zLmFwcGxlLmNvbYISZmVlZGJhY2suYXBwbGUuY29tghFnZW5zZXJ2LmFwcGxlLmNvbYIOaGVscC5hcHBsZS5jb22CEWhlbHBvc3guYXBwbGUuY29tghBoZWxwcXQuYXBwbGUuY29tghBpbWFnZXMuYXBwbGUuY29tghdpdHVuZXNwYXJ0bmVyLmFwcGxlLmNvbYIRcHJvaGVscC5hcHBsZS5jb22CEHJlYmF0ZS5hcHBsZS5jb22CG3NhZmFyaS1leHRlbnNpb25zLmFwcGxlLmNvbYIadHJhY2tpbmdzaGlwbWVudC5hcHBsZS5jb22CEnRyYWlsZXJzLmFwcGxlLmNvbYIJYXBwbGUuY29tgg13d3cuYXBwbGUuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG/WwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFsDybfogAABAMARzBFAiANYeCK4RsTjJyWm00Myizu96qqHAW1JHwjyO7TihtGiQIhAIzHukiG871pfYoOc2B2JqRwcH+BkLZVkCkIfTcrDl9LAHUAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFsDybf4AAABAMARjBEAiA+YJNS/bLKIyT+cpt9NtxKSQSW4/ctVA7wcTBjv2jlLQIgLKt5ld2x1FFDSjldkX+u/mfaIzk8apZ9F/lJeTTf3KIwDQYJKoZIhvcNAQELBQADggEBAGcYjzS/MA7CsV+3FgW5qoz7hNp3M1H1kha1PipJY32edcbWR6DhraZwpb1xfcB8NCIi6IZ/66rhMQvljs4eK5dGMDD25qMeWnFxeby6eqvGig7deN2vZkUoqMElv+WTDwZMy+W+QxZWgRzi5u0x/oM3iIAdSjZ2Oihb7QLMj4li+cIEXv70G8DftG5W7za1+lgySo9kK72mKwbmAr5OEDirSatO9MINGFFqVlIzP1z87wqenvj/13NYjHILzAzhkMlhA2EynbpnoJHlrjLlCOe+HMz1PGzvTa7sA4eBJ0vhcolQ8Tg0K01oglkzQpg3PENgk2pJWaToKO2SB1C7Dgo="},{"base64":"MIIEtjCCA56gAwIBAgIQDHmpRLCMEZUgkmFf4msdgzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowdTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTE0MDIGA1UEAxMrRGlnaUNlcnQgU0hBMiBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdTpARR+JmmFkhLZyeqk0nQOe0MsLAAh/FnKIaFjI5j2ryxQDji0/XspQUYuD0+xZkXMuwYjPrxDKZkIYXLBxA0sFKIKx9om9KxjxKws9LniB8f7zh3VFNfgHk/LhqqqB5LKw2rt2O5Nbd9FLxZS99RStKh4gzikIKHaq7q12TWmFXo/a8aUGxUvBHy/Urynbt/DvTVvo4WiRJV2MBxNO723C3sxIclho3YIeSwTQyJ3DkmF93215SF2AQhcJ1vb/9cuhnhRctWVyh+HA1BV6q3uCe7seT6Ku8hI3UarS2bhjWMnHe1c63YlC3k8wyd7sFOYn4XwHGeLN7x+RAoGTMCAwEAAaOCAUkwggFFMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAWgBSxPsNpA/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbhhgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs1OG9d4Q3A84ytciagRpKkk47RpqF/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi/hw15UJGQmxg7kVkn8TUoE6smftX3eg=="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"17.178.96.59","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47972,"event_start":1565200324.478364} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"184.51.129.174","protocol":6,"src_port":50212,"dst_port":443,"event_start":1565200324.710898} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.apple.com"}},"src_ip":"192.168.113.237","dst_ip":"184.51.129.174","protocol":6,"src_port":50212,"dst_port":443,"event_start":1565200324.750395} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.apple.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d7777772e6170706c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020af1843fbbd508d2f3bcd4acbab14c4cb92bc85d7b1130892bfee46209cadb419\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"184.51.129.174","protocol":6,"src_port":50212,"dst_port":443,"event_start":1565200324.750395} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIG8TCCBdmgAwIBAgIQD45OTJz1XqX+Lpsrfv/ejzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDMwNzAwMDAwMFoXDTIwMDMwNzEyMDAwMFowge4xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMSUwIwYDVQQLExxJbnRlcm5ldCBTZXJ2aWNlcyBmb3IgQWthbWFpMRYwFAYDVQQDEw13d3cuYXBwbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7V5dxoW+5Sp4eh93H0IX6sHjda7JOHrgz5/rukdCz2N1JtNMjmwvx7wcuzfJpaDTj+o9AsjoBqGnK0x7kVW8UavnyLiopkk+lEXxAJAmubWvtaAiQSwQUovZ8JHlQHZg/cKx/tBVw08YfSAADItBLC3BCsDhLt74R4SyNk4DX3eQ9vVg2KolEOs3OAN/S0Y2di5m/hjkmzHs1SrbYJDXoNWreZwB9qyHiHNDCOBI8AmsQUBg5JynzL0vx10yMi5C12kvRjDTbhe6HKa6vLViU4nHSu+5+A8lL7R6XAX75P0TRxv/YG9A8g8tUzg/IYdNCLEb09qr1Z6UaUOjol7x6QIDAQABo4IDATCCAv0wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFNj1/23cljBcrYB1/87F950Wc8sWMCoGA1UdEQQjMCGCEGltYWdlcy5hcHBsZS5jb22CDXd3dy5hcHBsZS5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHQ="}]}},"reassembly_properties":{"truncated":true},"src_ip":"184.51.129.174","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":50212,"event_start":1565200324.789728} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIG8TCCBdmgAwIBAgIQD45OTJz1XqX+Lpsrfv/ejzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDMwNzAwMDAwMFoXDTIwMDMwNzEyMDAwMFowge4xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMSUwIwYDVQQLExxJbnRlcm5ldCBTZXJ2aWNlcyBmb3IgQWthbWFpMRYwFAYDVQQDEw13d3cuYXBwbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7V5dxoW+5Sp4eh93H0IX6sHjda7JOHrgz5/rukdCz2N1JtNMjmwvx7wcuzfJpaDTj+o9AsjoBqGnK0x7kVW8UavnyLiopkk+lEXxAJAmubWvtaAiQSwQUovZ8JHlQHZg/cKx/tBVw08YfSAADItBLC3BCsDhLt74R4SyNk4DX3eQ9vVg2KolEOs3OAN/S0Y2di5m/hjkmzHs1SrbYJDXoNWreZwB9qyHiHNDCOBI8AmsQUBg5JynzL0vx10yMi5C12kvRjDTbhe6HKa6vLViU4nHSu+5+A8lL7R6XAX75P0TRxv/YG9A8g8tUzg/IYdNCLEb09qr1Z6UaUOjol7x6QIDAQABo4IDATCCAv0wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFNj1/23cljBcrYB1/87F950Wc8sWMCoGA1UdEQQjMCGCEGltYWdlcy5hcHBsZS5jb22CDXd3dy5hcHBsZS5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAkGA1UdEwQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWlYQtEGAAAEAwBHMEUCIGiBDFSIRXrGhLhlm/2cNID2OJHvz1j5/fNQb62OoK3oAiEAzjKdWz2ii7YESO4BJmzTUKHqfyUMACpCbUINE8CphbwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWlYQtFEAAAEAwBHMEUCIEvUZFLTUvA+2NQ9xUBy7cMEjDwWRl04ArqiHlKq4dq2AiEAo14va8y5NNmkAHDhOpm0DSVt01l3wpiMaqCup+EGczIwDQYJKoZIhvcNAQELBQADggEBAD/ZoRmzfFalieWiMzPj/Lsp29dpdjEvaZeQoQwRC1rLq0FmspvfcdbckpG2F4vTnIM83HynKV26OJebDQfgRsonX0GgwIQeRwDch3n9rz40wm2xRwxSFIGssmy0MLJBYXcHlgVbJjailMJww83BFawzDWBo+hmVPigU3hkV8ktDqwC/VOOvWikPMsvMvn8HMPbZSeYnH8A7nD0u0WzFtg6NF9xIXB/Bfku6jEPKr5l2iJukaGD6wtOH7zkWjEk2LAn5Byoue2E+dnbvdJalrv9rTPd/lkG+nAlBuooc/cJK4QqofnuomKgBXavv2zaz5pNdJwwmwzOTdK95geXURk4="},{"base64":"MIIEtjCCA56gAwIBAgIQDHmpRLCMEZUgkmFf4msdgzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowdTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTE0MDIGA1UEAxMrRGlnaUNlcnQgU0hBMiBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdTpARR+JmmFkhLZyeqk0nQOe0MsLAAh/FnKIaFjI5j2ryxQDji0/XspQUYuD0+xZkXMuwYjPrxDKZkIYXLBxA0sFKIKx9om9KxjxKws9LniB8f7zh3VFNfgHk/LhqqqB5LKw2rt2O5Nbd9FLxZS99RStKh4gzikIKHaq7q12TWmFXo/a8aUGxUvBHy/Urynbt/DvTVvo4WiRJV2MBxNO723C3sxIclho3YIeSwTQyJ3DkmF93215SF2AQhcJ1vb/9cuhnhRctWVyh+HA1BV6q3uCe7seT6Ku8hI3UarS2bhjWMnHe1c63YlC3k8wyd7sFOYn4XwHGeLN7x+RAoGTMCAwEAAaOCAUkwggFFMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAWgBSxPsNpA/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbhhgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs1OG9d4Q3A84ytciagRpKkk47RpqF/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi/hw15UJGQmxg7kVkn8TUoE6smftX3eg=="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"184.51.129.174","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":50212,"event_start":1565200324.790053} {"dns":{"base64":"rXEBAAABAAAAAAAABXlvdXR1AmJlAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":55237,"dst_port":53,"event_start":1565200324.977294} @@ -184,17 +184,17 @@ {"dns":{"base64":"rXGBgAABAAEABgAMBXlvdXR1AmJlAAABAAHADAABAAEAAAAFAASs2aSuwBIAAgABAAAABQALAXkCbnMDZG5zwBLAEgACAAEAAAAFAAQBYsA4wBIAAgABAAAABQAEAXjAOMASAAIAAQAAAAUABAFjwDjAEgACAAEAAAAFAAQBZMA4wBIAAgABAAAABQAEAWHAOMCNAAEAAQAAAAUABMIABgHATQABAAEAAAAFAATCACUBwG0AAQABAAAABQAEwgArAcB9AAEAAQAAAAUABMIALAHAXQABAAEAAAAFAATCAAEKwDYAAQABAAAABQAEeB39CMCNABwAAQAAAAUAECABBngACQAAAAAAAAAAAAHATQAcAAEAAAAFABAgAQZ4AGQAAAAAAAAAAAABwG0AHAABAAAABQAQIAEGeABoAAAAAAAAAAAAAcB9ABwAAQAAAAUAECABBngAbAAAAAAAAAAAAAHAXQAcAAEAAAAFABAgAQZ4AAQAAAAAAAAAAAAKwDYAHAABAAAABQAQIAENzQAHAAAAAAAAAAAACA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":55237,"event_start":1565200325.011218} {"dns":{"base64":"e4GBgAABAAEABgAMBXlvdXR1AmJlAAAcAAHADAAcAAEAAAAFABAmB/iwQAQIFQAAAAAAACAOwBIAAgABAAAABQALAXkCbnMDZG5zwBLAEgACAAEAAAAFAAQBYsBEwBIAAgABAAAABQAEAWTARMASAAIAAQAAAAUABAFhwETAEgACAAEAAAAFAAQBY8BEwBIAAgABAAAABQAEAXjARMB5AAEAAQAAAAUABMIABgHAWQABAAEAAAAFAATCACUBwIkAAQABAAAABQAEwgArAcBpAAEAAQAAAAUABMIALAHAmQABAAEAAAAFAATCAAEKwEIAAQABAAAABQAEeB39CMB5ABwAAQAAAAUAECABBngACQAAAAAAAAAAAAHAWQAcAAEAAAAFABAgAQZ4AGQAAAAAAAAAAAABwIkAHAABAAAABQAQIAEGeABoAAAAAAAAAAAAAcBpABwAAQAAAAUAECABBngAbAAAAAAAAAAAAAHAmQAcAAEAAAAFABAgAQZ4AAQAAAAAAAAAAAAKwEIAHAABAAAABQAQIAENzQAHAAAAAAAAAAAACA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":42980,"event_start":1565200325.017370} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.174","protocol":6,"src_port":56316,"dst_port":443,"event_start":1565200325.018107} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"youtu.be"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.174","protocol":6,"src_port":56316,"dst_port":443,"event_start":1565200325.064000} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"youtu.be","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000b000008796f7574752e6265\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00200b413b1e288ef52604da2688b49ac96d5433922704512b77322e69abd9053a27\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.174","protocol":6,"src_port":56316,"dst_port":443,"event_start":1565200325.064000} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.174","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56316,"event_start":1565200325.111150} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.5.238","protocol":6,"src_port":39146,"dst_port":443,"event_start":1565200325.260947} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.youtube.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.5.238","protocol":6,"src_port":39146,"dst_port":443,"event_start":1565200325.300999} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.youtube.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f7777772e796f75747562652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020d29bdbc7144ee4c5f8ae47e1aed24d80956a9204db2bca8f34cc7f008216ab48\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.5.238","protocol":6,"src_port":39146,"dst_port":443,"event_start":1565200325.300999} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.5.238","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":39146,"event_start":1565200325.350827} {"dns":{"base64":"V+wBAAABAAAAAAAABXZpbWVvA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":45620,"dst_port":53,"event_start":1565200326.897365} {"dns":{"base64":"Nf8BAAABAAAAAAAABXZpbWVvA2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":40905,"dst_port":53,"event_start":1565200326.897562} {"dns":{"base64":"V+yBgAABAAQADQAMBXZpbWVvA2NvbQAAAQABwAwAAQABAAAABQAEl2XA2cAMAAEAAQAAAAUABJdlQNnADAABAAEAAAAFAASXZQDZwAwAAQABAAAABQAEl2WA2cASAAIAAQAAAAUAFAFmDGd0bGQtc2VydmVycwNuZXQAwBIAAgABAAAABQAEAWLAacASAAIAAQAAAAUABAFhwGnAEgACAAEAAAAFAAQBY8BpwBIAAgABAAAABQAEAWzAacASAAIAAQAAAAUABAFtwGnAEgACAAEAAAAFAAQBa8BpwBIAAgABAAAABQAEAWTAacASAAIAAQAAAAUABAFowGnAEgACAAEAAAAFAAQBZcBpwBIAAgABAAAABQAEAWrAacASAAIAAQAAAAUABAFnwGnAEgACAAEAAAAFAAQBacBpwJcAAQABAAAABQAEwAUGHsCHAAEAAQAAAAUABMAhDh7ApwABAAEAAAAFAATAGlwewOcAAQABAAAABQAEwB9QHsEHAAEAAQAAAAUABMAMXh7AZwABAAEAAAAFAATAIzMewScAAQABAAAABQAEwCpdHsD3AAEAAQAAAAUABMA2cB7BNwABAAEAAAAFAATAK6wewRcAAQABAAAABQAEwDBPHsDXAAEAAQAAAAUABMA0sh7AtwABAAEAAAAFAATAKaIe"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":45620,"event_start":1565200326.928861} {"dns":{"base64":"Nf+BgAABAAAAAQAABXZpbWVvA2NvbQAAHAABwAwABgABAAAABQBBBW5zLTcwCWF3c2Rucy0wOMASEWF3c2Rucy1ob3N0bWFzdGVyBmFtYXpvbsASeAuCBAABUYAAABwgAAk6gAAAASw="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":40905,"event_start":1565200326.929205} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"151.101.192.217","protocol":6,"src_port":42704,"dst_port":443,"event_start":1565200326.929453} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"vimeo.com"}},"src_ip":"192.168.113.237","dst_ip":"151.101.192.217","protocol":6,"src_port":42704,"dst_port":443,"event_start":1565200326.966862} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"vimeo.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000c00000976696d656f2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00203fc8d9559545b2bc77eae93fb8230fad3c88bdab711b069564d4d6d49372d43a\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"151.101.192.217","protocol":6,"src_port":42704,"dst_port":443,"event_start":1565200326.966862} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIGlTCCBX2gAwIBAgIQAaiOYIyyE8CWikH8FKdkezANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODI0MDAwMDAwWhcNMjAwNDAyMTIwMDAwWjBeMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRMwEQYDVQQKEwpWaW1lbywgTExDMRQwEgYDVQQDDAsqLnZpbWVvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN46nW41HzlpbDbnAO56ngIsavFmnUd5yiJxZqoA6HaDRiGsKkZxAHZSlQJ49ZFEF9iFbqywT4vhjf2x3yLAwwxBbNpP1j3qOIiFZJvJUE8F6wQO7vG5xGTQAQXuiZTUPNpm1Jv/b1jT86S8MXVQCR8uaBa5XcIlvWQykg72NFkMOH+8IlraeUQl03dHSz5t08NranCT6MLhpvMxH2mBZhANWTqV2yWKnAqjb+h8vHbNsKC75P9KukK38mY2f9xPQaVvzezf2Tv/M/N0Oc8DUzkikT5AjkUUr3uas8lb39tFRdXAbB0o+UECt3StONweQJtlOO1j8vLb4weVE10pOw0CAwEAAaOCA14wggNaMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBQX+FWhE5Fzd2lShQjYOnW6cEsVZDAhBgNVHREEGjAYggsqLnZpbWVvLmNvbYIJdmltZW8uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZWyX6G4AAAQDAEcwRQIhAPwDFjuKlEm+zUyRn3PvA5I3YgamRrEbMMnY+IcWOR3lAiBb5GlNGDAI4LYY/gnlWQIjeg=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"151.101.192.217","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42704,"event_start":1565200327.008134} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIGlTCCBX2gAwIBAgIQAaiOYIyyE8CWikH8FKdkezANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODI0MDAwMDAwWhcNMjAwNDAyMTIwMDAwWjBeMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRMwEQYDVQQKEwpWaW1lbywgTExDMRQwEgYDVQQDDAsqLnZpbWVvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN46nW41HzlpbDbnAO56ngIsavFmnUd5yiJxZqoA6HaDRiGsKkZxAHZSlQJ49ZFEF9iFbqywT4vhjf2x3yLAwwxBbNpP1j3qOIiFZJvJUE8F6wQO7vG5xGTQAQXuiZTUPNpm1Jv/b1jT86S8MXVQCR8uaBa5XcIlvWQykg72NFkMOH+8IlraeUQl03dHSz5t08NranCT6MLhpvMxH2mBZhANWTqV2yWKnAqjb+h8vHbNsKC75P9KukK38mY2f9xPQaVvzezf2Tv/M/N0Oc8DUzkikT5AjkUUr3uas8lb39tFRdXAbB0o+UECt3StONweQJtlOO1j8vLb4weVE10pOw0CAwEAAaOCA14wggNaMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBQX+FWhE5Fzd2lShQjYOnW6cEsVZDAhBgNVHREEGjAYggsqLnZpbWVvLmNvbYIJdmltZW8uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZWyX6G4AAAQDAEcwRQIhAPwDFjuKlEm+zUyRn3PvA5I3YgamRrEbMMnY+IcWOR3lAiBb5GlNGDAI4LYY/gnlWQIjenIhfq9bAay2paMwzHfVLAB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABZWyX6G4AAAQDAEcwRQIgLARzuiPmv7bduu5M0hvKwpMdnqZdslLfpXNZLm+A6cgCIQD5XsLbcd42bVhofRJ+EbeiCiwslOMeHlwsni4abZD/AQB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZWyX56EAAAQDAEYwRAIgTctw2guun/asVLNbDeIhv2nqFLDezQB5aIhzbf13QhYCIEevrRV+w20kyxQ5/ujQtTbjKjYfrEwOwp1oHhjbAJJuMA0GCSqGSIb3DQEBCwUAA4IBAQAnRC6rW/JPfntMo/scqBV/52WMHt3+cLCWYZBrxG4sNj29wuzFwHBdpdlqD9GNLElu9vcllnAqzmria6KsZ0lLeU1WWb5vl5u7Q5k6o4OVuziFF9O7198prtuf2u+tUG/zHEL0KhkPD0mu+UzispcYkuntD2kSiZ3LCrKxL5zpUuFC9D2r4P6b32fmg53Fck76P/qZe+niplaV8rrMGgFbPreCTrlyd4F1Xm5/0tyyLPsnIDN/uBjzuvkgvmw4DkoYOCwMCJftC7Ajix7vs0/KoYgc5r8Iz8twzdacEM62ZWR0obQ9du8Qys7TLlKa1eiiXVJ27zyMjxA8svFmUmBc"},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"151.101.192.217","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42704,"event_start":1565200327.008493} {"dns":{"base64":"dFoBAAABAAAAAAAAA2dvbwJnbAAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":51350,"dst_port":53,"event_start":1565200327.245395} @@ -202,27 +202,27 @@ {"dns":{"base64":"dFqBgAABAAEADQAOA2dvbwJnbAAAAQABwAwAAQABAAAABQAErNkPbgAAAgABAAAABQAUAWkMcm9vdC1zZXJ2ZXJzA25ldAAAAAIAAQAAAAUABAFqwDUAAAIAAQAAAAUABAFhwDUAAAIAAQAAAAUABAFowDUAAAIAAQAAAAUABAFtwDUAAAIAAQAAAAUABAFlwDUAAAIAAQAAAAUABAFkwDUAAAIAAQAAAAUABAFiwDUAAAIAAQAAAAUABAFrwDUAAAIAAQAAAAUABAFmwDUAAAIAAQAAAAUABAFswDUAAAIAAQAAAAUABAFjwDUAAAIAAQAAAAUABAFnwDXAYQABAAEAAAAFAATGKQAEwKwAAQABAAAABQAExwkOycDoAAEAAQAAAAUABMAhBAzAnQABAAEAAAAFAATHB1sNwI4AAQABAAAABQAEwMvmCsDKAAEAAQAAAAUABMAFBfHA9wABAAEAAAAFAATAcCQEwHAAAQABAAAABQAExmG+NcAzAAEAAQAAAAUABMAklBHAUgABAAEAAAAFAATAOoAewLsAAQABAAAABQAEwQAOgcDZAAEAAQAAAAUABMcHUyrAfwABAAEAAAAFAATKDBshwGEAHAABAAAABQAQIAEFA7o+AAAAAAAAAAIAMA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":51350,"event_start":1565200327.277125} {"dns":{"base64":"B06BgAABAAEADQAOA2dvbwJnbAAAHAABwAwAHAABAAAABQAQJgf4sEAECBEAAAAAAAAgDgAAAgABAAAABQAUAWUMcm9vdC1zZXJ2ZXJzA25ldAAAAAIAAQAAAAUABAFkwEEAAAIAAQAAAAUABAFrwEEAAAIAAQAAAAUABAFhwEEAAAIAAQAAAAUABAFowEEAAAIAAQAAAAUABAFjwEEAAAIAAQAAAAUABAFiwEEAAAIAAQAAAAUABAFmwEEAAAIAAQAAAAUABAFpwEEAAAIAAQAAAAUABAFswEEAAAIAAQAAAAUABAFqwEEAAAIAAQAAAAUABAFtwEEAAAIAAQAAAAUABAFnwEHAfAABAAEAAAAFAATGKQAEwKkAAQABAAAABQAExwkOycCaAAEAAQAAAAUABMAhBAzAXgABAAEAAAAFAATHB1sNwD8AAQABAAAABQAEwMvmCsC4AAEAAQAAAAUABMAFBfHBAwABAAEAAAAFAATAcCQEwIsAAQABAAAABQAExmG+NcDHAAEAAQAAAAUABMAklBHA5QABAAEAAAAFAATAOoAewG0AAQABAAAABQAEwQAOgcDWAAEAAQAAAAUABMcHUyrA9AABAAEAAAAFAATKDBshwHwAHAABAAAABQAQIAEFA7o+AAAAAAAAAAIAMA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":41171,"event_start":1565200327.277462} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.15.110","protocol":6,"src_port":57322,"dst_port":443,"event_start":1565200327.277725} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"goo.gl"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.110","protocol":6,"src_port":57322,"dst_port":443,"event_start":1565200327.316662} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"goo.gl","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"0009000006676f6f2e676c\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020814ffc046fc6a01ed2bade792aaca3369434bf87114b8fc19c6ca58e76861f3c\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.110","protocol":6,"src_port":57322,"dst_port":443,"event_start":1565200327.316662} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.15.110","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57322,"event_start":1565200327.367706} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57010,"dst_port":443,"event_start":1565200327.644536} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57010,"dst_port":443,"event_start":1565200327.684929} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00160000136163636f756e74732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020df846f0a13b813b7594be1536b4cc99004b56029a07a051a66ef052d9c7cf06d\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57010,"dst_port":443,"event_start":1565200327.684929} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.141","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57010,"event_start":1565200327.734937} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.15.110","protocol":6,"src_port":57326,"dst_port":443,"event_start":1565200327.902597} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"goo.gl"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.110","protocol":6,"src_port":57326,"dst_port":443,"event_start":1565200327.941710} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"goo.gl","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"0009000006676f6f2e676c\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00208d68f699d31857f16cd77113a66799a600cd385647ada863883334d563412d70\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.15.110","protocol":6,"src_port":57326,"dst_port":443,"event_start":1565200327.941710} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.15.110","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57326,"event_start":1565200327.994358} {"dns":{"base64":"i8ABAAABAAAAAAAACXdvcmRwcmVzcwNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":37846,"dst_port":53,"event_start":1565200328.438704} {"dns":{"base64":"37ABAAABAAAAAAAACXdvcmRwcmVzcwNjb20AABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":37128,"dst_port":53,"event_start":1565200328.438882} {"dns":{"base64":"i8CBgAABAAIADQANCXdvcmRwcmVzcwNjb20AAAEAAcAMAAEAAQAAAAUABMAATgnADAABAAEAAAAFAATAAE4RwBYAAgABAAAABQAUAWQMZ3RsZC1zZXJ2ZXJzA25ldADAFgACAAEAAAAFAAQBasBNwBYAAgABAAAABQAEAWHATcAWAAIAAQAAAAUABAFmwE3AFgACAAEAAAAFAAQBacBNwBYAAgABAAAABQAEAWPATcAWAAIAAQAAAAUABAFowE3AFgACAAEAAAAFAAQBYsBNwBYAAgABAAAABQAEAWvATcAWAAIAAQAAAAUABAFlwE3AFgACAAEAAAAFAAQBZ8BNwBYAAgABAAAABQAEAW3ATcAWAAIAAQAAAAUABAFswE3AewABAAEAAAAFAATABQYewMsAAQABAAAABQAEwCEOHsCrAAEAAQAAAAUABMAaXB7ASwABAAEAAAAFAATAH1AewOsAAQABAAAABQAEwAxeHsCLAAEAAQAAAAUABMAjMx7A+wABAAEAAAAFAATAKl0ewLsAAQABAAAABQAEwDZwHsCbAAEAAQAAAAUABMArrB7AawABAAEAAAAFAATAME8ewNsAAQABAAAABQAEwDSyHsEbAAEAAQAAAAUABMApoh7BCwABAAEAAAAFAATAN1Me"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":37846,"event_start":1565200328.479678} {"dns":{"base64":"37CBgAABAAAAAQAACXdvcmRwcmVzcwNjb20AABwAAcAMAAYAAQAAAAUAKQNuczHADAZtbW1tbW0FZ21haWzAFneC9/IAADhAAAAcIAAJOoAAAAA8"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":37128,"event_start":1565200328.479701} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"192.0.78.9","protocol":6,"src_port":54866,"dst_port":443,"event_start":1565200328.480251} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"wordpress.com"}},"src_ip":"192.168.113.237","dst_ip":"192.0.78.9","protocol":6,"src_port":54866,"dst_port":443,"event_start":1565200328.525820} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"wordpress.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d776f726470726573732e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00207ad06e339dd5744e0865a05810b0543748e001fc784133627df50dd684860f47\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"192.0.78.9","protocol":6,"src_port":54866,"dst_port":443,"event_start":1565200328.525820} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((002b00020304)(0033))"},"src_ip":"192.0.78.9","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":54866,"event_start":1565200328.567318} {"dns":{"base64":"deABAAABAAAAAAAACXBpbnRlcmVzdANjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":42347,"dst_port":53,"event_start":1565200328.758730} {"dns":{"base64":"To0BAAABAAAAAAAACXBpbnRlcmVzdANjb20AABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":34119,"dst_port":53,"event_start":1565200328.758912} {"dns":{"base64":"deCBgAABAAQADQAMCXBpbnRlcmVzdANjb20AAAEAAcAMAAEAAQAAAAUABJdlgFTADAABAAEAAAAFAASXZcBUwAwAAQABAAAABQAEl2VAVMAMAAEAAQAAAAUABJdlAFTAFgACAAEAAAAFABQBaAxndGxkLXNlcnZlcnMDbmV0AMAWAAIAAQAAAAUABAFkwG3AFgACAAEAAAAFAAQBasBtwBYAAgABAAAABQAEAWLAbcAWAAIAAQAAAAUABAFrwG3AFgACAAEAAAAFAAQBY8BtwBYAAgABAAAABQAEAWnAbcAWAAIAAQAAAAUABAFlwG3AFgACAAEAAAAFAAQBbMBtwBYAAgABAAAABQAEAWfAbcAWAAIAAQAAAAUABAFmwG3AFgACAAEAAAAFAAQBbcBtwBYAAgABAAAABQAEAWHAbcE7AAEAAQAAAAUABMAFBh7AqwABAAEAAAAFAATAIQ4ewMsAAQABAAAABQAEwBpcHsCLAAEAAQAAAAUABMAfUB7A6wABAAEAAAAFAATADF4ewRsAAQABAAAABQAEwCMzHsELAAEAAQAAAAUABMAqXR7AawABAAEAAAAFAATANnAewNsAAQABAAAABQAEwCusHsCbAAEAAQAAAAUABMAwTx7AuwABAAEAAAAFAATANLIewPsAAQABAAAABQAEwCmiHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":42347,"event_start":1565200328.788749} {"dns":{"base64":"To2BgAABAAAAAQAACXBpbnRlcmVzdANjb20AABwAAcAMAAYAAQAAAAUANQRkbnMxA3AwOQVuc29uZQNuZXQACmhvc3RtYXN0ZXLANF07NSQAAFRgAAAOEAAJOoAAAAcI"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":34119,"event_start":1565200328.789459} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"151.101.128.84","protocol":6,"src_port":41224,"dst_port":443,"event_start":1565200328.789680} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"pinterest.com"}},"src_ip":"192.168.113.237","dst_ip":"151.101.128.84","protocol":6,"src_port":41224,"dst_port":443,"event_start":1565200328.828760} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"pinterest.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d70696e7465726573742e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020133305248c91271a585a63add0363f180788c78bf835d969e46a06cc00ab1325\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"151.101.128.84","protocol":6,"src_port":41224,"dst_port":443,"event_start":1565200328.828760} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIMjTCCC3WgAwIBAgIQCGY+vEVuw5mUM8/1pacz4TANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA2MDUwMDAwMDBaFw0yMDA3MjIxMjAwMDBaMG4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRgwFgYDVQQKEw9QaW50ZXJlc3QsIEluYy4xGDAWBgNVBAMMDyoucGludGVyZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkhv7I4WhMZQvgZAF11mLNfGTz4waZri4nOlRGlEZfA0/9jtBRCw98wADg9QG4Ur4HeRYCQWN0o9mP3XBtdguuP1qB6bOKr3KXtXrasQ6d0ZLTekwCyjBR+pG90QChIw0J5L/rGJlNJcbtqi93cbcpXS6O+DJ6ibF4GRCaczCu8bXbEgt2Ktl70cCrFfqMWqBO1YlXOEP7CeTN1K4znwBidkcrZHvju7Ub8ZTG274+6IkEmzveUGXgdigPz8R/rnX1Qzp8UMSh0lQqTXOboH0/zQX4QT681uR1aKnJvLrw0BgeXpzNReNhGnmR5msh2fiXnlarhuc5KRH3EcsbId3sCAwEAAaOCCSMwggkfMB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRhD8DeFSE2Vt03bW3bog/FxUqXyzCCBkoGA1UdEQSCBkEwggY9gg8qLnBpbnRlcmVzdC5jb22CDCoucGluaW1nLmNvbYIQKi5waW50ZXJlc3QuaW5mb4IXKi5waW50ZXJlc3QuZW5naW5lZXJpbmeCEyoucGludGVyZXN0bWFpbC5jb22CDioucGludGVyZXN0LmF0gg4qLnBpbnRlcmVzdC5jaIIOKi5waW50ZXJlc3QuZGWCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5pZYIOKi5waW50ZXJlc3QuanCCDioucGludGVyZXN0Lmtygg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3QucHSCDioucGludGVyZXN0LnNlghEqLnBpbnRlcmVzdC5jby5hdIIRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLnVrghIqLnBpbnRlcmVzdC5jb20ubXiCBnBpbi5pdIINcGludGVyZXN0LmNvbYIKcGluaW1nLmNvbYIOcGludGVyZXN0LmluZm+CFXBpbnRlcmVzdC5lbmdpbmVlcmluZ4IRcGludGVyZXN0bWFpbC5jb22CDHBpbnRlcmVzdC5hdIIMcGludGVyZXN0LmNoggxwaW50ZXJlc3QuZGWCDHBpbg=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"151.101.128.84","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":41224,"event_start":1565200328.871396} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIMjTCCC3WgAwIBAgIQCGY+vEVuw5mUM8/1pacz4TANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA2MDUwMDAwMDBaFw0yMDA3MjIxMjAwMDBaMG4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRgwFgYDVQQKEw9QaW50ZXJlc3QsIEluYy4xGDAWBgNVBAMMDyoucGludGVyZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkhv7I4WhMZQvgZAF11mLNfGTz4waZri4nOlRGlEZfA0/9jtBRCw98wADg9QG4Ur4HeRYCQWN0o9mP3XBtdguuP1qB6bOKr3KXtXrasQ6d0ZLTekwCyjBR+pG90QChIw0J5L/rGJlNJcbtqi93cbcpXS6O+DJ6ibF4GRCaczCu8bXbEgt2Ktl70cCrFfqMWqBO1YlXOEP7CeTN1K4znwBidkcrZHvju7Ub8ZTG274+6IkEmzveUGXgdigPz8R/rnX1Qzp8UMSh0lQqTXOboH0/zQX4QT681uR1aKnJvLrw0BgeXpzNReNhGnmR5msh2fiXnlarhuc5KRH3EcsbId3sCAwEAAaOCCSMwggkfMB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRhD8DeFSE2Vt03bW3bog/FxUqXyzCCBkoGA1UdEQSCBkEwggY9gg8qLnBpbnRlcmVzdC5jb22CDCoucGluaW1nLmNvbYIQKi5waW50ZXJlc3QuaW5mb4IXKi5waW50ZXJlc3QuZW5naW5lZXJpbmeCEyoucGludGVyZXN0bWFpbC5jb22CDioucGludGVyZXN0LmF0gg4qLnBpbnRlcmVzdC5jaIIOKi5waW50ZXJlc3QuZGWCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5pZYIOKi5waW50ZXJlc3QuanCCDioucGludGVyZXN0Lmtygg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3QucHSCDioucGludGVyZXN0LnNlghEqLnBpbnRlcmVzdC5jby5hdIIRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLnVrghIqLnBpbnRlcmVzdC5jb20ubXiCBnBpbi5pdIINcGludGVyZXN0LmNvbYIKcGluaW1nLmNvbYIOcGludGVyZXN0LmluZm+CFXBpbnRlcmVzdC5lbmdpbmVlcmluZ4IRcGludGVyZXN0bWFpbC5jb22CDHBpbnRlcmVzdC5hdIIMcGludGVyZXN0LmNoggxwaW50ZXJlc3QuZGWCDHBpbnRlcmVzdC5ka4IMcGludGVyZXN0LmllggxwaW50ZXJlc3QuanCCDHBpbnRlcmVzdC5rcoIMcGludGVyZXN0Lm14ggxwaW50ZXJlc3QucHSCDHBpbnRlcmVzdC5zZYIPcGludGVyZXN0LmNvLmF0gg9waW50ZXJlc3QuY28ua3KCD3BpbnRlcmVzdC5jby51a4IQcGludGVyZXN0LmNvbS5teIIOKi5waW50ZXJlc3QuY2GCDioucGludGVyZXN0LmZyggxwaW50ZXJlc3QuY2GCDHBpbnRlcmVzdC5mcoIQcGludGVyZXN0LmNvbS5hdYISKi5waW50ZXJlc3QuY29tLmF1ggxwaW50ZXJlc3QubnqCDioucGludGVyZXN0Lm56ggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuY2yCDioucGludGVyZXN0LmNsggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LnBoggxwaW50ZXJlc3QuaW6CDioucGludGVyZXN0Lmlugg9waW50ZXJlc3QuY28uaW6CESoucGludGVyZXN0LmNvLmluggxwaW50ZXJlc3QuYmWCDioucGludGVyZXN0LmJlggxwaW50ZXJlc3QucGWCDioucGludGVyZXN0LnBlggxwaW50ZXJlc3QuY2+CDioucGludGVyZXN0LmNvghBwaW50ZXJlc3QuY29tLnB5ghIqLnBpbnRlcmVzdC5jb20ucHmCEHBpbnRlcmVzdC5jb20uYm+CEioucGludGVyZXN0LmNvbS5ib4IQcGludGVyZXN0LmNvbS5lY4ISKi5waW50ZXJlc3QuY29tLmVjggxwaW50ZXJlc3QuZWOCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QuaHWCDioucGludGVyZXN0Lmh1ghBwaW50ZXJlc3QuY29tLnZughIqLnBpbnRlcmVzdC5jb20udm6CDHBpbnRlcmVzdC5pdIIOKi5waW50ZXJlc3QuaXSCDHBpbnRlcmVzdC5ydYIOKi5waW50ZXJlc3QucnWCEHBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5wZYIQcGludGVyZXN0LmNvbS51eYISKi5waW50ZXJlc3QuY29tLnV5gg9waW50ZXJlc3QuY28ubnqCESoucGludGVyZXN0LmNvLm56ggxwaW50ZXJlc3QudWuCDioucGludGVyZXN0LnVrggxwaW50ZXJlc3Qudm6CDioucGludGVyZXN0LnZuggxwaW50ZXJlc3QuaWSCDioucGludGVyZXN0LmlkggxwaW50ZXJlc3QudGiCDioucGludGVyZXN0LnRoggxwaW50ZXJlc3QudHeCDioucGludGVyZXN0LnR3ggxwaW50ZXJlc3QubmyCDioucGludGVyZXN0Lm5sghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFrKNL+mgAABAMARzBFAiEArmUaVzEV4/sfmgxudtHKXaLrxUSLEZW3SI0h+kZG8dQCIE9avQtifguGleicGI+OrQTENAkLRD2h2lHcdq5vN3fSAHcAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFrKNL/tgAABAMASDBGAiEAzSi2aDTh1b6DJ61mmc2lRXZfx68orgji7x58ge5F+FYCIQDQ+SxUAju2+MP8W2iS0m1XinZITOwPFEakM4GZoL1GzDANBgkqhkiG9w0BAQsFAAOCAQEAaCRt+7t8x1ZeKmzWn2qsch/VndkGzIxFVi5UteyGfKgMWj7UzxD7/BW2WgGgfFTmolhdQd8kX9yQzJ19PkFF5PIrTLTx5tqbYzkRzgOqV8Oc52SC9AEhJgAr7OfAHBlb4uuy8+U/imnU2wQ1oCsJ9GU5fhoezvhU8nnFusdU6wf1vXZyfDTFiy71iW3eh5u4d5sbc5xVJgUuDgjel89+e02R47S3GAHovjFMqfg4S7HjXtk4C9fXAKHuPK7ZZ64ctePiPK8l+/5VpACFrAr56PiXGyty9o61tfs0XSXmEux1VZxQMJjX4Pmjx5ZZIWhhKPTntm0EGMKawmwa2kHu3w=="},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"151.101.128.84","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":41224,"event_start":1565200328.872734} {"dns":{"base64":"42gBAAABAAAAAAAAA3d3dwlwaW50ZXJlc3QDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":47727,"dst_port":53,"event_start":1565200328.964290} @@ -232,7 +232,7 @@ {"dns":{"base64":"bmsBAAABAAAAAAAABWU2NDQ5AWEKYWthbWFpZWRnZQNuZXQAABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":33532,"dst_port":53,"event_start":1565200329.001141} {"dns":{"base64":"bmuBgAABAAAAAQAABWU2NDQ5AWEKYWthbWFpZWRnZQNuZXQAABwAAcASAAYAAQAAAAUAMQNuMGHAFApob3N0bWFzdGVyBmFrYW1haQNjb20AXUsPAgAAA+gAAAPoAAAD6AAABwg="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":33532,"event_start":1565200329.036374} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"151.101.128.84","protocol":6,"src_port":41226,"dst_port":443,"event_start":1565200329.036843} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.pinterest.com"}},"src_ip":"192.168.113.237","dst_ip":"151.101.128.84","protocol":6,"src_port":41226,"dst_port":443,"event_start":1565200329.075644} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.pinterest.