diff options
| author | Luca Deri <deri@ntop.org> | 2020-02-04 22:16:54 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-02-04 22:16:54 +0100 |
| commit | 0703ab5ac558857319c2ed4a1673444006f915f8 (patch) | |
| tree | abbd21aba8176a5791129c803c84b87210e47235 | |
| parent | 3e99b736358ca11c3ba3723a1282ffd3bfc760bd (diff) | |
Improved DNS response decoding
The first decoded address is now reported by ndpiReader
25 files changed, 217 insertions, 202 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 2236f79d3..cf8261e05 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -966,6 +966,13 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl if(n == 0) flow->bittorent_hash[0] = '\0'; } + /* DNS */ + else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DNS)) { + if(flow->ndpi_flow->protos.dns.rsp_type == 0x1) + inet_ntop(AF_INET, &flow->ndpi_flow->protos.dns.rsp_addr.ipv4, flow->info, sizeof(flow->info)); + else + inet_ntop(AF_INET6, &flow->ndpi_flow->protos.dns.rsp_addr.ipv6, flow->info, sizeof(flow->info)); + } /* MDNS */ else if(is_ndpi_proto(flow, NDPI_PROTOCOL_MDNS)) { snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 473ff1753..b9b98aa81 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -175,17 +175,25 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, if((x+12) <= flow->packet.payload_packet_len) { x += 6; data_len = get16(&x, flow->packet.payload); - - if(((x + data_len) <= flow->packet.payload_packet_len) - && (((rsp_type == 0x1) && (data_len == 4)) /* A */ + + if((x + data_len) <= flow->packet.payload_packet_len) { + // printf("[rsp_type: %u][data_len: %u]\n", rsp_type, data_len); + + if(rsp_type == 0x05 /* CNAME */) { + x += data_len; + continue; /* Skip CNAME */ + } + + if((((rsp_type == 0x1) && (data_len == 4)) /* A */ #ifdef NDPI_DETECTION_SUPPORT_IPV6 - || ((rsp_type == 0x1c) && (data_len == 16)) /* AAAA */ + || ((rsp_type == 0x1c) && (data_len == 16)) /* AAAA */ #endif - )) { - memcpy(&flow->protos.dns.rsp_addr, flow->packet.payload + x, data_len); + )) { + memcpy(&flow->protos.dns.rsp_addr, flow->packet.payload + x, data_len); + } } } - + break; } } diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index cdfe2b1f6..9c935f947 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -66,16 +66,16 @@ JA3 Host Stats: 45 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 84.5/0.0][< 1 sec][Host: sanji-lifebook-][PLAIN TEXT ( FDEBEOEKEJ)] 46 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes][Goodput ratio: 36.7/0.0][15.56 sec] 47 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes][Goodput ratio: 36.6/0.0][14.54 sec] - 48 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Goodput ratio: 52.2/85.2][0.01 sec][Host: dl-obs.official.line.naver.jp][PLAIN TEXT (official)] + 48 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Goodput ratio: 52.2/85.2][0.01 sec][Host: dl-obs.official.line.naver.jp][203.69.81.73][PLAIN TEXT (official)] 49 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/TLS][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes][Goodput ratio: 1.8/0.0][45.01 sec][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/45002 14998.7/45002.0 44996/45002 21211.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 55/66 55.0/66.0 55/66 0.0/0.0] 50 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87.5/0.0][< 1 sec][Host: joanna-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][PLAIN TEXT (Joanna)] 51 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87.5/0.0][< 1 sec][Host: kevin-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][PLAIN TEXT (MSFT 5.07)] - 52 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Streaming/17][2 pkts/146 bytes <-> 1 pkts/137 bytes][Goodput ratio: 42.2/68.8][0.05 sec][Host: pic.1kxun.com] + 52 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Streaming/17][2 pkts/146 bytes <-> 1 pkts/137 bytes][Goodput ratio: 42.2/68.8][0.05 sec][Host: pic.1kxun.com][106.187.35.246] 53 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54.2/0.0][1.54 sec][Host: sc.arrancar.org][PLAIN TEXT ( FDEDCOEBFC)] - 54 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Streaming/17][2 pkts/160 bytes <-> 1 pkts/112 bytes][Goodput ratio: 47.2/61.9][0.02 sec][Host: jp.kankan.1kxun.mobi][PLAIN TEXT (kankan)] - 55 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][cat: Chat/9][2 pkts/150 bytes <-> 1 pkts/116 bytes][Goodput ratio: 43.7/63.2][0.04 sec][Host: vv.video.qq.com] - 56 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44.4/60.6][1.05 sec][Host: kankan.1kxun.com][PLAIN TEXT (kankan)] - 57 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5/DNS][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44.4/60.6][0.00 sec][Host: kankan.1kxun.com][PLAIN TEXT (kankan)] + 54 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Streaming/17][2 