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00140000117777772e70696e7465726573742e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020a4e7188886dbbd295f2c716a38a7493b029d11c857bc9ea2cac879dad020dd4e\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"151.101.128.84","protocol":6,"src_port":41226,"dst_port":443,"event_start":1565200329.075644} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIMjTCCC3WgAwIBAgIQCGY+vEVuw5mUM8/1pacz4TANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA2MDUwMDAwMDBaFw0yMDA3MjIxMjAwMDBaMG4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRgwFgYDVQQKEw9QaW50ZXJlc3QsIEluYy4xGDAWBgNVBAMMDyoucGludGVyZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkhv7I4WhMZQvgZAF11mLNfGTz4waZri4nOlRGlEZfA0/9jtBRCw98wADg9QG4Ur4HeRYCQWN0o9mP3XBtdguuP1qB6bOKr3KXtXrasQ6d0ZLTekwCyjBR+pG90QChIw0J5L/rGJlNJcbtqi93cbcpXS6O+DJ6ibF4GRCaczCu8bXbEgt2Ktl70cCrFfqMWqBO1YlXOEP7CeTN1K4znwBidkcrZHvju7Ub8ZTG274+6IkEmzveUGXgdigPz8R/rnX1Qzp8UMSh0lQqTXOboH0/zQX4QT681uR1aKnJvLrw0BgeXpzNReNhGnmR5msh2fiXnlarhuc5KRH3EcsbId3sCAwEAAaOCCSMwggkfMB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRhD8DeFSE2Vt03bW3bog/FxUqXyzCCBkoGA1UdEQSCBkEwggY9gg8qLnBpbnRlcmVzdC5jb22CDCoucGluaW1nLmNvbYIQKi5waW50ZXJlc3QuaW5mb4IXKi5waW50ZXJlc3QuZW5naW5lZXJpbmeCEyoucGludGVyZXN0bWFpbC5jb22CDioucGludGVyZXN0LmF0gg4qLnBpbnRlcmVzdC5jaIIOKi5waW50ZXJlc3QuZGWCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5pZYIOKi5waW50ZXJlc3QuanCCDioucGludGVyZXN0Lmtygg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3QucHSCDioucGludGVyZXN0LnNlghEqLnBpbnRlcmVzdC5jby5hdIIRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLnVrghIqLnBpbnRlcmVzdC5jb20ubXiCBnBpbi5pdIINcGludGVyZXN0LmNvbYIKcGluaW1nLmNvbYIOcGludGVyZXN0LmluZm+CFXBpbnRlcmVzdC5lbmdpbmVlcmluZ4IRcGludGVyZXN0bWFpbC5jb22CDHBpbnRlcmVzdC5hdIIMcGludGVyZXN0LmNoggxwaW50ZXJlc3QuZGWCDHBpbg=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"151.101.128.84","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":41226,"event_start":1565200329.120488} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIMjTCCC3WgAwIBAgIQCGY+vEVuw5mUM8/1pacz4TANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA2MDUwMDAwMDBaFw0yMDA3MjIxMjAwMDBaMG4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRgwFgYDVQQKEw9QaW50ZXJlc3QsIEluYy4xGDAWBgNVBAMMDyoucGludGVyZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkhv7I4WhMZQvgZAF11mLNfGTz4waZri4nOlRGlEZfA0/9jtBRCw98wADg9QG4Ur4HeRYCQWN0o9mP3XBtdguuP1qB6bOKr3KXtXrasQ6d0ZLTekwCyjBR+pG90QChIw0J5L/rGJlNJcbtqi93cbcpXS6O+DJ6ibF4GRCaczCu8bXbEgt2Ktl70cCrFfqMWqBO1YlXOEP7CeTN1K4znwBidkcrZHvju7Ub8ZTG274+6IkEmzveUGXgdigPz8R/rnX1Qzp8UMSh0lQqTXOboH0/zQX4QT681uR1aKnJvLrw0BgeXpzNReNhGnmR5msh2fiXnlarhuc5KRH3EcsbId3sCAwEAAaOCCSMwggkfMB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRhD8DeFSE2Vt03bW3bog/FxUqXyzCCBkoGA1UdEQSCBkEwggY9gg8qLnBpbnRlcmVzdC5jb22CDCoucGluaW1nLmNvbYIQKi5waW50ZXJlc3QuaW5mb4IXKi5waW50ZXJlc3QuZW5naW5lZXJpbmeCEyoucGludGVyZXN0bWFpbC5jb22CDioucGludGVyZXN0LmF0gg4qLnBpbnRlcmVzdC5jaIIOKi5waW50ZXJlc3QuZGWCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5pZYIOKi5waW50ZXJlc3QuanCCDioucGludGVyZXN0Lmtygg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3QucHSCDioucGludGVyZXN0LnNlghEqLnBpbnRlcmVzdC5jby5hdIIRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLnVrghIqLnBpbnRlcmVzdC5jb20ubXiCBnBpbi5pdIINcGludGVyZXN0LmNvbYIKcGluaW1nLmNvbYIOcGludGVyZXN0LmluZm+CFXBpbnRlcmVzdC5lbmdpbmVlcmluZ4IRcGludGVyZXN0bWFpbC5jb22CDHBpbnRlcmVzdC5hdIIMcGludGVyZXN0LmNoggxwaW50ZXJlc3QuZGWCDHBpbnRlcmVzdC5ka4IMcGludGVyZXN0LmllggxwaW50ZXJlc3QuanCCDHBpbnRlcmVzdC5rcoIMcGludGVyZXN0Lm14ggxwaW50ZXJlc3QucHSCDHBpbnRlcmVzdC5zZYIPcGludGVyZXN0LmNvLmF0gg9waW50ZXJlc3QuY28ua3KCD3BpbnRlcmVzdC5jby51a4IQcGludGVyZXN0LmNvbS5teIIOKi5waW50ZXJlc3QuY2GCDioucGludGVyZXN0LmZyggxwaW50ZXJlc3QuY2GCDHBpbnRlcmVzdC5mcoIQcGludGVyZXN0LmNvbS5hdYISKi5waW50ZXJlc3QuY29tLmF1ggxwaW50ZXJlc3QubnqCDioucGludGVyZXN0Lm56ggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuY2yCDioucGludGVyZXN0LmNsggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LnBoggxwaW50ZXJlc3QuaW6CDioucGludGVyZXN0Lmlugg9waW50ZXJlc3QuY28uaW6CESoucGludGVyZXN0LmNvLmluggxwaW50ZXJlc3QuYmWCDioucGludGVyZXN0LmJlggxwaW50ZXJlc3QucGWCDioucGludGVyZXN0LnBlggxwaW50ZXJlc3QuY2+CDioucGludGVyZXN0LmNvghBwaW50ZXJlc3QuY29tLnB5ghIqLnBpbnRlcmVzdC5jb20ucHmCEHBpbnRlcmVzdC5jb20uYm+CEioucGludGVyZXN0LmNvbS5ib4IQcGludGVyZXN0LmNvbS5lY4ISKi5waW50ZXJlc3QuY29tLmVjggxwaW50ZXJlc3QuZWOCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QuaHWCDioucGludGVyZXN0Lmh1ghBwaW50ZXJlc3QuY29tLnZughIqLnBpbnRlcmVzdC5jb20udm6CDHBpbnRlcmVzdC5pdIIOKi5waW50ZXJlc3QuaXSCDHBpbnRlcmVzdC5ydYIOKi5waW50ZXJlc3QucnWCEHBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5wZYIQcGludGVyZXN0LmNvbS51eYISKi5waW50ZXJlc3QuY29tLnV5gg9waW50ZXJlc3QuY28ubnqCESoucGludGVyZXN0LmNvLm56ggxwaW50ZXJlc3QudWuCDioucGludGVyZXN0LnVrggxwaW50ZXJlc3Qudm6CDioucGludGVyZXN0LnZuggxwaW50ZXJlc3QuaWSCDioucGludGVyZXN0LmlkggxwaW50ZXJlc3QudGiCDioucGludGVyZXN0LnRoggxwaW50ZXJlc3QudHeCDioucGludGVyZXN0LnR3ggxwaW50ZXJlc3QubmyCDioucGludGVyZXN0Lm5sghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFrKNL+mgAABAMARzBFAiEArmUaVzEV4/sfmgxudtHKXaLrxUSLEZW3SI0h+kZG8dQCIE9avQtifguGleicGI+OrQTENAkLRD2h2lHcdq5vN3fSAHcAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFrKNL/tgAABAMASDBGAiEAzSi2aDTh1b6DJ61mmc2lRXZfx68orgji7x58ge5F+FYCIQDQ+SxUAju2+MP8W2iS0m1XinZITOwPFEakM4GZoL1GzDANBgkqhkiG9w0BAQsFAAOCAQEAaCRt+7t8x1ZeKmzWn2qsch/VndkGzIxFVi5UteyGfKgMWj7UzxD7/BW2WgGgfFTmolhdQd8kX9yQzJ19PkFF5PIrTLTx5tqbYzkRzgOqV8Oc52SC9AEhJgAr7OfAHBlb4uuy8+U/imnU2wQ1oCsJ9GU5fhoezvhU8nnFusdU6wf1vXZyfDTFiy71iW3eh5u4d5sbc5xVJgUuDgjel89+e02R47S3GAHovjFMqfg4S7HjXtk4C9fXAKHuPK7ZZ64ctePiPK8l+/5VpACFrAr56PiXGyty9o61tfs0XSXmEux1VZxQMJjX4Pmjx5ZZIWhhKPTntm0EGMKawmwa2kHu3w=="},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"151.101.128.84","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":41226,"event_start":1565200329.120859} {"dns":{"base64":"zRQBAAABAAAAAAAABHBsYXkGZ29vZ2xlA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":54769,"dst_port":53,"event_start":1565200329.530603} @@ -240,51 +240,51 @@ {"dns":{"base64":"zRSBgAABAAEADQAOBHBsYXkGZ29vZ2xlA2NvbQAAAQABwAwAAQABAAAABQAErNkHzsAYAAIAAQAAAAUAFAFlDGd0bGQtc2VydmVycwNuZXQAwBgAAgABAAAABQAEAWPAP8AYAAIAAQAAAAUABAFnwD/AGAACAAEAAAAFAAQBZsA/wBgAAgABAAAABQAEAW3AP8AYAAIAAQAAAAUABAFkwD/AGAACAAEAAAAFAAQBaMA/wBgAAgABAAAABQAEAWLAP8AYAAIAAQAAAAUABAFhwD/AGAACAAEAAAAFAAQBa8A/wBgAAgABAAAABQAEAWnAP8AYAAIAAQAAAAUABAFqwD/AGAACAAEAAAAFAAQBbMA/wM0AAQABAAAABQAEwAUGHsC9AAEAAQAAAAUABMAhDh7AXQABAAEAAAAFAATAGlwewJ0AAQABAAAABQAEwB9QHsA9AAEAAQAAAAUABMAMXh7AfQABAAEAAAAFAATAIzMewG0AAQABAAAABQAEwCpdHsCtAAEAAQAAAAUABMA2cB7A7QABAAEAAAAFAATAK6wewP0AAQABAAAABQAEwDBPHsDdAAEAAQAAAAUABMA0sh7BDQABAAEAAAAFAATAKaIewI0AAQABAAAABQAEwDdTHsDNABwAAQAAAAUAECABBQOoPgAAAAAAAAACADA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":54769,"event_start":1565200329.563999} {"dns":{"base64":"/9WBgAABAAEADQANBHBsYXkGZ29vZ2xlA2NvbQAAHAABwAwAHAABAAAABQAQJgf4sEAECAEAAAAAAAAgDsAYAAIAAQAAAAUAFAFmDGd0bGQtc2VydmVycwNuZXQAwBgAAgABAAAABQAEAWnAS8AYAAIAAQAAAAUABAFlwEvAGAACAAEAAAAFAAQBaMBLwBgAAgABAAAABQAEAWTAS8AYAAIAAQAAAAUABAFtwEvAGAACAAEAAAAFAAQBY8BLwBgAAgABAAAABQAEAWzAS8AYAAIAAQAAAAUABAFhwEvAGAACAAEAAAAFAAQBa8BLwBgAAgABAAAABQAEAWLAS8AYAAIAAQAAAAUABAFnwEvAGAACAAEAAAAFAAQBasBLwNkAAQABAAAABQAEwAUGHsD5AAEAAQAAAAUABMAhDh7AuQABAAEAAAAFAATAGlwewJkAAQABAAAABQAEwB9QHsB5AAEAAQAAAAUABMAMXh7ASQABAAEAAAAFAATAIzMewQkAAQABAAAABQAEwCpdHsCJAAEAAQAAAAUABMA2cB7AaQABAAEAAAAFAATAK6wewRkAAQABAAAABQAEwDBPHsDpAAEAAQAAAAUABMA0sh7AyQABAAEAAAAFAATAKaIewKkAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":53320,"event_start":1565200329.564016} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.7.206","protocol":6,"src_port":60726,"dst_port":443,"event_start":1565200329.564525} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"play.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.206","protocol":6,"src_port":60726,"dst_port":443,"event_start":1565200329.604144} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"play.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f706c61792e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020f3dff61fe5deca1f4d3c6f8ea30196e5f3736452d8c663646b2d855379244229\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.206","protocol":6,"src_port":60726,"dst_port":443,"event_start":1565200329.604144} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.7.206","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":60726,"event_start":1565200329.653408} {"dns":{"base64":"dMoBAAABAAAAAAAAEGdvb2dsZXRhZ21hbmFnZXIDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":53971,"dst_port":53,"event_start":1565200330.265257} {"dns":{"base64":"S0oBAAABAAAAAAAAEGdvb2dsZXRhZ21hbmFnZXIDY29tAAAcAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":39524,"dst_port":53,"event_start":1565200330.265331} {"dns":{"base64":"dMqBgAABAAEADQANEGdvb2dsZXRhZ21hbmFnZXIDY29tAAABAAHADAABAAEAAAAFAASs2aSIwB0AAgABAAAABQAUAWEMZ3RsZC1zZXJ2ZXJzA25ldADAHQACAAEAAAAFAAQBasBEwB0AAgABAAAABQAEAWTARMAdAAIAAQAAAAUABAFswETAHQACAAEAAAAFAAQBZcBEwB0AAgABAAAABQAEAWvARMAdAAIAAQAAAAUABAFtwETAHQACAAEAAAAFAAQBZsBEwB0AAgABAAAABQAEAWPARMAdAAIAAQAAAAUABAFpwETAHQACAAEAAAAFAAQBYsBEwB0AAgABAAAABQAEAWjARMAdAAIAAQAAAAUABAFnwETAQgABAAEAAAAFAATABQYewPIAAQABAAAABQAEwCEOHsDSAAEAAQAAAAUABMAaXB7AcgABAAEAAAAFAATAH1AewJIAAQABAAAABQAEwAxeHsDCAAEAAQAAAAUABMAjMx7BEgABAAEAAAAFAATAKl0ewQIAAQABAAAABQAEwDZwHsDiAAEAAQAAAAUABMArrB7AYgABAAEAAAAFAATAME8ewKIAAQABAAAABQAEwDSyHsCCAAEAAQAAAAUABMApoh7AsgABAAEAAAAFAATAN1Me"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":53971,"event_start":1565200330.303206} {"dns":{"base64":"S0qBgAABAAEADQANEGdvb2dsZXRhZ21hbmFnZXIDY29tAAAcAAHADAAcAAEAAAAFABAmB/iwQAQIFAAAAAAAACAIwB0AAgABAAAABQAUAWoMZ3RsZC1zZXJ2ZXJzA25ldADAHQACAAEAAAAFAAQBZ8BQwB0AAgABAAAABQAEAWHAUMAdAAIAAQAAAAUABAFowFDAHQACAAEAAAAFAAQBYsBQwB0AAgABAAAABQAEAW3AUMAdAAIAAQAAAAUABAFrwFDAHQACAAEAAAAFAAQBacBQwB0AAgABAAAABQAEAWTAUMAdAAIAAQAAAAUABAFjwFDAHQACAAEAAAAFAAQBZsBQwB0AAgABAAAABQAEAWXAUMAdAAIAAQAAAAUABAFswFDAfgABAAEAAAAFAATABQYewJ4AAQABAAAABQAEwCEOHsDuAAEAAQAAAAUABMAaXB7A3gABAAEAAAAFAATAH1AewQ4AAQABAAAABQAEwAxeHsD+AAEAAQAAAAUABMAjMx7AbgABAAEAAAAFAATAKl0ewI4AAQABAAAABQAEwDZwHsDOAAEAAQAAAAUABMArrB7ATgABAAEAAAAFAATAME8ewL4AAQABAAAABQAEwDSyHsEeAAEAAQAAAAUABMApoh7ArgABAAEAAAAFAATAN1Me"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":39524,"event_start":1565200330.303460} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.136","protocol":6,"src_port":35238,"dst_port":443,"event_start":1565200330.303681} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"googletagmanager.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.136","protocol":6,"src_port":35238,"dst_port":443,"event_start":1565200330.346586} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"googletagmanager.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"0017000014676f6f676c657461676d616e616765722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00201de99f348a140b800dd089c5fd34cf200d48dbc1b4a6b04f0a26a9d14088707d\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.136","protocol":6,"src_port":35238,"dst_port":443,"event_start":1565200330.346586} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.136","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":35238,"event_start":1565200330.397378} {"dns":{"base64":"3JUBAAABAAAAAAAABG1hcHMGZ29vZ2xlA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":36423,"dst_port":53,"event_start":1565200330.543852} {"dns":{"base64":"czYBAAABAAAAAAAABG1hcHMGZ29vZ2xlA2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":53887,"dst_port":53,"event_start":1565200330.544060} {"dns":{"base64":"3JWBgAABAAEADQAOBG1hcHMGZ29vZ2xlA2NvbQAAAQABwAwAAQABAAAABQAErNkHzsAYAAIAAQAAAAUAFAFpDGd0bGQtc2VydmVycwNuZXQAwBgAAgABAAAABQAEAWLAP8AYAAIAAQAAAAUABAFtwD/AGAACAAEAAAAFAAQBZMA/wBgAAgABAAAABQAEAWbAP8AYAAIAAQAAAAUABAFrwD/AGAACAAEAAAAFAAQBY8A/wBgAAgABAAAABQAEAWfAP8AYAAIAAQAAAAUABAFlwD/AGAACAAEAAAAFAAQBasA/wBgAAgABAAAABQAEAWHAP8AYAAIAAQAAAAUABAFswD/AGAACAAEAAAAFAAQBaMA/wO0AAQABAAAABQAEwAUGHsBdAAEAAQAAAAUABMAhDh7ArQABAAEAAAAFAATAGlwewH0AAQABAAAABQAEwB9QHsDNAAEAAQAAAAUABMAMXh7AjQABAAEAAAAFAATAIzMewL0AAQABAAAABQAEwCpdHsENAAEAAQAAAAUABMA2cB7APQABAAEAAAAFAATAK6wewN0AAQABAAAABQAEwDBPHsCdAAEAAQAAAAUABMA0sh7A/QABAAEAAAAFAATAKaIewG0AAQABAAAABQAEwDdTHsDtABwAAQAAAAUAECABBQOoPgAAAAAAAAACADA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36423,"event_start":1565200330.578912} {"dns":{"base64":"czaBgAABAAEADQANBG1hcHMGZ29vZ2xlA2NvbQAAHAABwAwAHAABAAAABQAQJgf4sEAECAEAAAAAAAAgDsAYAAIAAQAAAAUAFAFsDGd0bGQtc2VydmVycwNuZXQAwBgAAgABAAAABQAEAWnAS8AYAAIAAQAAAAUABAFjwEvAGAACAAEAAAAFAAQBYcBLwBgAAgABAAAABQAEAWXAS8AYAAIAAQAAAAUABAFowEvAGAACAAEAAAAFAAQBYsBLwBgAAgABAAAABQAEAW3AS8AYAAIAAQAAAAUABAFrwEvAGAACAAEAAAAFAAQBasBLwBgAAgABAAAABQAEAWfAS8AYAAIAAQAAAAUABAFkwEvAGAACAAEAAAAFAAQBZsBLwIkAAQABAAAABQAEwAUGHsC5AAEAAQAAAAUABMAhDh7AeQABAAEAAAAFAATAGlwewQkAAQABAAAABQAEwB9QHsCZAAEAAQAAAAUABMAMXh7BGQABAAEAAAAFAATAIzMewPkAAQABAAAABQAEwCpdHsCpAAEAAQAAAAUABMA2cB7AaQABAAEAAAAFAATAK6wewOkAAQABAAAABQAEwDBPHsDZAAEAAQAAAAUABMA0sh7ASQABAAEAAAAFAATAKaIewMkAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":53887,"event_start":1565200330.578926} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.7.206","protocol":6,"src_port":60730,"dst_port":443,"event_start":1565200330.579553} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"maps.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.206","protocol":6,"src_port":60730,"dst_port":443,"event_start":1565200330.619674} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"maps.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f6d6170732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020782d69987de27def316838a79bb8500f048e43757ff29229c375bda4fd85ce71\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.206","protocol":6,"src_port":60730,"dst_port":443,"event_start":1565200330.619674} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.7.206","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":60730,"event_start":1565200330.671147} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.7.228","protocol":6,"src_port":55984,"dst_port":443,"event_start":1565200330.856177} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.228","protocol":6,"src_port":55984,"dst_port":443,"event_start":1565200330.895541} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001100000e7777772e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020de7c059e00a1d1d34f2422c07d964e0851e1d216e7459508ba5ef8e3387c530c\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.228","protocol":6,"src_port":55984,"dst_port":443,"event_start":1565200330.895541} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.7.228","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":55984,"event_start":1565200331.112443} {"dns":{"base64":"eUgBAAABAAAAAAAACGJsb2dzcG90A2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":48131,"dst_port":53,"event_start":1565200331.419731} {"dns":{"base64":"M6kBAAABAAAAAAAACGJsb2dzcG90A2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":43599,"dst_port":53,"event_start":1565200331.419926} {"dns":{"base64":"eUiBgAABAAEABAAICGJsb2dzcG90A2NvbQAAAQABwAwAAQABAAAABQAErNkH6cAMAAIAAQAAAAUADQNuczQGZ29vZ2xlwBXADAACAAEAAAAFAAYDbnMzwD7ADAACAAEAAAAFAAYDbnMywD7ADAACAAEAAAAFAAYDbnMxwD7AdwABAAEAAAAFAATY7yAKwGUAAQABAAAABQAE2O8iCsBTAAEAAQAAAAUABNjvJArAOgABAAEAAAAFAATY7yYKwHcAHAABAAAABQAQIAFIYEgCADIAAAAAAAAACsBlABwAAQAAAAUAECABSGBIAgA0AAAAAAAAAArAUwAcAAEAAAAFABAgAUhgSAIANgAAAAAAAAAKwDoAHAABAAAABQAQIAFIYEgCADgAAAAAAAAACg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":48131,"event_start":1565200331.472656} {"dns":{"base64":"M6mBgAABAAEADQANCGJsb2dzcG90A2NvbQAAHAABwAwAHAABAAAABQAQJgf4sEAECAIAAAAAAAAgCcAVAAIAAQAAAAUAFAFkDGd0bGQtc2VydmVycwNuZXQAwBUAAgABAAAABQAEAWPASMAVAAIAAQAAAAUABAFtwEjAFQACAAEAAAAFAAQBbMBIwBUAAgABAAAABQAEAWfASMAVAAIAAQAAAAUABAFqwEjAFQACAAEAAAAFAAQBZcBIwBUAAgABAAAABQAEAWvASMAVAAIAAQAAAAUABAFiwEjAFQACAAEAAAAFAAQBaMBIwBUAAgABAAAABQAEAWbASMAVAAIAAQAAAAUABAFhwEjAFQACAAEAAAAFAAQBacBIwQYAAQABAAAABQAEwAUGHsDWAAEAAQAAAAUABMAhDh7AZgABAAEAAAAFAATAGlwewEYAAQABAAAABQAEwB9QHsC2AAEAAQAAAAUABMAMXh7A9gABAAEAAAAFAATAIzMewJYAAQABAAAABQAEwCpdHsDmAAEAAQAAAAUABMA2cB7BFgABAAEAAAAFAATAK6wewKYAAQABAAAABQAEwDBPHsDGAAEAAQAAAAUABMA0sh7AhgABAAEAAAAFAATAKaIewHYAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":43599,"event_start":1565200331.472677} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.7.233","protocol":6,"src_port":59916,"dst_port":443,"event_start":1565200331.473374} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"blogspot.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.233","protocol":6,"src_port":59916,"dst_port":443,"event_start":1565200331.511219} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"blogspot.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000f00000c626c6f6773706f742e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020a43fcd9509b7b13636409817edd7e4ec49a1f7519b9f9c7604a003d60a4f9f79\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.233","protocol":6,"src_port":59916,"dst_port":443,"event_start":1565200331.511219} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.7.233","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":59916,"event_start":1565200331.560478} {"dns":{"base64":"5BYBAAABAAAAAAAAA3d3dwdibG9nZ2VyA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":43627,"dst_port":53,"event_start":1565200331.656650} {"dns":{"base64":"HvMBAAABAAAAAAAAA3d3dwdibG9nZ2VyA2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":55611,"dst_port":53,"event_start":1565200331.656831} {"dns":{"base64":"HvOBgAABAAIADQAMA3d3dwdibG9nZ2VyA2NvbQAAHAABwAwABQABAAAABQATB2Jsb2dnZXIBbAZnb29nbGXAGMAtABwAAQAAAAUAECYH+LBABAgJAAAAAAAAIAnAGAACAAEAAAAFABQBbAxndGxkLXNlcnZlcnMDbmV0AMAYAAIAAQAAAAUABAFqwGrAGAACAAEAAAAFAAQBYsBqwBgAAgABAAAABQAEAWPAasAYAAIAAQAAAAUABAFhwGrAGAACAAEAAAAFAAQBa8BqwBgAAgABAAAABQAEAWfAasAYAAIAAQAAAAUABAFlwGrAGAACAAEAAAAFAAQBZsBqwBgAAgABAAAABQAEAWjAasAYAAIAAQAAAAUABAFpwGrAGAACAAEAAAAFAAQBbcBqwBgAAgABAAAABQAEAWTAasC4AAEAAQAAAAUABMAFBh7AmAABAAEAAAAFAATAIQ4ewKgAAQABAAAABQAEwBpcHsE4AAEAAQAAAAUABMAfUB7A6AABAAEAAAAFAATADF4ewPgAAQABAAAABQAEwCMzHsDYAAEAAQAAAAUABMAqXR7BCAABAAEAAAAFAATANnAewRgAAQABAAAABQAEwCusHsCIAAEAAQAAAAUABMAwTx7AyAABAAEAAAAFAATANLIewGgAAQABAAAABQAEwCmiHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":55611,"event_start":1565200331.693952} {"dns":{"base64":"5BaBgAABAAIADQANA3d3dwdibG9nZ2VyA2NvbQAAAQABwAwABQABAAAABQATB2Jsb2dnZXIBbAZnb29nbGXAGMAtAAEAAQAAAAUABKzZDenAGAACAAEAAAAFABQBawxndGxkLXNlcnZlcnMDbmV0AMAYAAIAAQAAAAUABAFlwF7AGAACAAEAAAAFAAQBacBewBgAAgABAAAABQAEAWPAXsAYAAIAAQAAAAUABAFmwF7AGAACAAEAAAAFAAQBZMBewBgAAgABAAAABQAEAW3AXsAYAAIAAQAAAAUABAFiwF7AGAACAAEAAAAFAAQBbMBewBgAAgABAAAABQAEAWjAXsAYAAIAAQAAAAUABAFhwF7AGAACAAEAAAAFAAQBZ8BewBgAAgABAAAABQAEAWrAXsEMAAEAAQAAAAUABMAFBh7A3AABAAEAAAAFAATAIQ4ewJwAAQABAAAABQAEwBpcHsC8AAEAAQAAAAUABMAfUB7AfAABAAEAAAAFAATADF4ewKwAAQABAAAABQAEwCMzHsEcAAEAAQAAAAUABMAqXR7A/AABAAEAAAAFAATANnAewIwAAQABAAAABQAEwCusHsEsAAEAAQAAAAUABMAwTx7AXAABAAEAAAAFAATANLIewOwAAQABAAAABQAEwCmiHsDMAAEAAQAAAAUABMA3Ux4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":43627,"event_start":1565200331.694249} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.13.233","protocol":6,"src_port":46882,"dst_port":443,"event_start":1565200331.694531} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.blogger.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.13.233","protocol":6,"src_port":46882,"dst_port":443,"event_start":1565200331.733407} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.blogger.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f7777772e626c6f676765722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020fae4a63e375e25e8547a10f85893152fa90b4171b9330b8d594e6f5b8cf56c11\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.13.233","protocol":6,"src_port":46882,"dst_port":443,"event_start":1565200331.733407} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.13.233","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":46882,"event_start":1565200331.783406} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57032,"dst_port":443,"event_start":1565200331.892552} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57032,"dst_port":443,"event_start":1565200331.933519} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00160000136163636f756e74732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002070280ffb1f7b0e80a54647dc3dd899378926285894bf2d68b6f6ac6bb51c2762\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57032,"dst_port":443,"event_start":1565200331.933519} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.141","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57032,"event_start":1565200331.984414} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.13.233","protocol":6,"src_port":46886,"dst_port":443,"event_start":1565200332.154185} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.blogger.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.13.233","protocol":6,"src_port":46886,"dst_port":443,"event_start":1565200332.196377} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.blogger.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f7777772e626c6f676765722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002068868f2225f8e9836556dc0820df9750fc3bb00b892fdc39e28de936ba2d4231\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.13.233","protocol":6,"src_port":46886,"dst_port":443,"event_start":1565200332.196377} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.13.233","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":46886,"event_start":1565200332.244799} {"dns":{"base64":"68YBAAABAAAAAAAAA2JpdAJseQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":49963,"dst_port":53,"event_start":1565200332.519537} {"dns":{"base64":"nYgBAAABAAAAAAAAA2JpdAJseQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":46108,"dst_port":53,"event_start":1565200332.519723} {"dns":{"base64":"nYiBgAABAAAAAQAAA2JpdAJseQAAHAABwAwABgABAAAABQBJB25zLTEzNzIJYXdzZG5zLTQzA29yZwARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uA2NvbQAAAAABAAAcIAAAA4QAEnUAAAFRgA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":46108,"event_start":1565200332.554746} {"dns":{"base64":"68aBgAABAAIABQAIA2JpdAJseQAAAQABwAwAAQABAAAABQAEQ8f4CsAMAAEAAQAAAAUABEPH+AvAEAACAAEAAAAFAAoDcGNoA2x0dMAQwBAAAgABAAAABQAUBnBobG9lbQd1b3JlZ29uA2VkdQDAEAACAAEAAAAFABADZG5zBmx0dG5ldANuZXQAwBAAAgABAAAABQAQBW5zLWx5B2FmcmluaWPAhcAQAAIAAQAAAAUABwRkbnMxwH7AegABAAEAAAAFAAQ+8CQJwEQAAQABAAAABQAEzD3YQ8CyAAEAAQAAAAUABD5EKgnAlgABAAEAAAAFAATE2KgYwFoAAQABAAAABQAEgN8gI8BEABwAAQAAAAUAECABBQAAFGBnAK0AAAAAAAHAlgAcAAEAAAAFABAgAUP4ASAAAAAAAAAAAAAkwFoAHAABAAAABQAQIAEEaA0BACAAAAAAgN8gIw=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":49963,"event_start":1565200332.566308} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"67.199.248.10","protocol":6,"src_port":55156,"dst_port":443,"event_start":1565200332.566732} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"bit.ly"}},"src_ip":"192.168.113.237","dst_ip":"67.199.248.10","protocol":6,"src_port":55156,"dst_port":443,"event_start":1565200332.678111} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"bit.ly","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00090000066269742e6c79\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020dd9fba07f642d2419e292f01c37fb79a5ebbf3aed47af8c083b5c6be2ac2b567\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"67.199.248.10","protocol":6,"src_port":55156,"dst_port":443,"event_start":1565200332.678111} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGszCCBZugAwIBAgIQDWR3s57NlhtLxB5iD5etfjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDcwMzAwMDAwMFoXDTE5MDgyMDEyMDAwMFowgbsxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc0NjI3MDEzMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRQwEgYDVQQKEwtCaXRseSwgSW5jLjEPMA0GA1UEAxMGYml0Lmx5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznd+dJC+0jK0zgnPKkp5TqfwlPS1hafMINVKQBTMBzLoA786NkCFMG7rAV7P3J4a0PQkTz6hbBTfF4d6nld6k98tIyFzH4cRIVU7yx+Ebat2GY/fFNjtgKdsmUZrd9hfBqXxAKWtoOfNtIPQSTDh0Lq8FXzVkeompoz0v+MczgNeoSq5ieTxtS2CoemP89dhOFXXq5uHJOS7OqjD1zNnWxBXltWtMN+2yWo6/NGzkiq7F2nfRInf97MSCmSMH5nK7L1G6xNo+qfvGWgZVBznNaygX7avYuHvgRZ1YN/1BGflQ3hidAsYWMW5s49jUx/Di0CcRL6mf+Xz8wpOMk4/kwIDAQABo4IC9jCCAvIwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFCHl30RIen6Sr8lKfr84jyIjaHLJMB0GA1UdEQQWMBSCBmJpdC5seYIKd3d3LmJpdC5seTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNlcnZlci1nMi5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1sAgEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAHBgVngQwBATCBiAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABZF6i2GcAAAQDAEcwRQIgRFgqLABzUHkbLvr95JZbCjc+DMCKb1GAeEV8llFkePMCIQCst8gB/SAjkLpb9HsnXo4T98+2vENa+qu0fodWfqVvWwB1AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABZF6i19oAAAQDAEYwRAIgbmo="}]}},"reassembly_properties":{"truncated":true},"src_ip":"67.199.248.10","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":55156,"event_start":1565200332.784458} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGszCCBZugAwIBAgIQDWR3s57NlhtLxB5iD5etfjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDcwMzAwMDAwMFoXDTE5MDgyMDEyMDAwMFowgbsxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc0NjI3MDEzMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRQwEgYDVQQKEwtCaXRseSwgSW5jLjEPMA0GA1UEAxMGYml0Lmx5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznd+dJC+0jK0zgnPKkp5TqfwlPS1hafMINVKQBTMBzLoA786NkCFMG7rAV7P3J4a0PQkTz6hbBTfF4d6nld6k98tIyFzH4cRIVU7yx+Ebat2GY/fFNjtgKdsmUZrd9hfBqXxAKWtoOfNtIPQSTDh0Lq8FXzVkeompoz0v+MczgNeoSq5ieTxtS2CoemP89dhOFXXq5uHJOS7OqjD1zNnWxBXltWtMN+2yWo6/NGzkiq7F2nfRInf97MSCmSMH5nK7L1G6xNo+qfvGWgZVBznNaygX7avYuHvgRZ1YN/1BGflQ3hidAsYWMW5s49jUx/Di0CcRL6mf+Xz8wpOMk4/kwIDAQABo4IC9jCCAvIwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFCHl30RIen6Sr8lKfr84jyIjaHLJMB0GA1UdEQQWMBSCBmJpdC5seYIKd3d3LmJpdC5seTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNlcnZlci1nMi5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1sAgEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAHBgVngQwBATCBiAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABZF6i2GcAAAQDAEcwRQIgRFgqLABzUHkbLvr95JZbCjc+DMCKb1GAeEV8llFkePMCIQCst8gB/SAjkLpb9HsnXo4T98+2vENa+qu0fodWfqVvWwB1AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABZF6i19oAAAQDAEYwRAIgbmrJyI2amsTHWy31ejWA+p/3lVfhpgpjbVmGHqD96HkCIEid5T6yI11UyVV1HVbKV3V0d/LR7GraugLARjr0ByzwMA0GCSqGSIb3DQEBCwUAA4IBAQDGyFbf+EbxHAs65YFOq1wPA5sRnPs50am+sBVFsMBJ8d6zHPwER/vquEtuuzlA87abnN5dOW+cIujGdaorO8sXuEh+bKj7jQ8DM+Vae/kDCLpszkiBfxyFwgoFrXgX3Zvy9ccnQlHgDptgF/Jd5y/KQax9/w7HuRwuVW7oBTi67LZYRa8+hkS1d3B6Zo7OXnCgg2vIFYo96I5roGWDxfcWvHg88oGp3XpEfUssWgRJizpKYB6t4rGgqbzlcqRqa0oHntk4daSegITewFiLKPlQenthNq73BKVpQd5rmLt7YAAGFYUg6gKyx4sQNl0EeOesgF35cg71fRyfdnWyqL1x"},{"base64":"MIIEtjCCA56gAwIBAgIQDHmpRLCMEZUgkmFf4msdgzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowdTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTE0MDIGA1UEAxMrRGlnaUNlcnQgU0hBMiBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdTpARR+JmmFkhLZyeqk0nQOe0MsLAAh/FnKIaFjI5j2ryxQDji0/XspQUYuD0+xZkXMuwYjPrxDKZkIYXLBxA0sFKIKx9om9KxjxKws9LniB8f7zh3VFNfgHk/LhqqqB5LKw2rt2O5Nbd9FLxZS99RStKh4gzikIKHaq7q12TWmFXo/a8aUGxUvBHy/Urynbt/DvTVvo4WiRJV2MBxNO723C3sxIclho3YIeSwTQyJ3DkmF93215SF2AQhcJ1vb/9cuhnhRctWVyh+HA1BV6q3uCe7seT6Ku8hI3UarS2bhjWMnHe1c63YlC3k8wyd7sFOYn4XwHGeLN7x+RAoGTMCAwEAAaOCAUkwggFFMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAWgBSxPsNpA/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbhhgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs1OG9d4Q3A84ytciagRpKkk47RpqF/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi/hw15UJGQmxg7kVkn8TUoE6smftX3eg=="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"67.199.248.10","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":55156,"event_start":1565200332.784752} {"dns":{"base64":"AiMBAAABAAAAAAAABWJpdGx5A2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":36233,"dst_port":53,"event_start":1565200333.006126} @@ -293,7 +293,7 @@ {"dns":{"base64":"WmWBgAABAAAAAQAABWJpdGx5A2NvbQAAHAABwAwABgABAAAABQBOC25zLWNsb3VkLWIxDWdvb2dsZWRvbWFpbnPAEhRjbG91ZC1kbnMtaG9zdG1hc3RlcgZnb29nbGXAEgAAAAEAAFRgAAAOEAAD9IAAAAEs"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":48534,"event_start":1565200333.070744} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"67.199.248.14","protocol":6,"src_port":41982,"dst_port":443,"event_start":1565200333.070960} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"67.199.248.14","protocol":6,"src_port":41982,"dst_port":443,"event_start":1565200334.085917} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"bitly.com"}},"src_ip":"192.168.113.237","dst_ip":"67.199.248.14","protocol":6,"src_port":41982,"dst_port":443,"event_start":1565200334.217016} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"bitly.