pkts/160 bytes <-> 1 pkts/112 bytes][Goodput ratio: 47.2/61.9][0.02 sec][Host: jp.kankan.1kxun.mobi][106.185.35.110][PLAIN TEXT (kankan)] + 55 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][cat: Chat/9][2 pkts/150 bytes <-> 1 pkts/116 bytes][Goodput ratio: 43.7/63.2][0.04 sec][Host: vv.video.qq.com][203.205.151.234] + 56 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44.4/60.6][1.05 sec][Host: kankan.1kxun.com][222.73.254.113][PLAIN TEXT (kankan)] + 57 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5/DNS][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44.4/60.6][0.00 sec][Host: kankan.1kxun.com][222.73.254.167][PLAIN TEXT (kankan)] 58 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][4 pkts/256 bytes -> 0 pkts/0 bytes][Goodput ratio: 34.2/0.0][0.10 sec][Host: wpad] 59 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][36.19 sec] 60 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 34.6/0.0][0.41 sec][Host: caesar-thinkpad][PLAIN TEXT (caesar)] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index bf068cc80..3b59784cf 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -14,8 +14,8 @@ JA3 Host Stats: 3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][Goodput ratio: 40.6/40.6][22.14 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1000.8/1000.8 1001/1012 0.4/4.2][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138.0/138.0 138/138 0.0/0.0] 4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Goodput ratio: 18.0/57.0][0.82 sec][Host: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 163.8/56.0 495/110 170.8/54.0][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131.0/251.5 248/680 52.4/247.4][URL: mail.tomasu.net/][StatusCode: 301][ContentType: text/html][UserAgent: Wget/1.16.3 (linux-gnu)][PLAIN TEXT (GET / HTTP/1.1)] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes][Goodput ratio: 93.7/0.0][< 1 sec][PLAIN TEXT (ds 0/u6)] - 6 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/273 bytes][Goodput ratio: 38.1/69.7][0.09 sec][Host: star.c10r.facebook.com][PLAIN TEXT (facebook)] - 7 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/261 bytes][Goodput ratio: 38.1/68.3][0.09 sec][Host: star.c10r.facebook.com][PLAIN TEXT (facebook)] + 6 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/273 bytes][Goodput ratio: 38.1/69.7][0.09 sec][Host: star.c10r.facebook.com][2a03:2880:1010:6f03:face:b00c::2][PLAIN TEXT (facebook)] + 7 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/261 bytes][Goodput ratio: 38.1/68.3][0.09 sec][Host: star.c10r.facebook.com][173.252.120.6][PLAIN TEXT (facebook)] 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30.1/0.0][0.01 sec] 9 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30.1/0.0][0.07 sec] 10 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 58.7/0.0][< 1 sec] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 2909a3160..42d2b09a7 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -28,25 +28,25 @@ JA3 Host Stats: 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][Goodput ratio: 0.0/0.0][25.75 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 136/98 3845.2/3844.4 13075/13111 4718.5/4734.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56.0/56.0 56/56 0.0/0.0] 14 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/TLS][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes][Goodput ratio: 0.0/0.0][13.28 sec] 15 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][2 pkts/139 bytes <-> 2 pkts/112 bytes][Goodput ratio: 19.3/0.0][0.03 sec] - 16 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/166 bytes][Goodput ratio: 43.0/73.1][0.04 sec][Host: katalk.kakao.com][PLAIN TEXT (katalk)] - 17 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/85 bytes <-> 1 pkts/144 bytes][Goodput ratio: 47.7/69.0][0.05 sec][Host: developers.facebook.com][PLAIN TEXT (developers)] - 18 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/80 bytes <-> 1 pkts/138 bytes][Goodput ratio: 44.4/67.6][0.04 sec][Host: graph.facebook.com][PLAIN TEXT (facebook)] - 19 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/130 bytes][Goodput ratio: 48.9/65.6][0.05 sec][Host: 2.97.252.173.in-addr.arpa][PLAIN TEXT (facebook)] - 20 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/136 bytes][Goodput ratio: 43.8/67.2][0.04 sec][Host: ac-talk.kakao.com] - 21 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/84 bytes <-> 1 pkts/130 bytes][Goodput ratio: 47.1/65.6][0.04 sec][Host: booking.loco.kakao.com][PLAIN TEXT (booking)] - 22 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/82 bytes <-> 1 pkts/126 bytes][Goodput ratio: 45.8/64.6][0.04 sec][Host: up-gp.talk.kakao.com] - 23 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.13 sec][Host: up-p.talk.kakao.com] - 24 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.13 