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000c0000096269746c792e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00209c512289864dcfcd32498f8865ccfb05ec05d0f2ee077a72d24d71af4c497118\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"67.199.248.14","protocol":6,"src_port":41982,"dst_port":443,"event_start":1565200334.217016} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIG4zCCBcugAwIBAgIQDWINzIIdaLjR4RD3jzgHSTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xODA4MjcwMDAwMDBaFw0yMDA5MDgxMjAwMDBaMHQxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFDASBgNVBAoTC0JpdGx5LCBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMRQwEgYDVQQDDAsqLmJpdGx5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/qidwToSGhNX6Bb0gP03RZq7L92Ut3iJgdGPBwwndspJGTVa2kkkQpbcM7mbG3bvvk3JaAH0A6CE78FN65YacWfbrAR1w2P62jobapbJ37Wn1wY4Wd8AgQIJIM37L5oHMXwGpxYu+1yzJ8o2wTYTDdHat8y0INxy0NXLzEC4ySNTHhBDQIW8ufPUaSdJZkehTs7zH/TOUCAlhjXMmSmiLcyCqzwrUg3Rq3/+6hIRU0cBqVBRy6fHv6RtLcII8HmALXmA2aV1fZWO8FqgabIi7eFHPsJiBkGGoOb0Y7OqWK7XYYJbwfjKo3LchjDJVCAknwvbrOJPOQSlxEItGJwfsCAwEAAaOCA3MwggNvMB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBQ7EDxxmfdjgjJ2p9by+facoK9fkTAhBgNVHREEGjAYggsqLmJpdGx5LmNvbYIJYml0bHkuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZXx/YAYAAAQDAEgwRgIhAIFD4oEZXrLNxMruEFIfoV28ZKZefWWq4eC9Zx5WibmPAiEAq7sQiGHv4gzIJ+VwYhHE1Dsl0sj4hZgSX5m/yag5M4YAdwCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWV8f2DIAAAEAwBIMEYCIQCQ5eMnd6CzaYM1U6E5jTE+mVVgC3wqS3+pk16TFWFkxgIhAO9eGwJIPbzLlDT9fpjhmHMx6wFsqqZ9lrgOthDmWvsvAHYA7ku9t3U="}]}},"reassembly_properties":{"truncated":true},"src_ip":"67.199.248.14","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":41982,"event_start":1565200334.337930} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIG4zCCBcugAwIBAgIQDWINzIIdaLjR4RD3jzgHSTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xODA4MjcwMDAwMDBaFw0yMDA5MDgxMjAwMDBaMHQxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFDASBgNVBAoTC0JpdGx5LCBJbmMuMRMwEQYDVQQLEwpPcGVyYXRpb25zMRQwEgYDVQQDDAsqLmJpdGx5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/qidwToSGhNX6Bb0gP03RZq7L92Ut3iJgdGPBwwndspJGTVa2kkkQpbcM7mbG3bvvk3JaAH0A6CE78FN65YacWfbrAR1w2P62jobapbJ37Wn1wY4Wd8AgQIJIM37L5oHMXwGpxYu+1yzJ8o2wTYTDdHat8y0INxy0NXLzEC4ySNTHhBDQIW8ufPUaSdJZkehTs7zH/TOUCAlhjXMmSmiLcyCqzwrUg3Rq3/+6hIRU0cBqVBRy6fHv6RtLcII8HmALXmA2aV1fZWO8FqgabIi7eFHPsJiBkGGoOb0Y7OqWK7XYYJbwfjKo3LchjDJVCAknwvbrOJPOQSlxEItGJwfsCAwEAAaOCA3MwggNvMB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBQ7EDxxmfdjgjJ2p9by+facoK9fkTAhBgNVHREEGjAYggsqLmJpdGx5LmNvbYIJYml0bHkuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZXx/YAYAAAQDAEgwRgIhAIFD4oEZXrLNxMruEFIfoV28ZKZefWWq4eC9Zx5WibmPAiEAq7sQiGHv4gzIJ+VwYhHE1Dsl0sj4hZgSX5m/yag5M4YAdwCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWV8f2DIAAAEAwBIMEYCIQCQ5eMnd6CzaYM1U6E5jTE+mVVgC3wqS3+pk16TFWFkxgIhAO9eGwJIPbzLlDT9fpjhmHMx6wFsqqZ9lrgOthDmWvsvAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFlfH9gMwAABAMARzBFAiEAi19tXp6F0lwZFYgToZVHTSjpkrUpLL+dgOQUd7KDoQ4CIFLu3fUU/W5s3WYUf/mwxYOqqwxe+qEiifgn8LEreE27MA0GCSqGSIb3DQEBCwUAA4IBAQAd9K9mdg9VA2uPFQDjJpIkGYvEVlbz9nUaqxMLP4anttngfqRorn4p28A3DhKQCT83/5TEWqE+esNI1Nhz2b4yA7LRhqaEkJVY8OHWBVf9blsaBZ4gZlCxC26V/7U6U5BqEGSzydSFHnhOVsCBTHe8/UvWNW8kDiswXUgk+GxW2T+ypEB+gbUaI06drBVUtwGIftxSOdy49c4jFGrDFaPjhHKn9oZ2oQOR5lu+ZQOPXt2LNuuvKmxLzVmCd59ysPmIGn558kk3TOjHcVRB3DoYNsBp3lCLX0fYLfevGerFolvraa0AywvzbHDKa4JQ7g2h498IkovdPXEW8hQ8Xy7f"},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"67.199.248.14","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":41982,"event_start":1565200334.338224} {"dns":{"base64":"FSMBAAABAAAAAAAABXlhaG9vA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":50783,"dst_port":53,"event_start":1565200334.828074} @@ -301,7 +301,7 @@ {"dns":{"base64":"rkSBgAABAAYADQAFBXlhaG9vA2NvbQAAHAABwAwAHAABAAAABQAQIAFJmAAMECMAAAAAAAAABcAMABwAAQAAAAUAECABSZgAWBg2AAAAAAAAABDADAAcAAEAAAAFABAgAUmYAAwQIwAAAAAAAAAEwAwAHAABAAAABQAQIAFJmABYGDYAAAAAAAAAEcAMABwAAQAAAAUAECABSZgARAQdAAAAAAAAAATADAAcAAEAAAAFABAgAUmYAEQEHQAAAAAAAAADwBIAAgABAAAABQAUAWcMZ3RsZC1zZXJ2ZXJzA25ldADAEgACAAEAAAAFAAQBaMDRwBIAAgABAAAABQAEAWPA0cASAAIAAQAAAAUABAFtwNHAEgACAAEAAAAFAAQBZcDRwBIAAgABAAAABQAEAWzA0cASAAIAAQAAAAUABAFpwNHAEgACAAEAAAAFAAQBa8DRwBIAAgABAAAABQAEAWLA0cASAAIAAQAAAAUABAFhwNHAEgACAAEAAAAFAAQBZsDRwBIAAgABAAAABQAEAWTA0cASAAIAAQAAAAUABAFqwNHBbwABAAEAAAAFAATABQYewV8AAQABAAAABQAEwCEOHsD/AAEAAQAAAAUABMAaXB7BjwABAAEAAAAFAATAH1AewR8AAQABAAAABQAEwAxeHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":38416,"event_start":1565200334.829079} {"dns":{"base64":"FSOBgAABAAYADQAKBXlhaG9vA2NvbQAAAQABwAwAAQABAAAABQAESB4jCcAMAAEAAQAAAAUABGKK2+jADAABAAEAAAAFAARiifYIwAwAAQABAAAABQAEYon2B8AMAAEAAQAAAAUABGKK2+fADAABAAEAAAAFAARIHiMKwBIAAgABAAAABQAUAWcMZ3RsZC1zZXJ2ZXJzA25ldADAEgACAAEAAAAFAAQBYsCJwBIAAgABAAAABQAEAWvAicASAAIAAQAAAAUABAFjwInAEgACAAEAAAAFAAQBaMCJwBIAAgABAAAABQAEAWbAicASAAIAAQAAAAUABAFkwInAEgACAAEAAAAFAAQBacCJwBIAAgABAAAABQAEAWzAicASAAIAAQAAAAUABAFlwInAEgACAAEAAAAFAAQBbcCJwBIAAgABAAAABQAEAWHAicASAAIAAQAAAAUABAFqwInBRwABAAEAAAAFAATABQYewKcAAQABAAAABQAEwCEOHsDHAAEAAQAAAAUABMAaXB7A9wABAAEAAAAFAATAH1AewScAAQABAAAABQAEwAxeHsDnAAEAAQAAAAUABMAjMx7AhwABAAEAAAAFAATAKl0ewNcAAQABAAAABQAEwDZwHsEHAAEAAQAAAAUABMArrB7BVwABAAEAAAAFAATAME8e"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":50783,"event_start":1565200334.864301} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"72.30.35.9","protocol":6,"src_port":37050,"dst_port":443,"event_start":1565200334.865000} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"yahoo.com"}},"src_ip":"192.168.113.237","dst_ip":"72.30.35.9","protocol":6,"src_port":37050,"dst_port":443,"event_start":1565200334.923897} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"yahoo.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000c0000097961686f6f2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00200830920a46453a2b8852f53c183381b93b32f8d428814e8f267c0a3b19664860\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"72.30.35.9","protocol":6,"src_port":37050,"dst_port":443,"event_start":1565200334.923897} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHCzCCBfOgAwIBAgIQC8M2wJUf1+pWw3jShdD6bTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA4MDYwMDAwMDBaFw0yMDAyMDIxMjAwMDBaMGMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMRgwFgYDVQQDDA8qLnd3dy55YWhvby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCirs4sQ7vEOfujfIii5gGWEOlqKc9yHNbAoyN96STzjihj56QK3Uzl7fiShiKiD04OAE1RLOrVObCwrWJi+C3XybKlOAwVvKD1gkkyuGZaunygg4H+TfvRICZV5pRMNNbacko0Ji/Xv5r9+epnHAeGXSp0LxQiH3wyJCBtLPuBI6A3wxd1iaWiFAWNR2WUMyU3uENLnbMjr0j462/+kYdhZ0+phZ9auThabOOR8TA61NwTofCJ5Xq0cMk9h6kWN7FcpMEMrid2qPqYTQcvVBgFipPZRNIO7ymRPEmnWQo21PtgiRfnILqg+Lwd95A5RYg2XeRhmXBa22Sh+J/b1im/AgMBAAGjggOsMIIDqDAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUaekEkRuDKAqyMmsIHXgRzibqObswgdYGA1UdEQSBzjCBy4IPKi53d3cueWFob28uY29tgg4qLmFtcC55aW1nLmNvbYILKi55YWhvby5jb22CEGFkZC5teS55YWhvby5jb22CD2NhLm15LnlhaG9vLmNvbYITY2Eucm9nZXJzLnlhaG9vLmNvbYIQZGRsLmZwLnlhaG9vLmNvbYIWZnItY2Eucm9nZXJzLnlhaG9vLmNvbYIPaGsucmQueWFob28uY29tggxtYnAueWltZy5jb22CD3R3LnJkLnlhaG9vLmNvbYIJeWFob28uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC4="}]}},"reassembly_properties":{"truncated":true},"src_ip":"72.30.35.9","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":37050,"event_start":1565200334.982648} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHCzCCBfOgAwIBAgIQC8M2wJUf1+pWw3jShdD6bTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA4MDYwMDAwMDBaFw0yMDAyMDIxMjAwMDBaMGMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMRgwFgYDVQQDDA8qLnd3dy55YWhvby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCirs4sQ7vEOfujfIii5gGWEOlqKc9yHNbAoyN96STzjihj56QK3Uzl7fiShiKiD04OAE1RLOrVObCwrWJi+C3XybKlOAwVvKD1gkkyuGZaunygg4H+TfvRICZV5pRMNNbacko0Ji/Xv5r9+epnHAeGXSp0LxQiH3wyJCBtLPuBI6A3wxd1iaWiFAWNR2WUMyU3uENLnbMjr0j462/+kYdhZ0+phZ9auThabOOR8TA61NwTofCJ5Xq0cMk9h6kWN7FcpMEMrid2qPqYTQcvVBgFipPZRNIO7ymRPEmnWQo21PtgiRfnILqg+Lwd95A5RYg2XeRhmXBa22Sh+J/b1im/AgMBAAGjggOsMIIDqDAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUaekEkRuDKAqyMmsIHXgRzibqObswgdYGA1UdEQSBzjCBy4IPKi53d3cueWFob28uY29tgg4qLmFtcC55aW1nLmNvbYILKi55YWhvby5jb22CEGFkZC5teS55YWhvby5jb22CD2NhLm15LnlhaG9vLmNvbYITY2Eucm9nZXJzLnlhaG9vLmNvbYIQZGRsLmZwLnlhaG9vLmNvbYIWZnItY2Eucm9nZXJzLnlhaG9vLmNvbYIPaGsucmQueWFob28uY29tggxtYnAueWltZy5jb22CD3R3LnJkLnlhaG9vLmNvbYIJeWFob28uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWxoP1bRAAAEAwBHMEUCIQDdmgmiG/EpnvAnBdg3XCQTGLs8lNSIDGHDaQWgBq9VCgIgZsZ3m6pXNI//TS8XhYh8PCWIjBokKJvm1Tn1ST6L3ckAdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWxoP1ccAAAEAwBGMEQCIEHpkO5+0ht224fAM6owijpPlRfcO+YwaVQDkgI1mIDAAiBtpay6WdE9oAc9pF31Je1sgbaDFGD0q5Yx22QwmFvxZDANBgkqhkiG9w0BAQsFAAOCAQEAnINtMIB149N31+iHLGR4/lXGfKmKjUibQR6WaD0lNANjChxDiFXPQieobLfkWkaMfKBbGSg8h7WMdCsCkIMnN+z8KmmTnY4MN+m8wR0QOXKHvWXX6HG3sSORtJ7EI9uxFvBOlEHmj4HBrQVs0iiVOp5gcOAfCcphMtNBp3gIy8eqi7HeUrsiVwJal/vz2V+zlaHgXJ86eVOqvE1H30hdiQYXi23+sbfkTfZh119xiJ9c591HgYrUy4vWdAdPD0Eoo1JVIxDRpNHxIIDpnxYehlCU921fOJqwL1ShquSF59UzV7DDnIxdkYTmPY5H5kjlbhNU99k/dnkWSpecKP0m8Q=="},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"72.30.35.9","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":37050,"event_start":1565200334.983206} {"dns":{"base64":"rPQBAAABAAAAAAAAA3d3dwV5YWhvbwNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":54985,"dst_port":53,"event_start":1565200335.120651} @@ -309,7 +309,7 @@ {"dns":{"base64":"DxKBgAABAAUADQAGA3d3dwV5YWhvbwNjb20AABwAAcAMAAUAAQAAAAUAFg1hdHN2Mi1mcC1zaGVkA3dnMQFiwBDAKwAcAAEAAAAFABAgAUmYAEQEHQAAAAAAAAADwCsAHAABAAAABQAQIAFJmABYGDYAAAAAAAAAEMArABwAAQAAAAUAECABSZgAWBg2AAAAAAAAABHAKwAcAAEAAAAFABAgAUmYAEQEHQAAAAAAAAAEwBYAAgABAAAABQAUAWUMZ3RsZC1zZXJ2ZXJzA25ldADAFgACAAEAAAAFAAQBYsC/wBYAAgABAAAABQAEAWvAv8AWAAIAAQAAAAUABAFkwL/AFgACAAEAAAAFAAQBasC/wBYAAgABAAAABQAEAWHAv8AWAAIAAQAAAAUABAFswL/AFgACAAEAAAAFAAQBaMC/wBYAAgABAAAABQAEAWbAv8AWAAIAAQAAAAUABAFtwL/AFgACAAEAAAAFAAQBY8C/wBYAAgABAAAABQAEAWnAv8AWAAIAAQAAAAUABAFnwL/BHQABAAEAAAAFAATABQYewN0AAQABAAAABQAEwCEOHsFtAAEAAQAAAAUABMAaXB7A/QABAAEAAAAFAATAH1AewL0AAQABAAAABQAEwAxeHsFNAAEAAQAAAAUABMAjMx4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":46072,"event_start":1565200335.157761} {"dns":{"base64":"rPSBgAABAAUADQAJA3d3dwV5YWhvbwNjb20AAAEAAcAMAAUAAQAAAAUAFg1hdHN2Mi1mcC1zaGVkA3dnMQFiwBDAKwABAAEAAAAFAARIHiMJwCsAAQABAAAABQAEYorb6MArAAEAAQAAAAUABEgeIwrAKwABAAEAAAAFAARiitvnwBYAAgABAAAABQAUAWoMZ3RsZC1zZXJ2ZXJzA25ldADAFgACAAEAAAAFAAQBZMCPwBYAAgABAAAABQAEAWnAj8AWAAIAAQAAAAUABAFrwI/AFgACAAEAAAAFAAQBZ8CPwBYAAgABAAAABQAEAWbAj8AWAAIAAQAAAAUABAFowI/AFgACAAEAAAAFAAQBYsCPwBYAAgABAAAABQAEAWPAj8AWAAIAAQAAAAUABAFswI/AFgACAAEAAAAFAAQBYcCPwBYAAgABAAAABQAEAWXAj8AWAAIAAQAAAAUABAFtwI/BPQABAAEAAAAFAATABQYewQ0AAQABAAAABQAEwCEOHsEdAAEAAQAAAAUABMAaXB7ArQABAAEAAAAFAATAH1AewU0AAQABAAAABQAEwAxeHsDtAAEAAQAAAAUABMAjMx7A3QABAAEAAAAFAATAKl0ewP0AAQABAAAABQAEwDZwHsC9AAEAAQAAAAUABMArrB4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":54985,"event_start":1565200335.158060} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"98.138.219.231","protocol":6,"src_port":59128,"dst_port":443,"event_start":1565200335.158395} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.yahoo.com"}},"src_ip":"192.168.113.237","dst_ip":"98.138.219.231","protocol":6,"src_port":59128,"dst_port":443,"event_start":1565200335.242324} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.yahoo.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d7777772e7961686f6f2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00202b602dcd972bb03a0a7fda1e4765b7b05da3de7ccfbdd17ba579dccfbfec3927\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"98.138.219.231","protocol":6,"src_port":59128,"dst_port":443,"event_start":1565200335.242324} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHCzCCBfOgAwIBAgIQC8M2wJUf1+pWw3jShdD6bTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA4MDYwMDAwMDBaFw0yMDAyMDIxMjAwMDBaMGMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMRgwFgYDVQQDDA8qLnd3dy55YWhvby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCirs4sQ7vEOfujfIii5gGWEOlqKc9yHNbAoyN96STzjihj56QK3Uzl7fiShiKiD04OAE1RLOrVObCwrWJi+C3XybKlOAwVvKD1gkkyuGZaunygg4H+TfvRICZV5pRMNNbacko0Ji/Xv5r9+epnHAeGXSp0LxQiH3wyJCBtLPuBI6A3wxd1iaWiFAWNR2WUMyU3uENLnbMjr0j462/+kYdhZ0+phZ9auThabOOR8TA61NwTofCJ5Xq0cMk9h6kWN7FcpMEMrid2qPqYTQcvVBgFipPZRNIO7ymRPEmnWQo21PtgiRfnILqg+Lwd95A5RYg2XeRhmXBa22Sh+J/b1im/AgMBAAGjggOsMIIDqDAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUaekEkRuDKAqyMmsIHXgRzibqObswgdYGA1UdEQSBzjCBy4IPKi53d3cueWFob28uY29tgg4qLmFtcC55aW1nLmNvbYILKi55YWhvby5jb22CEGFkZC5teS55YWhvby5jb22CD2NhLm15LnlhaG9vLmNvbYITY2Eucm9nZXJzLnlhaG9vLmNvbYIQZGRsLmZwLnlhaG9vLmNvbYIWZnItY2Eucm9nZXJzLnlhaG9vLmNvbYIPaGsucmQueWFob28uY29tggxtYnAueWltZy5jb22CD3R3LnJkLnlhaG9vLmNvbYIJeWFob28uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC4="}]}},"reassembly_properties":{"truncated":true},"src_ip":"98.138.219.231","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":59128,"event_start":1565200335.331768} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHCzCCBfOgAwIBAgIQC8M2wJUf1+pWw3jShdD6bTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA4MDYwMDAwMDBaFw0yMDAyMDIxMjAwMDBaMGMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMRgwFgYDVQQDDA8qLnd3dy55YWhvby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCirs4sQ7vEOfujfIii5gGWEOlqKc9yHNbAoyN96STzjihj56QK3Uzl7fiShiKiD04OAE1RLOrVObCwrWJi+C3XybKlOAwVvKD1gkkyuGZaunygg4H+TfvRICZV5pRMNNbacko0Ji/Xv5r9+epnHAeGXSp0LxQiH3wyJCBtLPuBI6A3wxd1iaWiFAWNR2WUMyU3uENLnbMjr0j462/+kYdhZ0+phZ9auThabOOR8TA61NwTofCJ5Xq0cMk9h6kWN7FcpMEMrid2qPqYTQcvVBgFipPZRNIO7ymRPEmnWQo21PtgiRfnILqg+Lwd95A5RYg2XeRhmXBa22Sh+J/b1im/AgMBAAGjggOsMIIDqDAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUaekEkRuDKAqyMmsIHXgRzibqObswgdYGA1UdEQSBzjCBy4IPKi53d3cueWFob28uY29tgg4qLmFtcC55aW1nLmNvbYILKi55YWhvby5jb22CEGFkZC5teS55YWhvby5jb22CD2NhLm15LnlhaG9vLmNvbYITY2Eucm9nZXJzLnlhaG9vLmNvbYIQZGRsLmZwLnlhaG9vLmNvbYIWZnItY2Eucm9nZXJzLnlhaG9vLmNvbYIPaGsucmQueWFob28uY29tggxtYnAueWltZy5jb22CD3R3LnJkLnlhaG9vLmNvbYIJeWFob28uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWxoP1bRAAAEAwBHMEUCIQDdmgmiG/EpnvAnBdg3XCQTGLs8lNSIDGHDaQWgBq9VCgIgZsZ3m6pXNI//TS8XhYh8PCWIjBokKJvm1Tn1ST6L3ckAdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWxoP1ccAAAEAwBGMEQCIEHpkO5+0ht224fAM6owijpPlRfcO+YwaVQDkgI1mIDAAiBtpay6WdE9oAc9pF31Je1sgbaDFGD0q5Yx22QwmFvxZDANBgkqhkiG9w0BAQsFAAOCAQEAnINtMIB149N31+iHLGR4/lXGfKmKjUibQR6WaD0lNANjChxDiFXPQieobLfkWkaMfKBbGSg8h7WMdCsCkIMnN+z8KmmTnY4MN+m8wR0QOXKHvWXX6HG3sSORtJ7EI9uxFvBOlEHmj4HBrQVs0iiVOp5gcOAfCcphMtNBp3gIy8eqi7HeUrsiVwJal/vz2V+zlaHgXJ86eVOqvE1H30hdiQYXi23+sbfkTfZh119xiJ9c591HgYrUy4vWdAdPD0Eoo1JVIxDRpNHxIIDpnxYehlCU921fOJqwL1ShquSF59UzV7DDnIxdkYTmPY5H5kjlbhNU99k/dnkWSpecKP0m8Q=="},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"98.138.219.231","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":59128,"event_start":1565200335.333809} {"dns":{"base64":"hR0BAAABAAAAAAAABmFtYXpvbgNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":53662,"dst_port":53,"event_start":1565200336.134566} @@ -317,7 +317,7 @@ {"dns":{"base64":"hR2BgAABAAMABgAKBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAAAUABLAgYqbADAABAAEAAAAFAASwIGfNwAwAAQABAAAABQAEzfvyZ8AMAAIAAQAAAAUAFAVwZG5zMQh1bHRyYWRucwNuZXQAwAwAAgABAAAABQARA25zMwNwMzEGZHluZWN0wGfADAACAAEAAAAFABYFcGRuczYIdWx0cmFkbnMCY28CdWsAwAwAAgABAAAABQAGA25zNMB8wAwAAgABAAAABQAGA25zMcB8wAwAAgABAAAABQAGA25zMsB8wMkAAQABAAAABQAE0E5GH8DbAAEAAQAAAAUABMwN+h/AeAABAAEAAAAFAATQTkcfwLcAAQABAAAABQAEzA37H8BYAAEAAQAAAAUABMxKbAHAlQABAAEAAAAFAATMSnMBwMkAHAABAAAABQAQIAEFAACQAAEAAAAAAAAAMcB4ABwAAQAAAAUAECABBQAAlAABAAAAAAAAADHAWAAcAAEAAAAFABAgAQUC8/8AAAAAAAAAAAABwJUAHAABAAAABQAQJhAAoRAXAAAAAAAAAAAAAQ=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":53662,"event_start":1565200336.175444} {"dns":{"base64":"U8mBgAABAAAAAQAABmFtYXpvbgNjb20AABwAAcAMAAYAAQAAAAUAMRNkbnMtZXh0ZXJuYWwtbWFzdGVywAwEcm9vdMAMd9AASgAAALQAAAA8AC4kgAAAADw="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":50727,"event_start":1565200336.175898} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"176.32.98.166","protocol":6,"src_port":52744,"dst_port":443,"event_start":1565200336.176117} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"amazon.com"}},"src_ip":"192.168.113.237","dst_ip":"176.32.98.166","protocol":6,"src_port":52744,"dst_port":443,"event_start":1565200336.223970} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"amazon.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000d00000a616d617a6f6e2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00201d2361db2e415e444dea7130192848cba7f633366403600ab0dd2edebc7d5148\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"176.32.98.166","protocol":6,"src_port":52744,"dst_port":443,"event_start":1565200336.223970} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(000b000403000102))"},"tls":{"server":{"certs":[{"base64":"MIIIITCCBwmgAwIBAgIQBgbZf4Ao3WgcJWbIhYPjZjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVEaWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTkwNDMwMDAwMDAwWhcNMjAwNDAxMTIwMDAwWjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEZMBcGA1UEChMQQW1hem9uLmNvbSwgSW5jLjEWMBQGA1UEAwwNKi5wZWcuYTJ6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALFgxFvUh6c5p4HmPB4BjoRVRU9zT3/3GW7IxJRqc94R+BCvzWqI3hK7rfo8Vn6IDwOMVsfrJhSS6IPs+a0TAIyygJ5wFSjYkPtLfkfgKXMyP/c6MhxrYbxuATIX5dcJZ5kLEiGSlb9FBOIl9ILZqewA2aXAZV9kGG+dwe2f+tnW2cCho3gd29+HcRM4swvX1Q/6y+AkjPzLgET//E/UR7k98Bz6bY2bSwIg7N0dyysRSfQe7WpFJr5GwLTnEkrTz2SKgtk7H4SxkK0Sm6MLhIA6zlgQCW+gdKnZWijWiR7eFZwGKBC0AmTOPSraaDvb31D6syjzgMvkKR9IFUWA8BUCAwEAAaOCBOowggTmMB8GA1UdIwQYMBaAFCRuKy3QapJRUSVpAaqaR6aJ50AgMB0GA1UdDgQWBBQaXzAyaZXZcFEDaE8X9EnhptybGjCCAiMGA1UdEQSCAhowggIWggxhbWF6b24uY28udWuCE3VlZGF0YS5hbWF6b24uY28udWuCEHd3dy5hbWF6b24uY28udWuCF29yaWdpbi13d3cuYW1hem9uLmNvLnVrgg0qLnBlZy5hMnouY29tggphbWF6b24uY29tgghhbXpuLmNvbYIRdWVkYXRhLmFtYXpvbi5jb22CDXVzLmFtYXpvbi5jb22CDnd3dy5hbWF6b24uY29tggx3d3cuYW16bi5jb22CFGNvcnBvcmF0ZS5hbWF6b24uY29tghFidXlib3guYW1hem9uLmNvbYIRaXBob25lLmFtYXpvbi5jb22CDXlwLmFtYXpvbi5jb22CD2hvbWUuYW1hem9uLmNvbYIVb3JpZ2luLXd3dy5hbWF6b24uY29tgiFidWNrZXllLXJldGFpbC13ZWJzaXRlLmFtYXpvbi5jb22CEmh1ZGRsZXMuYW1hem9uLmNvbYIJYW1hem9uLmRlgg13d3cuYW1hem9uLmRlghRvcmlnaW4td3d3LmFtYXpvbi5kZYIMYW1hem9uLmNvLmpwgglhbWF6b24uanCCDXd3dy5hbWF6b24uanCCEHd3dy5hbWF6b24uY28uanCCF29yaWdpbi13d3c="}]}},"reassembly_properties":{"truncated":true},"src_ip":"176.32.98.166","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":52744,"event_start":1565200336.270155} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(000b000403000102))"},"tls":{"server":{"certs":[{"base64":"MIIIITCCBwmgAwIBAgIQBgbZf4Ao3WgcJWbIhYPjZjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVEaWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTkwNDMwMDAwMDAwWhcNMjAwNDAxMTIwMDAwWjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEZMBcGA1UEChMQQW1hem9uLmNvbSwgSW5jLjEWMBQGA1UEAwwNKi5wZWcuYTJ6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALFgxFvUh6c5p4HmPB4BjoRVRU9zT3/3GW7IxJRqc94R+BCvzWqI3hK7rfo8Vn6IDwOMVsfrJhSS6IPs+a0TAIyygJ5wFSjYkPtLfkfgKXMyP/c6MhxrYbxuATIX5dcJZ5kLEiGSlb9FBOIl9ILZqewA2aXAZV9kGG+dwe2f+tnW2cCho3gd29+HcRM4swvX1Q/6y+AkjPzLgET//E/UR7k98Bz6bY2bSwIg7N0dyysRSfQe7WpFJr5GwLTnEkrTz2SKgtk7H4SxkK0Sm6MLhIA6zlgQCW+gdKnZWijWiR7eFZwGKBC0AmTOPSraaDvb31D6syjzgMvkKR9IFUWA8BUCAwEAAaOCBOowggTmMB8GA1UdIwQYMBaAFCRuKy3QapJRUSVpAaqaR6aJ50AgMB0GA1UdDgQWBBQaXzAyaZXZcFEDaE8X9EnhptybGjCCAiMGA1UdEQSCAhowggIWggxhbWF6b24uY28udWuCE3VlZGF0YS5hbWF6b24uY28udWuCEHd3dy5hbWF6b24uY28udWuCF29yaWdpbi13d3cuYW1hem9uLmNvLnVrgg0qLnBlZy5hMnouY29tggphbWF6b24uY29tgghhbXpuLmNvbYIRdWVkYXRhLmFtYXpvbi5jb22CDXVzLmFtYXpvbi5jb22CDnd3dy5hbWF6b24uY29tggx3d3cuYW16bi5jb22CFGNvcnBvcmF0ZS5hbWF6b24uY29tghFidXlib3guYW1hem9uLmNvbYIRaXBob25lLmFtYXpvbi5jb22CDXlwLmFtYXpvbi5jb22CD2hvbWUuYW1hem9uLmNvbYIVb3JpZ2luLXd3dy5hbWF6b24uY29tgiFidWNrZXllLXJldGFpbC13ZWJzaXRlLmFtYXpvbi5jb22CEmh1ZGRsZXMuYW1hem9uLmNvbYIJYW1hem9uLmRlgg13d3cuYW1hem9uLmRlghRvcmlnaW4td3d3LmFtYXpvbi5kZYIMYW1hem9uLmNvLmpwgglhbWF6b24uanCCDXd3dy5hbWF6b24uanCCEHd3dy5hbWF6b24uY28uanCCF29yaWdpbi13d3cuYW1hem9uLmNvLmpwghAqLmFhLnBlZy5hMnouY29tghAqLmFiLnBlZy5hMnouY29tghAqLmFjLnBlZy5hMnouY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdwYDVR0fBHAwbjA1oDOgMYYvaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsQ0FHMi5jcmwwNaAzoDGGL2h0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHQGCCsGAQUFBwEBBGgwZjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQUcyLmNydDAJBgNVHRMEAjAAMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFqbA26bQAABAMASDBGAiEAolsv5iHlTTpF3kJTj/mGWrTm775kYt6O9enHc2+IWisCIQC4yqet/vmnRcOZpDo4/cYpJbIJp0XkD9nfwxOopnvp9gB1AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABamwNtjgAAAQDAEYwRAIgTsND30lAbIjVGm8JJ/7jAq8s418JQgRE1z3pN3/8v4sCID1rsUiBMGkT0OjBuvo0AnBCJqqoN56TY3JmFlqMqFVsMA0GCSqGSIb3DQEBCwUAA4IBAQAmqfhGKyfkUG8TDiyP/+kX6tQbZ+V6kYq5sMR3ny4MFPI8Wf/kLWgFSQyaU82o4dGlqzEBLYd9WCCyr0Lr2j+KPbcwn+dQpBkqCgkER3FnM79Aoc9Xs74nbapMZ2w/nK/WVc66dtO/k7LVbEREJksAPC6tAn2FqRxDPUJShmHpsgpi/A8TXtviGll1NzdUG5DLD/8cg3pig9ZmyAvYjXlEtemWv2Y11q9NtKk7GkqA5hFMAVZEUxVzUXquFAKeKnCXlPmjpVmq6vXY7JAmu2ys+AprOtpISKNrhX/gaotw2yEXVmNaC3uURYpeKCRw5NUgjx6UgEfg6L+UbLCirxCM"},{"base64":"MIIEizCCA3OgAwIBAgIQDI7gyQ1qiRWIBAYe4kH5rzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0yODA4MDExMjAwMDBaMEQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFURpZ2lDZXJ0IEdsb2JhbCBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANNIfL7zBYZdW9UvhU5L4IatFaxhz1uvPmoKR/uadpFgC4przc/cV35gmAvkVNlW7SHMArZagV+Xau4CLyMnuG3UsOcGAngLH1ypmTb+u6wbBfpXzYEQQGfWMItYNdSWYb7QjHqXnxr5IuYUL6nG6AEfq/gmD6yOTSwyOR2Bm40cZbIc22GoiS9g5+vCShjEbyrpEJIJ7RfRACvmfe8EiRROM6GyD5eHn7OgzS+8LOy4g2gxPR/VSpAQGQuBldYpdlH5NnbQtwl6OErXb4y/E3w57bqukPyV93t4CTZedJMeJfD/1K2uaGvG/w/VNfFVbkhJ+Pi474j48V4Rd6rfArMCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFCRuKy3QapJRUSVpAaqaR6aJ50AgMB8GA1UdIwQYMBaAFE4iVCAYlebjbuYP+vq5Eu0GF485MA0GCSqGSIb3DQEBCwUAA4IBAQALOYSR+ZfrqoGvhOlaOJL84mxZvzbIRacxAxHhBsCsMsdaVSnaT0AC9aHesO3ewPj2dZ12uYf+QYB6z13jAMZbAuabeGLJ3LhimnftiQjXS8X9Q9ViIyfEBFltcT8jW+rZ8uckJ2/0lYDblizkVIvP6hnZf1WZUXoOLRg9eFhSvGNoVwvdRLNXSmDmyHBwW4coatc7TlJFGa8kBpJIERqLrqwYElesA8u49L3KJg6nwd3jM+/AVTANlVlOnAM2BvjAjxSZnE0qnsHhfTuvcqdFuhOWKU4Z0BqYBvQ3lBetoxi6PrABDJXWKTUgNX31EGDk92hiHuwZ4STyhxGs6QiA"},{"base64":"MIIE3zCCA8egAwIBAgIQYxgNOPuAl3ip0DWjFhj4QDANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTcxMTA2MDAwMDAwWhcNMjIxMTA1MjM1OTU5WjBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs3zTTce2vJsmiQrUp1/0a6IQoIjfUZVMn7iNvzrvI6iZE8euarBhprz6wt6F4JJES6Ypp+1qOofuBUdSAFrFC3nGMabDDc2h8Zsdce3v3X4MuUgzeu7B9DTt17LNK9LqUv5Km4rTrUmaS2JembawBgkmD/TyFJGPdnkKthBpyP8rrptOmSMmu181foXRvNjB2rlQSVSfM1LZbjSW3dd+P7SUu0rFUHqY+Vs7Qju0xtRfD2qbKVMLT9TFWMJ0pXFHyCnc1zktMWSgYMjFDRjx4Jvheh5iHK/YPlELyDpQrEZyj2cxQUPUZ2w4cUiSE0Ta8PRQymSaG6u5zFsTODKYUCAwEAAaOCAScwggEjMB0GA1UdDgQWBBROIlQgGJXm427mD/r6uRLtBhePOTAPBgNVHRMBAf8EBTADAQH/MF8GA1UdIARYMFYwVAYEVR0gADBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH/BAQDAgGGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBQ3dNWKSUBip6n5X1Nua8bjKLSJzXlnescavPECMpFBlIIKH2mc6mL2Xr/wkSIBDrsqAO3sBcmoJN+n8V30O5JelrtEAFYSyRDXfu78ZlHn6kvV5/jPUFECEM/hdN0x8WdLpGjJMqfs0EG5qHj+UaxpucWD445wea4zlK7hUR+MA8fq0Yd1HEKj4c8TcgaQIHMa4KHr448cQ69e3CPECRhRNg+RAKT2I7SlaVzLvaB/8yym2oMCEsoqiRT8dbXg35aKEYmmzn3O/mnB7bGUd/EUrkIf7FVamgYZd1fSzQeg1cHqf0ja6eHpvq2bTl+cWFHaq/84KlHe5Rh0CsmpZzn"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"176.32.98.166","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":52744,"event_start":1565200336.271389} {"dns":{"base64":"fpkBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":59476,"dst_port":53,"event_start":1565200336.356162} @@ -327,7 +327,7 @@ {"dns":{"base64":"x2sBAAABAAAAAAAADmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AAAcAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":40095,"dst_port":53,"event_start":1565200336.389163} {"dns":{"base64":"x2uBgAABAAAAAQAADmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AAAcAAHADAAGAAEAAAAFAEUGbnMtMTMwCWF3c2Rucy0xNgNjb20AEWF3c2Rucy1ob3N0bWFzdGVyBmFtYXpvbsBMAAAAAQAAHCAAAAOEABJ1AAABUYA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":40095,"event_start":1565200336.420956} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"99.84.220.24","protocol":6,"src_port":49224,"dst_port":443,"event_start":1565200336.421383} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.amazon.com"}},"src_ip":"192.168.113.237","dst_ip":"99.84.220.24","protocol":6,"src_port":49224,"dst_port":443,"event_start":1565200336.459535} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.amazon.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001100000e7777772e616d617a6f6e2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00201565779a4152b43074dad5ddb4c47fce3675d50e38f72cd7a67238c424a7d602\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"99.84.220.24","protocol":6,"src_port":49224,"dst_port":443,"event_start":1565200336.459535} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHgjCCBmqgAwIBAgIQB4di2kRD0yIued1fqA/gJDANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVEaWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTkwMzI5MDAwMDAwWhcNMTkxMjE1MTIwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEZMBcGA1UEChMQQW1hem9uLmNvbSwgSW5jLjEXMBUGA1UEAxMOd3d3LmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVx5YP0mZBxSSAZGbhvJaYx7eBEl4gpVF3M4j8uk5jtPcPtq07f5Gltumil3cpM2teuW9687x3BKoX1h9uyLq3jMQSV2TxlPXd59ZTPXXNMXlTCk8JoFn7atM9Z/9b4kGthlfAgf49ZrRpiZUL6qX/NyyuHbD2fGcw5YgrvVIRPYWyztxlknKQMknHy28o25/Wvne0OeCTdWnEZQuvLKtbiS25/a1vX+ZK4srX6rPi0U5I5lfUBwt4pvBCOahIYJvGHVjCMv2Xe8ewZYP430gsSep6KiFIZTvzX2zj8dV0Ns3iiKH4OAZW5rekGIBRzDlgOM9rs4DqpiE5kK/MWsAVAgMBAAGjggRKMIIERjAfBgNVHSMEGDAWgBQkbist0GqSUVElaQGqmkemiedAIDAdBgNVHQ4EFgQUqA11y8YrIoyghAcMz9DLYo26Ws4wggGCBgNVHREEggF5MIIBdYIKYW1hem9uLmNvbYIIYW16bi5jb22CEXVlZGF0YS5hbWF6b24uY29tgg11cy5hbWF6b24uY29tgg53d3cuYW1hem9uLmNvbYIMd3d3LmFtem4uY29tghRjb3Jwb3JhdGUuYW1hem9uLmNvbYIRYnV5Ym94LmFtYXpvbi5jb22CEWlwaG9uZS5hbWF6b24uY29tgg15cC5hbWF6b24uY29tgg9ob21lLmFtYXpvbi5jb22CFW9yaWdpbi13d3cuYW1hem9uLmNvbYIhYnVja2V5ZS1yZXRhaWwtd2Vic2l0ZS5hbWF6b24uY29tghJodWRkbGVzLmFtYXpvbi5jb22CJXAtbnQtd3d3LWFtYXpvbi1jb20ta2FsaWFzLmFtYXpvbi5jb22CJXAteW8td3d3LWFtYXpvbi1jb20ta2FsaWFzLmFtYXpvbi5jb22CJXAteTMtd3d3LWFtYXpvbi1jb20ta2FsaWFzLmFtYXpvbi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB3BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQUcyLmNybDA1oDOgMYYvaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXI="}]}},"reassembly_properties":{"truncated":true},"src_ip":"99.84.220.24","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":49224,"event_start":1565200336.502594} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHgjCCBmqgAwIBAgIQB4di2kRD0yIued1fqA/gJDANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVEaWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTkwMzI5MDAwMDAwWhcNMTkxMjE1MTIwMDAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEZMBcGA1UEChMQQW1hem9uLmNvbSwgSW5jLjEXMBUGA1UEAxMOd3d3LmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVx5YP0mZBxSSAZGbhvJaYx7eBEl4gpVF3M4j8uk5jtPcPtq07f5Gltumil3cpM2teuW9687x3BKoX1h9uyLq3jMQSV2TxlPXd59ZTPXXNMXlTCk8JoFn7atM9Z/9b4kGthlfAgf49ZrRpiZUL6qX/NyyuHbD2fGcw5YgrvVIRPYWyztxlknKQMknHy28o25/Wvne0OeCTdWnEZQuvLKtbiS25/a1vX+ZK4srX6rPi0U5I5lfUBwt4pvBCOahIYJvGHVjCMv2Xe8ewZYP430gsSep6KiFIZTvzX2zj8dV0Ns3iiKH4OAZW5rekGIBRzDlgOM9rs4DqpiE5kK/MWsAVAgMBAAGjggRKMIIERjAfBgNVHSMEGDAWgBQkbist0GqSUVElaQGqmkemiedAIDAdBgNVHQ4EFgQUqA11y8YrIoyghAcMz9DLYo26Ws4wggGCBgNVHREEggF5MIIBdYIKYW1hem9uLmNvbYIIYW16bi5jb22CEXVlZGF0YS5hbWF6b24uY29tgg11cy5hbWF6b24uY29tgg53d3cuYW1hem9uLmNvbYIMd3d3LmFtem4uY29tghRjb3Jwb3JhdGUuYW1hem9uLmNvbYIRYnV5Ym94LmFtYXpvbi5jb22CEWlwaG9uZS5hbWF6b24uY29tgg15cC5hbWF6b24uY29tgg9ob21lLmFtYXpvbi5jb22CFW9yaWdpbi13d3cuYW1hem9uLmNvbYIhYnVja2V5ZS1yZXRhaWwtd2Vic2l0ZS5hbWF6b24uY29tghJodWRkbGVzLmFtYXpvbi5jb22CJXAtbnQtd3d3LWFtYXpvbi1jb20ta2FsaWFzLmFtYXpvbi5jb22CJXAteW8td3d3LWFtYXpvbi1jb20ta2FsaWFzLmFtYXpvbi5jb22CJXAteTMtd3d3LWFtYXpvbi1jb20ta2FsaWFzLmFtYXpvbi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB3BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQUcyLmNybDA1oDOgMYYvaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsQ0FHMi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwdAYIKwYBBQUHAQEEaDBmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIuY3J0MAkGA1UdEwQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWnJKGXMAAAEAwBIMEYCIQDW4rda28H2PYEzT70WkFyphM9fBxeiGY6TV1N4uEjHPwIhALvUGOyZa+js+suhmdBxxMC9teo3hvKaXYOAwR3NgzkAAHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFpyShm8QAABAMARzBFAiBnsPt6GIeXSKW60Ugr3w0NTQ2CpTFhK2Ng9C+CcecNhQIhAKwvu5T4oWWBDket4XTCk80vFBaKeR5/H1wzoEjZGqZvMA0GCSqGSIb3DQEBCwUAA4IBAQBY7j0CiHNIvSIGW/8V9SWvf7radfw0abSYJQd48UuXrUonsDJpM2f4W95ELtgkO+T9VFZaSoXwb18SBfcg79nP7LpxvlrYr7gtn3DR/q4e7n3U8boEFgmuNMWMe9MslzJVqDBC5DoDOhwue9MoUQKvNW/dCSJ0i/xgMqbt59nbfRpK0RidWqf2404htmMvftvwjGZW8rSf4Vxu5fVskPms1CDcRCuXCEUQYulF5od1XiF9zyNyyMg5w25d5tIgRdeQa1nammFbvTcx7jL05Efmb6tikZY8A9HJPo4X3/QK7ohvDY3580NXDh7p+BinCLpxLczOQeZjVn7ZBUYEo2nm"},{"base64":"MIIEizCCA3OgAwIBAgIQDI7gyQ1qiRWIBAYe4kH5rzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0yODA4MDExMjAwMDBaMEQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFURpZ2lDZXJ0IEdsb2JhbCBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANNIfL7zBYZdW9UvhU5L4IatFaxhz1uvPmoKR/uadpFgC4przc/cV35gmAvkVNlW7SHMArZagV+Xau4CLyMnuG3UsOcGAngLH1ypmTb+u6wbBfpXzYEQQGfWMItYNdSWYb7QjHqXnxr5IuYUL6nG6AEfq/gmD6yOTSwyOR2Bm40cZbIc22GoiS9g5+vCShjEbyrpEJIJ7RfRACvmfe8EiRROM6GyD5eHn7OgzS+8LOy4g2gxPR/VSpAQGQuBldYpdlH5NnbQtwl6OErXb4y/E3w57bqukPyV93t4CTZedJMeJfD/1K2uaGvG/w/VNfFVbkhJ+Pi474j48V4Rd6rfArMCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFCRuKy3QapJRUSVpAaqaR6aJ50AgMB8GA1UdIwQYMBaAFE4iVCAYlebjbuYP+vq5Eu0GF485MA0GCSqGSIb3DQEBCwUAA4IBAQALOYSR+ZfrqoGvhOlaOJL84mxZvzbIRacxAxHhBsCsMsdaVSnaT0AC9aHesO3ewPj2dZ12uYf+QYB6z13jAMZbAuabeGLJ3LhimnftiQjXS8X9Q9ViIyfEBFltcT8jW+rZ8uckJ2/0lYDblizkVIvP6hnZf1WZUXoOLRg9eFhSvGNoVwvdRLNXSmDmyHBwW4coatc7TlJFGa8kBpJIERqLrqwYElesA8u49L3KJg6nwd3jM+/AVTANlVlOnAM2BvjAjxSZnE0qnsHhfTuvcqdFuhOWKU4Z0BqYBvQ3lBetoxi6PrABDJXWKTUgNX31EGDk92hiHuwZ4STyhxGs6QiA"},{"base64":"MIIE3zCCA8egAwIBAgIQYxgNOPuAl3ip0DWjFhj4QDANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTcxMTA2MDAwMDAwWhcNMjIxMTA1MjM1OTU5WjBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs3zTTce2vJsmiQrUp1/0a6IQoIjfUZVMn7iNvzrvI6iZE8euarBhprz6wt6F4JJES6Ypp+1qOofuBUdSAFrFC3nGMabDDc2h8Zsdce3v3X4MuUgzeu7B9DTt17LNK9LqUv5Km4rTrUmaS2JembawBgkmD/TyFJGPdnkKthBpyP8rrptOmSMmu181foXRvNjB2rlQSVSfM1LZbjSW3dd+P7SUu0rFUHqY+Vs7Qju0xtRfD2qbKVMLT9TFWMJ0pXFHyCnc1zktMWSgYMjFDRjx4Jvheh5iHK/YPlELyDpQrEZyj2cxQUPUZ2w4cUiSE0Ta8PRQymSaG6u5zFsTODKYUCAwEAAaOCAScwggEjMB0GA1UdDgQWBBROIlQgGJXm427mD/r6uRLtBhePOTAPBgNVHRMBAf8EBTADAQH/MF8GA1UdIARYMFYwVAYEVR0gADBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH/BAQDAgGGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBQ3dNWKSUBip6n5X1Nua8bjKLSJzXlnescavPECMpFBlIIKH2mc6mL2Xr/wkSIBDrsqAO3sBcmoJN+n8V30O5JelrtEAFYSyRDXfu78ZlHn6kvV5/jPUFECEM/hdN0x8WdLpGjJMqfs0EG5qHj+UaxpucWD445wea4zlK7hUR+MA8fq0Yd1HEKj4c8TcgaQIHMa4KHr448cQ69e3CPECRhRNg+RAKT2I7SlaVzLvaB/8yym2oMCEsoqiRT8dbXg35aKEYmmzn3O/mnB7bGUd/EUrkIf7FVamgYZd1fSzQeg1cHqf0ja6eHpvq2bTl+cWFHaq/84KlHe5Rh0CsmpZzn"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"99.84.220.24","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":49224,"event_start":1565200336.503142} {"dns":{"base64":"gOgBAAABAAAAAAAABnBsYXllcgV2aW1lbwNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":36118,"dst_port":53,"event_start":1565200337.042309} @@ -337,11 +337,11 @@ {"dns":{"base64":"gOiBgAABAAUADQAJBnBsYXllcgV2aW1lbwNjb20AAAEAAcAMAAUAAQAAAAUAFgV2aW1lbwNtYXAGZmFzdGx5A25ldADALgABAAEAAAAFAASXZYDZwC4AAQABAAAABQAEl2VA2cAuAAEAAQAAAAUABJdlANnALgABAAEAAAAFAASXZcDZwD8AAgABAAAABQARAWgMZ3RsZC1zZXJ2ZXJzwD/APwACAAEAAAAFAAQBZMCSwD8AAgABAAAABQAEAW3AksA/AAIAAQAAAAUABAFpwJLAPwACAAEAAAAFAAQBasCSwD8AAgABAAAABQAEAWXAksA/AAIAAQAAAAUABAFiwJLAPwACAAEAAAAFAAQBZsCSwD8AAgABAAAABQAEAWfAksA/AAIAAQAAAAUABAFswJLAPwACAAEAAAAFAAQBY8CSwD8AAgABAAAABQAEAWHAksA/AAIAAQAAAAUABAFrwJLBTQABAAEAAAAFAATABQYewP0AAQABAAAABQAEwCEOHsE9AAEAAQAAAAUABMAaXB7ArQABAAEAAAAFAATAH1AewO0AAQABAAAABQAEwAxeHsENAAEAAQAAAAUABMAjMx7BHQABAAEAAAAFAATAKl0ewJAAAQABAAAABQAEwDZwHsDNAAEAAQAAAAUABMArrB4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36118,"event_start":1565200337.080476} {"dns":{"base64":"yWSBgAABAAAAAQAABXZpbWVvA21hcAZmYXN0bHkDbmV0AAAcAAHAFgAGAAEAAAAFADEDbnMxwBYKaG9zdG1hc3RlcgZmYXN0bHkDY29tAHg5xikAAA4QAAACWAAJOoAAAAAe"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":60235,"event_start":1565200337.119253} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"151.101.192.217","protocol":6,"src_port":42746,"dst_port":443,"event_start":1565200337.119533} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"player.vimeo.com"}},"src_ip":"192.168.113.237","dst_ip":"151.101.192.217","protocol":6,"src_port":42746,"dst_port":443,"event_start":1565200337.165411} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"player.vimeo.