sec][Host: up-v.talk.kakao.com] - 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.04 sec][Host: up-m.talk.kakao.com] - 26 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.03 sec][Host: up-a.talk.kakao.com] - 27 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.13 sec][Host: up-c.talk.kakao.com] - 28 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45.1/62.5][0.03 sec][Host: plus-talk.kakao.com] - 29 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45.1/62.5][0.04 sec][Host: plus-talk.kakao.com] - 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/118 bytes][Goodput ratio: 43.0/62.2][0.05 sec][Host: api.facebook.com][PLAIN TEXT (facebook)] - 31 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 41.6/60.9][0.08 sec][Host: auth.kakao.com] - 32 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 41.6/60.9][0.03 sec][Host: item.kakao.com] + 16 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/166 bytes][Goodput ratio: 43.0/73.1][0.04 sec][Host: katalk.kakao.com][110.76.142.34][PLAIN TEXT (katalk)] + 17 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/85 bytes <-> 1 pkts/144 bytes][Goodput ratio: 47.7/69.0][0.05 sec][Host: developers.facebook.com][31.13.68.84][PLAIN TEXT (developers)] + 18 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/80 bytes <-> 1 pkts/138 bytes][Goodput ratio: 44.4/67.6][0.04 sec][Host: graph.facebook.com][31.13.68.70][PLAIN TEXT (facebook)] + 19 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/130 bytes][Goodput ratio: 48.9/65.6][0.05 sec][Host: 2.97.252.173.in-addr.arpa][::][PLAIN TEXT (facebook)] + 20 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/136 bytes][Goodput ratio: 43.8/67.2][0.04 sec][Host: ac-talk.kakao.com][110.76.141.112] + 21 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/84 bytes <-> 1 pkts/130 bytes][Goodput ratio: 47.1/65.6][0.04 sec][Host: booking.loco.kakao.com][110.76.142.125][PLAIN TEXT (booking)] + 22 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/82 bytes <-> 1 pkts/126 bytes][Goodput ratio: 45.8/64.6][0.04 sec][Host: up-gp.talk.kakao.com][110.76.141.26] + 23 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.13 sec][Host: up-p.talk.kakao.com][210.103.240.16] + 24 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.13 sec][Host: up-v.talk.kakao.com][210.103.240.16] + 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.04 sec][Host: up-m.talk.kakao.com][210.103.240.16] + 26 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.03 sec][Host: up-a.talk.kakao.com][210.103.240.16] + 27 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45.1/64.0][0.13 sec][Host: up-c.talk.kakao.com][110.76.141.85] + 28 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45.1/62.5][0.03 sec][Host: plus-talk.kakao.com][210.103.240.15] + 29 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45.1/62.5][0.04 sec][Host: plus-talk.kakao.com][210.103.240.15] + 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/118 bytes][Goodput ratio: 43.0/62.2][0.05 sec][Host: api.facebook.com][31.13.68.84][PLAIN TEXT (facebook)] + 31 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 41.6/60.9][0.08 sec][Host: auth.kakao.com][210.103.240.15] + 32 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 41.6/60.9][0.03 sec][Host: item.kakao.com][210.103.240.15] 33 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][cat: Web/5][2 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 24.7/0.0][41.33 sec] - 34 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 45.1/54.1][0.04 sec][Host: dn-l.talk.kakao.com] + 34 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 45.1/54.1][0.04 sec][Host: dn-l.talk.kakao.com][110.76.141.86] 35 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58.2/0.0][< 1 sec] 36 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][cat: Network/14][1 pkts/147 bytes -> 0 pkts/0 bytes][Goodput ratio: 69.6/0.0][< 1 sec] 37 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes][Goodput ratio: 32.1/0.0][< 1 sec] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 748a1b62a..daccfdf6e 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -26,7 +26,7 @@ JA3 Host Stats: 11 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][cat: Web/5][2 pkts/225 bytes <-> 2 pkts/171 bytes][Goodput ratio: 39.4/20.3][0.46 sec][PLAIN TEXT (xiaomi.com)] 12 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][cat: Web/5][5 pkts/350 bytes -> 0 pkts/0 bytes][Goodput ratio: 2.8/0.0][11.12 sec] 13 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][cat: Web/5][3 pkts/168 bytes <-> 2 pkts/112 bytes][Goodput ratio: 0.0/0.0][0.48 sec] - 14 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/79 bytes <-> 1 pkts/118 bytes][Goodput ratio: 43.8/62.2][0.20 sec][Host: mqtt.facebook.com][PLAIN TEXT (facebook)] + 14 