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"0013000010706c617965722e76696d656f2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00208040ef7f60c132442d3680166096e5d550fff0fc8c2cb5e1300546fcdcd3a738\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"151.101.192.217","protocol":6,"src_port":42746,"dst_port":443,"event_start":1565200337.165411} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIGlTCCBX2gAwIBAgIQAaiOYIyyE8CWikH8FKdkezANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODI0MDAwMDAwWhcNMjAwNDAyMTIwMDAwWjBeMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRMwEQYDVQQKEwpWaW1lbywgTExDMRQwEgYDVQQDDAsqLnZpbWVvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN46nW41HzlpbDbnAO56ngIsavFmnUd5yiJxZqoA6HaDRiGsKkZxAHZSlQJ49ZFEF9iFbqywT4vhjf2x3yLAwwxBbNpP1j3qOIiFZJvJUE8F6wQO7vG5xGTQAQXuiZTUPNpm1Jv/b1jT86S8MXVQCR8uaBa5XcIlvWQykg72NFkMOH+8IlraeUQl03dHSz5t08NranCT6MLhpvMxH2mBZhANWTqV2yWKnAqjb+h8vHbNsKC75P9KukK38mY2f9xPQaVvzezf2Tv/M/N0Oc8DUzkikT5AjkUUr3uas8lb39tFRdXAbB0o+UECt3StONweQJtlOO1j8vLb4weVE10pOw0CAwEAAaOCA14wggNaMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBQX+FWhE5Fzd2lShQjYOnW6cEsVZDAhBgNVHREEGjAYggsqLnZpbWVvLmNvbYIJdmltZW8uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZWyX6G4AAAQDAEcwRQIhAPwDFjuKlEm+zUyRn3PvA5I3YgamRrEbMMnY+IcWOR3lAiBb5GlNGDAI4LYY/gnlWQIjenIhfq9bAay2paMwzHfVLAB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABZWyX6G4AAAQDAEcwRQIgLARzuiPmv7bduu5M0hvKwpMdnqZdslLfpXNZLm+A6cgCIQD5XsLbcd42bVhofRJ+EbeiCiwslOMeHlwsni4abZD/AQB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZWyX56EAAAQDAEYwRAIgTctw2guun/asVLNbDeIhv2nqFLDezQB5"}]}},"reassembly_properties":{"truncated":true},"src_ip":"151.101.192.217","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42746,"event_start":1565200337.207052} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIGlTCCBX2gAwIBAgIQAaiOYIyyE8CWikH8FKdkezANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODI0MDAwMDAwWhcNMjAwNDAyMTIwMDAwWjBeMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRMwEQYDVQQKEwpWaW1lbywgTExDMRQwEgYDVQQDDAsqLnZpbWVvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN46nW41HzlpbDbnAO56ngIsavFmnUd5yiJxZqoA6HaDRiGsKkZxAHZSlQJ49ZFEF9iFbqywT4vhjf2x3yLAwwxBbNpP1j3qOIiFZJvJUE8F6wQO7vG5xGTQAQXuiZTUPNpm1Jv/b1jT86S8MXVQCR8uaBa5XcIlvWQykg72NFkMOH+8IlraeUQl03dHSz5t08NranCT6MLhpvMxH2mBZhANWTqV2yWKnAqjb+h8vHbNsKC75P9KukK38mY2f9xPQaVvzezf2Tv/M/N0Oc8DUzkikT5AjkUUr3uas8lb39tFRdXAbB0o+UECt3StONweQJtlOO1j8vLb4weVE10pOw0CAwEAAaOCA14wggNaMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBQX+FWhE5Fzd2lShQjYOnW6cEsVZDAhBgNVHREEGjAYggsqLnZpbWVvLmNvbYIJdmltZW8uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZWyX6G4AAAQDAEcwRQIhAPwDFjuKlEm+zUyRn3PvA5I3YgamRrEbMMnY+IcWOR3lAiBb5GlNGDAI4LYY/gnlWQIjenIhfq9bAay2paMwzHfVLAB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABZWyX6G4AAAQDAEcwRQIgLARzuiPmv7bduu5M0hvKwpMdnqZdslLfpXNZLm+A6cgCIQD5XsLbcd42bVhofRJ+EbeiCiwslOMeHlwsni4abZD/AQB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZWyX56EAAAQDAEYwRAIgTctw2guun/asVLNbDeIhv2nqFLDezQB5aIhzbf13QhYCIEevrRV+w20kyxQ5/ujQtTbjKjYfrEwOwp1oHhjbAJJuMA0GCSqGSIb3DQEBCwUAA4IBAQAnRC6rW/JPfntMo/scqBV/52WMHt3+cLCWYZBrxG4sNj29wuzFwHBdpdlqD9GNLElu9vcllnAqzmria6KsZ0lLeU1WWb5vl5u7Q5k6o4OVuziFF9O7198prtuf2u+tUG/zHEL0KhkPD0mu+UzispcYkuntD2kSiZ3LCrKxL5zpUuFC9D2r4P6b32fmg53Fck76P/qZe+niplaV8rrMGgFbPreCTrlyd4F1Xm5/0tyyLPsnIDN/uBjzuvkgvmw4DkoYOCwMCJftC7Ajix7vs0/KoYgc5r8Iz8twzdacEM62ZWR0obQ9du8Qys7TLlKa1eiiXVJ27zyMjxA8svFmUmBc"},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"151.101.192.217","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42746,"event_start":1565200337.207438} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"151.101.192.217","protocol":6,"src_port":42748,"dst_port":443,"event_start":1565200337.293823} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"vimeo.com"}},"src_ip":"192.168.113.237","dst_ip":"151.101.192.217","protocol":6,"src_port":42748,"dst_port":443,"event_start":1565200337.333104} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"vimeo.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000c00000976696d656f2e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002036da7077c0b851d7aea54650cf91311219e953a98385d2f69d9d3c0791a4702f\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"151.101.192.217","protocol":6,"src_port":42748,"dst_port":443,"event_start":1565200337.333104} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIGlTCCBX2gAwIBAgIQAaiOYIyyE8CWikH8FKdkezANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODI0MDAwMDAwWhcNMjAwNDAyMTIwMDAwWjBeMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRMwEQYDVQQKEwpWaW1lbywgTExDMRQwEgYDVQQDDAsqLnZpbWVvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN46nW41HzlpbDbnAO56ngIsavFmnUd5yiJxZqoA6HaDRiGsKkZxAHZSlQJ49ZFEF9iFbqywT4vhjf2x3yLAwwxBbNpP1j3qOIiFZJvJUE8F6wQO7vG5xGTQAQXuiZTUPNpm1Jv/b1jT86S8MXVQCR8uaBa5XcIlvWQykg72NFkMOH+8IlraeUQl03dHSz5t08NranCT6MLhpvMxH2mBZhANWTqV2yWKnAqjb+h8vHbNsKC75P9KukK38mY2f9xPQaVvzezf2Tv/M/N0Oc8DUzkikT5AjkUUr3uas8lb39tFRdXAbB0o+UECt3StONweQJtlOO1j8vLb4weVE10pOw0CAwEAAaOCA14wggNaMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBQX+FWhE5Fzd2lShQjYOnW6cEsVZDAhBgNVHREEGjAYggsqLnZpbWVvLmNvbYIJdmltZW8uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZWyX6G4AAAQDAEcwRQIhAPwDFjuKlEm+zUyRn3PvA5I3YgamRrEbMMnY+IcWOR3lAiBb5GlNGDAI4LYY/gnlWQIjenIhfq9bAay2paMwzHfVLAB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABZWyX6G4AAAQDAEcwRQIgLARzuiPmv7bduu5M0hvKwpMdnqZdslLfpXNZLm+A6cgCIQD5XsLbcd42bVhofRJ+EbeiCiwslOMeHlwsni4abZD/AQB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZWyX56EAAAQDAEYwRAIgTctw2guun/asVLNbDeIhv2nqFLDezQB5"}]}},"reassembly_properties":{"truncated":true},"src_ip":"151.101.192.217","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42748,"event_start":1565200337.374774} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIGlTCCBX2gAwIBAgIQAaiOYIyyE8CWikH8FKdkezANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODI0MDAwMDAwWhcNMjAwNDAyMTIwMDAwWjBeMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRMwEQYDVQQKEwpWaW1lbywgTExDMRQwEgYDVQQDDAsqLnZpbWVvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN46nW41HzlpbDbnAO56ngIsavFmnUd5yiJxZqoA6HaDRiGsKkZxAHZSlQJ49ZFEF9iFbqywT4vhjf2x3yLAwwxBbNpP1j3qOIiFZJvJUE8F6wQO7vG5xGTQAQXuiZTUPNpm1Jv/b1jT86S8MXVQCR8uaBa5XcIlvWQykg72NFkMOH+8IlraeUQl03dHSz5t08NranCT6MLhpvMxH2mBZhANWTqV2yWKnAqjb+h8vHbNsKC75P9KukK38mY2f9xPQaVvzezf2Tv/M/N0Oc8DUzkikT5AjkUUr3uas8lb39tFRdXAbB0o+UECt3StONweQJtlOO1j8vLb4weVE10pOw0CAwEAAaOCA14wggNaMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBQX+FWhE5Fzd2lShQjYOnW6cEsVZDAhBgNVHREEGjAYggsqLnZpbWVvLmNvbYIJdmltZW8uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZWyX6G4AAAQDAEcwRQIhAPwDFjuKlEm+zUyRn3PvA5I3YgamRrEbMMnY+IcWOR3lAiBb5GlNGDAI4LYY/gnlWQIjenIhfq9bAay2paMwzHfVLAB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABZWyX6G4AAAQDAEcwRQIgLARzuiPmv7bduu5M0hvKwpMdnqZdslLfpXNZLm+A6cgCIQD5XsLbcd42bVhofRJ+EbeiCiwslOMeHlwsni4abZD/AQB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZWyX56EAAAQDAEYwRAIgTctw2guun/asVLNbDeIhv2nqFLDezQB5aIhzbf13QhYCIEevrRV+w20kyxQ5/ujQtTbjKjYfrEwOwp1oHhjbAJJuMA0GCSqGSIb3DQEBCwUAA4IBAQAnRC6rW/JPfntMo/scqBV/52WMHt3+cLCWYZBrxG4sNj29wuzFwHBdpdlqD9GNLElu9vcllnAqzmria6KsZ0lLeU1WWb5vl5u7Q5k6o4OVuziFF9O7198prtuf2u+tUG/zHEL0KhkPD0mu+UzispcYkuntD2kSiZ3LCrKxL5zpUuFC9D2r4P6b32fmg53Fck76P/qZe+niplaV8rrMGgFbPreCTrlyd4F1Xm5/0tyyLPsnIDN/uBjzuvkgvmw4DkoYOCwMCJftC7Ajix7vs0/KoYgc5r8Iz8twzdacEM62ZWR0obQ9du8Qys7TLlKa1eiiXVJ27zyMjxA8svFmUmBc"},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"151.101.192.217","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42748,"event_start":1565200337.374968} {"dns":{"base64":"QQ0BAAABAAAAAAAACXdvcmRwcmVzcwNvcmcAAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":34196,"dst_port":53,"event_start":1565200337.743967} @@ -349,31 +349,31 @@ {"dns":{"base64":"+6WBgAABAAAAAQAACXdvcmRwcmVzcwNvcmcAABwAAcAMAAYAAQAAAAUAJwNuczHADApob3N0bWFzdGVywAwBMw8YAAAcIAAAHCAAEnUAAAFRgA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":53401,"event_start":1565200337.780365} {"dns":{"base64":"QQ2BgAABAAEABgAMCXdvcmRwcmVzcwNvcmcAAAEAAcAMAAEAAQAAAAUABMaPpPzAFgACAAEAAAAFABUCYjADb3JnC2FmaWxpYXMtbnN0wBbAFgACAAEAAAAFABkCYTIDb3JnC2FmaWxpYXMtbnN0BGluZm8AwBYAAgABAAAABQAFAmIywD7AFgACAAEAAAAFAAUCYTDAX8AWAAIAAQAAAAUABQJkMMA+wBYAAgABAAAABQAFAmMwwF/AkgABAAEAAAAFAATHEzgBwFwAAQABAAAABQAEx/lwAcA7AAEAAQAAAAUABMcTNgHAgQABAAEAAAAFAATH+XgBwLQAAQABAAAABQAExxM1AcCjAAEAAQAAAAUABMcTOQHAkgAcAAEAAAAFABAgAQUAAA4AAAAAAAAAAAABwFwAHAABAAAABQAQIAEFAABAAAAAAAAAAAAAAcA7ABwAAQAAAAUAECABBQAADAAAAAAAAAAAAAHAgQAcAAEAAAAFABAgAQUAAEgAAAAAAAAAAAABwLQAHAABAAAABQAQIAEFAAALAAAAAAAAAAAAAcCjABwAAQAAAAUAECABBQAADwAAAAAAAAAAAAE="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":34196,"event_start":1565200337.780928} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"198.143.164.252","protocol":6,"src_port":52446,"dst_port":443,"event_start":1565200337.781283} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"wordpress.org"}},"src_ip":"192.168.113.237","dst_ip":"198.143.164.252","protocol":6,"src_port":52446,"dst_port":443,"event_start":1565200337.846617} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"wordpress.org","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d776f726470726573732e6f7267\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020ad8b88074c5443a95ea8aa8142e9902a1a33f90458a8439105b0dd2c66c9c75d\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"198.143.164.252","protocol":6,"src_port":52446,"dst_port":443,"event_start":1565200337.846617} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((002b00020304)(0033))"},"src_ip":"198.143.164.252","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":52446,"event_start":1565200337.919145} {"dns":{"base64":"kPoBAAABAAAAAAAABGRvY3MGZ29vZ2xlA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":57660,"dst_port":53,"event_start":1565200338.169716} {"dns":{"base64":"nE4BAAABAAAAAAAABGRvY3MGZ29vZ2xlA2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":53745,"dst_port":53,"event_start":1565200338.169885} {"dns":{"base64":"nE6BgAABAAEADQANBGRvY3MGZ29vZ2xlA2NvbQAAHAABwAwAHAABAAAABQAQJgf4sEAECBUAAAAAAAAgDsAYAAIAAQAAAAUAFAFoDGd0bGQtc2VydmVycwNuZXQAwBgAAgABAAAABQAEAWbAS8AYAAIAAQAAAAUABAFlwEvAGAACAAEAAAAFAAQBa8BLwBgAAgABAAAABQAEAWTAS8AYAAIAAQAAAAUABAFpwEvAGAACAAEAAAAFAAQBY8BLwBgAAgABAAAABQAEAWLAS8AYAAIAAQAAAAUABAFswEvAGAACAAEAAAAFAAQBasBLwBgAAgABAAAABQAEAWHAS8AYAAIAAQAAAAUABAFtwEvAGAACAAEAAAAFAAQBZ8BLwPkAAQABAAAABQAEwAUGHsDJAAEAAQAAAAUABMAhDh7AuQABAAEAAAAFAATAGlwewJkAAQABAAAABQAEwB9QHsB5AAEAAQAAAAUABMAMXh7AaQABAAEAAAAFAATAIzMewRkAAQABAAAABQAEwCpdHsBJAAEAAQAAAAUABMA2cB7AqQABAAEAAAAFAATAK6wewOkAAQABAAAABQAEwDBPHsCJAAEAAQAAAAUABMA0sh7A2QABAAEAAAAFAATAKaIewQkAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":53745,"event_start":1565200338.206117} {"dns":{"base64":"kPqBgAABAAEADQAOBGRvY3MGZ29vZ2xlA2NvbQAAAQABwAwAAQABAAAABQAErNmkrsAYAAIAAQAAAAUAFAFiDGd0bGQtc2VydmVycwNuZXQAwBgAAgABAAAABQAEAWPAP8AYAAIAAQAAAAUABAFpwD/AGAACAAEAAAAFAAQBZMA/wBgAAgABAAAABQAEAWzAP8AYAAIAAQAAAAUABAFrwD/AGAACAAEAAAAFAAQBaMA/wBgAAgABAAAABQAEAWfAP8AYAAIAAQAAAAUABAFmwD/AGAACAAEAAAAFAAQBbcA/wBgAAgABAAAABQAEAWrAP8AYAAIAAQAAAAUABAFhwD/AGAACAAEAAAAFAAQBZcA/wP0AAQABAAAABQAEwAUGHsA9AAEAAQAAAAUABMAhDh7AXQABAAEAAAAFAATAGlwewH0AAQABAAAABQAEwB9QHsENAAEAAQAAAAUABMAMXh7AzQABAAEAAAAFAATAIzMewL0AAQABAAAABQAEwCpdHsCtAAEAAQAAAAUABMA2cB7AbQABAAEAAAAFAATAK6wewO0AAQABAAAABQAEwDBPHsCdAAEAAQAAAAUABMA0sh7AjQABAAEAAAAFAATAKaIewN0AAQABAAAABQAEwDdTHsD9ABwAAQAAAAUAECABBQOoPgAAAAAAAAACADA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":57660,"event_start":1565200338.206741} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.174","protocol":6,"src_port":56368,"dst_port":443,"event_start":1565200338.207021} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"docs.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.174","protocol":6,"src_port":56368,"dst_port":443,"event_start":1565200338.250877} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"docs.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f646f63732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020a1df7539430b1b25cafec779367a27154f589a1a07911f02a72b82812afd8852\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.174","protocol":6,"src_port":56368,"dst_port":443,"event_start":1565200338.250877} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.174","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56368,"event_start":1565200338.300072} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57056,"dst_port":443,"event_start":1565200338.450418} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57056,"dst_port":443,"event_start":1565200338.490563} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00160000136163636f756e74732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020689f808d0bb7c3b2b8e3ea3387b201a421425aa9be2fcbbd29d720f8c7b8443b\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57056,"dst_port":443,"event_start":1565200338.490563} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.141","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57056,"event_start":1565200338.540860} {"dns":{"base64":"g6oBAAABAAAAAAAABmdpdGh1YgNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":45592,"dst_port":53,"event_start":1565200338.822401} {"dns":{"base64":"438BAAABAAAAAAAABmdpdGh1YgNjb20AABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":42496,"dst_port":53,"event_start":1565200338.822579} {"dns":{"base64":"43+BgAABAAAAAQAABmdpdGh1YgNjb20AABwAAcAMAAYAAQAAAAUASAducy0xNzA3CWF3c2Rucy0yMQJjbwJ1awARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwBMAAAABAAAcIAAAA4QAEnUAAAFRgA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":42496,"event_start":1565200338.857920} {"dns":{"base64":"g6qBgAABAAEADQAOBmdpdGh1YgNjb20AAAEAAcAMAAEAAQAAAAUABIxScQTAEwACAAEAAAAFABQBaQxndGxkLXNlcnZlcnMDbmV0AMATAAIAAQAAAAUABAFtwDrAEwACAAEAAAAFAAQBZsA6wBMAAgABAAAABQAEAWjAOsATAAIAAQAAAAUABAFjwDrAEwACAAEAAAAFAAQBYcA6wBMAAgABAAAABQAEAWXAOsATAAIAAQAAAAUABAFrwDrAEwACAAEAAAAFAAQBYsA6wBMAAgABAAAABQAEAWzAOsATAAIAAQAAAAUABAFqwDrAEwACAAEAAAAFAAQBZ8A6wBMAAgABAAAABQAEAWTAOsCYAAEAAQAAAAUABMAFBh7AyAABAAEAAAAFAATAIQ4ewIgAAQABAAAABQAEwBpcHsEIAAEAAQAAAAUABMAfUB7AqAABAAEAAAAFAATADF4ewGgAAQABAAAABQAEwCMzHsD4AAEAAQAAAAUABMAqXR7AeAABAAEAAAAFAATANnAewDgAAQABAAAABQAEwCusHsDoAAEAAQAAAAUABMAwTx7AuAABAAEAAAAFAATANLIewNgAAQABAAAABQAEwCmiHsBYAAEAAQAAAAUABMA3Ux7AmAAcAAEAAAAFABAgAQUDqD4AAAAAAAAAAgAw"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":45592,"event_start":1565200338.858443} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"140.82.113.4","protocol":6,"src_port":59600,"dst_port":443,"event_start":1565200338.858724} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"github.com"}},"src_ip":"192.168.113.237","dst_ip":"140.82.113.4","protocol":6,"src_port":59600,"dst_port":443,"event_start":1565200338.899369} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"github.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000d00000a6769746875622e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020b5fd97c2cc66b2ea288634f5fcece8cc02d95129dc8164dfe683f4df858a4770\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"140.82.113.4","protocol":6,"src_port":59600,"dst_port":443,"event_start":1565200338.899369} {"fingerprints":{"tls_server":"tls_server/(0303)(1301)((002b00020304)(0033))"},"src_ip":"140.82.113.4","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":59600,"event_start":1565200338.941311} {"dns":{"base64":"s6sBAAABAAAAAAAAB2dvZGFkZHkDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":35658,"dst_port":53,"event_start":1565200339.284116} {"dns":{"base64":"PikBAAABAAAAAAAAB2dvZGFkZHkDY29tAAAcAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":34584,"dst_port":53,"event_start":1565200339.284260} {"dns":{"base64":"s6uBgAABAAEADQAOB2dvZGFkZHkDY29tAAABAAHADAABAAEAAAAFAATQbcBGwBQAAgABAAAABQAUAW0MZ3RsZC1zZXJ2ZXJzA25ldADAFAACAAEAAAAFAAQBZMA7wBQAAgABAAAABQAEAWbAO8AUAAIAAQAAAAUABAFrwDvAFAACAAEAAAAFAAQBZ8A7wBQAAgABAAAABQAEAWPAO8AUAAIAAQAAAAUABAFlwDvAFAACAAEAAAAFAAQBacA7wBQAAgABAAAABQAEAWzAO8AUAAIAAQAAAAUABAFqwDvAFAACAAEAAAAFAAQBYcA7wBQAAgABAAAABQAEAWLAO8AUAAIAAQAAAAUABAFowDvA6QABAAEAAAAFAATABQYewPkAAQABAAAABQAEwCEOHsCZAAEAAQAAAAUABMAaXB7AWQABAAEAAAAFAATAH1AewKkAAQABAAAABQAEwAxeHsBpAAEAAQAAAAUABMAjMx7AiQABAAEAAAAFAATAKl0ewQkAAQABAAAABQAEwDZwHsC5AAEAAQAAAAUABMArrB7A2QABAAEAAAAFAATAME8ewHkAAQABAAAABQAEwDSyHsDJAAEAAQAAAAUABMApoh7AOQABAAEAAAAFAATAN1MewOkAHAABAAAABQAQIAEFA6g+AAAAAAAAAAIAMA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":35658,"event_start":1565200339.326158} {"dns":{"base64":"PimBgAABAAAAAQAAB2dvZGFkZHkDY29tAAAcAAHADAAGAAEAAAAFACoEY25zMcAMA2RucwVqb21heANuZXQAeFi6AgAAASwAAAJYABJ1AAAADhA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":34584,"event_start":1565200339.326612} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"208.109.192.70","protocol":6,"src_port":57146,"dst_port":443,"event_start":1565200339.326786} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"godaddy.com"}},"src_ip":"192.168.113.237","dst_ip":"208.109.192.70","protocol":6,"src_port":57146,"dst_port":443,"event_start":1565200339.414630} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"godaddy.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000e00000b676f64616464792e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002092c338c2276102f117484adea3cde74582a5d4436205205637c7bde6bbb0a967\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"208.109.192.70","protocol":6,"src_port":57146,"dst_port":443,"event_start":1565200339.414630} {"fingerprints":{"tls_server":"tls_server/(0303)(cca8)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIFLDCCBBSgAwIBAgIIXhtVcggAOKYwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTgwMjA3MTgxMDAxWhcNMjAwMjA3MTgxMDAxWjA7MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFjAUBgNVBAMMDSouZ29kYWRkeS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz+x0UeLIgIzBP9FiQTAypkoBRh3J46xjS3WFK68HZ+rG4JRd3QtonEbVpzqJ2+eSd2ZIjfalcRTX1QyzDpbg7pMeFKooSlnIZuPekHtyzAjjBMQICfJy9IXJDKTUiHch6/rPtnM/lNZWqKinxq1kDLAMrg0l7/u6syj6DZaqtPUHcY259CgHqVQzqBp5lerMiYo/d8oE41d6/VvKVfzfCgHV3pUMdt1P97TbghRLN56TQPuh7fgLXpdLzxwTzrIyWpDAZREfL1eZkdWgN2uObsiARbDvE81pgsrxFJdBHZ1acI4OCzA3ypK2IfzTM8XnTedH4vZ4/zitHflV/KOBHAgMBAAGjggG4MIIBtDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTgwNi5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAlBgNVHREEHjAcgg0qLmdvZGFkZHkuY29tggtnb2RhZGR5LmNvbTAdBgNVHQ4EFgQUaw2x1LFk8L8KgjaWi8Y8BGrIWAYwDQYJKoZIhvcNAQELBQADggEBAEyKqcvdOrH5m+flLshCsmx7aQveFmEasVfImhAV4ZFHpcBIygaOOi+sO7uDoH1ZtpatgD+vhYml7zLObOn+zO8pLxREd7gAMP6DcfxSauP1C/DOJC4QBUPnloSjS3lIaWaEVg=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"208.109.192.70","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57146,"event_start":1565200339.505036} {"fingerprints":{"tls_server":"tls_server/(0303)(cca8)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIFLDCCBBSgAwIBAgIIXhtVcggAOKYwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTgwMjA3MTgxMDAxWhcNMjAwMjA3MTgxMDAxWjA7MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFjAUBgNVBAMMDSouZ29kYWRkeS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz+x0UeLIgIzBP9FiQTAypkoBRh3J46xjS3WFK68HZ+rG4JRd3QtonEbVpzqJ2+eSd2ZIjfalcRTX1QyzDpbg7pMeFKooSlnIZuPekHtyzAjjBMQICfJy9IXJDKTUiHch6/rPtnM/lNZWqKinxq1kDLAMrg0l7/u6syj6DZaqtPUHcY259CgHqVQzqBp5lerMiYo/d8oE41d6/VvKVfzfCgHV3pUMdt1P97TbghRLN56TQPuh7fgLXpdLzxwTzrIyWpDAZREfL1eZkdWgN2uObsiARbDvE81pgsrxFJdBHZ1acI4OCzA3ypK2IfzTM8XnTedH4vZ4/zitHflV/KOBHAgMBAAGjggG4MIIBtDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTgwNi5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAlBgNVHREEHjAcgg0qLmdvZGFkZHkuY29tggtnb2RhZGR5LmNvbTAdBgNVHQ4EFgQUaw2x1LFk8L8KgjaWi8Y8BGrIWAYwDQYJKoZIhvcNAQELBQADggEBAEyKqcvdOrH5m+flLshCsmx7aQveFmEasVfImhAV4ZFHpcBIygaOOi+sO7uDoH1ZtpatgD+vhYml7zLObOn+zO8pLxREd7gAMP6DcfxSauP1C/DOJC4QBUPnloSjS3lIaWaEVsktj6wGZzZm7Nya9dMlLgGZ3Zen5g2NlPJZpY/hsnMe7zJfIntQYaPgwDR8Mzb6YlcZF28w7fiss5GfjHP/V0QCVMOQ5QOV3Fu49y72qa5Vm2RJI7P/KJqOgEir9LgK0qF1tcFVRjp1MYEUnSKT14AJh2vJ+qWvOGy7HNIIC2p5ct3JItHUJaHrlNWBKmDD8S+xNe/rjBhFOUfrudM="},{"base64":"MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawiDsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2xLXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"208.109.192.70","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57146,"event_start":1565200339.505244} {"dns":{"base64":"UugBAAABAAAAAAAAA3d3dwdnb2RhZGR5A2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":35405,"dst_port":53,"event_start":1565200339.688659} @@ -381,7 +381,7 @@ {"dns":{"base64":"JK6BgAABAAQADQAEA3d3dwdnb2RhZGR5A2NvbQAAHAABwAwABQABAAAABQAiCHd3dy1pcHY2B2dvZGFkZHkDY29tB2VkZ2VrZXkDbmV0AMAtAAUAAQAAAAUAGAVlODgwNARkc2N4CmFrYW1haWVkZ2XASsBbABwAAQAAAAUAECYAFB4AAgGvAAAAAAAAImTAWwAcAAEAAAAFABAmABQeAAIBhAAAAAAAACJkwGYAAgABAAAABQAKB2ExMS0xOTLAZsBmAAIAAQAAAAUACgdhMjgtMTkywGbAZgACAAEAAAAFAAoHbnMzLTE5NMBmwGYAAgABAAAABQAKB2ExMy0xOTLAZsBmAAIAAQAAAAUACgduczUtMTk0wGbAZgACAAEAAAAFAAkGYTEtMTkywGbAZgACAAEAAAAFAAoHYTEyLTE5MsBmwGYAAgABAAAABQAHBGxhcjLAZsBmAAIAAQAAAAUABgNsYTHAZsBmAAIAAQAAAAUABgNsYTPAZsBmAAIAAQAAAAUACgduczctMTk0wGbAZgACAAEAAAAFAAoHbnM2LTE5NMBmwGYAAgABAAAABQAJBmE2LTE5MsBmwWMAAQABAAAABQAEuBqhwMF1AAEAAQAAAAUABF9lJMDBUAABAAEAAAAFAAQCECjAwSUAAQABAAAABQAEwWxYAA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":39616,"event_start":1565200339.856504} {"dns":{"base64":"UuiBgAABAAMADQAKA3d3dwdnb2RhZGR5A2NvbQAAAQABwAwABQABAAAABQAiCHd3dy1pcHY2B2dvZGFkZHkDY29tB2VkZ2VrZXkDbmV0AMAtAAUAAQAAAAUAGAVlODgwNARkc2N4CmFrYW1haWVkZ2XASsBbAAEAAQAAAAUABLgy/NnASgACAAEAAAAFABEBZQxndGxkLXNlcnZlcnPASsBKAAIAAQAAAAUABAFpwJHASgACAAEAAAAFAAQBasCRwEoAAgABAAAABQAEAWTAkcBKAAIAAQAAAAUABAFjwJHASgACAAEAAAAFAAQBaMCRwEoAAgABAAAABQAEAWvAkcBKAAIAAQAAAAUABAFmwJHASgACAAEAAAAFAAQBYsCRwEoAAgABAAAABQAEAWHAkcBKAAIAAQAAAAUABAFnwJHASgACAAEAAAAFAAQBbMCRwEoAAgABAAAABQAEAW3AkcEsAAEAAQAAAAUABMAFBh7BHAABAAEAAAAFAATAIQ4ewNwAAQABAAAABQAEwBpcHsDMAAEAAQAAAAUABMAfUB7AjwABAAEAAAAFAATADF4ewQwAAQABAAAABQAEwCMzHsE8AAEAAQAAAAUABMAqXR7A7AABAAEAAAAFAATANnAewKwAAQABAAAABQAEwCusHsC8AAEAAQAAAAUABMAwTx4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":35405,"event_start":1565200340.185373} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"184.50.252.217","protocol":6,"src_port":54678,"dst_port":443,"event_start":1565200340.185836} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.godaddy.com"}},"src_ip":"192.168.113.237","dst_ip":"184.50.252.217","protocol":6,"src_port":54678,"dst_port":443,"event_start":1565200340.222942} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.godaddy.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f7777772e676f64616464792e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020958aa938c22d809229e91cbf766f42a063f7f0c1760b752492a40412158ed00b\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"184.50.252.217","protocol":6,"src_port":54678,"dst_port":443,"event_start":1565200340.222942} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHOzCCBiOgAwIBAgIJANWT1NXH0e1KMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE5MDIxMjIyNTAzN1oXDTIxMDIxMjIyNTAzN1owgcYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwc1NTEwOTIyMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEVMBMGA1UEChMMR29EYWRkeSBJTkMuMRgwFgYDVQQDEw93d3cuZ29kYWRkeS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9zwL3ngi1HeLwA/+0EH8fo7lBinxeuQ/qnk0A4z9Ch5I/Tb6VRJa/AnTIG2K2hgbMNVgMKzhUFLhEqmvPsUbHYRXz3PEshysY9HVqGqLFi9pwcYACX64fltYQHoA5os25X7TWbvGBxPKzAmHcrMGEaEnvffQU4XQf3iklqbs1ntoiZfioKK/dUV1T2TsnGdIXpYr8jV8Hm7svUdHc3OLm+9+w5n3aZeo8QHOu3bYGSYDGZwV5Jellpw9WAmwmm4sGFj5pZPecUMAShsUsPfz1WMWLLLpoh9hAbEeMNbuQKbyolXoyJz3x0fA3RBnPWrfkK3kIC7A07nIZLvZ7ZKJPAgMBAAGjggM6MIIDNjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMzLTE0LmNybDBcBgNVHSAEVTBTMEgGC2CGSAGG/W0BBxcDMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wBwYFZ4EMAQEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wJwYDVR0RBCAwHoIPd3d3LmdvZGFkZHkuY29tggtnb2RhZGR5LmNvbTA="}]}},"reassembly_properties":{"truncated":true},"src_ip":"184.50.252.217","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":54678,"event_start":1565200340.267821} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIHOzCCBiOgAwIBAgIJANWT1NXH0e1KMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE5MDIxMjIyNTAzN1oXDTIxMDIxMjIyNTAzN1owgcYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwc1NTEwOTIyMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEVMBMGA1UEChMMR29EYWRkeSBJTkMuMRgwFgYDVQQDEw93d3cuZ29kYWRkeS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9zwL3ngi1HeLwA/+0EH8fo7lBinxeuQ/qnk0A4z9Ch5I/Tb6VRJa/AnTIG2K2hgbMNVgMKzhUFLhEqmvPsUbHYRXz3PEshysY9HVqGqLFi9pwcYACX64fltYQHoA5os25X7TWbvGBxPKzAmHcrMGEaEnvffQU4XQf3iklqbs1ntoiZfioKK/dUV1T2TsnGdIXpYr8jV8Hm7svUdHc3OLm+9+w5n3aZeo8QHOu3bYGSYDGZwV5Jellpw9WAmwmm4sGFj5pZPecUMAShsUsPfz1WMWLLLpoh9hAbEeMNbuQKbyolXoyJz3x0fA3RBnPWrfkK3kIC7A07nIZLvZ7ZKJPAgMBAAGjggM6MIIDNjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMzLTE0LmNybDBcBgNVHSAEVTBTMEgGC2CGSAGG/W0BBxcDMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wBwYFZ4EMAQEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wJwYDVR0RBCAwHoIPd3d3LmdvZGFkZHkuY29tggtnb2RhZGR5LmNvbTAdBgNVHQ4EFgQU5kzQPyBNw9M5tOpWYGYNuhlhjT4wggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABaOPnrYsAAAQDAEcwRQIhAL07mGyJ020pWHfRxQdzN40x7lvp11qQGxJnJGBNW+dtAiBbpOBWhkybElubsl+jJm4smddfmuTAolrUTmsnAj6UYwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABaOPnsL0AAAQDAEcwRQIhAK7oygdKktE5ix4hL1y6LnlFcjBMW/n91XrSvrmRwhI3AiBM0FrcPSkTNsKoqUGFV5yrDzSdFlo0pzW9N7C0WCFUHAB2AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABaOPnswYAAAQDAEcwRQIgcAsViDwtRhQh0BYNN6DbnmQd/UAs5wTdbAo5xiZXkhQCIQCQ9alomPuVH7ogkPuFnwfD3xI+z0aEHU71jx1CtgDOGjANBgkqhkiG9w0BAQsFAAOCAQEAi3wPs5nE9ki835LsQdZrBy9X4mO13SdJ2qY+IYwArRmnN8IcX4Xq8FeUbYib3FsjwCKR4V3V1pIPQX6lve8OAaXRhrtLubfUwCEgnQQUaZ/VvwZvHEhoBLji/h87MsblhmxtQ6t3wb9l11+s//Vc7w7ddjWXQ4kYIUENk18WYzGpPjxykrsO3KFnE/nydqbqihqpJ15fMP8buReI45IMCr6RlARl7w2HPTQium4CNvYbYSOGY8jsD29hukN15pqGqwPZ/z/ORTcMXYbVajDhtdDjuaAFK6Nm7dpxaccjWKRn+Rz3S8TaBBmV+A89PxusOnLTBJg8hf/xTPvodV122g=="},{"base64":"MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawiDsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2xLXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"184.50.252.217","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":54678,"event_start":1565200340.268037} {"dns":{"base64":"UvYBAAABAAAAAAAABnR1bWJscgNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":38828,"dst_port":53,"event_start":1565200340.902209} @@ -389,7 +389,7 @@ {"dns":{"base64":"UvaBgAABAAMADQANBnR1bWJscgNjb20AAAEAAcAMAAEAAQAAAAUABEIGIR/ADAABAAEAAAAFAARCBiGfwAwAAQABAAAABQAEQgYgH8ATAAIAAQAAAAUAFAFhDGd0bGQtc2VydmVycwNuZXQAwBMAAgABAAAABQAEAWPAWsATAAIAAQAAAAUABAFiwFrAEwACAAEAAAAFAAQBZ8BawBMAAgABAAAABQAEAWzAWsATAAIAAQAAAAUABAFlwFrAEwACAAEAAAAFAAQBZsBawBMAAgABAAAABQAEAWvAWsATAAIAAQAAAAUABAFtwFrAEwACAAEAAAAFAAQBasBawBMAAgABAAAABQAEAWjAWsATAAIAAQAAAAUABAFkwFrAEwACAAEAAAAFAAQBacBawFgAAQABAAAABQAEwAUGHsCIAAEAAQAAAAUABMAhDh7AeAABAAEAAAAFAATAGlwewRgAAQABAAAABQAEwB9QHsC4AAEAAQAAAAUABMAMXh7AyAABAAEAAAAFAATAIzMewJgAAQABAAAABQAEwCpdHsEIAAEAAQAAAAUABMA2cB7BKAABAAEAAAAFAATAK6wewPgAAQABAAAABQAEwDBPHsDYAAEAAQAAAAUABMA0sh7AqAABAAEAAAAFAATAKaIewOgAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":38828,"event_start":1565200340.939499} {"dns":{"base64":"EKiBgAABAAAAAQAABnR1bWJscgNjb20AABwAAcAMAAYAAQAAAAUAQQ1oaWRkZW4tbWFzdGVyBXlhaG9vwBMKaG9zdG1hc3Rlcgl5YWhvby1pbmPAE3hYufwAAHCAAAAcIAAJOoAAAAJY"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36002,"event_start":1565200340.939528} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"66.6.33.31","protocol":6,"src_port":36216,"dst_port":443,"event_start":1565200340.940202} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"tumblr.com"}},"src_ip":"192.168.113.237","dst_ip":"66.6.33.31","protocol":6,"src_port":36216,"dst_port":443,"event_start":1565200340.998738} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"tumblr.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000d00000a74756d626c722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020f611f1395aa86d5873ac4cabb4d73dfab00632a51acd49071910b276a71e1645\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"66.6.33.31","protocol":6,"src_port":36216,"dst_port":443,"event_start":1565200340.998738} {"fingerprints":{"tls_server":"tls_server/(0303)(cca8)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIGqTCCBZGgAwIBAgIQASwszwgUXWUqe7Pw5GbUaDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA1MDkwMDAwMDBaFw0xOTExMDUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMRcwFQYDVQQDEw53d3cudHVtYmxyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSZIjnZx6K5GBdsUXl410/iEsj83gSu4XIHFdKVLmrsbhmc1C/Do2iY1leaRgyA5ERN4NNdAtB7TWr83d9qKFEP49X7lpLZdhineOXKmTVIabB3izePgTnulW7UJhduuMLS1GNsMRy0goc7ZKLMqdqRSXflNtf+SLMjYEh9RUysDpf3aayAFOS785nSAAyGXjMa+LeXQ59wBdXHqgcLPPpQo5RMFHSHwiA8Ls9TbM1Ni7vNOSQG7kndqbHAr05EoU3ICTqcuTJf4drUNx1e/FWwQL/6BOqSa9EntDqtHrTfwvAsTuX/M/TyEQ41TAKwLGve6NHSd1bjz40OnMDhu2MCAwEAAaOCA0swggNHMB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBQVXsvCCVK7H1Meob7yyrm8GkI/CTB0BgNVHREEbTBrgg53d3cudHVtYmxyLmNvbYIOYXBpLnR1bWJsci5jb22CCnR1bWJsci5jb22CFGFwaS1odHRwMi50dW1ibHIuY29tghR3d3ctaHR0cDIudHVtYmxyLmNvbYIRc2VjdXJlLnR1bWJsci5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABap313p0AAAQDAEcwRQIhANVofPFX5mQKVeRPr3rhJpf+JqY1DxDjR3LFOhTFPzaOAiA70OhjmYMCvYTP0f2PEv32f2G9O+tkNnprKd4NWOZMTwB3AHR+2oMxrTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABap313jkAAAQDAEgwRgIhAK3a3PtW"}]}},"reassembly_properties":{"truncated":true},"src_ip":"66.6.33.31","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":36216,"event_start":1565200341.063728} {"fingerprints":{"tls_server":"tls_server/(0303)(cca8)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIGqTCCBZGgAwIBAgIQASwszwgUXWUqe7Pw5GbUaDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA1MDkwMDAwMDBaFw0xOTExMDUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMRcwFQYDVQQDEw53d3cudHVtYmxyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSZIjnZx6K5GBdsUXl410/iEsj83gSu4XIHFdKVLmrsbhmc1C/Do2iY1leaRgyA5ERN4NNdAtB7TWr83d9qKFEP49X7lpLZdhineOXKmTVIabB3izePgTnulW7UJhduuMLS1GNsMRy0goc7ZKLMqdqRSXflNtf+SLMjYEh9RUysDpf3aayAFOS785nSAAyGXjMa+LeXQ59wBdXHqgcLPPpQo5RMFHSHwiA8Ls9TbM1Ni7vNOSQG7kndqbHAr05EoU3ICTqcuTJf4drUNx1e/FWwQL/6BOqSa9EntDqtHrTfwvAsTuX/M/TyEQ41TAKwLGve6NHSd1bjz40OnMDhu2MCAwEAAaOCA0swggNHMB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBQVXsvCCVK7H1Meob7yyrm8GkI/CTB0BgNVHREEbTBrgg53d3cudHVtYmxyLmNvbYIOYXBpLnR1bWJsci5jb22CCnR1bWJsci5jb22CFGFwaS1odHRwMi50dW1ibHIuY29tghR3d3ctaHR0cDIudHVtYmxyLmNvbYIRc2VjdXJlLnR1bWJsci5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABap313p0AAAQDAEcwRQIhANVofPFX5mQKVeRPr3rhJpf+JqY1DxDjR3LFOhTFPzaOAiA70OhjmYMCvYTP0f2PEv32f2G9O+tkNnprKd4NWOZMTwB3AHR+2oMxrTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABap313jkAAAQDAEgwRgIhAK3a3PtW8P12o8iv4n6MmPua4eK+iG2i1w4kucaYCFo+AiEAh2jZ1qxBSgCUn1DpTfzluyQvyRCbegb8E53FP6pFOcswDQYJKoZIhvcNAQELBQADggEBAE76XgXofG7wP8KIsddTu/2OIO3/9pKNrxdiarH6ijCl7A9ic9nKeNOjO9RIrhdmzPscailD7LVfTh4c/v68SAvJsy8nnnMzCG5mjar9tPsdowWyEvz1GyvflGQxez4NTz3mUkh9sSOyFxZs+DavihCsWvfBXPcrmX115hzd3LiDMvUliOKs3YHqzyvAdk8HkkmPEE9rF/xrzrHMeUwSkXVvG0T92nXJq/2cVUWzBNs9QuqWj3LsbX+lyqi3hJ9vRdQfM8g8OxrKMAoORrBiKdNCamlJ4AtETwuAFtUeqQUcwsPeR+TcJh/X7eWOSNvbCPxYn6JwGa/puKUTA6u/qmI="},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"66.6.33.31","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":36216,"event_start":1565200341.063940} {"dns":{"base64":"3TUBAAABAAAAAAAAA3d3dwZ0dW1ibHIDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":44906,"dst_port":53,"event_start":1565200341.199091} @@ -397,14 +397,14 @@ {"dns":{"base64":"3TWBgAABAAMADQALA3d3dwZ0dW1ibHIDY29tAAABAAHADAAFAAEAAAAFABsFZWRnZTIEZ3ljcwFiCHlhaG9vZG5zA25ldADALAABAAEAAAAFAARFk1wOwCwAAQABAAAABQAERZNcDcBCAAIAAQAAAAUAEQFiDGd0bGQtc2VydmVyc8BCwEIAAgABAAAABQAEAWHAdcBCAAIAAQAAAAUABAFpwHXAQgACAAEAAAAFAAQBaMB1wEIAAgABAAAABQAEAWXAdcBCAAIAAQAAAAUABAFrwHXAQgACAAEAAAAFAAQBasB1wEIAAgABAAAABQAEAW3AdcBCAAIAAQAAAAUABAFkwHXAQgACAAEAAAAFAAQBZ8B1wEIAAgABAAAABQAEAWzAdcBCAAIAAQAAAAUABAFjwHXAQgACAAEAAAAFAAQBZsB1wJAAAQABAAAABQAEwAUGHsBzAAEAAQAAAAUABMAhDh7BMAABAAEAAAAFAATAGlwewQAAAQABAAAABQAEwB9QHsDAAAEAAQAAAAUABMAMXh7BQAABAAEAAAAFAATAIzMewRAAAQABAAAABQAEwCpdHsCwAAEAAQAAAAUABMA2cB7AoAABAAEAAAAFAATAK6wewOAAAQABAAAABQAEwDBPHsDQAAEAAQAAAAUABMA0sh4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":44906,"event_start":1565200341.229494} {"dns":{"base64":"c3mBgAABAAMADQAKA3d3dwZ0dW1ibHIDY29tAAAcAAHADAAFAAEAAAAFABsFZWRnZTIEZ3ljcwFiCHlhaG9vZG5zA25ldADALAAcAAEAAAAFABAgAUmYABQIAAAAAAAAACAAwCwAHAABAAAABQAQIAFJmAAUCAAAAAAAAABAAMBCAAIAAQAAAAUAEQFqDGd0bGQtc2VydmVyc8BCwEIAAgABAAAABQAEAWvAjcBCAAIAAQAAAAUABAFtwI3AQgACAAEAAAAFAAQBbMCNwEIAAgABAAAABQAEAWPAjcBCAAIAAQAAAAUABAFiwI3AQgACAAEAAAAFAAQBYcCNwEIAAgABAAAABQAEAWbAjcBCAAIAAQAAAAUABAFkwI3AQgACAAEAAAAFAAQBacCNwEIAAgABAAAABQAEAWjAjcBCAAIAAQAAAAUABAFnwI3AQgACAAEAAAAFAAQBZcCNwPgAAQABAAAABQAEwAUGHsDoAAEAAQAAAAUABMAhDh7A2AABAAEAAAAFAATAGlwewRgAAQABAAAABQAEwB9QHsFYAAEAAQAAAAUABMAMXh7BCAABAAEAAAAFAATAIzMewUgAAQABAAAABQAEwCpdHsE4AAEAAQAAAAUABMA2cB7BKAABAAEAAAAFAATAK6wewIsAAQABAAAABQAEwDBPHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":34581,"event_start":1565200341.229511} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"69.147.92.13","protocol":6,"src_port":58334,"dst_port":443,"event_start":1565200341.230033} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.tumblr.com"}},"src_ip":"192.168.113.237","dst_ip":"69.147.92.13","protocol":6,"src_port":58334,"dst_port":443,"event_start":1565200341.267702} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.tumblr.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001100000e7777772e74756d626c722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020ad5a01ad30edf3e10a5e0cdbc0baca88c83e122dae2bce2570a12a52cea94126\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"69.147.92.13","protocol":6,"src_port":58334,"dst_port":443,"event_start":1565200341.267702} {"fingerprints":{"tls_server":"tls_server/(0303)(1303)((002b00020304)(0033))"},"src_ip":"69.147.92.13","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":58334,"event_start":1565200341.309324} {"dns":{"base64":"6IUBAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":46873,"dst_port":53,"event_start":1565200341.589698} {"dns":{"base64":"W8IBAAABAAAAAAAAB21vemlsbGEDb3JnAAAcAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":34583,"dst_port":53,"event_start":1565200341.589880} {"dns":{"base64":"W8KBgAABAAAAAQAAB21vemlsbGEDb3JnAAAcAAHADAAGAAEAAAAFAEQJaW5mb2Jsb3gxB3ByaXZhdGUEbWRjMgdtb3ppbGxhA2NvbQAJc3lzYWRtaW5zwAx4WBy8AAAAtAAAALQAEnUAAAAAPA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":34583,"event_start":1565200341.628360} {"dns":{"base64":"6IWBgAABAAEABgAKB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAFAAQ/9dDDwBQAAgABAAAABQAZAmMwA29yZwthZmlsaWFzLW5zdARpbmZvAMAUAAIAAQAAAAUABQJhMMA8wBQAAgABAAAABQAVAmIyA29yZwthZmlsaWFzLW5zdMAUwBQAAgABAAAABQAFAmIwwHLAFAACAAEAAAAFAAUCYTLAPMAUAAIAAQAAAAUABQJkMMBywF4AAQABAAAABQAExxM4AcChAAEAAQAAAAUABMf5cAHAOQABAAEAAAAFAATHEzUBwLIAAQABAAAABQAExxM5AcBeABwAAQAAAAUAECABBQAADgAAAAAAAAAAAAHAoQAcAAEAAAAFABAgAQUAAEAAAAAAAAAAAAABwJAAHAABAAAABQAQIAEFAAAMAAAAAAAAAAAAAcBvABwAAQAAAAUAECABBQAASAAAAAAAAAAAAAHAOQAcAAEAAAAFABAgAQUAAAsAAAAAAAAAAAABwLIAHAABAAAABQAQIAEFAAAPAAAAAAAAAAAAAQ=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":46873,"event_start":1565200341.630639} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"63.245.208.195","protocol":6,"src_port":47714,"dst_port":443,"event_start":1565200341.630930} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"mozilla.org"}},"src_ip":"192.168.113.237","dst_ip":"63.245.208.195","protocol":6,"src_port":47714,"dst_port":443,"event_start":1565200341.736152} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"mozilla.org","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000e00000b6d6f7a696c6c612e6f7267\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00204c83d14095f998bc09e0a0f2875617fa5ee77d4e35e7d91e018ed8ae3e8dfc68\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"63.245.208.195","protocol":6,"src_port":47714,"dst_port":443,"event_start":1565200341.736152} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((0000)(ff01)(000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIGvjCCBaagAwIBAgIQAQkZedZ/mwORduNQcrUeHTANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA5MDAwMDAwWhcNMjAxMTEzMTIwMDAwWjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEbMBkGA1UEChMSTW96aWxsYSBGb3VuZGF0aW9uMQ8wDQYDVQQLEwZXZWJPcHMxFDASBgNVBAMTC21vemlsbGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcZLC5z6y00SWoKmAWDDKPBhLyv3TX5dc6cwxXb0FxPJXJshKF39TKWisDqAU+SZ+31vVbVOwqPzcFJqRYb/38XvWzgOXS5ssNk+v+ec651M1jmFKFg0nvFDLFTaxmKVUr2chlyTHarWyFGv20B18RIj/gWFyc4GDHs+QK4IeUMQCTCUen9TYul6nJBpYtWi1lZijRYvtpZsAGiGpI+fdZxPcDl+4sXHJrNOpnpZSuvwo7OltOIoUDpxBXAtdMqQ1jyKEiV5TsBg/rHl49zpkepLhPML/i+H3HN3p45cTsLz8L7ZrO+XwmWzxj3Zl65IXVTDsgrWlSwn9HcGNz5oaQIDAQABo4IDZzCCA2MwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFCMzT98RYeCKouko3+wezZMuuXYJMCcGA1UdEQQgMB6CC21vemlsbGEub3Jngg93d3cubW96aWxsYS5vcmcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFm+VxxQwAA"}]}},"reassembly_properties":{"truncated":true},"src_ip":"63.245.208.195","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47714,"event_start":1565200341.846269} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((0000)(ff01)(000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIGvjCCBaagAwIBAgIQAQkZedZ/mwORduNQcrUeHTANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA5MDAwMDAwWhcNMjAxMTEzMTIwMDAwWjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEbMBkGA1UEChMSTW96aWxsYSBGb3VuZGF0aW9uMQ8wDQYDVQQLEwZXZWJPcHMxFDASBgNVBAMTC21vemlsbGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcZLC5z6y00SWoKmAWDDKPBhLyv3TX5dc6cwxXb0FxPJXJshKF39TKWisDqAU+SZ+31vVbVOwqPzcFJqRYb/38XvWzgOXS5ssNk+v+ec651M1jmFKFg0nvFDLFTaxmKVUr2chlyTHarWyFGv20B18RIj/gWFyc4GDHs+QK4IeUMQCTCUen9TYul6nJBpYtWi1lZijRYvtpZsAGiGpI+fdZxPcDl+4sXHJrNOpnpZSuvwo7OltOIoUDpxBXAtdMqQ1jyKEiV5TsBg/rHl49zpkepLhPML/i+H3HN3p45cTsLz8L7ZrO+XwmWzxj3Zl65IXVTDsgrWlSwn9HcGNz5oaQIDAQABo4IDZzCCA2MwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFCMzT98RYeCKouko3+wezZMuuXYJMCcGA1UdEQQgMB6CC21vemlsbGEub3Jngg93d3cubW96aWxsYS5vcmcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFm+VxxQwAABAMARzBFAiEAtVpz1SXULqMJz96+u77Rymgzr1GgIDBlRsTOQ5r04MsCIFNI2JfrcBFjJIgf5F7nJ2UdRy9aBZmjzvd0cmfnyKKNAHcAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFm+VxyHgAABAMASDBGAiEAtYF/lHwWUOJO/4PCvs6cillJJdAH7KU1RKZPX9Blwq4CIQCwDhKgUgZFub8buET0KHfJ0Zcg99G/kAD3REU2c7nKhwB3ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZvlcclgAAAQDAEgwRgIhANIUfGM+SGSXMCaZoSBWz9Yi1mZCdWVvqPuexLMBNB5dAiEA/Jit+3955q9R5kBaPhsx+wVKn2usHjmvkjkFq5Iqy+wwDQYJKoZIhvcNAQELBQADggEBAEr076DEJq0tbxoqT53jHlIl42pf1oyCdqy6uORlNqh7tMmPDg29yb3Uq9T/7YuZ6cfEEftSnJSS2LFAccBcNLEHViIlM/3yCpuy3TKKhQ4+q3l8GHqT659JJqCEB7I6VtbuCDWBPq3wRrc37MRTVAhDlAhbaN6UjAjsaterNY4jXfHfdV9EUdadJSw0LNGk8qFeW/+IAuIYPm7qhOgxWM7VD+FT+4V3DlT0SSbDwXosBIbZqwP20/TNr2fyX3b+dpHaHxAkCof679iCS+TxVpRgm8yMFOLWG2Mok51OKzbhwKQv90Qm2QODmYPazftz0YoYtVxDmMCYUmkGlQK/Sqg="},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"63.245.208.195","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47714,"event_start":1565200341.846619} {"dns":{"base64":"NKIBAAABAAAAAAAAA3d3dwdtb3ppbGxhA29yZwAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":59091,"dst_port":53,"event_start":1565200342.063360} @@ -412,14 +412,14 @@ {"dns":{"base64":"NKKBgAABAAMABQAJA3d3dwdtb3ppbGxhA29yZwAAAQABwAwABQABAAAABQAkA3d3dwdtb3ppbGxhA29yZwNjZG4KY2xvdWRmbGFyZQNuZXQAwC0AAQABAAAABQAEaBAoAsAtAAEAAQAAAAUABGgQKQLAQQACAAEAAAAFAAYDbnM1wEHAQQACAAEAAAAFAAYDbnMywEHAQQACAAEAAAAFAAYDbnMzwEHAQQACAAEAAAAFAAYDbnM0wEHAQQACAAEAAAAFAAYDbnMxwEHAxQABAAEAAAAFAASt9TsfwI8AAQABAAAABQAExineg8ChAAEAAQAAAAUABMYp3h/AfQABAAEAAAAFAATGKd8fwMUAHAABAAAABQAQJADLACBJAAEAAAAArfU7H8CPABwAAQAAAAUAECQAywAgSQABAAAAAMYp3oPAoQAcAAEAAAAFABAkAMsAIEkAAQAAAADGKd4fwLMAHAABAAAABQAQJADLACBJAAEAAAAAxinfg8B9ABwAAQAAAAUAECQAywAgSQABAAAAAMYp3x8="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":59091,"event_start":1565200342.097632} {"dns":{"base64":"0Y2BgAABAAMABQAJA3d3dwdtb3ppbGxhA29yZwAAHAABwAwABQABAAAABQAkA3d3dwdtb3ppbGxhA29yZwNjZG4KY2xvdWRmbGFyZQNuZXQAwC0AHAABAAAABQAQJgZHAAAAAAAAAAAAaBAoAsAtABwAAQAAAAUAECYGRwAAAAAAAAAAAGgQKQLAQQACAAEAAAAFAAYDbnMywEHAQQACAAEAAAAFAAYDbnM0wEHAQQACAAEAAAAFAAYDbnMxwEHAQQACAAEAAAAFAAYDbnMzwEHAQQACAAEAAAAFAAYDbnM1wEHAuQABAAEAAAAFAASt9TsfwJUAAQABAAAABQAExineg8DLAAEAAQAAAAUABMYp3h/A3QABAAEAAAAFAATGKd8fwLkAHAABAAAABQAQJADLACBJAAEAAAAArfU7H8CVABwAAQAAAAUAECQAywAgSQABAAAAAMYp3oPAywAcAAEAAAAFABAkAMsAIEkAAQAAAADGKd4fwKcAHAABAAAABQAQJADLACBJAAEAAAAAxinfg8DdABwAAQAAAAUAECQAywAgSQABAAAAAMYp3x8="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":32866,"event_start":1565200342.097885} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"104.16.41.2","protocol":6,"src_port":38792,"dst_port":443,"event_start":1565200342.098302} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.mozilla.org"}},"src_ip":"192.168.113.237","dst_ip":"104.16.41.2","protocol":6,"src_port":38792,"dst_port":443,"event_start":1565200342.138433} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.mozilla.org","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f7777772e6d6f7a696c6c612e6f7267\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020dc82de30b71e57ebd080feb0abff1a3d9dc81e225810fb59fe5fbfe974ce7156\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"104.16.41.2","protocol":6,"src_port":38792,"dst_port":443,"event_start":1565200342.138433} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"104.16.41.2","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":38792,"event_start":1565200342.192345} {"dns":{"base64":"EkYBAAABAAAAAAAABmZsaWNrcgNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":47017,"dst_port":53,"event_start":1565200342.409482} {"dns":{"base64":"kFIBAAABAAAAAAAABmZsaWNrcgNjb20AABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":52389,"dst_port":53,"event_start":1565200342.409653} {"dns":{"base64":"EkaBgAABAAEADQAOBmZsaWNrcgNjb20AAAEAAcAMAAEAAQAAAAUABGNU1/LAEwACAAEAAAAFABQBZAxndGxkLXNlcnZlcnMDbmV0AMATAAIAAQAAAAUABAFnwDrAEwACAAEAAAAFAAQBbMA6wBMAAgABAAAABQAEAWnAOsATAAIAAQAAAAUABAFtwDrAEwACAAEAAAAFAAQBZsA6wBMAAgABAAAABQAEAWrAOsATAAIAAQAAAAUABAFrwDrAEwACAAEAAAAFAAQBYsA6wBMAAgABAAAABQAEAWXAOsATAAIAAQAAAAUABAFjwDrAEwACAAEAAAAFAAQBaMA6wBMAAgABAAAABQAEAWHAOsEIAAEAAQAAAAUABMAFBh7AyAABAAEAAAAFAATAIQ4ewOgAAQABAAAABQAEwBpcHsA4AAEAAQAAAAUABMAfUB7A2AABAAEAAAAFAATADF4ewJgAAQABAAAABQAEwCMzHsBYAAEAAQAAAAUABMAqXR7A+AABAAEAAAAFAATANnAewHgAAQABAAAABQAEwCusHsCoAAEAAQAAAAUABMAwTx7AuAABAAEAAAAFAATANLIewGgAAQABAAAABQAEwCmiHsCIAAEAAQAAAAUABMA3Ux7BCAAcAAEAAAAFABAgAQUDqD4AAAAAAAAAAgAw"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":47017,"event_start":1565200342.447554} {"dns":{"base64":"kFKBgAABAAAAAQAABmZsaWNrcgNjb20AABwAAcAMAAYAAQAAAAUARQZucy01NzMJYXdzZG5zLTA3A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwBMAAAABAAAcIAAAA4QAEnUAAAFRgA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":52389,"event_start":1565200342.447574} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"99.84.215.242","protocol":6,"src_port":56402,"dst_port":443,"event_start":1565200342.447924} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"flickr.com"}},"src_ip":"192.168.113.237","dst_ip":"99.84.215.242","protocol":6,"src_port":56402,"dst_port":443,"event_start":1565200342.493276} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"flickr.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000d00000a666c69636b722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020492805c6e5f0f63bd0d377bba3bb33f0870424c1e584cebe7c0dc752e1b84137\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"99.84.215.242","protocol":6,"src_port":56402,"dst_port":443,"event_start":1565200342.493276} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIFdTCCBF2gAwIBAgIQDt4YzuELQpTapoK7bNnpZjANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIgQ0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MDIwMDAwMDBaFw0yMDA4MDIxMjAwMDBaMBUxEzARBgNVBAMTCmZsaWNrci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ7uaOoNvCN+/ert5b3wZh0CGCmd165UwVC3B1pgEhnt1iyUvM6xczMpkSTxc9w5gvPa/Ne1GPyGOHuY66z9XW50w+Sxjiykbceu+0yYRutkDPv8BhtqKBZgxPJI/3XBvVPyuHQS36IPy+Wjl5EULe9i2KmJMyJfnyE1i7Sb6y4TSk0U4TNi7MGJppXb2e33cgxetihDu00KADE27bXcEWTMstcfBLwdG5/X4x2z/owEvDKNvtolO6SoGwgwQ4l83smKWytETJCljGDTQYnW5SAsW0qy4s1SRf8Tfw+rpETg0muMt6s+satyHzpjoGaXohkDjRnATtx1+J21C3QE9nAgMBAAGjggKOMIICijAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUSWmklGLUX9CtIPn/1pCbKBIdUEUwLAYDVR0RBCUwI4IKZmxpY2tyLmNvbYIHZmxpYy5rcoIMKi5mbGlja3IuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3JsMCAGA1UdIAQZMBcwCwYJYIZIAYb9bAECMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0MAwGA1UdEwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWuzwcABAAAEAwBIMEYCIQDVms5k3rQNRh/BDGWUbIgaznl1rFWhhS2mbijASsTlWgIhAJLUcmNRZgbp9oseu+zUDHDGUV05trWyejCkYqeMf89zAHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFrs8HAUQAABAMARzBFAiEA1dWKmUVBHr1IKCuT5BdfpjdOwLvNn1JfK3AF34iAltMCICPBNPQBQy0fgbTwN9oTwXHesKMl4CbyyTOuzkJuuqPgMA0GCSqGSIb3DQEBCwUAA4IBAQBKYdDCdJU5SY1BejLwpgbyfrg="}]}},"reassembly_properties":{"truncated":true},"src_ip":"99.84.215.242","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56402,"event_start":1565200342.535652} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIFdTCCBF2gAwIBAgIQDt4YzuELQpTapoK7bNnpZjANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIgQ0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MDIwMDAwMDBaFw0yMDA4MDIxMjAwMDBaMBUxEzARBgNVBAMTCmZsaWNrci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ7uaOoNvCN+/ert5b3wZh0CGCmd165UwVC3B1pgEhnt1iyUvM6xczMpkSTxc9w5gvPa/Ne1GPyGOHuY66z9XW50w+Sxjiykbceu+0yYRutkDPv8BhtqKBZgxPJI/3XBvVPyuHQS36IPy+Wjl5EULe9i2KmJMyJfnyE1i7Sb6y4TSk0U4TNi7MGJppXb2e33cgxetihDu00KADE27bXcEWTMstcfBLwdG5/X4x2z/owEvDKNvtolO6SoGwgwQ4l83smKWytETJCljGDTQYnW5SAsW0qy4s1SRf8Tfw+rpETg0muMt6s+satyHzpjoGaXohkDjRnATtx1+J21C3QE9nAgMBAAGjggKOMIICijAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUSWmklGLUX9CtIPn/1pCbKBIdUEUwLAYDVR0RBCUwI4IKZmxpY2tyLmNvbYIHZmxpYy5rcoIMKi5mbGlja3IuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3JsMCAGA1UdIAQZMBcwCwYJYIZIAYb9bAECMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0MAwGA1UdEwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWuzwcABAAAEAwBIMEYCIQDVms5k3rQNRh/BDGWUbIgaznl1rFWhhS2mbijASsTlWgIhAJLUcmNRZgbp9oseu+zUDHDGUV05trWyejCkYqeMf89zAHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFrs8HAUQAABAMARzBFAiEA1dWKmUVBHr1IKCuT5BdfpjdOwLvNn1JfK3AF34iAltMCICPBNPQBQy0fgbTwN9oTwXHesKMl4CbyyTOuzkJuuqPgMA0GCSqGSIb3DQEBCwUAA4IBAQBKYdDCdJU5SY1BejLwpgbyfrisQ7VfzHi0IMaKwskPC9YBIO2AvdYJCcIutNcyCukriQDkYeUinsXYmtZb4B4XLto/XP2lqn9pNqBxS6CPKr7DmPy6SpU5RcYWHrKLGvjM4WA2GSD0nabz/yS7Mm+D+txilKh8pwpVMgYPS2AMdX2pnFFWCN58DT6zyt0isjtFoR773gByvPP8W+B4qBqKVdxhtdpo+JDn0/LMpUCrMwppy0/c1jfcEmNSGrgDsSp6E55oeqjKnGCNU3jwsaeeAQAWmm76vW/39r3p+XoP3XSbYNswO0ZumoHjrye63xKOulLY5Z2wv7WAfjjObtjK"},{"base64":"MIIESTCCAzGgAwIBAgITBn+UV4WH6Kx33rJTMlu8mYtWDTANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDFCMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCThZn3c68asg3Wuw6MLAd5tES6BIoSMzoKcG5blPVo+sDORrMd4f2AbnZcMzPa43j4wNxhplty6aUKk4T1qe9BOwKFjwK6zmxxLVYo7bHViXsPlJ6qOMpFge5blDP+18x+B26A0piiQOuPkfyDyeR4xQghfj66Yo19V+emU3nazfvpFA+ROz6WoVmB5x+F2pV8xeKNR7u6azDdU5YVX1TawprmxRC1+WsAYmz6qP+z8ArDITC2FMVy2fw0IjKOtEXc/VfmtTFch5+AfGYMGMqqvJ6LcXiAhqG5TI+Dr0RtM88k+8XUBCeQ8IGKuANaL7TiItKZYxK1MMuTJtV9IblAgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUWaRmBlKge5WSPKOUByeWdFv5PdAwHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUHAQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQCFkr41u3nPo4FCHOTjY3NTOVI159Gt/a6ZiqyJEi+752+a1U5y6iAwYfmXss2lJwJFqMp2PphKg5625kXg8kP2CN5t6G7bMQcT8C8xDZNtYTd7WPD8UZiRKAJPBXa30/AbwuZe0GaFEQ8ugcYQgSn+IGBI8/LwhBNTZTUVEWuCUUBVV18YtbAiPq3yXqMB48Oz+ctBWuZSkbvkNodPLamkB2g1upRyzQ7qDn1X8nn8N8V7YJ6y68AtkHcNSRAnpTitxBKjtKPISLMVCx7i4hncxHZSyLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/"},{"base64":"MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAWgBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2VyMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSWMiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/maeyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBKbRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4UakcjMS9cmvqtmg5iUaQqqcT5NJ0hGA=="},{"base64":"MIIEdTCCA12gAwIBAgIJAKcOSkw0grd/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wOTA5MDIwMDAwMDBaFw0zNDA2MjgxNzM5MTZaMIGYMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZpZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVDDrEKvlO4vW+GZdfjohTsR8/y8+fIBNtKTrID30892t2OGPZNmCom15cAICyL1l/9of5JUOG52kbUpqQ4XHj2C0NTm/2yEnZtvMaVq4rtnQU68/7JuMauh2WLmo7WJSJR1b/JaCTcFOD2oR0FMNnngRoOt+OQFodSk7PQ5E751bWAHDLUu57fa4657wx+UX2wmDPE1kCK4DMNEffud6QZW0CzyyRpqbn3oUYSXxmTqM6bam17jQuug0DuDPfR+uxa40l2ZvOgdFFRjKWcIfeAg5JQ4W2bHO7ZOphQazJ1FTfhy/HIrImzJ9ZVGif/L4qL8RVHHVAYBeFAlU5i38FAgMBAAGjgfAwge0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMB8GA1UdIwQYMBaAFL9ft9HO3R+G9FtVrNzXEMIOqYjnME8GCCsGAQUFBwEBBEMwQTAcBggrBgEFBQcwAYYQaHR0cDovL28uc3MyLnVzLzAhBggrBgEFBQcwAoYVaHR0cDovL3guc3MyLnVzL3guY2VyMCYGA1UdHwQfMB0wG6AZoBeGFWh0dHA6Ly9zLnNzMi51cy9yLmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBACMd44pXyn3pF3lM8R5V/cxTbj5HD9/GVfKyBDbtgB9TxF00KGu+x1X8Z+rLP3+QsjPNG1gQggL4+C/1E2DUBc7xgQjB3ad1l08YuW3e95ORCLp+QCztweq7dp4zBncdDQh/U90bZKuCJ/Fp1U1ervShw3WnWEQt8jxwmKy6abaVd38PMV4s/KCHOkdp8Hlf9BRUpJVeEXgSYCfOn8J3/yNTd126/+pZ59vPr5KW7ySaNRB6nJHGDn2Z9j8Z3/VyVOEVqQdZe4O/Ui5GjLIAZHYcSNPYeehuVsyuLAOQ1xk4meTKCRlb/weWsKh/NEnfVqn3sF/tM+2MR7cwA130A4w="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"99.84.215.242","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56402,"event_start":1565200342.535844} {"dns":{"base64":"BRYBAAABAAAAAAAAA3d3dwZmbGlja3IDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":42238,"dst_port":53,"event_start":1565200342.633499} @@ -427,7 +427,7 @@ {"dns":{"base64":"zxSBgAABAAkABAAEA3d3dwZmbGlja3IDY29tAAAcAAHADAAFAAEAAAAFAB8OZDIwYjg2aW51cjE0bGwKY2xvdWRmcm9udANuZXQAwCwAHAABAAAABQAQJgCQACAV/AAAGz08IkoSYcAsABwAAQAAAAUAECYAkAAgFTgAABs9PCJKEmHALAAcAAEAAAAFABAmAJAAIBV0AAAbPTwiShJhwCwAHAABAAAABQAQJgCQACAVBgAAGz08IkoSYcAsABwAAQAAAAUAECYAkAAgFVAAABs9PCJKEmHALAAcAAEAAAAFABAmAJAAIBVaAAAbPTwiShJhwCwAHAABAAAABQAQJgCQACAV1AAAGz08IkoSYcAsABwAAQAAAAUAECYAkAAgFS4AABs9PCJKEmHAOwACAAEAAAAFABMGbnMtNjY2CWF3c2Rucy0xOcBGwDsAAgABAAAABQAZB25zLTE1OTcJYXdzZG5zLTA3AmNvAnVrAMA7AAIAAQAAAAUAEwZucy00MTgJYXdzZG5zLTUywBfAOwACAAEAAAAFABcHbnMtMTMwNglhd3NkbnMtMzUDb3JnAMF7AAEAAQAAAAUABM37waLBNwABAAEAAAAFAATN+8KawZoAAQABAAAABQAEzfvFGsFWAAEAAQAAAAUABM37xj0="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":56785,"event_start":1565200342.667074} {"dns":{"base64":"BRaBgAABAAIABAAIA3d3dwZmbGlja3IDY29tAAABAAHADAAFAAEAAAAFAB8OZDIwYjg2aW51cjE0bGwKY2xvdWRmcm9udANuZXQAwCwAAQABAAAABQAEY1TX8sA7AAIAAQAAAAUAGQducy0xNTk3CWF3c2Rucy0wNwJjbwJ1awDAOwACAAEAAAAFABMGbnMtNjY2CWF3c2Rucy0xOcBGwDsAAgABAAAABQAXB25zLTEzMDYJYXdzZG5zLTM1A29yZwDAOwACAAEAAAAFABMGbnMtNDE4CWF3c2Rucy01MsAXwM4AAQABAAAABQAEzfvBosCMAAEAAQAAAAUABM37wprAqwABAAEAAAAFAATN+8UawGcAAQABAAAABQAEzfvGPcDOABwAAQAAAAUAECYAkABTAaIAAAAAAAAAAAHAjAAcAAEAAAAFABAmAJAAUwKaAAAAAAAAAAABwKsAHAABAAAABQAQJgCQAFMFGgAAAAAAAAAAAcBnABwAAQAAAAUAECYAkABTBj0AAAAAAAAAAAE="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":42238,"event_start":1565200342.667094} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"99.84.215.242","protocol":6,"src_port":56404,"dst_port":443,"event_start":1565200342.667949} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.flickr.com"}},"src_ip":"192.168.113.237","dst_ip":"99.84.215.242","protocol":6,"src_port":56404,"dst_port":443,"event_start":1565200342.707540} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.flickr.