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/79 bytes <-> 1 pkts/118 bytes][Goodput ratio: 43.8/62.2][0.20 sec][Host: mqtt.facebook.com][173.252.97.2][PLAIN TEXT (facebook)] 15 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58.2/0.0][< 1 sec] 16 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][2 pkts/124 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] 17 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes][Goodput ratio: 32.1/0.0][< 1 sec] diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 5e3702ed3..5489323be 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -48,36 +48,36 @@ JA3 Host Stats: 25 UDP 10.0.0.149:51382 -> 10.0.0.227:57547 [proto: 12/SSDP][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92.3/0.0][< 1 sec][PLAIN TEXT (HTTP/1.1 200 OK)] 26 UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 84.5/0.0][12.10 sec][_companion-link._tcp.local][PLAIN TEXT (companion)] 27 TCP 10.0.0.227:56879 <-> 52.10.115.210:443 [proto: 91.178/TLS.Amazon][cat: Web/5][4 pkts/342 bytes <-> 2 pkts/202 bytes][Goodput ratio: 22.7/34.5][0.61 sec][bytes ratio: 0.257 (Upload)][IAT c2s/s2c min/avg/max/stddev: 33/574 203.0/574.0 541/574 239.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/101 85.5/101.0 105/101 19.5/0.0] - 28 UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][cat: Cloud/13][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 53.8/86.7][0.02 sec][Host: 1-courier.sandbox.push.apple.com][PLAIN TEXT (courier)] + 28 UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][cat: Cloud/13][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 53.8/86.7][0.02 sec][Host: 1-courier.sandbox.push.apple.com][17.188.138.71][PLAIN TEXT (courier)] 29 TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][cat: Web/5][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0.0/0.0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.0 0/0 0.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66.0/66.0 66/66 0.0/0.0] 30 TCP 10.0.0.227:56916 -> 10.0.0.151:8009 [proto: 139/AJP][cat: Web/5][5 pkts/390 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][5.03 sec] 31 TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 238.140/ApplePush.Apple][cat: Cloud/13][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0.0/28.5][0.02 sec] 32 UDP 10.0.0.151:1900 -> 10.0.0.227:61328 [proto: 12/SSDP][cat: System/18][1 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 87.9/0.0][< 1 sec][PLAIN TEXT (HTTP/1.1 200 OK)] 33 TCP 10.0.0.227:56910 <-> 35.201.124.9:443 [proto: 91/TLS][cat: Web/5][2 pkts/170 bytes <-> 2 pkts/164 bytes][Goodput ratio: 22.2/19.4][0.05 sec] - 34 UDP 10.0.0.227:62427 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/242 bytes][Goodput ratio: 49.4/82.3][0.02 sec][Host: detectportal.firefox.com][PLAIN TEXT (detectportal)] - 35 UDP 10.0.0.227:58074 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/230 bytes][Goodput ratio: 43.4/81.4][0.01 sec][Host: www.outlook.com][PLAIN TEXT (outlook)] - 36 UDP 10.0.0.227:60341 <-> 75.75.75.75:53 [proto: 5.140/DNS.Apple][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/224 bytes][Goodput ratio: 41.9/80.9][0.01 sec][Host: www.apple.com][PLAIN TEXT (edgekey)] - 37 UDP 10.0.0.227:64193 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][cat: Cloud/13][1 pkts/85 bytes <-> 1 pkts/192 bytes][Goodput ratio: 50.0/77.7][0.02 sec][Host: 24-courier.push.apple.com][PLAIN TEXT (courier)] - 38 UDP 10.0.0.227:51060 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][cat: Cloud/13][1 pkts/84 bytes <-> 1 pkts/190 bytes][Goodput ratio: 49.4/77.5][0.02 sec][Host: 1-courier.push.apple.com][PLAIN TEXT (courier)] - 39 UDP 10.0.0.227:52879 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54.3/75.4][0.02 sec][Host: vcacrashplan01.hq.corp.viasat.com][PLAIN TEXT (cacrashplan)] - 40 UDP 10.0.0.227:57261 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54.3/75.4][0.02 sec][Host: vcacrashplan01.hq.corp.viasat.com][PLAIN TEXT (cacrashplan)] - 41 UDP 10.0.0.227:61387 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/163 bytes][Goodput ratio: 48.2/73.8][0.03 sec][Host: vco.pandion.viasat.com][PLAIN TEXT (pandion)] - 42 UDP 10.0.0.227:62322 <-> 75.75.76.76:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/163 bytes][Goodput ratio: 48.2/73.8][0.05 sec][Host: vco.pandion.viasat.com][PLAIN TEXT (pandion)] - 43 UDP 10.0.0.227:57017 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/145 bytes][Goodput ratio: 54.3/70.5][0.02 sec][Host: lp-rkerur-osx.hsd1.ca.comcast.net][PLAIN TEXT (RKERUR)] - 44 UDP 10.0.0.227:59222 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/145 bytes][Goodput ratio: 54.3/70.5][0.02 sec][Host: lp-rkerur-osx.hsd1.ca.comcast.net][PLAIN TEXT (RKERUR)] - 45 UDP 10.0.0.227:54851 <-> 75.75.76.76:53 [proto: 5/DNS][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/157 