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001100000e7777772e666c69636b722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00206b70a388c45203710106c6d37102a5d9ae654e0b003f9f636308f6e86fb39a0a\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"99.84.215.242","protocol":6,"src_port":56404,"dst_port":443,"event_start":1565200342.707540} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIFdTCCBF2gAwIBAgIQDt4YzuELQpTapoK7bNnpZjANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIgQ0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MDIwMDAwMDBaFw0yMDA4MDIxMjAwMDBaMBUxEzARBgNVBAMTCmZsaWNrci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ7uaOoNvCN+/ert5b3wZh0CGCmd165UwVC3B1pgEhnt1iyUvM6xczMpkSTxc9w5gvPa/Ne1GPyGOHuY66z9XW50w+Sxjiykbceu+0yYRutkDPv8BhtqKBZgxPJI/3XBvVPyuHQS36IPy+Wjl5EULe9i2KmJMyJfnyE1i7Sb6y4TSk0U4TNi7MGJppXb2e33cgxetihDu00KADE27bXcEWTMstcfBLwdG5/X4x2z/owEvDKNvtolO6SoGwgwQ4l83smKWytETJCljGDTQYnW5SAsW0qy4s1SRf8Tfw+rpETg0muMt6s+satyHzpjoGaXohkDjRnATtx1+J21C3QE9nAgMBAAGjggKOMIICijAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUSWmklGLUX9CtIPn/1pCbKBIdUEUwLAYDVR0RBCUwI4IKZmxpY2tyLmNvbYIHZmxpYy5rcoIMKi5mbGlja3IuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3JsMCAGA1UdIAQZMBcwCwYJYIZIAYb9bAECMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0MAwGA1UdEwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWuzwcABAAAEAwBIMEYCIQDVms5k3rQNRh/BDGWUbIgaznl1rFWhhS2mbijASsTlWgIhAJLUcmNRZgbp9oseu+zUDHDGUV05trWyejCkYqeMf89zAHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFrs8HAUQAABAMARzBFAiEA1dWKmUVBHr1IKCuT5BdfpjdOwLvNn1JfK3AF34iAltMCICPBNPQBQy0fgbTwN9oTwXHesKMl4CbyyTOuzkJuuqPgMA0GCSqGSIb3DQEBCwUAA4IBAQBKYdDCdJU5SY1BejLwpgbyfrisQ7VfzHi0IMaKwskPC9YBIO2AvdYJCcIutNcyCukriQDkYeUinsXYmtZb4B4XLto/XP2lqn9pNqBxS6CPKr7DmPy6SpU5RcYWHrKLGvjM4WA2GSD0nabz/yS7Mm+D+txilKh8pwpVMgYPS2AMdX2pnFFWCN58DT6zyt0isjtFoR773gByvPP8W+B4qBqKVdxhtdpo+JDn0/LMpUCrMwppy0/c1jfcEmNSGrgDsSp6E55oeqjKnGCNU3jwsaeeAQAWmm76vW/39r3p+XoP3XSbYNswOw=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"99.84.215.242","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56404,"event_start":1565200342.752418} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIFdTCCBF2gAwIBAgIQDt4YzuELQpTapoK7bNnpZjANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIgQ0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MDIwMDAwMDBaFw0yMDA4MDIxMjAwMDBaMBUxEzARBgNVBAMTCmZsaWNrci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ7uaOoNvCN+/ert5b3wZh0CGCmd165UwVC3B1pgEhnt1iyUvM6xczMpkSTxc9w5gvPa/Ne1GPyGOHuY66z9XW50w+Sxjiykbceu+0yYRutkDPv8BhtqKBZgxPJI/3XBvVPyuHQS36IPy+Wjl5EULe9i2KmJMyJfnyE1i7Sb6y4TSk0U4TNi7MGJppXb2e33cgxetihDu00KADE27bXcEWTMstcfBLwdG5/X4x2z/owEvDKNvtolO6SoGwgwQ4l83smKWytETJCljGDTQYnW5SAsW0qy4s1SRf8Tfw+rpETg0muMt6s+satyHzpjoGaXohkDjRnATtx1+J21C3QE9nAgMBAAGjggKOMIICijAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUSWmklGLUX9CtIPn/1pCbKBIdUEUwLAYDVR0RBCUwI4IKZmxpY2tyLmNvbYIHZmxpYy5rcoIMKi5mbGlja3IuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3JsMCAGA1UdIAQZMBcwCwYJYIZIAYb9bAECMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0MAwGA1UdEwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWuzwcABAAAEAwBIMEYCIQDVms5k3rQNRh/BDGWUbIgaznl1rFWhhS2mbijASsTlWgIhAJLUcmNRZgbp9oseu+zUDHDGUV05trWyejCkYqeMf89zAHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFrs8HAUQAABAMARzBFAiEA1dWKmUVBHr1IKCuT5BdfpjdOwLvNn1JfK3AF34iAltMCICPBNPQBQy0fgbTwN9oTwXHesKMl4CbyyTOuzkJuuqPgMA0GCSqGSIb3DQEBCwUAA4IBAQBKYdDCdJU5SY1BejLwpgbyfrisQ7VfzHi0IMaKwskPC9YBIO2AvdYJCcIutNcyCukriQDkYeUinsXYmtZb4B4XLto/XP2lqn9pNqBxS6CPKr7DmPy6SpU5RcYWHrKLGvjM4WA2GSD0nabz/yS7Mm+D+txilKh8pwpVMgYPS2AMdX2pnFFWCN58DT6zyt0isjtFoR773gByvPP8W+B4qBqKVdxhtdpo+JDn0/LMpUCrMwppy0/c1jfcEmNSGrgDsSp6E55oeqjKnGCNU3jwsaeeAQAWmm76vW/39r3p+XoP3XSbYNswO0ZumoHjrye63xKOulLY5Z2wv7WAfjjObtjK"},{"base64":"MIIESTCCAzGgAwIBAgITBn+UV4WH6Kx33rJTMlu8mYtWDTANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDFCMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCThZn3c68asg3Wuw6MLAd5tES6BIoSMzoKcG5blPVo+sDORrMd4f2AbnZcMzPa43j4wNxhplty6aUKk4T1qe9BOwKFjwK6zmxxLVYo7bHViXsPlJ6qOMpFge5blDP+18x+B26A0piiQOuPkfyDyeR4xQghfj66Yo19V+emU3nazfvpFA+ROz6WoVmB5x+F2pV8xeKNR7u6azDdU5YVX1TawprmxRC1+WsAYmz6qP+z8ArDITC2FMVy2fw0IjKOtEXc/VfmtTFch5+AfGYMGMqqvJ6LcXiAhqG5TI+Dr0RtM88k+8XUBCeQ8IGKuANaL7TiItKZYxK1MMuTJtV9IblAgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUWaRmBlKge5WSPKOUByeWdFv5PdAwHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUHAQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQCFkr41u3nPo4FCHOTjY3NTOVI159Gt/a6ZiqyJEi+752+a1U5y6iAwYfmXss2lJwJFqMp2PphKg5625kXg8kP2CN5t6G7bMQcT8C8xDZNtYTd7WPD8UZiRKAJPBXa30/AbwuZe0GaFEQ8ugcYQgSn+IGBI8/LwhBNTZTUVEWuCUUBVV18YtbAiPq3yXqMB48Oz+ctBWuZSkbvkNodPLamkB2g1upRyzQ7qDn1X8nn8N8V7YJ6y68AtkHcNSRAnpTitxBKjtKPISLMVCx7i4hncxHZSyLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/"},{"base64":"MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAWgBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2VyMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSWMiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/maeyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBKbRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4UakcjMS9cmvqtmg5iUaQqqcT5NJ0hGA=="},{"base64":"MIIEdTCCA12gAwIBAgIJAKcOSkw0grd/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wOTA5MDIwMDAwMDBaFw0zNDA2MjgxNzM5MTZaMIGYMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZpZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVDDrEKvlO4vW+GZdfjohTsR8/y8+fIBNtKTrID30892t2OGPZNmCom15cAICyL1l/9of5JUOG52kbUpqQ4XHj2C0NTm/2yEnZtvMaVq4rtnQU68/7JuMauh2WLmo7WJSJR1b/JaCTcFOD2oR0FMNnngRoOt+OQFodSk7PQ5E751bWAHDLUu57fa4657wx+UX2wmDPE1kCK4DMNEffud6QZW0CzyyRpqbn3oUYSXxmTqM6bam17jQuug0DuDPfR+uxa40l2ZvOgdFFRjKWcIfeAg5JQ4W2bHO7ZOphQazJ1FTfhy/HIrImzJ9ZVGif/L4qL8RVHHVAYBeFAlU5i38FAgMBAAGjgfAwge0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMB8GA1UdIwQYMBaAFL9ft9HO3R+G9FtVrNzXEMIOqYjnME8GCCsGAQUFBwEBBEMwQTAcBggrBgEFBQcwAYYQaHR0cDovL28uc3MyLnVzLzAhBggrBgEFBQcwAoYVaHR0cDovL3guc3MyLnVzL3guY2VyMCYGA1UdHwQfMB0wG6AZoBeGFWh0dHA6Ly9zLnNzMi51cy9yLmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBACMd44pXyn3pF3lM8R5V/cxTbj5HD9/GVfKyBDbtgB9TxF00KGu+x1X8Z+rLP3+QsjPNG1gQggL4+C/1E2DUBc7xgQjB3ad1l08YuW3e95ORCLp+QCztweq7dp4zBncdDQh/U90bZKuCJ/Fp1U1ervShw3WnWEQt8jxwmKy6abaVd38PMV4s/KCHOkdp8Hlf9BRUpJVeEXgSYCfOn8J3/yNTd126/+pZ59vPr5KW7ySaNRB6nJHGDn2Z9j8Z3/VyVOEVqQdZe4O/Ui5GjLIAZHYcSNPYeehuVsyuLAOQ1xk4meTKCRlb/weWsKh/NEnfVqn3sF/tM+2MR7cwA130A4w="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"99.84.215.242","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56404,"event_start":1565200342.753049} {"dns":{"base64":"oV4BAAABAAAAAAAACGdyYXZhdGFyA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":55844,"dst_port":53,"event_start":1565200343.139712} @@ -435,7 +435,7 @@ {"dns":{"base64":"kraBgAABAAAAAQAACGdyYXZhdGFyA2NvbQAAHAABwAwABgABAAAABQAyA25zMQphdXRvbWF0dGljwBUKaG9zdG1hc3RlcsAueFi3pAAAcIAAABwgAAk6gAABUYA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":56525,"event_start":1565200343.175964} {"dns":{"base64":"oV6BgAABAAQADQAMCGdyYXZhdGFyA2NvbQAAAQABwAwAAQABAAAABQAEwABQ8MAMAAEAAQAAAAUABMAAUO/ADAABAAEAAAAFAATAAFDxwAwAAQABAAAABQAEwABQ8sAVAAIAAQAAAAUAFAFjDGd0bGQtc2VydmVycwNuZXQAwBUAAgABAAAABQAEAWfAbMAVAAIAAQAAAAUABAFiwGzAFQACAAEAAAAFAAQBacBswBUAAgABAAAABQAEAW3AbMAVAAIAAQAAAAUABAFmwGzAFQACAAEAAAAFAAQBa8BswBUAAgABAAAABQAEAWXAbMAVAAIAAQAAAAUABAFowGzAFQACAAEAAAAFAAQBasBswBUAAgABAAAABQAEAWHAbMAVAAIAAQAAAAUABAFkwGzAFQACAAEAAAAFAAQBbMBswRoAAQABAAAABQAEwAUGHsCaAAEAAQAAAAUABMAhDh7AagABAAEAAAAFAATAGlwewSoAAQABAAAABQAEwB9QHsDqAAEAAQAAAAUABMAMXh7AygABAAEAAAAFAATAIzMewIoAAQABAAAABQAEwCpdHsD6AAEAAQAAAAUABMA2cB7AqgABAAEAAAAFAATAK6wewQoAAQABAAAABQAEwDBPHsDaAAEAAQAAAAUABMA0sh7BOgABAAEAAAAFAATAKaIe"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":55844,"event_start":1565200343.185395} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"192.0.80.240","protocol":6,"src_port":49766,"dst_port":443,"event_start":1565200343.185751} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"gravatar.com"}},"src_ip":"192.168.113.237","dst_ip":"192.0.80.240","protocol":6,"src_port":49766,"dst_port":443,"event_start":1565200343.256831} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"gravatar.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000f00000c67726176617461722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020872663e1448200709885d2310741bc2229f8985cd034d93229587fdcc3bd752e\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"192.0.80.240","protocol":6,"src_port":49766,"dst_port":443,"event_start":1565200343.256831} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((002b00020304)(0033))"},"src_ip":"192.0.80.240","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":49766,"event_start":1565200343.329185} {"dns":{"base64":"+AsBAAABAAAAAAAAAmVuCGdyYXZhdGFyA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":49777,"dst_port":53,"event_start":1565200343.485495} {"dns":{"base64":"BIYBAAABAAAAAAAAAmVuCGdyYXZhdGFyA2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":44022,"dst_port":53,"event_start":1565200343.485724} @@ -444,7 +444,7 @@ {"dns":{"base64":"4CoBAAABAAAAAAAAAmxiCGdyYXZhdGFyA2NvbQAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":37802,"dst_port":53,"event_start":1565200343.542135} {"dns":{"base64":"4CqBgAABAAAAAQAAAmxiCGdyYXZhdGFyA2NvbQAAHAABwA8ABgABAAAABQAyA25zMQphdXRvbWF0dGljwBgKaG9zdG1hc3RlcsAxeFi3pAAAcIAAABwgAAk6gAABUYA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":37802,"event_start":1565200343.574363} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"192.0.80.242","protocol":6,"src_port":40364,"dst_port":443,"event_start":1565200343.574650} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"en.gravatar.com"}},"src_ip":"192.168.113.237","dst_ip":"192.0.80.242","protocol":6,"src_port":40364,"dst_port":443,"event_start":1565200343.652953} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"en.gravatar.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f656e2e67726176617461722e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00205b7bc03502da42254709fc60a5c4f17607386d3dfb3f9260fb42fca774ffa456\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"192.0.80.242","protocol":6,"src_port":40364,"dst_port":443,"event_start":1565200343.652953} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((002b00020304)(0033))"},"src_ip":"192.0.80.242","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":40364,"event_start":1565200343.727052} {"dns":{"base64":"iAIBAAABAAAAAAAADnBhcmtlZC1jb250ZW50B2dvZGFkZHkDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":50935,"dst_port":53,"event_start":1565200343.956873} {"dns":{"base64":"FEQBAAABAAAAAAAADnBhcmtlZC1jb250ZW50B2dvZGFkZHkDY29tAAAcAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":35338,"dst_port":53,"event_start":1565200343.957135} @@ -453,7 +453,7 @@ {"dns":{"base64":"s8cBAAABAAAAAAAABWU2MDAxAWEKYWthbWFpZWRnZQNuZXQAABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":47901,"dst_port":53,"event_start":1565200344.070252} {"dns":{"base64":"s8eBgAABAAAAAQAABWU2MDAxAWEKYWthbWFpZWRnZQNuZXQAABwAAcASAAYAAQAAAAUAMQNuMGHAFApob3N0bWFzdGVyBmFrYW1haQNjb20AXUsMoAAAA+gAAAPoAAAD6AAABwg="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":47901,"event_start":1565200344.104356} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"23.67.98.106","protocol":6,"src_port":58940,"dst_port":443,"event_start":1565200344.104576} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"parked-content.godaddy.com"}},"src_ip":"192.168.113.237","dst_ip":"23.67.98.106","protocol":6,"src_port":58940,"dst_port":443,"event_start":1565200344.149261} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"parked-content.godaddy.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001d00001a7061726b65642d636f6e74656e742e676f64616464792e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002043bca9facd867ce6904b317183416e2bdd11a0e8d43546e7ea617d13da03b77b\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"23.67.98.106","protocol":6,"src_port":58940,"dst_port":443,"event_start":1565200344.149261} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIG1DCCBbygAwIBAgIIGC58kEbr9U0wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMjEyMjIzOTA0WhcNMjEwMjEyMjIzOTA0WjBjMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEVMBMGA1UEChMMR29EYWRkeSBJTkMuMRYwFAYDVQQDDA0qLmdvZGFkZHkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6Rks2Tbs+DYreyTFDcitH1PN4FdPmW8C8h/AYXAdG9csWK6YUe+pCRutxMLgaz0a/Ky85BG7kawIgKUjZILJxsD0W9sC/GHLdFXi5NtTJUK6WOViVHeiPj+Ov0i/7IlrVP6s6oqokBA66TLLVw0MnZOTVLkmOlYnxOkj/C+bhZf4MU/9Zy8z2J/v/mXBsPhfI73faVXhTChCRuQX0FA5fFhXjd2ipi3SP20mhWDLp008FxOGvSSDhXQnSWAF5jsgZ6DgoNqnrUzw/3uP5/3fAj3QqlZ1xw0cZVOuuoTwZMsxjH8dQrMz8PjGk7DriD3VXAzzMHupDML6R+r533SgwIDAQABo4IDODCCAzQwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMi0xMy5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXAjA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAlBgNVHREEHjAcgg0qLmdvZGFkZHkuY29tggtnb2RhZGR5LmNvbTAdBgNVHQ4EFgQUt6ZsfAL5i/ofSFphx3Gp2BdmMmIwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABaOPdGowAAAQDAEcwRQIhAMxX2XWyBa9Tn2kbG6o4HKnnYUZX35JOq57J+IpvZBx/AiAhyVYLWtPilAGU+p/F0YA/vkmayeEWStu/CjUfYsp0sQB1AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABaOPdHjsAAAQDAEYwRAIgWkQUZ163dVmbri6YWXhiABP2sT4+0deGa68TBuyOnMICIFxRtvIH3BmjhyymOOQTV2TQKmRGkvnFWVM06U0Ymv9ZAHYARJRlLrDuzq/EQAfYqP4owA=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"23.67.98.106","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":58940,"event_start":1565200344.193825} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIG1DCCBbygAwIBAgIIGC58kEbr9U0wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMjEyMjIzOTA0WhcNMjEwMjEyMjIzOTA0WjBjMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEVMBMGA1UEChMMR29EYWRkeSBJTkMuMRYwFAYDVQQDDA0qLmdvZGFkZHkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6Rks2Tbs+DYreyTFDcitH1PN4FdPmW8C8h/AYXAdG9csWK6YUe+pCRutxMLgaz0a/Ky85BG7kawIgKUjZILJxsD0W9sC/GHLdFXi5NtTJUK6WOViVHeiPj+Ov0i/7IlrVP6s6oqokBA66TLLVw0MnZOTVLkmOlYnxOkj/C+bhZf4MU/9Zy8z2J/v/mXBsPhfI73faVXhTChCRuQX0FA5fFhXjd2ipi3SP20mhWDLp008FxOGvSSDhXQnSWAF5jsgZ6DgoNqnrUzw/3uP5/3fAj3QqlZ1xw0cZVOuuoTwZMsxjH8dQrMz8PjGk7DriD3VXAzzMHupDML6R+r533SgwIDAQABo4IDODCCAzQwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMi0xMy5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXAjA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAlBgNVHREEHjAcgg0qLmdvZGFkZHkuY29tggtnb2RhZGR5LmNvbTAdBgNVHQ4EFgQUt6ZsfAL5i/ofSFphx3Gp2BdmMmIwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABaOPdGowAAAQDAEcwRQIhAMxX2XWyBa9Tn2kbG6o4HKnnYUZX35JOq57J+IpvZBx/AiAhyVYLWtPilAGU+p/F0YA/vkmayeEWStu/CjUfYsp0sQB1AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABaOPdHjsAAAQDAEYwRAIgWkQUZ163dVmbri6YWXhiABP2sT4+0deGa68TBuyOnMICIFxRtvIH3BmjhyymOOQTV2TQKmRGkvnFWVM06U0Ymv9ZAHYARJRlLrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFo490ivAAABAMARzBFAiA3u9e2u7/zy6bmvj1mtciIEAIi7Tght5t2dKtMr6Oo8QIhAOI7Ylq0KUDCvFJUTFJ9BtcPDmAUcHiFHN6YX7cNgkm4MA0GCSqGSIb3DQEBCwUAA4IBAQCuEZMYHRyIsl5gftGz6R5DMDUaGDeshChb5oWMTErkuqJ+vqG4rnHy6RI2MZoMRD0MsdFBv49guEhJChqNQO++A1BW+AYSJqY/tWuE/KD0VcwmVjtPFer1tt6pYZYHqVqSaoRuUlnxiAv7YqiT3ledmIhgr3GLjuXe4nAfRSYK423rHWDhbdsZm+u9n8Hb70Sk9W49CXEyM3IqwYkMTH81HbMcWLHI3Ctp7hDnvvRyJ7tRIvvva5ZNCl1ruzm8ud+LJzEY9em/t2/41nzr9C1rK6nOiGRPkVFtqHGCxi+uR+PTnlM9E0QexuziCIS5xArv8fH5OjDxJJLrELIrex92"},{"base64":"MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawiDsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2xLXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"23.67.98.106","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":58940,"event_start":1565200344.194201} {"dns":{"base64":"z/IBAAABAAAAAAAAAnczA29yZwAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":35956,"dst_port":53,"event_start":1565200344.560780} @@ -474,11 +474,11 @@ {"dns":{"base64":"1DKBgAABAAIADQANA2dldAVhZG9iZQNjb20AAAEAAcAMAAUAAQAAAAUACwNnZXQEd2lwNMAQwCsAAQABAAAABQAEwJOCP8AWAAIAAQAAAAUAFAFiDGd0bGQtc2VydmVycwNuZXQAwBYAAgABAAAABQAEAWPAVMAWAAIAAQAAAAUABAFqwFTAFgACAAEAAAAFAAQBYcBUwBYAAgABAAAABQAEAWTAVMAWAAIAAQAAAAUABAFpwFTAFgACAAEAAAAFAAQBZcBUwBYAAgABAAAABQAEAWvAVMAWAAIAAQAAAAUABAFnwFTAFgACAAEAAAAFAAQBbcBUwBYAAgABAAAABQAEAWjAVMAWAAIAAQAAAAUABAFswFTAFgACAAEAAAAFAAQBZsBUwJIAAQABAAAABQAEwAUGHsBSAAEAAQAAAAUABMAhDh7AcgABAAEAAAAFAATAGlwewKIAAQABAAAABQAEwB9QHsDCAAEAAQAAAAUABMAMXh7BIgABAAEAAAAFAATAIzMewOIAAQABAAAABQAEwCpdHsECAAEAAQAAAAUABMA2cB7AsgABAAEAAAAFAATAK6wewIIAAQABAAAABQAEwDBPHsDSAAEAAQAAAAUABMA0sh7BEgABAAEAAAAFAATAKaIewPIAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":32824,"event_start":1565200421.802254} {"dns":{"base64":"Vg2BgAABAAAAAQAAA2dldAR3aXA0BWFkb2JlA2NvbQAAHAABwBAABgABAAAABQAtCW9yMWd0bTAwM8AVCmhvc3RtYXN0ZXLAMHhYS3EAACowAAAOEAAJOoAAAAA8"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":52579,"event_start":1565200421.835676} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"192.147.130.63","protocol":6,"src_port":56050,"dst_port":443,"event_start":1565200421.836043} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"get.adobe.com"}},"src_ip":"192.168.113.237","dst_ip":"192.147.130.63","protocol":6,"src_port":56050,"dst_port":443,"event_start":1565200421.939433} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"get.adobe.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d6765742e61646f62652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002016f7837fd37587def563e0ed687ab228534f13f5ba10be95d9b2614393219e26\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"192.147.130.63","protocol":6,"src_port":56050,"dst_port":443,"event_start":1565200421.939433} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIFLzCCBBegAwIBAgIQB0B1cdqi3EvrQNMDvCLFLzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTYwOTIzMDAwMDAwWhcNMTkwOTI3MTIwMDAwWjByMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMRYwFAYDVQQDEw1nZXQuYWRvYmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveM8fv/wEUZyOU3P1HZbEfXssMIqSVViH1GmY4WTN4BjXvKAqhyZZ4d9L9cwwc0wYpZd0eBiKDm82JXN6z1cXvTP9P8DKS91R2FYuk5EFHnLQDI/hHD6Akrw1oO+3Jl9TCnP9ERtJ+ym/QCARGUi+0drECWRnLFUB6pp+OjXEBW4ksqQSMu+5gcJBGLaHGA7FoaPPZiBflGiSYtleD59yTFdn1gExGUjAEV0vtRyn78xLfIm4BjH4ig5ourSePT4sukw+pl7byg1oHlvRBXdivKISGeGDDp4iRgn6o3EeHHv8+SqbtKYN5O2Lt/6nIOAeSBUHgAwMuXjbgbYOTbEZwIDAQABo4IB5DCCAeAwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFL0p+ADBly695ldqsOYJRJDY3p3eMCgGA1UdEQQhMB+CDWdldC5hZG9iZS5jb22CDmdldDIuYWRvYmUuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNS5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzUuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAGFvKSUJ3FHGYnmuPNFfUJ9TUF38sGQI3LYN4fxiTkFyt+KzxI465di9ik7gC+IpyPHZkHd4Xt8U5s4xe9v1OCnhrpKsmG+jUYq4VVHZZ9JJhhpdpPqKgkCYc3ulUM981/59HH74HzOQpSifdceEh+i1jVuVbWTEKkIV0yzW8W18fGCWmWD922P7Vi0be2EnvLDlilWDRfTnECAt5b/PpJmt9ww7X2NmAQaIlU++zkaQO635jNqdrxoTEq7Ae6Am6aIbazcGjgohFhoE0dzl2L6/cl8kbEWo+cbfUvIpMRvFaP962YyXFq8D7il10tVgmBQUkY4BNn5cZ9eEqmePPnw="},{"base64":"MIIElDCCA3ygAwIBAgIQ"}]}},"reassembly_properties":{"truncated":true},"src_ip":"192.147.130.63","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56050,"event_start":1565200422.054512} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b00020100))"},"tls":{"server":{"certs":[{"base64":"MIIFLzCCBBegAwIBAgIQB0B1cdqi3EvrQNMDvCLFLzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTYwOTIzMDAwMDAwWhcNMTkwOTI3MTIwMDAwWjByMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMRYwFAYDVQQDEw1nZXQuYWRvYmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveM8fv/wEUZyOU3P1HZbEfXssMIqSVViH1GmY4WTN4BjXvKAqhyZZ4d9L9cwwc0wYpZd0eBiKDm82JXN6z1cXvTP9P8DKS91R2FYuk5EFHnLQDI/hHD6Akrw1oO+3Jl9TCnP9ERtJ+ym/QCARGUi+0drECWRnLFUB6pp+OjXEBW4ksqQSMu+5gcJBGLaHGA7FoaPPZiBflGiSYtleD59yTFdn1gExGUjAEV0vtRyn78xLfIm4BjH4ig5ourSePT4sukw+pl7byg1oHlvRBXdivKISGeGDDp4iRgn6o3EeHHv8+SqbtKYN5O2Lt/6nIOAeSBUHgAwMuXjbgbYOTbEZwIDAQABo4IB5DCCAeAwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFL0p+ADBly695ldqsOYJRJDY3p3eMCgGA1UdEQQhMB+CDWdldC5hZG9iZS5jb22CDmdldDIuYWRvYmUuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNS5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzUuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAGFvKSUJ3FHGYnmuPNFfUJ9TUF38sGQI3LYN4fxiTkFyt+KzxI465di9ik7gC+IpyPHZkHd4Xt8U5s4xe9v1OCnhrpKsmG+jUYq4VVHZZ9JJhhpdpPqKgkCYc3ulUM981/59HH74HzOQpSifdceEh+i1jVuVbWTEKkIV0yzW8W18fGCWmWD922P7Vi0be2EnvLDlilWDRfTnECAt5b/PpJmt9ww7X2NmAQaIlU++zkaQO635jNqdrxoTEq7Ae6Am6aIbazcGjgohFhoE0dzl2L6/cl8kbEWo+cbfUvIpMRvFaP962YyXFq8D7il10tVgmBQUkY4BNn5cZ9eEqmePPnw="},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"192.147.130.63","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":56050,"event_start":1565200422.054770} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"184.50.35.161","protocol":6,"src_port":57026,"dst_port":443,"event_start":1565200422.379884} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.adobe.com"}},"src_ip":"192.168.113.237","dst_ip":"184.50.35.161","protocol":6,"src_port":57026,"dst_port":443,"event_start":1565200422.420984} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.adobe.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001000000d7777772e61646f62652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020c721a112f780736cc9ed2adede8ee7a71ce61321cfe76245631c177995ee8b3a\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"184.50.35.161","protocol":6,"src_port":57026,"dst_port":443,"event_start":1565200422.420984} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGNzCCBR+gAwIBAgIQCg503M6e7LVhG69g0BbsbzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA2MDAwMDAwWhcNMjAwMjA1MTIwMDAwWjB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMQswCQYDVQQLEwJJUzEUMBIGA1UEAwwLKi5hZG9iZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxHy02hH5awt6eB0ZB5yfF3ZQO+955tDn+W6IfR+yLQFIi931YwkIxAM7M2VD1bm760h29lI6RiYFpiW0oPUnkt8zEpdayi2OHH5Ap6nQSDlEHW9BQpMXLBVep0HG6e8Qz2uiW84K8qlERWRBoDf7LZkJ+j3VGVPX50rD4BW1SjiHw5Hil+mb9tR6z2OMHFhoMYMYhOL4HSRnv3Nj4Xg1f1BfKwYVt4KZe1rnUmqJFVXk0iwdPv71JYh96Rj1CeaYCSG3PhL1CctmEtzfeVFX++kCM1PXeQsJtGEGiITu2FBBFzdheqTxdC9/LOnM9WgmqhVYoScwqo43O34sUx2oJAgMBAAGjggLhMIIC3TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUKL0O8nlF4pVkpaFcldo1cKl5FJQwIQYDVR0RBBowGIILKi5hZG9iZS5jb22CCWFkb2JlLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFm6OYBSAAABAMARjBEAiAGzoFtL3H38sDIqCoGUtHh+mft+u6+95qWVkiz6tckEAIgNIqKfTS1ssN9aslsQmNTqxw00g0VQRqLRx/yqDpOEmAAdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWbo5gIhAAAEAwBHMEUCIFCsSzZXC6mRE0/g7xTRXY94byQOwpjY13VAd0nv+VdIAiEA0hop7zM0YHyWGkiK1emLlPEj8tpv2L0uo/eC5AfqdMAwDQYJKoZIhvcNAQELBQADggEBAApznoYz6ONoMxctjevgb6j9S3Nne3QdHSbAHzQeYzClDxIJNg=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"184.50.35.161","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57026,"event_start":1565200422.462731} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((ff01)(0000)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGNzCCBR+gAwIBAgIQCg503M6e7LVhG69g0BbsbzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA2MDAwMDAwWhcNMjAwMjA1MTIwMDAwWjB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMQswCQYDVQQLEwJJUzEUMBIGA1UEAwwLKi5hZG9iZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxHy02hH5awt6eB0ZB5yfF3ZQO+955tDn+W6IfR+yLQFIi931YwkIxAM7M2VD1bm760h29lI6RiYFpiW0oPUnkt8zEpdayi2OHH5Ap6nQSDlEHW9BQpMXLBVep0HG6e8Qz2uiW84K8qlERWRBoDf7LZkJ+j3VGVPX50rD4BW1SjiHw5Hil+mb9tR6z2OMHFhoMYMYhOL4HSRnv3Nj4Xg1f1BfKwYVt4KZe1rnUmqJFVXk0iwdPv71JYh96Rj1CeaYCSG3PhL1CctmEtzfeVFX++kCM1PXeQsJtGEGiITu2FBBFzdheqTxdC9/LOnM9WgmqhVYoScwqo43O34sUx2oJAgMBAAGjggLhMIIC3TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUKL0O8nlF4pVkpaFcldo1cKl5FJQwIQYDVR0RBBowGIILKi5hZG9iZS5jb22CCWFkb2JlLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFm6OYBSAAABAMARjBEAiAGzoFtL3H38sDIqCoGUtHh+mft+u6+95qWVkiz6tckEAIgNIqKfTS1ssN9aslsQmNTqxw00g0VQRqLRx/yqDpOEmAAdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWbo5gIhAAAEAwBHMEUCIFCsSzZXC6mRE0/g7xTRXY94byQOwpjY13VAd0nv+VdIAiEA0hop7zM0YHyWGkiK1emLlPEj8tpv2L0uo/eC5AfqdMAwDQYJKoZIhvcNAQELBQADggEBAApznoYz6ONoMxctjevgb6j9S3Nne3QdHSbAHzQeYzClDxIJNp/Ob+38tShcMwpu2lBFb0QL3QNRwOZ5xQk4O0h+ul0t1YVDKJw9Mz2qwuOt4mUp+u764vmHDrvZxJxGQ/c6oTsm4biRKBZbI6PTXwz61DhsQ2jtWNATNGWDsdv6MS2F12blpNFdOVzXVOWRb+E7fbZC9VU0l760VFrYB/UuLJ7xb7+3fN04l1KFQE2wtfwdbVZEdYe72eNxIZDmIPxFFotlyzhdsWoGV3WGXTbjVzc3vb3SRQ3E4QTouANow1YA3wwRJWEarmiPN7L+P4sMrDAYF2im1b2YY2Iem+Y="},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"184.50.35.161","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57026,"event_start":1565200422.462963} {"dns":{"base64":"Dg8BAAABAAAAAAAABmFwYWNoZQNvcmcAAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":42949,"dst_port":53,"event_start":1565200422.709093} @@ -486,7 +486,7 @@ {"dns":{"base64":"Dg+BgAABAAIABgAMBmFwYWNoZQNvcmcAAAEAAcAMAAEAAQAAAAUABF/YGCDADAABAAEAAAAFAAQoT04BwBMAAgABAAAABQAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMATAAIAAQAAAAUABQJjMMBLwBMAAgABAAAABQAVAmIwA29yZwthZmlsaWFzLW5zdMATwBMAAgABAAAABQAFAmEywEvAEwACAAEAAAAFAAUCZDDAgcATAAIAAQAAAAUABQJiMsCBwEgAAQABAAAABQAExxM4AcCfAAEAAQAAAAUABMf5cAHAfgABAAEAAAAFAATHEzYBwMEAAQABAAAABQAEx/l4AcBtAAEAAQAAAAUABMcTNQHAsAABAAEAAAAFAATHEzkBwEgAHAABAAAABQAQIAEFAAAOAAAAAAAAAAAAAcCfABwAAQAAAAUAECABBQAAQAAAAAAAAAAAAAHAfgAcAAEAAAAFABAgAQUAAAwAAAAAAAAAAAABwMEAHAABAAAABQAQIAEFAABIAAAAAAAAAAAAAcBtABwAAQAAAAUAECABBQAACwAAAAAAAAAAAAHAsAAcAAEAAAAFABAgAQUAAA8AAAAAAAAAAAAB"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":42949,"event_start":1565200422.753323} {"dns":{"base64":"q/2BgAABAAAAAQAABmFwYWNoZQNvcmcAABwAAcAMAAYAAQAAAAUAPANuczIHc3VyZm5ldAJubAAVaG9zdG1hc3Rlci0yMDA1LWFscGhhwAx4WLk0AAAOEAAAA4QACTqAAAAOEA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36419,"event_start":1565200422.755408} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"95.216.24.32","protocol":6,"src_port":50428,"dst_port":443,"event_start":1565200422.755645} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"apache.org"}},"src_ip":"192.168.113.237","dst_ip":"95.216.24.32","protocol":6,"src_port":50428,"dst_port":443,"event_start":1565200422.920415} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"apache.org","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000d00000a6170616368652e6f7267\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00209546be59b60942dbbfd5044a20ee7f5925c88112d06816010e77a16c56ffea4f\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"95.216.24.32","protocol":6,"src_port":50428,"dst_port":443,"event_start":1565200422.920415} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGbzCCBVegAwIBAgIRAIk8VkaPe0wk+AMX0nAFalswDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xOTA3MDEwMDAwMDBaFw0yMTA2MzAyMzU5NTlaMFkxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQxFTATBgNVBAMMDCouYXBhY2hlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCOPYE/2bjXXHBCii4IappWRj1rvuNtPfN4CyBvSeT8PX8GzgioOv6/QNBQ8xMQyFQoQOKAQ3kKY1VbHtyHBnXB7PVENeXF9ATB8D/G1b2Mh7D7HXHFgKH4oA=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"95.216.24.32","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":50428,"event_start":1565200423.089947} {"fingerprints":{"tls_server":"tls_server/(0303)(c030)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGbzCCBVegAwIBAgIRAIk8VkaPe0wk+AMX0nAFalswDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xOTA3MDEwMDAwMDBaFw0yMTA2MzAyMzU5NTlaMFkxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2lsZGNhcmQxFTATBgNVBAMMDCouYXBhY2hlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCOPYE/2bjXXHBCii4IappWRj1rvuNtPfN4CyBvSeT8PX8GzgioOv6/QNBQ8xMQyFQoQOKAQ3kKY1VbHtyHBnXB7PVENeXF9ATB8D/G1b2Mh7D7HXHFgKH4oDEIRZABak4kuOcplgnqV8dhIvpdyN7bUkDzGutKS5cKROIMG7k6VrcdxsFrmnaYedh/mqEEGTz/WF3cWKiWIQftHNMvuqF/CWLqkuQFt2IPHr/Flg70HxSYpMW+ZhLZ0VSJTXf6Bs0XRUk3ADuZJhQY5bPAh3xzvpVCY7C1c7F3kbX9X2MKvJDzpcMgLQ9zvjFfqAsGehTC1pm9SC/QBu0yHCqnVykCAwEAAaOCAvkwggL1MB8GA1UdIwQYMBaAFI2MXsRUrYrhd+mb+ZsF4bgBjWHhMB0GA1UdDgQWBBRe2N1Z7wYz82ZGAeeh++C/zsujhTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICBzAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwgYQGCCsGAQUFBwEBBHgwdjBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wIwYDVR0RBBwwGoIMKi5hcGFjaGUub3JnggphcGFjaGUub3JnMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWuvQIWkAAAEAwBIMEYCIQCitZL3CSKKG5roV4KZhA7D/nDIpnehh3ewg/kUekofkwIhALTO4DcZ297TxvHvJCyvI9KLuFAVZqPwKBJJpREKRWmQAHUARJRlLrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFrr0CFzgAABAMARjBEAiA2YAeKi+G8qGoeDL8Zy63z2sglcYthlhiACASoFlI5EQIgFWoG+X3ZoD+V+Yt1nSj/DEoplgCea7yumRzGyEJqE/8AdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWuvQIYVAAAEAwBGMEQCICsBcD3xmBKyEmPFCsH3rnXjrpaRr+CbPhUSrvgViIuGAiAmaGGhyn97cREmFO0sCK2Kcejh9pxreGNC0wxm7T/ZtzANBgkqhkiG9w0BAQsFAAOCAQEAHBUIUmW7N3FMHGJ7UTEdvcWSHv1IpyeIa2FC6iUV1+GDmbyXAwFB2sXTWcqkxg64U0uvlE+Iu1jcypmEPaPUK7QPDko6kGH4Iuq7L/kA2dc9jngs8Ks0zbUx489lCw3WllkVEsa6NRWZLrNusGh7NnYBDTaaT8vmGU1VbMoEbUAc1lTeZ2zVYUkhS0SxTDK0L2pxmOowjUVp9AeMm/pR9Zt1fyKhO4gOAinR0Z33Cu2hRgH4eho2yCUEKGuNDYOqqQgOlta0b+t88lOps24Soq1A+W6dVVOwjf1g/gHcMZ6eYIFFXpFH6WLd8jsUrdP6CeJDRhUBeSQQADUcKc+lLA=="},{"base64":"MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgxMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+NTQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkjeocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0EoKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBskHaswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotYuK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/HukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGiH19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUxRP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLvxvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyALl6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhYLcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K00u/I5sUKUErmgQfky3xxzlIPK1aEn8="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"95.216.24.32","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":50428,"event_start":1565200423.090512} {"dns":{"base64":"f28BAAABAAAAAAAABWRyaXZlBmdvb2dsZQNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":50142,"dst_port":53,"event_start":1565200423.942464} @@ -494,17 +494,17 @@ {"dns":{"base64":"f2+BgAABAAEADQAOBWRyaXZlBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAAAUABKzZDe7AGQACAAEAAAAFABQBYgxndGxkLXNlcnZlcnMDbmV0AMAZAAIAAQAAAAUABAFnwEDAGQACAAEAAAAFAAQBaMBAwBkAAgABAAAABQAEAWHAQMAZAAIAAQAAAAUABAFkwEDAGQACAAEAAAAFAAQBZsBAwBkAAgABAAAABQAEAWzAQMAZAAIAAQAAAAUABAFjwEDAGQACAAEAAAAFAAQBacBAwBkAAgABAAAABQAEAWvAQMAZAAIAAQAAAAUABAFlwEDAGQACAAEAAAAFAAQBasBAwBkAAgABAAAABQAEAW3AQMB+AAEAAQAAAAUABMAFBh7APgABAAEAAAAFAATAIQ4ewL4AAQABAAAABQAEwBpcHsCOAAEAAQAAAAUABMAfUB7A7gABAAEAAAAFAATADF4ewJ4AAQABAAAABQAEwCMzHsBeAAEAAQAAAAUABMAqXR7AbgABAAEAAAAFAATANnAewM4AAQABAAAABQAEwCusHsD+AAEAAQAAAAUABMAwTx7A3gABAAEAAAAFAATANLIewK4AAQABAAAABQAEwCmiHsEOAAEAAQAAAAUABMA3Ux7AfgAcAAEAAAAFABAgAQUDqD4AAAAAAAAAAgAw"},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":50142,"event_start":1565200423.978069} {"dns":{"base64":"hSmBgAABAAEADQANBWRyaXZlBmdvb2dsZQNjb20AABwAAcAMABwAAQAAAAUAECYH+LBABAgJAAAAAAAAIA7AGQACAAEAAAAFABQBZgxndGxkLXNlcnZlcnMDbmV0AMAZAAIAAQAAAAUABAFpwEzAGQACAAEAAAAFAAQBbcBMwBkAAgABAAAABQAEAWfATMAZAAIAAQAAAAUABAFowEzAGQACAAEAAAAFAAQBYcBMwBkAAgABAAAABQAEAWrATMAZAAIAAQAAAAUABAFkwEzAGQACAAEAAAAFAAQBbMBMwBkAAgABAAAABQAEAWLATMAZAAIAAQAAAAUABAFrwEzAGQACAAEAAAAFAAQBY8BMwBkAAgABAAAABQAEAWXATMCqAAEAAQAAAAUABMAFBh7A6gABAAEAAAAFAATAIQ4ewQoAAQABAAAABQAEwBpcHsDKAAEAAQAAAAUABMAfUB7BGgABAAEAAAAFAATADF4ewEoAAQABAAAABQAEwCMzHsCKAAEAAQAAAAUABMAqXR7AmgABAAEAAAAFAATANnAewGoAAQABAAAABQAEwCusHsC6AAEAAQAAAAUABMAwTx7A+gABAAEAAAAFAATANLIewNoAAQABAAAABQAEwCmiHsB6AAEAAQAAAAUABMA3Ux4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":51736,"event_start":1565200423.978091} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.13.238","protocol":6,"src_port":48740,"dst_port":443,"event_start":1565200423.978696} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"drive.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.13.238","protocol":6,"src_port":48740,"dst_port":443,"event_start":1565200424.019036} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"drive.