bytes][Goodput ratio: 44.2/72.8][0.05 sec][Host: print.viasat.com][PLAIN TEXT (viasat)] + 34 UDP 10.0.0.227:62427 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/242 bytes][Goodput ratio: 49.4/82.3][0.02 sec][Host: detectportal.firefox.com][184.25.56.82][PLAIN TEXT (detectportal)] + 35 UDP 10.0.0.227:58074 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/230 bytes][Goodput ratio: 43.4/81.4][0.01 sec][Host: www.outlook.com][40.97.222.34][PLAIN TEXT (outlook)] + 36 UDP 10.0.0.227:60341 <-> 75.75.75.75:53 [proto: 5.140/DNS.Apple][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/224 bytes][Goodput ratio: 41.9/80.9][0.01 sec][Host: www.apple.com][184.27.115.161][PLAIN TEXT (edgekey)] + 37 UDP 10.0.0.227:64193 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][cat: Cloud/13][1 pkts/85 bytes <-> 1 pkts/192 bytes][Goodput ratio: 50.0/77.7][0.02 sec][Host: 24-courier.push.apple.com][17.57.144.20][PLAIN TEXT (courier)] + 38 UDP 10.0.0.227:51060 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][cat: Cloud/13][1 pkts/84 bytes <-> 1 pkts/190 bytes][Goodput ratio: 49.4/77.5][0.02 sec][Host: 1-courier.push.apple.com][17.57.144.116][PLAIN TEXT (courier)] + 39 UDP 10.0.0.227:52879 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54.3/75.4][0.02 sec][Host: vcacrashplan01.hq.corp.viasat.com][::][PLAIN TEXT (cacrashplan)] + 40 UDP 10.0.0.227:57261 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54.3/75.4][0.02 sec][Host: vcacrashplan01.hq.corp.viasat.com][::][PLAIN TEXT (cacrashplan)] + 41 UDP 10.0.0.227:61387 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/163 bytes][Goodput ratio: 48.2/73.8][0.03 sec][Host: vco.pandion.viasat.com][::][PLAIN TEXT (pandion)] + 42 UDP 10.0.0.227:62322 <-> 75.75.76.76:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/163 bytes][Goodput ratio: 48.2/73.8][0.05 sec][Host: vco.pandion.viasat.com][::][PLAIN TEXT (pandion)] + 43 UDP 10.0.0.227:57017 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/145 bytes][Goodput ratio: 54.3/70.5][0.02 sec][Host: lp-rkerur-osx.hsd1.ca.comcast.net][::][PLAIN TEXT (RKERUR)] + 44 UDP 10.0.0.227:59222 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/145 bytes][Goodput ratio: 54.3/70.5][0.02 sec][Host: lp-rkerur-osx.hsd1.ca.comcast.net][::][PLAIN TEXT (RKERUR)] + 45 UDP 10.0.0.227:54851 <-> 75.75.76.76:53 [proto: 5/DNS][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/157 bytes][Goodput ratio: 44.2/72.8][0.05 sec][Host: print.viasat.com][::][PLAIN TEXT (viasat)] 46 UDP 10.0.0.227:61328 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 80.2/0.0][< 1 sec][PLAIN TEXT (SEARCH )] - 47 UDP 10.0.0.227:63107 <-> 75.75.76.76:53 [proto: 5/DNS][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 34.8/69.5][0.03 sec][Host: local][PLAIN TEXT (servers)] - 48 UDP 10.0.0.227:64972 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/101 bytes][Goodput ratio: 57.8/57.8][0.02 sec][Host: lb._dns-sd._udp.0.128.28.172.in-addr.arpa] + 47 UDP 10.0.0.227:63107 <-> 75.75.76.76:53 [proto: 5/DNS][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 34.8/69.5][0.03 sec][Host: local][::][PLAIN TEXT (servers)] + 48 UDP 10.0.0.227:64972 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/101 bytes][Goodput ratio: 57.8/57.8][0.02 sec][Host: lb._dns-sd._udp.0.128.28.172.in-addr.arpa][::] 49 TCP 10.0.0.227:56865 <-> 10.0.0.149:8008 [proto: 161/CiscoVPN][cat: VPN/2][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.00 sec] 50 TCP 10.0.0.227:56885 <-> 184.25.56.53:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.02 sec] - 51 UDP 10.0.0.227:61613 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/97 bytes][Goodput ratio: 56.1/56.1][0.02 sec][Host: lb._dns-sd._udp.0.0.0.10.in-addr.arpa] - 52 UDP 10.0.0.227:49781 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/117 bytes][Goodput ratio: 38.6/63.6][0.02 sec][Host: apple.com] - 53 UDP 10.0.0.227:52879 <-> 75.75.76.76:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.04 sec][Host: vco.pandion.viasat.com][PLAIN TEXT (pandion)] + 51 UDP 10.0.0.227:61613 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/97 bytes][Goodput ratio: 56.1/56.1][0.02 sec][Host: lb._dns-sd._udp.0.0.0.10.in-addr.arpa][::] + 52 UDP 10.0.0.227:49781 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/117 bytes][Goodput ratio: 38.6/63.6][0.02 sec][Host: apple.com][17.178.96.59] + 53 UDP 10.0.0.227:52879 <-> 75.75.76.76:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.04 sec][Host: vco.pandion.viasat.com][8.37.102.91][PLAIN TEXT (pandion)] 54 0 [fe80::408:3e45:3abc:1552]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][1.02 sec] - 55 UDP 10.0.0.227:51990 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/91 bytes][Goodput ratio: 43.4/53.3][0.04 sec][Host: mail.viasat.com][PLAIN TEXT (viasat)] - 56 UDP 10.0.0.227:57253 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40.3/51.1][0.02 sec][Host: mozilla.org][PLAIN TEXT (mozilla)] - 57 UDP 10.0.0.227:58155 <-> 75.75.76.76:53 [proto: 5.118/DNS.Slack][cat: Collaborative/15][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 38.6/50.0][0.03 sec][Host: slack.com] + 55 UDP 10.0.0.227:51990 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/91 bytes][Goodput ratio: 43.4/53.3][0.04 sec][Host: mail.viasat.com][8.37.103.196][PLAIN TEXT (viasat)] + 56 UDP 10.0.0.227:57253 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40.3/51.1][0.02 sec][Host: mozilla.org][63.245.208.195][PLAIN TEXT (mozilla)] + 57 UDP 10.0.0.227:58155 <-> 75.75.76.76:53 [proto: 5.118/DNS.Slack][cat: Collaborative/15][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 38.6/50.0][0.03 sec][Host: slack.com][99.86.34.156] 58 TCP 10.0.0.227:56874 <-> 74.125.197.188:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.04 sec] 59 IGMP 10.0.0.213:0 -> 224.0.0.2:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][13.31 sec] 60 IGMP 10.0.0.213:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][13.31 sec] diff --git a/tests/result/capwap.pcap.out b/tests/result/capwap.pcap.out index 514fed7ef..a9f97a64c 100644 --- a/tests/result/capwap.pcap.out +++ b/tests/result/capwap.pcap.out @@ -4,5 +4,5 @@ CAPWAP 395 98343 4 1 UDP 192.168.10.9:5246 <-> 192.168.10.10:12380 [proto: 247/CAPWAP][cat: Network/14][106 pkts/26144 bytes <-> 111 pkts/37530 bytes][Goodput ratio: 83.0/87.6][169.10 sec][bytes ratio: -0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1420.8/1619.1 21349/21721 3881.1/4474.6][Pkt Len c2s/s2c min/avg/max/stddev: 106/115 246.6/338.1 1499/1499 292.0/381.5][PLAIN TEXT (Cisco Systems)] 2 UDP 192.168.10.10:12380 <-> 192.168.10.9:5247 [proto: 247/CAPWAP][cat: Network/14][170 pkts/33465 bytes <-> 3 pkts/437 bytes][Goodput ratio: 78.7/71.0][157.99 sec][bytes ratio: 0.974 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 964.3/0.0 3999/0 858.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 93/125 196.9/145.7 470/168 78.3/17.6] 3 UDP 192.168.10.10:12380 -> 255.255.255.255:5246 [proto: 247/CAPWAP][cat: Network/14][4 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 74.4/0.0][130.41 sec][PLAIN TEXT (838.61f)] - 4 UDP 192.168.10.10:49259 -> 255.255.255.255:53 [proto: 5/DNS][cat: Network/14][2 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 49.1/0.0][3.00 sec][Host: cisco-capwap-controller][PLAIN TEXT (CAPWAP)] + 4 UDP 192.168.10.10:49259 -> 255.255.255.255:53 [proto: 5/DNS][cat: Network/14][2 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 49.1/0.0][3.00 sec][Host: cisco-capwap-controller][::][PLAIN TEXT (CAPWAP)] 5 UDP 192.168.10.9:5246 -> 192.168.10.10:12379 [proto: 247/CAPWAP][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 60.2/0.0][< 1 sec] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 2ff3a6b30..adb4fa2c5 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -6,11 +6,11 @@ Dropbox 848 90532 15 4 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes][Goodput ratio: 69.8/32.4][11.20 sec][bytes ratio: 0.383 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 112.3/112.7 151/147 9.6/9.4][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139.1/62.1 143/66 2.3/2.3][PLAIN TEXT (messageType)] 5 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes][Goodput ratio: 82.2/0.0][13.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2621.4/0.0 13107/0 5242.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 237/0 237.0/0.0 237/0 0.0/0.0][PLAIN TEXT ( 274363570036934823360341409051)] 6 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes][Goodput ratio: 82.2/0.0][13.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2621.4/0.0 13107/0 5242.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 237/0 237.0/0.0 237/0 0.0/0.0][PLAIN TEXT ( 274363570036934823360341409051)] - 7 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Goodput ratio: 46.0/84.3][0.04 sec][Host: log.getdropbox.com][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.0 0/0 0.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/194 78.0/269.5 78/345 0.0/75.5][PLAIN TEXT (getdropbox)] - 8 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/666 bytes][Goodput ratio: 45.9/87.3][0.12 sec][Host: client.dropbox.com][PLAIN TEXT (client)] - 9 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/146 bytes <-> 2 pkts/646 bytes][Goodput ratio: 42.2/86.9][0.17 sec][Host: d.dropbox.com][PLAIN TEXT (dropbox)] - 10 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/162 bytes <-> 2 pkts/612 bytes][Goodput ratio: 47.9/86.1][0.18 sec][Host: client-cf.dropbox.com][PLAIN TEXT (client)] - 11 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/588 bytes][Goodput ratio: 45.9/85.6][0.03 sec][Host: notify.dropbox.com][PLAIN TEXT (notify)] + 7 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Goodput ratio: 46.0/84.3][0.04 sec][Host: log.getdropbox.com][::][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.0 0/0 0.