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001300001064726976652e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020a8bfde82da7962d3127f3c909d0cda59d5464c2fd380ceb81567ad9ba2eb8d39\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.13.238","protocol":6,"src_port":48740,"dst_port":443,"event_start":1565200424.019036} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.13.238","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":48740,"event_start":1565200424.075206} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57092,"dst_port":443,"event_start":1565200424.183956} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57092,"dst_port":443,"event_start":1565200424.223156} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00160000136163636f756e74732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00207238a2fdd5f44b414659ce951f80bdd6e0207483ccff8b3225592cb7e6bd406f\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57092,"dst_port":443,"event_start":1565200424.223156} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.141","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57092,"event_start":1565200424.273936} {"dns":{"base64":"VBUBAAABAAAAAAAAC3NvdXJjZWZvcmdlA25ldAAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":48267,"dst_port":53,"event_start":1565200424.554433} {"dns":{"base64":"mNwBAAABAAAAAAAAC3NvdXJjZWZvcmdlA25ldAAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":36467,"dst_port":53,"event_start":1565200424.554614} {"dns":{"base64":"VBWBgAABAAEADQAOC3NvdXJjZWZvcmdlA25ldAAAAQABwAwAAQABAAAABQAE2GkmDcAYAAIAAQAAAAUAEQFhDGd0bGQtc2VydmVyc8AYwBgAAgABAAAABQAEAWrAP8AYAAIAAQAAAAUABAFiwD/AGAACAAEAAAAFAAQBZ8A/wBgAAgABAAAABQAEAWPAP8AYAAIAAQAAAAUABAFpwD/AGAACAAEAAAAFAAQBZsA/wBgAAgABAAAABQAEAWTAP8AYAAIAAQAAAAUABAFrwD/AGAACAAEAAAAFAAQBbMA/wBgAAgABAAAABQAEAW3AP8AYAAIAAQAAAAUABAFowD/AGAACAAEAAAAFAAQBZcA/wD0AAQABAAAABQAEwAUGHsBqAAEAAQAAAAUABMAhDh7AigABAAEAAAAFAATAGlwewLoAAQABAAAABQAEwB9QHsEKAAEAAQAAAAUABMAMXh7AqgABAAEAAAAFAATAIzMewHoAAQABAAAABQAEwCpdHsD6AAEAAQAAAAUABMA2cB7AmgABAAEAAAAFAATAK6wewFoAAQABAAAABQAEwDBPHsDKAAEAAQAAAAUABMA0sh7A2gABAAEAAAAFAATAKaIewOoAAQABAAAABQAEwDdTHsA9ABwAAQAAAAUAECABBQOoPgAAAAAAAAACADA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":48267,"event_start":1565200424.589642} {"dns":{"base64":"mNyBgAABAAAAAQAAC3NvdXJjZWZvcmdlA25ldAAAHAABwAwABgABAAAABQBEA25zMAtkbnNtYWRlZWFzeQNjb20ACmhvc3RtYXN0ZXINc2xhc2hkb3RtZWRpYcA9eDCKtAAAOEAAAAJYAAk6gAAAASw="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36467,"event_start":1565200424.589661} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"216.105.38.13","protocol":6,"src_port":38020,"dst_port":443,"event_start":1565200424.590092} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"sourceforge.net"}},"src_ip":"192.168.113.237","dst_ip":"216.105.38.13","protocol":6,"src_port":38020,"dst_port":443,"event_start":1565200424.693022} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"sourceforge.net","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f736f75726365666f7267652e6e6574\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002035c8d6bc5fb8131789a03c37193407efe3ac28878ff68254c63827dce318423d\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"216.105.38.13","protocol":6,"src_port":38020,"dst_port":443,"event_start":1565200424.693022} {"fingerprints":{"tls_server":"tls_server/(0303)(c02c)((ff01)(0000)(000b000403000102)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIEoDCCA4igAwIBAgISBKbL6QrgO3xDTJZOO3tXGmUvMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA3MDEwNDI1MDJaFw0xOTA5MjkwNDI1MDJaMBoxGDAWBgNVBAMTD3NvdXJjZWZvcmdlLm5ldDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDjTvn1kq6tYg6aY+N9LbwE7Z1LrGaiic+r55oOrh3/d30LYpUqE33eayUf+8vPXkC1cC4cpEf/ZgaS5zJPm3cijggJ5MIICdTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAtiZwF/pwuFNKll1NpJF0u4GAZXMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYDVR0RBCYwJIIRKi5zb3VyY2Vmb3JnZS5uZXSCD3NvdXJjZWZvcmdlLm5ldDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABa6v+XZ0AAAQDAEgwRgIhAMGoaiHGWej89vxqnqxUT6x5ueZ+hCHan11o6QB0zMs1AiEA47PrK3t+kqZ9Nac7uZLzxRGDgJEb0net+TO7cW43f3oAdwApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWur/l1pAAAEAwBIMEYCIQDzDZUXOPY9hBGjyp1joEoi84Do1u/ECBjTFDWVWRicygIhAK6GvHud6ooxSeP2S79OnqFOePMsgZla2mVFTgMxM9vGMA0GCSqGSIb3DQEBCwUAA4IBAQAM3uIbCfc1nkCLpLR6YyeLMiqQa06toFC6C0WhAYR+72s530m3Ak25kLB/XoXm2C41SkA1UC0vBcwRFdzkK2dbxz3+iHt282zMntVXVY90aKoRTEh/9IdwbdrdaHYJveuF/pEcIxV4UymD/RiT3cIg+B0Ebpju96HiktQC4Si+Z8g79EeoDtH2/au9F9N0H2Z3XROHRlz672Jp6DEJ3xardlzdmHDiyxM0rg1s402rGGYIf/4zhT0ffEfksrr3tM6tSw4Oynzj"}]}},"reassembly_properties":{"truncated":true},"src_ip":"216.105.38.13","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":38020,"event_start":1565200424.792307} {"fingerprints":{"tls_server":"tls_server/(0303)(c02c)((ff01)(0000)(000b000403000102)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIEoDCCA4igAwIBAgISBKbL6QrgO3xDTJZOO3tXGmUvMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA3MDEwNDI1MDJaFw0xOTA5MjkwNDI1MDJaMBoxGDAWBgNVBAMTD3NvdXJjZWZvcmdlLm5ldDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDjTvn1kq6tYg6aY+N9LbwE7Z1LrGaiic+r55oOrh3/d30LYpUqE33eayUf+8vPXkC1cC4cpEf/ZgaS5zJPm3cijggJ5MIICdTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAtiZwF/pwuFNKll1NpJF0u4GAZXMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYDVR0RBCYwJIIRKi5zb3VyY2Vmb3JnZS5uZXSCD3NvdXJjZWZvcmdlLm5ldDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABa6v+XZ0AAAQDAEgwRgIhAMGoaiHGWej89vxqnqxUT6x5ueZ+hCHan11o6QB0zMs1AiEA47PrK3t+kqZ9Nac7uZLzxRGDgJEb0net+TO7cW43f3oAdwApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWur/l1pAAAEAwBIMEYCIQDzDZUXOPY9hBGjyp1joEoi84Do1u/ECBjTFDWVWRicygIhAK6GvHud6ooxSeP2S79OnqFOePMsgZla2mVFTgMxM9vGMA0GCSqGSIb3DQEBCwUAA4IBAQAM3uIbCfc1nkCLpLR6YyeLMiqQa06toFC6C0WhAYR+72s530m3Ak25kLB/XoXm2C41SkA1UC0vBcwRFdzkK2dbxz3+iHt282zMntVXVY90aKoRTEh/9IdwbdrdaHYJveuF/pEcIxV4UymD/RiT3cIg+B0Ebpju96HiktQC4Si+Z8g79EeoDtH2/au9F9N0H2Z3XROHRlz672Jp6DEJ3xardlzdmHDiyxM0rg1s402rGGYIf/4zhT0ffEfksrr3tM6tSw4OynzjWVAIUCvA6qmUoIg7Wt/NhaFKF9mpyZU/tmjTwiDMVU6v4/bQEgyS3tz3IRfXbYs9S6K/DKSGDMDZ"},{"base64":"MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg=="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"216.105.38.13","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":38020,"event_start":1565200424.792424} {"dns":{"base64":"CMoBAAABAAAAAAAAB255dGltZXMDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":36113,"dst_port":53,"event_start":1565200425.457399} @@ -512,7 +512,7 @@ {"dns":{"base64":"CMqBgAABAAQABAAFB255dGltZXMDY29tAAABAAHADAABAAEAAAAFAASXZUGkwAwAAQABAAAABQAEl2WBpMAMAAEAAQAAAAUABJdlAaTADAABAAEAAAAFAASXZcGkwAwAAgABAAAABQAUA25zMgNwMjQGZHluZWN0A25ldADADAACAAEAAAAFAAYDbnMzwG3ADAACAAEAAAAFAAYDbnM0wG3ADAACAAEAAAAFAAYDbnMxwG3ArQABAAEAAAAFAATQTkYYwGkAAQABAAAABQAEzA36GMCJAAEAAQAAAAUABNBORxjAmwABAAEAAAAFAATMDfsYwIkAHAABAAAABQAQIAEFAACUAAEAAAAAAAAAJA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36113,"event_start":1565200425.502400} {"dns":{"base64":"kaeBgAABAAAAAQAAB255dGltZXMDY29tAAAcAAHADAAGAAEAAAAFADUDbnMxA3AyNAZkeW5lY3QDbmV0AApob3N0bWFzdGVywAx4OmA/AAABLAAAAJYAEnUAAAABLA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":36967,"event_start":1565200425.503786} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"151.101.65.164","protocol":6,"src_port":32810,"dst_port":443,"event_start":1565200425.504157} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"nytimes.com"}},"src_ip":"192.168.113.237","dst_ip":"151.101.65.164","protocol":6,"src_port":32810,"dst_port":443,"event_start":1565200425.542021} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"nytimes.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000e00000b6e7974696d65732e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00207f367d60250655cabb18d34c84cc5b14cd0a95e906135dd76aee622b2b541c17\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"151.101.65.164","protocol":6,"src_port":32810,"dst_port":443,"event_start":1565200425.542021} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIJhTCCCG2gAwIBAgIRAL/WIxvqWarWy1Zu0IeNYO0wDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYDVQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTI5MDAwMDAwWhcNMjAwMTE4MjM1OTU5WjCBxDELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTEwMDE4MREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFDASBgNVBAkTCzYyMCA4dGggQXZlMRswGQYDVQQKExJUaGUgTmV3IFlvcmsgVGltZXMxGzAZBgNVBAsTElRoZSBOZXcgWW9yayBUaW1lczEZMBcGA1UECxMQTXVsdGktRG9tYWluIFNTTDEUMBIGA1UEAxMLbnl0aW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqpbxBef7yIpiL7/xkUbY2RvDRMmjPiv/HMaFM4KjqowJg2JTbqJmFhiJFuzKndVcUIpO37lVQ/Oallob9fPBYcqAf0e6gFgueeucjHXPnID44qnZGFwj0wtnNmy7ItckEEVhT2OaCpROaeUI4jWHj83NkAnxKHDDuH472BfRNeBgmsoXwdywV421vL9A1yhOpkvNrZBrj6u32i3Fz1+GtSnh4j4LvVC8ewXz3k70YH32gnkAaPOW/X0xTGJ63cqMIuVKq6dBCmhzCbPzVBerr581FuXJ2Cyq/7242H/+XOu+h86nbETzG44TuoxOG2fnd+WhuUUKGKo6M5D3zjlw9AgMBAAGjggWcMIIFmDAfBgNVHSMEGDAWgBSa8yvaz61Pti+7KkhIKhK3G0LBJDAdBgNVHQ4EFgQUhiKsBlfdhdBgPQMAt93uFtyZBTQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFAGA1UdIARJMEcwOwYMKwYBBAGyMQECAQMEMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vYw=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"151.101.65.164","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":32810,"event_start":1565200425.582018} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIJhTCCCG2gAwIBAgIRAL/WIxvqWarWy1Zu0IeNYO0wDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYDVQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTI5MDAwMDAwWhcNMjAwMTE4MjM1OTU5WjCBxDELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTEwMDE4MREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFDASBgNVBAkTCzYyMCA4dGggQXZlMRswGQYDVQQKExJUaGUgTmV3IFlvcmsgVGltZXMxGzAZBgNVBAsTElRoZSBOZXcgWW9yayBUaW1lczEZMBcGA1UECxMQTXVsdGktRG9tYWluIFNTTDEUMBIGA1UEAxMLbnl0aW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqpbxBef7yIpiL7/xkUbY2RvDRMmjPiv/HMaFM4KjqowJg2JTbqJmFhiJFuzKndVcUIpO37lVQ/Oallob9fPBYcqAf0e6gFgueeucjHXPnID44qnZGFwj0wtnNmy7ItckEEVhT2OaCpROaeUI4jWHj83NkAnxKHDDuH472BfRNeBgmsoXwdywV421vL9A1yhOpkvNrZBrj6u32i3Fz1+GtSnh4j4LvVC8ewXz3k70YH32gnkAaPOW/X0xTGJ63cqMIuVKq6dBCmhzCbPzVBerr581FuXJ2Cyq/7242H/+XOu+h86nbETzG44TuoxOG2fnd+WhuUUKGKo6M5D3zjlw9AgMBAAGjggWcMIIFmDAfBgNVHSMEGDAWgBSa8yvaz61Pti+7KkhIKhK3G0LBJDAdBgNVHQ4EFgQUhiKsBlfdhdBgPQMAt93uFtyZBTQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFAGA1UdIARJMEcwOwYMKwYBBAGyMQECAQMEMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTCCAtQGA1UdEQSCAsswggLHggtueXRpbWVzLmNvbYIVKi5hcGkuZGV2Lm55dGltZXMuY29tghEqLmFwaS5ueXRpbWVzLmNvbYIVKi5hcGkuc3RnLm55dGltZXMuY29tgg4qLmJldGEubnl0Lm5ldIITKi5ibG9ncy5ueXRpbWVzLmNvbYIXKi5ibG9ncy5zdGcubnl0aW1lcy5jb22CGCouYmxvZ3M1LnN0Zy5ueXRpbWVzLmNvbYISKi5kZXYuYmV0YS5ueXQubmV0ghcqLmRldi5ibG9ncy5ueXRpbWVzLmNvbYINKi5kZXYubnl0LmNvbYINKi5kZXYubnl0Lm5ldIIRKi5kZXYubnl0aW1lcy5jb22CDSoubmV3c2Rldi5uZXSCESoubmV3c2Rldi5ueXQubmV0ghUqLm5ld3NkZXYubnl0aW1lcy5jb22CCSoubnl0LmNvbYIJKi5ueXQubmV0ggsqLm55dGNvLmNvbYINKi5ueXRpbWVzLmNvbYIZKi5wYXlmbG93LnNieC5ueXRpbWVzLmNvbYIRKi5zYngubnl0aW1lcy5jb22CEiouc3RnLmJldGEubnl0Lm5ldIIXKi5zdGcuYmxvZ3Mubnl0aW1lcy5jb22CESouc3RnLm5ld3NkZXYubmV0ghUqLnN0Zy5uZXdzZGV2Lm55dC5uZXSCGSouc3RnLm5ld3NkZXYubnl0aW1lcy5jb22CDSouc3RnLm55dC5jb22CDSouc3RnLm55dC5uZXSCESouc3RnLm55dGltZXMuY29tghAqLnRpbWVzdGFsa3MuY29tggtuZXdzZGV2Lm5ldIIHbnl0LmNvbYIHbnl0Lm5ldIIJbnl0Y28uY29tgg50aW1lc3RhbGtzLmNvbYIbd3d3LmJlc3RzZWxsZXJzLm55dGltZXMuY29tghx3d3cuaG9tZWRlbGl2ZXJ5Lm55dGltZXMuY29tMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFnYAxysQAABAMARzBFAiBsjMEzQ01LJnfg8SWtJi+wQ/2NrVih667zOk9JD/KAxwIhAOvJND92OVh2cozY7QXv0vsfzWszxn9tEVaNc3ezXlQDAHUAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFnYAxzBgAABAMARjBEAiBFD4mv+quaSJL/sb4Jb0zh1w6xe+NBCLxCgr2DLtCZIwIgICd9NO8Mj0obKpS0eB49ZNlj3J7JjKMXCQJGGSlfyIgwDQYJKoZIhvcNAQELBQADggEBAEdGZx2Iilb59sTUqgyo92XdwUxpEXUD25W06NhOezqUJHfw7YxsCuXdSNPAcoMgVuvEo2A4JG9skf62rBFar6sdsBy1OucP/njdSXTN5XuTOwaxO/g4uF8iGGrdR6pYjyeh9DcaIPCPagOxMi0QLd32twYeBzRuZG4sc6JGdmEo9z4Xw5SHkm+x88cLuBiTlcsYgVTFhW+LFwNbILArbP+BCRCTJvOfyevlPpxHGRs2HA/k0LUOvx6MjCj7Xk8i36OxwBkYLr5HDZ2dapAOGKy+tZrOX2z13u4v0J/Ctz93eUTpt9nCObmbPHxOlP3MRRQwnUyMbFh8qrnLPXjl23o="},{"base64":"MIIGDjCCA/agAwIBAgIQNoJef7WkgZN+9tFza7k8pjANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPDA6BgNVBAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkU2YXyQURX/zBEHtw8RKMXuG4B+KNfwqkhHc5Z9OzziKkJMjyxi2OkPic284/5OGYuB5dBj0um3cNfnnM858ogDU98MgXPwS5IZUqF0B9WMW2O5cYy1Bu8n32W/JjXT/j0WFb440W+kRiC5Iq+r81SN1GHTx6Xweg6rvn/RuRlPz/DR4MvzLhCXi1+91porl1LwKY1IfWGo8hJi5hjYA3JIUjCkjBlRrKGNQRCJX6tp05LEkAAeohoXG+fo6R4ESGuPQsOvkUUI8/rddf2oPG8RWxevKEy7PNYeEIoCzoBdvDFoJ7BaXDej0umed/ydrbjDxN8GDuxUWxqIDnOnmkCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSa8yvaz61Pti+7KkhIKhK3G0LBJDAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAGmKNmiaHjtlC+B8z6arcTuvYaQ/5GQBSRDTHY/i1e1n055bl71CHgf50Ltt9zKVWiIpYvgMnFlWJzagIhIR+kf0UclZeylKpUg1fMWXZuAnJTsVejJ1SpH7pmue4lP6DYwT+yO4CxIsru3bHUeQ1dCTaXaROBU01xjqfrxrWN4qOZADRARKVtho5fV8aX6efVRL0NiGq2dmE1deiSoXrS2uvUAOZu2K/1S0wQHLqeBHuhFhj62uI0gqxiV5iRxBBJXAEepXK9a0l/qx6RVi7Epxd/3zoZza9msAKcUy5/pO6rMqpxiXHFinQjZf7BTP+HsO993MiBWamlzI8SDH0YZyoRebrrr+bKgy0QB2SXP3PyeHPLbJLfqqkJDJCgmfyWkfBxmpv966+AuIgkQWEH8HwIAiX3+8MN66zQd5ZFbY//NPnDC7bh5RS+bNvRfExb/IP46xH4pGtwZDb2Itz1GdRcqK6ROLwMeRvlu2+jdKif7wndoTJiIsBpA+ixOYoBnW3dpKSH89D4mdJHJLDntE/9Q2toN2I1iLFGy4XfdhbTl27d0SPWuHiJeRvsBGAh52HN22r1xP9QDWnE2p4J6ijvyxFnlcIdNFgZoMOWxtKNcl0rcRkND23m9e9Pqki2Z3ci+bkEAsUhJg+f+1cC6JmnkJiYEt7Fx4b4GH8fxV"},{"base64":"MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNwAHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onrayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IEIlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfOKJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPOGHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQzbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfjJw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLYUspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9HvxPUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vRpu/xO28QOG8="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"151.101.65.164","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":32810,"event_start":1565200425.583059} {"dns":{"base64":"dA4BAAABAAAAAAAAA3d3dwdueXRpbWVzA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":58499,"dst_port":53,"event_start":1565200425.677119} @@ -522,7 +522,7 @@ {"dns":{"base64":"incBAAABAAAAAAAAB255dGltZXMDbWFwBmZhc3RseQNuZXQAABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":55471,"dst_port":53,"event_start":1565200425.717892} {"dns":{"base64":"ineBgAABAAAAAQAAB255dGltZXMDbWFwBmZhc3RseQNuZXQAABwAAcAYAAYAAQAAAAUAMQNuczHAGApob3N0bWFzdGVyBmZhc3RseQNjb20AeDnGKQAADhAAAAJYAAk6gAAAAB4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":55471,"event_start":1565200425.758737} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"151.101.129.164","protocol":6,"src_port":53270,"dst_port":443,"event_start":1565200425.759152} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.nytimes.com"}},"src_ip":"192.168.113.237","dst_ip":"151.101.129.164","protocol":6,"src_port":53270,"dst_port":443,"event_start":1565200425.802611} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.nytimes.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001200000f7777772e6e7974696d65732e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020c9385781db5b38086f3afa475726b0d6bb82273789049e413d157b01cd0f7d21\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"151.101.129.164","protocol":6,"src_port":53270,"dst_port":443,"event_start":1565200425.802611} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIJhTCCCG2gAwIBAgIRAL/WIxvqWarWy1Zu0IeNYO0wDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYDVQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTI5MDAwMDAwWhcNMjAwMTE4MjM1OTU5WjCBxDELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTEwMDE4MREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFDASBgNVBAkTCzYyMCA4dGggQXZlMRswGQYDVQQKExJUaGUgTmV3IFlvcmsgVGltZXMxGzAZBgNVBAsTElRoZSBOZXcgWW9yayBUaW1lczEZMBcGA1UECxMQTXVsdGktRG9tYWluIFNTTDEUMBIGA1UEAxMLbnl0aW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqpbxBef7yIpiL7/xkUbY2RvDRMmjPiv/HMaFM4KjqowJg2JTbqJmFhiJFuzKndVcUIpO37lVQ/Oallob9fPBYcqAf0e6gFgueeucjHXPnID44qnZGFwj0wtnNmy7ItckEEVhT2OaCpROaeUI4jWHj83NkAnxKHDDuH472BfRNeBgmsoXwdywV421vL9A1yhOpkvNrZBrj6u32i3Fz1+GtSnh4j4LvVC8ewXz3k70YH32gnkAaPOW/X0xTGJ63cqMIuVKq6dBCmhzCbPzVBerr581FuXJ2Cyq/7242H/+XOu+h86nbETzG44TuoxOG2fnd+WhuUUKGKo6M5D3zjlw9AgMBAAGjggWcMIIFmDAfBgNVHSMEGDAWgBSa8yvaz61Pti+7KkhIKhK3G0LBJDAdBgNVHQ4EFgQUhiKsBlfdhdBgPQMAt93uFtyZBTQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFAGA1UdIARJMEcwOwYMKwYBBAGyMQECAQMEMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vYw=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"151.101.129.164","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":53270,"event_start":1565200425.845971} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIJhTCCCG2gAwIBAgIRAL/WIxvqWarWy1Zu0IeNYO0wDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYDVQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTI5MDAwMDAwWhcNMjAwMTE4MjM1OTU5WjCBxDELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTEwMDE4MREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFDASBgNVBAkTCzYyMCA4dGggQXZlMRswGQYDVQQKExJUaGUgTmV3IFlvcmsgVGltZXMxGzAZBgNVBAsTElRoZSBOZXcgWW9yayBUaW1lczEZMBcGA1UECxMQTXVsdGktRG9tYWluIFNTTDEUMBIGA1UEAxMLbnl0aW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqpbxBef7yIpiL7/xkUbY2RvDRMmjPiv/HMaFM4KjqowJg2JTbqJmFhiJFuzKndVcUIpO37lVQ/Oallob9fPBYcqAf0e6gFgueeucjHXPnID44qnZGFwj0wtnNmy7ItckEEVhT2OaCpROaeUI4jWHj83NkAnxKHDDuH472BfRNeBgmsoXwdywV421vL9A1yhOpkvNrZBrj6u32i3Fz1+GtSnh4j4LvVC8ewXz3k70YH32gnkAaPOW/X0xTGJ63cqMIuVKq6dBCmhzCbPzVBerr581FuXJ2Cyq/7242H/+XOu+h86nbETzG44TuoxOG2fnd+WhuUUKGKo6M5D3zjlw9AgMBAAGjggWcMIIFmDAfBgNVHSMEGDAWgBSa8yvaz61Pti+7KkhIKhK3G0LBJDAdBgNVHQ4EFgQUhiKsBlfdhdBgPQMAt93uFtyZBTQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFAGA1UdIARJMEcwOwYMKwYBBAGyMQECAQMEMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTCCAtQGA1UdEQSCAsswggLHggtueXRpbWVzLmNvbYIVKi5hcGkuZGV2Lm55dGltZXMuY29tghEqLmFwaS5ueXRpbWVzLmNvbYIVKi5hcGkuc3RnLm55dGltZXMuY29tgg4qLmJldGEubnl0Lm5ldIITKi5ibG9ncy5ueXRpbWVzLmNvbYIXKi5ibG9ncy5zdGcubnl0aW1lcy5jb22CGCouYmxvZ3M1LnN0Zy5ueXRpbWVzLmNvbYISKi5kZXYuYmV0YS5ueXQubmV0ghcqLmRldi5ibG9ncy5ueXRpbWVzLmNvbYINKi5kZXYubnl0LmNvbYINKi5kZXYubnl0Lm5ldIIRKi5kZXYubnl0aW1lcy5jb22CDSoubmV3c2Rldi5uZXSCESoubmV3c2Rldi5ueXQubmV0ghUqLm5ld3NkZXYubnl0aW1lcy5jb22CCSoubnl0LmNvbYIJKi5ueXQubmV0ggsqLm55dGNvLmNvbYINKi5ueXRpbWVzLmNvbYIZKi5wYXlmbG93LnNieC5ueXRpbWVzLmNvbYIRKi5zYngubnl0aW1lcy5jb22CEiouc3RnLmJldGEubnl0Lm5ldIIXKi5zdGcuYmxvZ3Mubnl0aW1lcy5jb22CESouc3RnLm5ld3NkZXYubmV0ghUqLnN0Zy5uZXdzZGV2Lm55dC5uZXSCGSouc3RnLm5ld3NkZXYubnl0aW1lcy5jb22CDSouc3RnLm55dC5jb22CDSouc3RnLm55dC5uZXSCESouc3RnLm55dGltZXMuY29tghAqLnRpbWVzdGFsa3MuY29tggtuZXdzZGV2Lm5ldIIHbnl0LmNvbYIHbnl0Lm5ldIIJbnl0Y28uY29tgg50aW1lc3RhbGtzLmNvbYIbd3d3LmJlc3RzZWxsZXJzLm55dGltZXMuY29tghx3d3cuaG9tZWRlbGl2ZXJ5Lm55dGltZXMuY29tMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFnYAxysQAABAMARzBFAiBsjMEzQ01LJnfg8SWtJi+wQ/2NrVih667zOk9JD/KAxwIhAOvJND92OVh2cozY7QXv0vsfzWszxn9tEVaNc3ezXlQDAHUAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFnYAxzBgAABAMARjBEAiBFD4mv+quaSJL/sb4Jb0zh1w6xe+NBCLxCgr2DLtCZIwIgICd9NO8Mj0obKpS0eB49ZNlj3J7JjKMXCQJGGSlfyIgwDQYJKoZIhvcNAQELBQADggEBAEdGZx2Iilb59sTUqgyo92XdwUxpEXUD25W06NhOezqUJHfw7YxsCuXdSNPAcoMgVuvEo2A4JG9skf62rBFar6sdsBy1OucP/njdSXTN5XuTOwaxO/g4uF8iGGrdR6pYjyeh9DcaIPCPagOxMi0QLd32twYeBzRuZG4sc6JGdmEo9z4Xw5SHkm+x88cLuBiTlcsYgVTFhW+LFwNbILArbP+BCRCTJvOfyevlPpxHGRs2HA/k0LUOvx6MjCj7Xk8i36OxwBkYLr5HDZ2dapAOGKy+tZrOX2z13u4v0J/Ctz93eUTpt9nCObmbPHxOlP3MRRQwnUyMbFh8qrnLPXjl23o="},{"base64":"MIIGDjCCA/agAwIBAgIQNoJef7WkgZN+9tFza7k8pjANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPDA6BgNVBAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkU2YXyQURX/zBEHtw8RKMXuG4B+KNfwqkhHc5Z9OzziKkJMjyxi2OkPic284/5OGYuB5dBj0um3cNfnnM858ogDU98MgXPwS5IZUqF0B9WMW2O5cYy1Bu8n32W/JjXT/j0WFb440W+kRiC5Iq+r81SN1GHTx6Xweg6rvn/RuRlPz/DR4MvzLhCXi1+91porl1LwKY1IfWGo8hJi5hjYA3JIUjCkjBlRrKGNQRCJX6tp05LEkAAeohoXG+fo6R4ESGuPQsOvkUUI8/rddf2oPG8RWxevKEy7PNYeEIoCzoBdvDFoJ7BaXDej0umed/ydrbjDxN8GDuxUWxqIDnOnmkCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSa8yvaz61Pti+7KkhIKhK3G0LBJDAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAGmKNmiaHjtlC+B8z6arcTuvYaQ/5GQBSRDTHY/i1e1n055bl71CHgf50Ltt9zKVWiIpYvgMnFlWJzagIhIR+kf0UclZeylKpUg1fMWXZuAnJTsVejJ1SpH7pmue4lP6DYwT+yO4CxIsru3bHUeQ1dCTaXaROBU01xjqfrxrWN4qOZADRARKVtho5fV8aX6efVRL0NiGq2dmE1deiSoXrS2uvUAOZu2K/1S0wQHLqeBHuhFhj62uI0gqxiV5iRxBBJXAEepXK9a0l/qx6RVi7Epxd/3zoZza9msAKcUy5/pO6rMqpxiXHFinQjZf7BTP+HsO993MiBWamlzI8SDH0YZyoRebrrr+bKgy0QB2SXP3PyeHPLbJLfqqkJDJCgmfyWkfBxmpv966+AuIgkQWEH8HwIAiX3+8MN66zQd5ZFbY//NPnDC7bh5RS+bNvRfExb/IP46xH4pGtwZDb2Itz1GdRcqK6ROLwMeRvlu2+jdKif7wndoTJiIsBpA+ixOYoBnW3dpKSH89D4mdJHJLDntE/9Q2toN2I1iLFGy4XfdhbTl27d0SPWuHiJeRvsBGAh52HN22r1xP9QDWnE2p4J6ijvyxFnlcIdNFgZoMOWxtKNcl0rcRkND23m9e9Pqki2Z3ci+bkEAsUhJg+f+1cC6JmnkJiYEt7Fx4b4GH8fxV"},{"base64":"MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNwAHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onrayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IEIlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfOKJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPOGHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQzbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfjJw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLYUspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9HvxPUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vRpu/xO28QOG8="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"151.101.129.164","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":53270,"event_start":1565200425.846286} {"dns":{"base64":"MUcBAAABAAAAAAAABmV1cm9wYQJldQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":56461,"dst_port":53,"event_start":1565200426.811933} @@ -530,7 +530,7 @@ {"dns":{"base64":"MUeBgAABAAIABQAIBmV1cm9wYQJldQAAAQABwAwAAQABAAAABQAEk0MiLcAMAAEAAQAAAAUABJND0i3AEwACAAEAAAAFAAkCdWsDZG5zwBPAEwACAAEAAAAFAAUCbmzASsATAAIAAQAAAAUABAF5wErAEwACAAEAAAAFAAQBeMBKwBMAAgABAAAABQAFAnNpwErAfQABAAEAAAAFAAS5l40BwG0AAQABAAAABQAEwpJqWsBcAAEAAQAAAAUABFvIEGTAjQABAAEAAAAFAATBAt08wEcAAQABAAAABQAEw0LxssB9ABwAAQAAAAUAECoCBWj+AAAAAAAAAAAAZXXAbQAcAAEAAAAFABAgAQZ8EBAAIwAAAAAAAABTwI0AHAABAAAABQAQIAEUcIAAAQAAAAAAAAAAAQ=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":56461,"event_start":1565200426.854686} {"dns":{"base64":"7t2BgAABAAIABQAIBmV1cm9wYQJldQAAHAABwAwAHAABAAAABQAQKgFwgAAkAQAAAAAABmYARcAMABwAAQAAAAUAECoBcIAAFAEAAAAAAAZmAEXAEwACAAEAAAAFAAkCdWsDZG5zwBPAEwACAAEAAAAFAAQBecBiwBMAAgABAAAABQAEAXjAYsATAAIAAQAAAAUABQJzacBiwBMAAgABAAAABQAFAm5swGLAhAABAAEAAAAFAAS5l40BwHQAAQABAAAABQAEwpJqWsClAAEAAQAAAAUABFvIEGTAlAABAAEAAAAFAATBAt08wF8AAQABAAAABQAEw0LxssCEABwAAQAAAAUAECoCBWj+AAAAAAAAAAAAZXXAdAAcAAEAAAAFABAgAQZ8EBAAIwAAAAAAAABTwJQAHAABAAAABQAQIAEUcIAAAQAAAAAAAAAAAQ=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":33812,"event_start":1565200426.947227} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"147.67.34.45","protocol":6,"src_port":34564,"dst_port":443,"event_start":1565200426.947850} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"europa.eu"}},"src_ip":"192.168.113.237","dst_ip":"147.67.34.45","protocol":6,"src_port":34564,"dst_port":443,"event_start":1565200427.078109} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"europa.eu","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000c0000096575726f70612e6575\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00203f055f811cd36508aba7d6d457811d36843b764f69fc54319fec964e6fe38e29\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"147.67.34.45","protocol":6,"src_port":34564,"dst_port":443,"event_start":1565200427.078109} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(000b00020100)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHJTCCBg2gAwIBAgIMd0nv2yasK3XL7I9wMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwMzI3MTIwMTA0WhcNMjAwNTIwMTAxNTAyWjBlMQswCQYDVQQGEwJCRTERMA8GA1UECBMIQnJ1c3NlbHMxETAPBgNVBAcTCEJydXNzZWxzMRwwGgYDVQQKExNFdXJvcGVhbiBDb21taXNzaW9uMRIwEAYDVQQDEwlldXJvcGEuZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQPY1KTxUA4oUUhOen+zKWa5rK+1/5bddmU7v3Zezm1L2ai7q18zm7tnCzK4j2iUbFEzKOdGI3Tzt4+9nFBmM5xPUy2G0qRuZ3ySzcS5QAZJQK6cCwA6sWUYhqvpDcSc1osxPHBKjn7cABk7LXAbHfEONEg+90ZwW5seCgtBG0mV6Tu9OOIGVBbfO4CAPBAzGX2DFsw8mW9VRKz/HAikDlskOMLNWlwtrh+4DYxEic9q3WU9xOVYLzCeC1QoBTPkdE56ACJeAENPdWYcXfORfoCxmCT2TNkbBKaoMsWJvtNcWWzGmva41KdnL1GQAxrItZhAYLQNQ3SR+YPoLVSL0xAgMBAAGjggPSMIIDzjAOBgNVHQ8BAf8EBAMCBaAwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMBQGA1UdEQQNMAuCCWV1cm9wYS5ldTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFNtSkcbZ0FxkMPm0QBidhAk+OUcVMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07gwBA5hp8MIIB9AYKKwYBBAHWeQIEAgSCAeQEggHgAd4AdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWJnVU1oAAAEAwBGMEQCIEhSJBZ29XcNILkGQDUCBHCnx+/GaiCR7aHYjIr5sJ9LAiAzsjDjo53+gy+E0vhFJjbBh1bxFOFGzUac/I73vcnpHQB1AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABYmdVTe8AAAQDAEYwRAIgSxJnW+hIGUyMrpKsIsGdT6j+BGaijGF5NO9xocJm4Z0CIBz0zWJXXkDlMqb6sjvGpAwpB0t4SzgM3DHETAYGYV+kAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsg="}]}},"reassembly_properties":{"truncated":true},"src_ip":"147.67.34.45","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":34564,"event_start":1565200427.208658} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(000b00020100)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHJTCCBg2gAwIBAgIMd0nv2yasK3XL7I9wMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwMzI3MTIwMTA0WhcNMjAwNTIwMTAxNTAyWjBlMQswCQYDVQQGEwJCRTERMA8GA1UECBMIQnJ1c3NlbHMxETAPBgNVBAcTCEJydXNzZWxzMRwwGgYDVQQKExNFdXJvcGVhbiBDb21taXNzaW9uMRIwEAYDVQQDEwlldXJvcGEuZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQPY1KTxUA4oUUhOen+zKWa5rK+1/5bddmU7v3Zezm1L2ai7q18zm7tnCzK4j2iUbFEzKOdGI3Tzt4+9nFBmM5xPUy2G0qRuZ3ySzcS5QAZJQK6cCwA6sWUYhqvpDcSc1osxPHBKjn7cABk7LXAbHfEONEg+90ZwW5seCgtBG0mV6Tu9OOIGVBbfO4CAPBAzGX2DFsw8mW9VRKz/HAikDlskOMLNWlwtrh+4DYxEic9q3WU9xOVYLzCeC1QoBTPkdE56ACJeAENPdWYcXfORfoCxmCT2TNkbBKaoMsWJvtNcWWzGmva41KdnL1GQAxrItZhAYLQNQ3SR+YPoLVSL0xAgMBAAGjggPSMIIDzjAOBgNVHQ8BAf8EBAMCBaAwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMBQGA1UdEQQNMAuCCWV1cm9wYS5ldTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFNtSkcbZ0FxkMPm0QBidhAk+OUcVMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07gwBA5hp8MIIB9AYKKwYBBAHWeQIEAgSCAeQEggHgAd4AdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWJnVU1oAAAEAwBGMEQCIEhSJBZ29XcNILkGQDUCBHCnx+/GaiCR7aHYjIr5sJ9LAiAzsjDjo53+gy+E0vhFJjbBh1bxFOFGzUac/I73vcnpHQB1AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABYmdVTe8AAAQDAEYwRAIgSxJnW+hIGUyMrpKsIsGdT6j+BGaijGF5NO9xocJm4Z0CIBz0zWJXXkDlMqb6sjvGpAwpB0t4SzgM3DHETAYGYV+kAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFiZ1VNzQAABAMARzBFAiA7q/H3L6S7zGut9me6GLicWD3J0Iu1Ni9JZZC0MvZVvgIhALag+3P33Q0hA83sStZAHppu4gXNcZBCsKuMs4qW7KuzAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFiZ1VPOwAABAMARzBFAiEAreQTpIcYxnr39P0H47Motp7QLdHqTi2ibt1bjTpk01YCIGP5P8pyfRf1TdFz202jvpSmBpVGqIVr7HmMcvU39M4IMA0GCSqGSIb3DQEBCwUAA4IBAQCmn0XKJPWSgaHnL7uuLJ5Ckox8c14NJP7Oj6WoD1KubzfSPYJh+dELmAXAkPrCLy0GVHGfSqN3DgZQhkx2teVvr0luXLJVjsTf8cLTBkAnMP783p6Zwgwbfdf3hbhPHcUbjvbR5qtEFbyDl2yksbUaPSJnoIuy8v0pyeXEd4YxJaSiSjQ+8Tp8ILcuIrmCZEGS4IKKSRzBkmOT6OX2PdVs9ow0+9RRCFHmXceQNa5qjRXs22QjCTE45mcF2ajbDyg5b9sueL93pWvN3ihJcxa3lCd5FHIG3b3GctksRAusVvMhSI26kMZJBLyvfwvphqQjVoaOYAx4mVejLA7L7fqK"},{"base64":"MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAwMDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZcC33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchjSHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUjmxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxtNw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilTHMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLyXN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl330JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryASOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2GK1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"147.67.34.45","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":34564,"event_start":1565200427.209015} {"dns":{"base64":"T1UBAAABAAAAAAAAB3N1cHBvcnQGZ29vZ2xlA2NvbQAAAQAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":41110,"dst_port":53,"event_start":1565200427.622713} @@ -538,14 +538,14 @@ {"dns":{"base64":"h66BgAABAAEADQANB3N1cHBvcnQGZ29vZ2xlA2NvbQAAHAABwAwAHAABAAAABQAQJgf4sEAECBQAAAAAAAAgDsAbAAIAAQAAAAUAFAFsDGd0bGQtc2VydmVycwNuZXQAwBsAAgABAAAABQAEAWjATsAbAAIAAQAAAAUABAFhwE7AGwACAAEAAAAFAAQBZ8BOwBsAAgABAAAABQAEAW3ATsAbAAIAAQAAAAUABAFmwE7AGwACAAEAAAAFAAQBacBOwBsAAgABAAAABQAEAWrATsAbAAIAAQAAAAUABAFiwE7AGwACAAEAAAAFAAQBZcBOwBsAAgABAAAABQAEAWPATsAbAAIAAQAAAAUABAFrwE7AGwACAAEAAAAFAAQBZMBOwHwAAQABAAAABQAEwAUGHsDcAAEAAQAAAAUABMAhDh7A/AABAAEAAAAFAATAGlwewRwAAQABAAAABQAEwB9QHsDsAAEAAQAAAAUABMAMXh7ArAABAAEAAAAFAATAIzMewIwAAQABAAAABQAEwCpdHsBsAAEAAQAAAAUABMA2cB7AvAABAAEAAAAFAATAK6wewMwAAQABAAAABQAEwDBPHsEMAAEAAQAAAAUABMA0sh7ATAABAAEAAAAFAATAKaIewJwAAQABAAAABQAEwDdTHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":60189,"event_start":1565200427.657997} {"dns":{"base64":"T1WBgAABAAEADQAOB3N1cHBvcnQGZ29vZ2xlA2NvbQAAAQABwAwAAQABAAAABQAErNmkjsAbAAIAAQAAAAUAFAFtDGd0bGQtc2VydmVycwNuZXQAwBsAAgABAAAABQAEAWXAQsAbAAIAAQAAAAUABAFjwELAGwACAAEAAAAFAAQBZ8BCwBsAAgABAAAABQAEAWjAQsAbAAIAAQAAAAUABAFiwELAGwACAAEAAAAFAAQBZsBCwBsAAgABAAAABQAEAWnAQsAbAAIAAQAAAAUABAFrwELAGwACAAEAAAAFAAQBYcBCwBsAAgABAAAABQAEAWzAQsAbAAIAAQAAAAUABAFqwELAGwACAAEAAAAFAAQBZMBCwOAAAQABAAAABQAEwAUGHsCgAAEAAQAAAAUABMAhDh7AcAABAAEAAAAFAATAGlwewRAAAQABAAAABQAEwB9QHsBgAAEAAQAAAAUABMAMXh7AsAABAAEAAAAFAATAIzMewIAAAQABAAAABQAEwCpdHsCQAAEAAQAAAAUABMA2cB7AwAABAAEAAAAFAATAK6wewQAAAQABAAAABQAEwDBPHsDQAAEAAQAAAAUABMA0sh7A8AABAAEAAAAFAATAKaIewEAAAQABAAAABQAEwDdTHsDgABwAAQAAAAUAECABBQOoPgAAAAAAAAACADA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":41110,"event_start":1565200427.658241} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.142","protocol":6,"src_port":39552,"dst_port":443,"event_start":1565200427.658489} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"support.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.142","protocol":6,"src_port":39552,"dst_port":443,"event_start":1565200427.697257} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"support.