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/194 78.0/269.5 78/345 0.0/75.5][PLAIN TEXT (getdropbox)] + 8 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/666 bytes][Goodput ratio: 45.9/87.3][0.12 sec][Host: client.dropbox.com][108.160.172.204][PLAIN TEXT (client)] + 9 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/146 bytes <-> 2 pkts/646 bytes][Goodput ratio: 42.2/86.9][0.17 sec][Host: d.dropbox.com][108.160.172.225][PLAIN TEXT (dropbox)] + 10 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/162 bytes <-> 2 pkts/612 bytes][Goodput ratio: 47.9/86.1][0.18 sec][Host: client-cf.dropbox.com][54.240.174.31][PLAIN TEXT (client)] + 11 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/588 bytes][Goodput ratio: 45.9/85.6][0.03 sec][Host: notify.dropbox.com][162.125.17.131][PLAIN TEXT (notify)] 12 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/630 bytes -> 0 pkts/0 bytes][Goodput ratio: 79.9/0.0][60.01 sec][PLAIN TEXT (version)] 13 UDP 192.168.1.6:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/630 bytes -> 0 pkts/0 bytes][Goodput ratio: 79.9/0.0][60.01 sec][PLAIN TEXT (version)] 14 UDP 192.168.1.64:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/615 bytes -> 0 pkts/0 bytes][Goodput ratio: 79.4/0.0][31.34 sec][PLAIN TEXT (namespaces)] diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index f42f38f49..9ca4b5ad5 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -38,17 +38,17 @@ JA3 Host Stats: 24 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][Goodput ratio: 61.9/49.6][0.80 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 93.7/79.8 183/182 81.8/80.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175.9/133.0 530/231 154.8/70.1][TLSv1][Client: telegraph-ash.instagram.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA3S: acb741bcdffb787c5a52654c78645bdf][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] 25 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/580 bytes -> 0 pkts/0 bytes][Goodput ratio: 70.9/0.0][0.01 sec][PLAIN TEXT ( 413767116)] 26 ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][cat: Network/14][5 pkts/510 bytes -> 0 pkts/0 bytes][Goodput ratio: 58.7/0.0][2.67 sec] - 27 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/305 bytes][Goodput ratio: 52.2/85.9][0.05 sec][Host: igcdn-photos-h-a.akamaihd.net][PLAIN TEXT (photos)] + 27 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/305 bytes][Goodput ratio: 52.2/85.9][0.05 sec][Host: igcdn-photos-h-a.akamaihd.net][46.33.70.174][PLAIN TEXT (photos)] 28 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/324 bytes -> 0 pkts/0 bytes][Goodput ratio: 79.4/0.0][< 1 sec][Host: photos-a.ak.instagram.com][URL: photos-a.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11248829_853782121373976_909936934_n.jpg?se=7][StatusCode: 0][ContentType: ][UserAgent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)] 29 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/321 bytes -> 0 pkts/0 bytes][Goodput ratio: 79.2/0.0][< 1 sec][Host: photos-g.ak.instagram.com][URL: photos-g.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11379284_1651416798408214_1525641466_n.jpg][StatusCode: 0][ContentType: ][UserAgent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)] - 30 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Goodput ratio: 52.2/79.5][0.05 sec][Host: igcdn-photos-g-a.akamaihd.net][PLAIN TEXT (photos)] - 31 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Goodput ratio: 52.2/79.5][0.05 sec][Host: igcdn-photos-a-a.akamaihd.net][PLAIN TEXT (photos)] + 30 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Goodput ratio: 52.2/79.5][0.05 sec][Host: igcdn-photos-g-a.akamaihd.net][46.33.70.136][PLAIN TEXT (photos)] + 31 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Goodput ratio: 52.2/79.5][0.05 sec][Host: igcdn-photos-a-a.akamaihd.net][82.85.26.154][PLAIN TEXT (photos)] 32 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.02 sec] 33 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.04 sec] 34 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/TLS][cat: Web/5][2 pkts/169 bytes -> 0 pkts/0 bytes][Goodput ratio: 21.8/0.0][< 1 sec] 35 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][cat: Cloud/13][1 pkts/145 bytes -> 0 pkts/0 bytes][Goodput ratio: 70.5/0.0][< 1 sec][PLAIN TEXT ( 413767116)] 36 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][< 1 sec] - 37 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/85 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.0/0.0][< 1 sec][Host: photos-b.ak.instagram.com][PLAIN TEXT (photos)] + 37 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/85 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.0/0.0][< 1 sec][Host: photos-b.ak.instagram.com][::][PLAIN TEXT (photos)] Undetected flows: diff --git a/tests/result/malware.pcap.out b/tests/result/malware.pcap.out index 75e07b530..12c2ddca6 100644 --- a/tests/result/malware.pcap.out +++ b/tests/result/malware.pcap.out @@ -10,6 +10,6 @@ JA3 Host Stats: 1 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91.225/TLS.OpenDNS][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][Goodput ratio: 52.6/91.2][0.64 sec][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71.1/74.8 240/249 99.0/103.