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"0015000012737570706f72742e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00209195fec150bee62ecec6fcc6bfa26c4c71bc01b809081070ac6bcceefdd97773\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.142","protocol":6,"src_port":39552,"dst_port":443,"event_start":1565200427.697257} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.142","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":39552,"event_start":1565200427.747470} {"dns":{"base64":"O9MBAAABAAAAAAAABnJlZGRpdANjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":54670,"dst_port":53,"event_start":1565200428.199247} {"dns":{"base64":"IaMBAAABAAAAAAAABnJlZGRpdANjb20AABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":59242,"dst_port":53,"event_start":1565200428.199423} {"dns":{"base64":"IaOBgAABAAAAAQAABnJlZGRpdANjb20AABwAAcAMAAYAAQAAAAUARQZucy01NTcJYXdzZG5zLTA1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwBMAAAABAAAcIAAAA4QAEnUAAAFRgA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":59242,"event_start":1565200428.230722} {"dns":{"base64":"O9OBgAABAAQADQAMBnJlZGRpdANjb20AAAEAAcAMAAEAAQAAAAUABJdlwYzADAABAAEAAAAFAASXZQGMwAwAAQABAAAABQAEl2VBjMAMAAEAAQAAAAUABJdlgYzAEwACAAEAAAAFABQBZAxndGxkLXNlcnZlcnMDbmV0AMATAAIAAQAAAAUABAFowGrAEwACAAEAAAAFAAQBZcBqwBMAAgABAAAABQAEAWzAasATAAIAAQAAAAUABAFjwGrAEwACAAEAAAAFAAQBasBqwBMAAgABAAAABQAEAWvAasATAAIAAQAAAAUABAFpwGrAEwACAAEAAAAFAAQBZsBqwBMAAgABAAAABQAEAW3AasATAAIAAQAAAAUABAFnwGrAEwACAAEAAAAFAAQBYcBqwBMAAgABAAAABQAEAWLAasEoAAEAAQAAAAUABMAFBh7BOAABAAEAAAAFAATAIQ4ewLgAAQABAAAABQAEwBpcHsBoAAEAAQAAAAUABMAfUB7AmAABAAEAAAAFAATADF4ewPgAAQABAAAABQAEwCMzHsEYAAEAAQAAAAUABMAqXR7AiAABAAEAAAAFAATANnAewOgAAQABAAAABQAEwCusHsDIAAEAAQAAAAUABMAwTx7A2AABAAEAAAAFAATANLIewKgAAQABAAAABQAEwCmiHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":54670,"event_start":1565200428.230914} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"151.101.193.140","protocol":6,"src_port":47852,"dst_port":443,"event_start":1565200428.231162} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"reddit.com"}},"src_ip":"192.168.113.237","dst_ip":"151.101.193.140","protocol":6,"src_port":47852,"dst_port":443,"event_start":1565200428.274631} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"reddit.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"000d00000a7265646469742e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020e69bff27c71bd5c46e0b1a4d53566f7c8284a56059a4e2e14a33760cf672563d\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"151.101.193.140","protocol":6,"src_port":47852,"dst_port":443,"event_start":1565200428.274631} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHQzCCBiugAwIBAgIQB1sC352kFlEvZM5wcfyMBzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODE3MDAwMDAwWhcNMjAwOTAyMTIwMDAwWjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLUmVkZGl0IEluYy4xFTATBgNVBAMMDCoucmVkZGl0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/pmlSjpBriKS1FgXKzqItMziu7otc9nmls8zLRaKwDHRpwVfiGWkLckOfvhn79U2zqwDilJ7TKepbjXgpa7mUgs5bX5DqZPXhyfV1hFD66RRQi2wVbvdbJdBGL3VrKZVJRIIpTtc3Q169FIslNKbc9eGq1nwO/REhI5dxDCHAoHwLpp+XfbjkBJGzlgKIBdBHed67KFVUKFvh1RVanVJUNG6IkAXXnPZSigwfA2wBH3QguOc1YxswPB4cOH5sdZeAJQ6j9rSxNqjZthoV43La5nsVYxRtreJ8ooV5ZX/dsL7BBBkWfF/acVSU3f7X7XiFz23vruQyBNQKT2HKXwgcCAwEAAaOCBAMwggP/MB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBRx4FDR54BS+yMUZZ1Dp40xqlZpJjCBxAYDVR0RBIG8MIG5ggwqLnJlZGRpdC5jb22CCnJlZGRpdC5jb22CESoucmVkZGl0bWVkaWEuY29tgg9yZWRkaXRtZWRpYS5jb22CCSoucmVkZC5pdIIHcmVkZC5pdIIUd3d3LnJlZGRpdHN0YXRpYy5jb22CE2kucmVkZGl0dXBsb2Fkcy5jb22CGCoudGh1bWJzLnJlZGRpdG1lZGlhLmNvbYIRd3d3LnJlZGRpdGluYy5jb22CDXJlZGRpdGluYy5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaQ=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"151.101.193.140","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47852,"event_start":1565200428.313201} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHQzCCBiugAwIBAgIQB1sC352kFlEvZM5wcfyMBzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODE3MDAwMDAwWhcNMjAwOTAyMTIwMDAwWjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLUmVkZGl0IEluYy4xFTATBgNVBAMMDCoucmVkZGl0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/pmlSjpBriKS1FgXKzqItMziu7otc9nmls8zLRaKwDHRpwVfiGWkLckOfvhn79U2zqwDilJ7TKepbjXgpa7mUgs5bX5DqZPXhyfV1hFD66RRQi2wVbvdbJdBGL3VrKZVJRIIpTtc3Q169FIslNKbc9eGq1nwO/REhI5dxDCHAoHwLpp+XfbjkBJGzlgKIBdBHed67KFVUKFvh1RVanVJUNG6IkAXXnPZSigwfA2wBH3QguOc1YxswPB4cOH5sdZeAJQ6j9rSxNqjZthoV43La5nsVYxRtreJ8ooV5ZX/dsL7BBBkWfF/acVSU3f7X7XiFz23vruQyBNQKT2HKXwgcCAwEAAaOCBAMwggP/MB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBRx4FDR54BS+yMUZZ1Dp40xqlZpJjCBxAYDVR0RBIG8MIG5ggwqLnJlZGRpdC5jb22CCnJlZGRpdC5jb22CESoucmVkZGl0bWVkaWEuY29tgg9yZWRkaXRtZWRpYS5jb22CCSoucmVkZC5pdIIHcmVkZC5pdIIUd3d3LnJlZGRpdHN0YXRpYy5jb22CE2kucmVkZGl0dXBsb2Fkcy5jb22CGCoudGh1bWJzLnJlZGRpdG1lZGlhLmNvbYIRd3d3LnJlZGRpdGluYy5jb22CDXJlZGRpdGluYy5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFlRULTsAAABAMARjBEAiBcrugEb8o8AymzIh0fUN/F0i9SHl/xCQnCIMbXoSd+rwIgVwN50xsjJVuBP7cVxR5oSlj2USU3KVkZoAq+PIwMHucAdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWVFQtSDAAAEAwBHMEUCIGo9XmyFN5b38sdORa5NThm594MGPYK4se987nB8WsvPAiEA8Imvn9QF63D4vIwY8d+aticvw2dbwHdoZFpCj96yRn8AdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWVFQtSGAAAEAwBIMEYCIQCH+S3U0ac6/F5Bsc5xyHpO+UTpgz8DKiJSCfaObn3u5wIhANl9+8L/zSfwf7KPUhdPWfNnkMUFaFgRY1/HdOej6a4UMA0GCSqGSIb3DQEBCwUAA4IBAQC9OsE5bjOOvx0VowfFacujFxU1kYDikX90BH106XP7YQIExGmjZ9mo5Ai6UgMHUSIYO4sNFcZYYk6N7bd75K0i8U8X2AcoIfiC6VYdrw4e2rNMXW10CzIh1Co/t65QZ9KtuWXWwxQJYJuIcLsQT7MG7+K48ZJNSsB9VuuzqNebxSZTyhEBMsN030/Oy1CiUsq+nekZfibcAHxc5L6JG8sFnW6R4uTuGg1qZsvr95KZi5lpoUOE2UkdOK2TG7ntn7JLY4C4Yv2VGKrnxGiqajcKwkdh0a6xC1EXY9JObNczgauCO56+f8+xcRoZpTAE/JtywwVl++brUeoLLUdCVthx"},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"151.101.193.140","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":47852,"event_start":1565200428.313665} {"dns":{"base64":"qs4BAAABAAAAAAAAA3d3dwZyZWRkaXQDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":34264,"dst_port":53,"event_start":1565200428.403266} @@ -555,7 +555,7 @@ {"dns":{"base64":"q9wBAAABAAAAAAAABnJlZGRpdANtYXAGZmFzdGx5A25ldAAAHAAB"},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":60293,"dst_port":53,"event_start":1565200428.440887} {"dns":{"base64":"q9yBgAABAAAAAQAABnJlZGRpdANtYXAGZmFzdGx5A25ldAAAHAABwBcABgABAAAABQAxA25zMcAXCmhvc3RtYXN0ZXIGZmFzdGx5A2NvbQB4OcYpAAAOEAAAAlgACTqAAAAAHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":60293,"event_start":1565200428.478180} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"151.101.129.140","protocol":6,"src_port":42288,"dst_port":443,"event_start":1565200428.478770} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.reddit.com"}},"src_ip":"192.168.113.237","dst_ip":"151.101.129.140","protocol":6,"src_port":42288,"dst_port":443,"event_start":1565200428.518183} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"www.reddit.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001100000e7777772e7265646469742e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020c5501d6c04065f060ff5dc823d450b0e29ed48e8e8d7a504a9ebec2248ba180e\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"151.101.129.140","protocol":6,"src_port":42288,"dst_port":443,"event_start":1565200428.518183} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHQzCCBiugAwIBAgIQB1sC352kFlEvZM5wcfyMBzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODE3MDAwMDAwWhcNMjAwOTAyMTIwMDAwWjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLUmVkZGl0IEluYy4xFTATBgNVBAMMDCoucmVkZGl0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/pmlSjpBriKS1FgXKzqItMziu7otc9nmls8zLRaKwDHRpwVfiGWkLckOfvhn79U2zqwDilJ7TKepbjXgpa7mUgs5bX5DqZPXhyfV1hFD66RRQi2wVbvdbJdBGL3VrKZVJRIIpTtc3Q169FIslNKbc9eGq1nwO/REhI5dxDCHAoHwLpp+XfbjkBJGzlgKIBdBHed67KFVUKFvh1RVanVJUNG6IkAXXnPZSigwfA2wBH3QguOc1YxswPB4cOH5sdZeAJQ6j9rSxNqjZthoV43La5nsVYxRtreJ8ooV5ZX/dsL7BBBkWfF/acVSU3f7X7XiFz23vruQyBNQKT2HKXwgcCAwEAAaOCBAMwggP/MB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBRx4FDR54BS+yMUZZ1Dp40xqlZpJjCBxAYDVR0RBIG8MIG5ggwqLnJlZGRpdC5jb22CCnJlZGRpdC5jb22CESoucmVkZGl0bWVkaWEuY29tgg9yZWRkaXRtZWRpYS5jb22CCSoucmVkZC5pdIIHcmVkZC5pdIIUd3d3LnJlZGRpdHN0YXRpYy5jb22CE2kucmVkZGl0dXBsb2Fkcy5jb22CGCoudGh1bWJzLnJlZGRpdG1lZGlhLmNvbYIRd3d3LnJlZGRpdGluYy5jb22CDXJlZGRpdGluYy5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaQ=="}]}},"reassembly_properties":{"truncated":true},"src_ip":"151.101.129.140","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42288,"event_start":1565200428.561018} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(0000)(000b000403000102)(0023)(0017))"},"tls":{"server":{"certs":[{"base64":"MIIHQzCCBiugAwIBAgIQB1sC352kFlEvZM5wcfyMBzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwODE3MDAwMDAwWhcNMjAwOTAyMTIwMDAwWjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLUmVkZGl0IEluYy4xFTATBgNVBAMMDCoucmVkZGl0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/pmlSjpBriKS1FgXKzqItMziu7otc9nmls8zLRaKwDHRpwVfiGWkLckOfvhn79U2zqwDilJ7TKepbjXgpa7mUgs5bX5DqZPXhyfV1hFD66RRQi2wVbvdbJdBGL3VrKZVJRIIpTtc3Q169FIslNKbc9eGq1nwO/REhI5dxDCHAoHwLpp+XfbjkBJGzlgKIBdBHed67KFVUKFvh1RVanVJUNG6IkAXXnPZSigwfA2wBH3QguOc1YxswPB4cOH5sdZeAJQ6j9rSxNqjZthoV43La5nsVYxRtreJ8ooV5ZX/dsL7BBBkWfF/acVSU3f7X7XiFz23vruQyBNQKT2HKXwgcCAwEAAaOCBAMwggP/MB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBRx4FDR54BS+yMUZZ1Dp40xqlZpJjCBxAYDVR0RBIG8MIG5ggwqLnJlZGRpdC5jb22CCnJlZGRpdC5jb22CESoucmVkZGl0bWVkaWEuY29tgg9yZWRkaXRtZWRpYS5jb22CCSoucmVkZC5pdIIHcmVkZC5pdIIUd3d3LnJlZGRpdHN0YXRpYy5jb22CE2kucmVkZGl0dXBsb2Fkcy5jb22CGCoudGh1bWJzLnJlZGRpdG1lZGlhLmNvbYIRd3d3LnJlZGRpdGluYy5jb22CDXJlZGRpdGluYy5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFlRULTsAAABAMARjBEAiBcrugEb8o8AymzIh0fUN/F0i9SHl/xCQnCIMbXoSd+rwIgVwN50xsjJVuBP7cVxR5oSlj2USU3KVkZoAq+PIwMHucAdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWVFQtSDAAAEAwBHMEUCIGo9XmyFN5b38sdORa5NThm594MGPYK4se987nB8WsvPAiEA8Imvn9QF63D4vIwY8d+aticvw2dbwHdoZFpCj96yRn8AdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWVFQtSGAAAEAwBIMEYCIQCH+S3U0ac6/F5Bsc5xyHpO+UTpgz8DKiJSCfaObn3u5wIhANl9+8L/zSfwf7KPUhdPWfNnkMUFaFgRY1/HdOej6a4UMA0GCSqGSIb3DQEBCwUAA4IBAQC9OsE5bjOOvx0VowfFacujFxU1kYDikX90BH106XP7YQIExGmjZ9mo5Ai6UgMHUSIYO4sNFcZYYk6N7bd75K0i8U8X2AcoIfiC6VYdrw4e2rNMXW10CzIh1Co/t65QZ9KtuWXWwxQJYJuIcLsQT7MG7+K48ZJNSsB9VuuzqNebxSZTyhEBMsN030/Oy1CiUsq+nekZfibcAHxc5L6JG8sFnW6R4uTuGg1qZsvr95KZi5lpoUOE2UkdOK2TG7ntn7JLY4C4Yv2VGKrnxGiqajcKwkdh0a6xC1EXY9JObNczgauCO56+f8+xcRoZpTAE/JtywwVl++brUeoLLUdCVthx"},{"base64":"MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz"}]}},"reassembly_properties":{"reassembled":true},"src_ip":"151.101.129.140","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42288,"event_start":1565200428.561330} {"dns":{"base64":"A1sBAAABAAAAAAAACnNvdW5kY2xvdWQDY29tAAABAAE="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":56882,"dst_port":53,"event_start":1565200429.814534} @@ -563,7 +563,7 @@ {"dns":{"base64":"K8WBgAABAAAAAQAACnNvdW5kY2xvdWQDY29tAAAcAAHADAAGAAEAAAAFAEgHbnMtMTY1OQlhd3NkbnMtMTUCY28CdWsAEWF3c2Rucy1ob3N0bWFzdGVyBmFtYXpvbsAXAAAAAQAAHCAAAAOEAAk6gAABUYA="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":47231,"event_start":1565200429.846267} {"dns":{"base64":"A1uBgAABAAQADQAMCnNvdW5kY2xvdWQDY29tAAABAAHADAABAAEAAAAFAARjVNMswAwAAQABAAAABQAEY1TTKcAMAAEAAQAAAAUABGNU0yTADAABAAEAAAAFAARjVNM0wBcAAgABAAAABQAUAWsMZ3RsZC1zZXJ2ZXJzA25ldADAFwACAAEAAAAFAAQBZsBuwBcAAgABAAAABQAEAWrAbsAXAAIAAQAAAAUABAFhwG7AFwACAAEAAAAFAAQBbMBuwBcAAgABAAAABQAEAWjAbsAXAAIAAQAAAAUABAFiwG7AFwACAAEAAAAFAAQBY8BuwBcAAgABAAAABQAEAWTAbsAXAAIAAQAAAAUABAFnwG7AFwACAAEAAAAFAAQBbcBuwBcAAgABAAAABQAEAWXAbsAXAAIAAQAAAAUABAFpwG7ArAABAAEAAAAFAATABQYewNwAAQABAAAABQAEwCEOHsDsAAEAAQAAAAUABMAaXB7A/AABAAEAAAAFAATAH1AewSwAAQABAAAABQAEwAxeHsCMAAEAAQAAAAUABMAjMx7BDAABAAEAAAAFAATAKl0ewMwAAQABAAAABQAEwDZwHsE8AAEAAQAAAAUABMArrB7AnAABAAEAAAAFAATAME8ewGwAAQABAAAABQAEwDSyHsC8AAEAAQAAAAUABMApoh4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":56882,"event_start":1565200429.846469} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"99.84.211.44","protocol":6,"src_port":44258,"dst_port":443,"event_start":1565200429.846814} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"soundcloud.com"}},"src_ip":"192.168.113.237","dst_ip":"99.84.211.44","protocol":6,"src_port":44258,"dst_port":443,"event_start":1565200429.890835} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"soundcloud.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001100000e736f756e64636c6f75642e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d002035afc638b9133424046800cc419eea28e0be9a26880415e3aec3dc448ae1b62d\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"99.84.211.44","protocol":6,"src_port":44258,"dst_port":443,"event_start":1565200429.890835} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGiDCCBXCgAwIBAgIMX9V1QajyD2DHViFbMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwNDEyMTEwMTE3WhcNMjAwNjA4MTAwODQ4WjA+MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGTAXBgNVBAMMECouc291bmRjbG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsR4qP16sZBEqdjVLnmk228XH1//F6mhBLWTCy3YStrinvLhX1fzl/DrHfMN8LLvJnX6QR+eaTlKKZ26OmrkFCwC5PzOsSRyCNMBsWOaAsdK4KBSI9gPdedshCRa4DyZxg6dezowTZeD87d+/wW+nuPbvtd2+xUVCP2xf3FtVZY/AfVBQ8Zp5yuKU7Af+kNYouDSGowkL85zDT3Pi0lbr/Vguh+yLlYArTriTst0HbqqXE78IGL2/yqjVsIhyju004Xkl0xUt1KK3ags8Q5mCEL81OkC8rCMm4I08NjXP9Hl5GtlAFLkz+8JvD1ktGeO4bcAUVjazhe1sLmsbphhPDAgMBAAGjggNiMIIDXjAOBgNVHQ8BAf8EBAMCBaAwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAChjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZhbHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzZG9tYWludmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEKMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATAJBgNVHRMEAjAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nkb21haW52YWxzaGEyZzIuY3JsMCsGA1UdEQQkMCKCECouc291bmRjbG91ZC5jb22CDnNvdW5kY2xvdWQuY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUIjN2mq9izXkQSwgkrbTsXyoG330wHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABYrmEUCcAAAQDAEcwRQIgGA5TTonGf9B75rB9dri4AhAj4v3uGo2FBrBJi4OXksoCIQCZGEsia4o6Hj8Vgnmi5/TO8Fg8iosCr6iowXM/SGfY9QB2AKQ="}]}},"reassembly_properties":{"truncated":true},"src_ip":"99.84.211.44","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":44258,"event_start":1565200429.931582} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((0000)(ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGiDCCBXCgAwIBAgIMX9V1QajyD2DHViFbMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwNDEyMTEwMTE3WhcNMjAwNjA4MTAwODQ4WjA+MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGTAXBgNVBAMMECouc291bmRjbG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsR4qP16sZBEqdjVLnmk228XH1//F6mhBLWTCy3YStrinvLhX1fzl/DrHfMN8LLvJnX6QR+eaTlKKZ26OmrkFCwC5PzOsSRyCNMBsWOaAsdK4KBSI9gPdedshCRa4DyZxg6dezowTZeD87d+/wW+nuPbvtd2+xUVCP2xf3FtVZY/AfVBQ8Zp5yuKU7Af+kNYouDSGowkL85zDT3Pi0lbr/Vguh+yLlYArTriTst0HbqqXE78IGL2/yqjVsIhyju004Xkl0xUt1KK3ags8Q5mCEL81OkC8rCMm4I08NjXP9Hl5GtlAFLkz+8JvD1ktGeO4bcAUVjazhe1sLmsbphhPDAgMBAAGjggNiMIIDXjAOBgNVHQ8BAf8EBAMCBaAwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAChjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZhbHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzZG9tYWludmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEKMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATAJBgNVHRMEAjAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nkb21haW52YWxzaGEyZzIuY3JsMCsGA1UdEQQkMCKCECouc291bmRjbG91ZC5jb22CDnNvdW5kY2xvdWQuY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUIjN2mq9izXkQSwgkrbTsXyoG330wHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABYrmEUCcAAAQDAEcwRQIgGA5TTonGf9B75rB9dri4AhAj4v3uGo2FBrBJi4OXksoCIQCZGEsia4o6Hj8Vgnmi5/TO8Fg8iosCr6iowXM/SGfY9QB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABYrmEU5IAAAQDAEcwRQIhAMn4lH1VJVO1W3qnuYq6e6Ckz17x2DPORbjXzVvrKQk5AiAXa0ZU1+SggVkR5whHBpjDAbs9b1N3KoVnWkXXAgr39QB3AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABYrmEUGYAAAQDAEgwRgIhAKDoi5dmaUESH6HUFGlTFABBM/Av16ZehG2uAXsHcVEwAiEA+XfvmAjbP5pbhYQ32VJyfEAKHmz7Dx1vjiovmFdTFPowDQYJKoZIhvcNAQELBQADggEBAAzRFkpGQeSW4IlCLdJbiWUJpTFeSoqyuyPoBokrNpIk0fL0lkFj9Y4dgae8XKoKkbe28ovt8cYuA08VhrFWPvZHcjtcZgkHoXuNBj42zAkeumCc8QTQVN0Oiwf3ImE5AiYyPa+URyRMSBYNdttOwnqnmQj3OEFFnLBlREQamUFs4hQpu1ymbqNUwbrA/o9O1mkqwoD0klvo+d5aBvmVvigw3TgjMCDxAaYQ+5vYY5n3s3GrrikbISumqJ1VDEBz4LqZoAHaDrs78daelXrJjPFJGREvFqguh3qOIUYsJ/SksLiw2wPuzzeZNTO2ZMB9rzTCSbk5LGcRrGuEdQMaQJk="},{"base64":"MIIEYzCCA0ugAwIBAgILBAAAAAABRE7wPiAwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAwMDBaFw0yNDAyMjAxMDAwMDBaMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp3cwOs+IyOd1JIqgTaZOHiOEM7nF9vZCHll1Z8syz0lhXV/lG72wm2DZCjn4wsy+aPlN7H262okxFHzzTFZMcie089Ffeyr3sBppqKqAZUn9R0XQ5CJ+r69eGExWXrjbDVGYOWvKgc4Ux47JkFGr/paKOJLu9hVIVonnu8LXuPbj0fYC82ZA1ZbgXqa2zmJ+gfn1u+z+tfMIbWTaW2jcyS0tdNQJjjtunz2LuzC7Ujcm9PGqRcqIip3ItINH6yjfaGJjmFiRxJUvE5XuJUgkC/VkrBG7KB4HUs9ra2+PMgKhWBwZ8lgg3nds4tmI0kWIHdAE42HIw4uuQcSZiwFfzAgMBAAGjggElMIIBITAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU6k581IAt5RWBhiaMgm3AmKTPlw8wRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQELBQADggEBANdFnqDc4ONhWgt9d4QXLWVagpqNoycqhffJ7+mG/dRHzQFSlsVDvTex4bjyqdKKEYRxkRWJ3AKdC8tsM4U0KJ4gsrGX3G0LEME8zV/qXdeYMcU0mVwAYVXEGwJbxeOJyLS4bx448lYm6UHvPc2smU9ZSlctS32ux4j71pg79eXw6ImJuYsDy1ojH6T9uOr7Lp2uanMJvPzVoLVEgqtEkS5QLlfBQ9iRBIvpES5ftD953x77PzAAi1PjtywdO02L3ORkHQRYM68bVeerDL8wBHTk8w4vMDmNSwSMHnVmZkngvkA0x1xaUZK6EjxS1QSCVS1npd+3lXzuP8MIugS+wEY="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"99.84.211.44","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":44258,"event_start":1565200429.932332} {"dns":{"base64":"+4gBAAABAAAAAAAAAXQCY28AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":42127,"dst_port":53,"event_start":1565200430.189814} @@ -571,7 +571,7 @@ {"dns":{"base64":"+4iBgAABAAQABgAMAXQCY28AAAEAAcAMAAEAAQAAAAUABGj0KsXADAABAAEAAAAFAARo9CpFwAwAAQABAAAABQAEaPQqhcAMAAEAAQAAAAUABGj0KgXADgACAAEAAAAFAAwDbnMzBWNjdGxkwA7ADgACAAEAAAAFAAYDbnMxwGbADgACAAEAAAAFAAYDbnM1wGbADgACAAEAAAAFAAYDbnM2wGbADgACAAEAAAAFAAYDbnM0wGbADgACAAEAAAAFAAYDbnMywGbAegABAAEAAAAFAAScmmQZwMIAAQABAAAABQAEnJplGcBiAAEAAQAAAAUABJyaZhnAsAABAAEAAAAFAAScmmcZwIwAAQABAAAABQAEnJpoGcCeAAEAAQAAAAUABJyaaRnAegAcAAEAAAAFABAgAQUCLtoAAAAAAAAAAAAhwMIAHAABAAAABQAQIAEFAq0JAAAAAAAAAAAAIcBiABwAAQAAAAUAECYQAKEQCQAAAAAAAAAAACHAsAAcAAEAAAAFABAmEAChEBAAAAAAAAAAAAAhwIwAHAABAAAABQAQJhAAoRARAAAAAAAAAAAAIcCeABwAAQAAAAUAECYQAKEQEgAAAAAAAAAAACE="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":42127,"event_start":1565200430.190943} {"dns":{"base64":"6MSBgAABAAAAAQAAAXQCY28AABwAAcAMAAYAAQAAAAUAOQNuczEDcDI2BmR5bmVjdANuZXQAC29wc0B0d2l0dGVyA2NvbQAAAAm7AAAOEAAAAlgACTqAAAAAPA=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":45036,"event_start":1565200430.223296} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"104.244.42.197","protocol":6,"src_port":42970,"dst_port":443,"event_start":1565200430.223621} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"t.co"}},"src_ip":"192.168.113.237","dst_ip":"104.244.42.197","protocol":6,"src_port":42970,"dst_port":443,"event_start":1565200430.274862} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"t.co","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"0007000004742e636f\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00202b2057beedc7298448ddd2f78a8faed3cef91faa80a7a3063107f5da55acd86a\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"104.244.42.197","protocol":6,"src_port":42970,"dst_port":443,"event_start":1565200430.274862} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGXDCCBUSgAwIBAgIQC7Nk8BsA68WaJkeDtWr17jANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA1MjQwMDAwMDBaFw0yMDA1MjMxMjAwMDBaMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRYwFAYDVQQKEw1Ud2l0dGVyLCBJbmMuMQ0wCwYDVQQLEwRhdGxhMQ0wCwYDVQQDEwR0LmNvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS1xDTCZvIEaPzioBNHvpSoyPd/8Gk6myTcKKXKw8icBR19T+XfTEKk3hnwPk14ZAruiBPd7vMsUkD2HtOUdrkNjDpUV9NKTYgLhlB2RxP5RsO2PdPeaPPXIg9NtHOlVUgkThoxqEDavgpMYoNb1K12gzFxYp9LQT4rUsK0F4QdU/FHq/3GBRAnauZx3KYbWnJjGdxUIySQnAXmvGhgqjLBVLjGNRJWifglzds8AIZpo8COJHp3SuMLaBFZycZiIe84Q0uJ/C5OD+2m9YvXWXG2isTVrSAMOuBSy3ssUfw/MUWCMHz3ZwjxqNVT4X+Q7nxQjHi1g9LgNmMIAO9jezwIDAQABo4IC8DCCAuwwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFFxj/fM0WMmyQTpAZCOhG8USFol4MBkGA1UdEQQSMBCCBHQuY2+CCHd3dy50LmNvMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWrrDaPPAAAEAwBHMEUC"}]}},"reassembly_properties":{"truncated":true},"src_ip":"104.244.42.197","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42970,"event_start":1565200430.334027} {"fingerprints":{"tls_server":"tls_server/(0303)(c02f)((ff01)(000b000403000102)(0023))"},"tls":{"server":{"certs":[{"base64":"MIIGXDCCBUSgAwIBAgIQC7Nk8BsA68WaJkeDtWr17jANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA1MjQwMDAwMDBaFw0yMDA1MjMxMjAwMDBaMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRYwFAYDVQQKEw1Ud2l0dGVyLCBJbmMuMQ0wCwYDVQQLEwRhdGxhMQ0wCwYDVQQDEwR0LmNvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS1xDTCZvIEaPzioBNHvpSoyPd/8Gk6myTcKKXKw8icBR19T+XfTEKk3hnwPk14ZAruiBPd7vMsUkD2HtOUdrkNjDpUV9NKTYgLhlB2RxP5RsO2PdPeaPPXIg9NtHOlVUgkThoxqEDavgpMYoNb1K12gzFxYp9LQT4rUsK0F4QdU/FHq/3GBRAnauZx3KYbWnJjGdxUIySQnAXmvGhgqjLBVLjGNRJWifglzds8AIZpo8COJHp3SuMLaBFZycZiIe84Q0uJ/C5OD+2m9YvXWXG2isTVrSAMOuBSy3ssUfw/MUWCMHz3ZwjxqNVT4X+Q7nxQjHi1g9LgNmMIAO9jezwIDAQABo4IC8DCCAuwwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFFxj/fM0WMmyQTpAZCOhG8USFol4MBkGA1UdEQQSMBCCBHQuY2+CCHd3dy50LmNvMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWrrDaPPAAAEAwBHMEUCIGrY2nK+yCnTjjFZfrrprBCQnEgvylwAgxwuR0/13mOhAiEAwaXpcztuZ3hguP3aPFN3smGh/KZ0HkOMwVt4ipraoJsAdwBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAWrrDaNNAAAEAwBIMEYCIQDY/CK+7BOV7qSytUQX5bT0Pmdx1SHQxLg3p3YPIklpDwIhAK7sJrCDJXhJB7LEEHkJkqbsq34KbjW3K/eSorLnrFQTMA0GCSqGSIb3DQEBCwUAA4IBAQAT9sfHyYtR8SwuhBrFaN5rgce3ZKUdN30GXuT8yGxV+SRILTmZ3ttK76HLnmCPQ7VrcHUVcCx5stYT0sQaeylMKuJdyOCHocEy+M1/5/r87q4fucvNQrjDG1TF16VWKc08Sf/nEIkDlHUYN8W1AspK1r2M8PmnvdUNVC2CxitQNWFX3cb/fD9pbJ6T6TDEP+DdkabelLQmAC3Ix0yO7N4vbtGqn4U79V/rZ9PDFdUrPhGKTyOHW4Fo5+Ps4VVm9cYrKo/qS8Sn6+ErRtxS09BlXJlzqDX/IXTx0QJJ6e+6iILJtBOF6RRplkzIBwHdIpQipkazO1ltUlC5dVLVFLq2"},{"base64":"MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0AecPUeybQ="}]}},"reassembly_properties":{"reassembled":true},"src_ip":"104.244.42.197","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":42970,"event_start":1565200430.334371} {"dns":{"base64":"HiABAAABAAAAAAAABXNpdGVzBmdvb2dsZQNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":58257,"dst_port":53,"event_start":1565200430.455097} @@ -579,10 +579,10 @@ {"dns":{"base64":"GlmBgAABAAIADQAMBXNpdGVzBmdvb2dsZQNjb20AABwAAcAMAAUAAQAAAAUACQR3d3czAWzAEsAuABwAAQAAAAUAECYH+LBABAgAAAAAAAAAIA7AGQACAAEAAAAFABQBaQxndGxkLXNlcnZlcnMDbmV0AMAZAAIAAQAAAAUABAFswGHAGQACAAEAAAAFAAQBasBhwBkAAgABAAAABQAEAWXAYcAZAAIAAQAAAAUABAFtwGHAGQACAAEAAAAFAAQBZsBhwBkAAgABAAAABQAEAWHAYcAZAAIAAQAAAAUABAFnwGHAGQACAAEAAAAFAAQBZMBhwBkAAgABAAAABQAEAWLAYcAZAAIAAQAAAAUABAFrwGHAGQACAAEAAAAFAAQBY8BhwBkAAgABAAAABQAEAWjAYcDPAAEAAQAAAAUABMAFBh7A/wABAAEAAAAFAATAIQ4ewR8AAQABAAAABQAEwBpcHsDvAAEAAQAAAAUABMAfUB7AnwABAAEAAAAFAATADF4ewL8AAQABAAAABQAEwCMzHsDfAAEAAQAAAAUABMAqXR7BLwABAAEAAAAFAATANnAewF8AAQABAAAABQAEwCusHsCPAAEAAQAAAAUABMAwTx7BDwABAAEAAAAFAATANLIewH8AAQABAAAABQAEwCmiHg=="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":58815,"event_start":1565200430.486959} {"dns":{"base64":"HiCBgAABAAIADQANBXNpdGVzBmdvb2dsZQNjb20AAAEAAcAMAAUAAQAAAAUACQR3d3czAWzAEsAuAAEAAQAAAAUABKzZB67AGQACAAEAAAAFABQBawxndGxkLXNlcnZlcnMDbmV0AMAZAAIAAQAAAAUABAFlwFXAGQACAAEAAAAFAAQBYsBVwBkAAgABAAAABQAEAWrAVcAZAAIAAQAAAAUABAFhwFXAGQACAAEAAAAFAAQBacBVwBkAAgABAAAABQAEAWjAVcAZAAIAAQAAAAUABAFnwFXAGQACAAEAAAAFAAQBbcBVwBkAAgABAAAABQAEAWbAVcAZAAIAAQAAAAUABAFswFXAGQACAAEAAAAFAAQBY8BVwBkAAgABAAAABQAEAWTAVcCjAAEAAQAAAAUABMAFBh7AgwABAAEAAAAFAATAIQ4ewRMAAQABAAAABQAEwBpcHsEjAAEAAQAAAAUABMAfUB7AcwABAAEAAAAFAATADF4ewPMAAQABAAAABQAEwCMzHsDTAAEAAQAAAAUABMAqXR7AwwABAAEAAAAFAATANnAewLMAAQABAAAABQAEwCusHsCTAAEAAQAAAAUABMAwTx7AUwABAAEAAAAFAATANLIewQMAAQABAAAABQAEwCmiHsDjAAEAAQAAAAUABMA3Ux4="},"src_ip":"192.168.113.2","dst_ip":"192.168.113.237","protocol":17,"src_port":53,"dst_port":58257,"event_start":1565200430.486972} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.7.174","protocol":6,"src_port":33408,"dst_port":443,"event_start":1565200430.487673} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"sites.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.174","protocol":6,"src_port":33408,"dst_port":443,"event_start":1565200430.531812} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"sites.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"001300001073697465732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d00203fa5769c97be4064e6dde3cc1212becae13f0fd500bda6070fc322a23683a247\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.7.174","protocol":6,"src_port":33408,"dst_port":443,"event_start":1565200430.531812} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.7.174","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":33408,"event_start":1565200430.583466} {"fingerprints":{"tcp":"tcp/(40)()(40)(faf0)((020405b4)(04)(08)(01)(030307))"},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57114,"dst_port":443,"event_start":1565200430.753214} -{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57114,"dst_port":443,"event_start":1565200430.794920} +{"fingerprints":{"tls":"tls/(0303)(130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff)((0000)(000b000403000102)(000a000c000a001d0017001e00190018)(0023)(0016)(0017)(000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602)(002b0009080304030303020301)(002d00020101)(0033))"},"tls":{"client":{"server_name":"accounts.google.com","features":"[\"0303\",\"130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff\",[[\"0000\",\"00160000136163636f756e74732e676f6f676c652e636f6d\"],[\"000b\",\"03000102\"],[\"000a\",\"000a001d0017001e00190018\"],[\"0023\",\"\"],[\"0016\",\"\"],[\"0017\",\"\"],[\"000d\",\"002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602\"],[\"002b\",\"080304030303020301\"],[\"002d\",\"0101\"],[\"0033\",\"0024001d0020c41f1c449d80e477f60f3c3ff5e8cf29e319d93460be883a81d5337e6a68611f\"]]]"}},"src_ip":"192.168.113.237","dst_ip":"172.217.164.141","protocol":6,"src_port":57114,"dst_port":443,"event_start":1565200430.794920} {"fingerprints":{"tls_server":"tls_server/(0303)(1302)((0033)(002b00020304))"},"src_ip":"172.217.164.141","dst_ip":"192.168.113.237","protocol":6,"src_port":443,"dst_port":57114,"event_start":1565200430.844009} {"dns":{"base64":"CWkBAAABAAAAAAAACWFtYXpvbmF3cwNjb20AAAEAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":48886,"dst_port":53,"event_start":1565200431.127787} {"dns":{"base64":"hvMBAAABAAAAAAAACWFtYXpvbmF3cwNjb20AABwAAQ=="},"src_ip":"192.168.113.237","dst_ip":"192.168.113.2","protocol":17,"src_port":36267,"dst_port":53,"event_start":1565200431.128058} diff --git a/test/fuzz/socks4_req/corpus/seed_1 b/test/fuzz/socks4_req/corpus/seed_1 new file mode 100644 index 00000000..1b04a63c Binary files /dev/null and b/test/fuzz/socks4_req/corpus/seed_1 differ diff --git a/test/fuzz/socks5_gss/corpus/seed_1 b/test/fuzz/socks5_gss/corpus/seed_1 new file mode 100644 index 00000000..bd16c37f --- /dev/null +++ b/test/fuzz/socks5_gss/corpus/seed_1 @@ -0,0 +1 @@ +testusertestpass \ No newline at end of file diff --git a/test/fuzz/socks5_hello/corpus/seed_1 b/test/fuzz/socks5_hello/corpus/seed_1 new file mode 100644 index 00000000..24af8659 Binary files /dev/null and b/test/fuzz/socks5_hello/corpus/seed_1 differ diff --git a/test/fuzz/socks5_req_resp/corpus/seed_1 b/test/fuzz/socks5_req_resp/corpus/seed_1 new file mode 100644 index 00000000..72f78e4d Binary files /dev/null and b/test/fuzz/socks5_req_resp/corpus/seed_1 differ diff --git a/test/fuzz/socks5_req_resp/corpus/seed_2 b/test/fuzz/socks5_req_resp/corpus/seed_2 new file mode 100644 index 00000000..39fe8c13 Binary files /dev/null and b/test/fuzz/socks5_req_resp/corpus/seed_2 differ diff --git a/test/fuzz/socks5_usr_pass/corpus/seed_1 b/test/fuzz/socks5_usr_pass/corpus/seed_1 new file mode 100644 index 00000000..bd16c37f --- /dev/null +++ b/test/fuzz/socks5_usr_pass/corpus/seed_1 @@ -0,0 +1 @@ +testusertestpass \ No newline at end of file diff --git a/unit_tests/functional_unit_test.cc b/unit_tests/functional_unit_test.cc index 675e17d7..386b2637 100644 --- a/unit_tests/functional_unit_test.cc +++ b/unit_tests/functional_unit_test.cc @@ -21,4 +21,5 @@ TEST_CASE("Testing unit_test() defined in class") { CHECK(bencoding::dictionary::unit_test() == true); CHECK(snmp::unit_test() == true); CHECK(tofsee_initial_message::unit_test() == true); + CHECK(tls_extensions::unit_test() == true); } diff --git a/unit_tests/libmerc_dbmultiprotocol_test.cc b/unit_tests/libmerc_dbmultiprotocol_test.cc index 4b645166..b1020dd8 100644 --- a/unit_tests/libmerc_dbmultiprotocol_test.cc +++ b/unit_tests/libmerc_dbmultiprotocol_test.cc @@ -654,3 +654,35 @@ TEST_CASE_METHOD(LibmercTestFixture, "mysql with resources-mp") mysql_check(count, config.m_lc); } } + +TEST_CASE_METHOD(LibmercTestFixture, "socks with resources-mp") +{ + + auto socks_check = [&](int expected_count, const struct libmerc_config &config) + { + initialize(config); + + CHECK(expected_count == counter()); + + deinitialize(); + }; + + std::vector> test_set_up{ + {test_config{ + .m_lc{.do_analysis = true, .resources = resources_mp_path, + .packet_filter_cfg = (char *)"socks"}, + .m_pc{"top_100_fingerprints.pcap"}}, + 0}, + {test_config{ + .m_lc{.do_analysis = true, .resources = resources_mp_path, + .packet_filter_cfg = (char *)"socks"}, + .m_pc{"socks4_5.pcap"}}, + 10}, + }; + + for (auto &[config, count] : test_set_up) + { + set_pcap(config.m_pc.c_str()); + socks_check(count, config.m_lc); + } +} diff --git a/unit_tests/pcaps/socks4_5.pcap b/unit_tests/pcaps/socks4_5.pcap new file mode 100644 index 00000000..e426dcdd Binary files /dev/null and b/unit_tests/pcaps/socks4_5.pcap differ