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.4/651.1 571/1514 148.2/644.4][TLSv1.2][Client: www.internetbadguys.com][JA3C: f6ce47303dce394049af395fc6d0bc20][ServerNames: api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Organization: OpenDNS, Inc.][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 2 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.225/HTTP.OpenDNS][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Goodput ratio: 85.7/44.4][0.21 sec][Host: www.internetbadguys.com][URL: www.internetbadguys.com/][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0][PLAIN TEXT (GET / HTTP/1.1)] - 3 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Goodput ratio: 59.8/61.3][0.02 sec][Host: www.internetbadguys.com][PLAIN TEXT (internetbadguys)] + 3 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Goodput ratio: 59.8/61.3][0.02 sec][Host: www.internetbadguys.com][67.215.92.210][PLAIN TEXT (internetbadguys)] 4 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 56.6/0.0][< 1 sec] 5 TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] diff --git a/tests/result/nest_log_sink.pcap.out b/tests/result/nest_log_sink.pcap.out index 5db8503ec..dbecb758e 100644 --- a/tests/result/nest_log_sink.pcap.out +++ b/tests/result/nest_log_sink.pcap.out @@ -15,4 +15,4 @@ Google 302 72365 7 11 TCP 192.168.242.15:63344 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][11 pkts/2565 bytes <-> 10 pkts/1389 bytes][Goodput ratio: 75.6/60.8][5.29 sec][bytes ratio: 0.297 (Upload)][IAT c2s/s2c min/avg/max/stddev: 61/0 640.5/729.1 2711/3410 865.2/1201.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 233.2/138.9 584/732 216.6/199.2][PLAIN TEXT (05CA02AC4414028)] 12 TCP 192.168.242.15:63347 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][10 pkts/1983 bytes <-> 10 pkts/1390 bytes][Goodput ratio: 71.2/60.8][2.81 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 63/0 341.6/348.9 1182/1489 362.6/517.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 198.3/139.0 586/733 195.5/199.5][PLAIN TEXT (05CA02AC4414028)] 13 TCP 192.168.242.15:63353 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][10 pkts/1983 bytes <-> 10 pkts/1389 bytes][Goodput ratio: 71.2/60.8][2.65 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 70/0 321.0/347.6 1162/1502 365.5/527.2][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 198.3/138.9 586/732 195.5/199.2][PLAIN TEXT (05CA02AC4414028)] - 14 UDP 192.168.242.15:52849 <-> 192.168.242.1:53 [proto: 5/DNS][cat: Network/14][8 pkts/713 bytes <-> 7 pkts/899 bytes][Goodput ratio: 52.8/67.2][3600.37 sec][Host: weave-logsink.nest.com][bytes ratio: -0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 22/4311 596403.3/515880.4 1795476/1795277 670695.5/701384.1][Pkt Len c2s/s2c min/avg/max/stddev: 82/98 89.1/128.4 101/169 9.2/35.1][PLAIN TEXT (logsink)] + 14 UDP 192.168.242.15:52849 <-> 192.168.242.1:53 [proto: 5/DNS][cat: Network/14][8 pkts/713 bytes <-> 7 pkts/899 bytes][Goodput ratio: 52.8/67.2][3600.37 sec][Host: weave-logsink.nest.com][35.188.154.186][bytes ratio: -0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 22/4311 596403.3/515880.4 1795476/1795277 670695.5/701384.1][Pkt Len c2s/s2c min/avg/max/stddev: 82/98 89.1/128.4 101/169 9.2/35.1][PLAIN TEXT (logsink)] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index 9cbfbe81b..6ec0e4cfc 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -56,17 +56,17 @@ JA3 Host Stats: 45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][Goodput ratio: 76.2/81.0][0.21 sec][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26.1/20.2 92/54 34.4/21.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283.0/354.9 1450/1066 419.0/412.7][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][Goodput ratio: 38.8/68.9][30.71 sec][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3064.5/6120.4 30486/30536 9140.5/12207.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 107.8/215.4 309/989 83.5/296.5][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/2648 bytes -> 0 pkts/0 bytes][Goodput ratio: 74.6/0.0][79.13 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 105/0 4588.2/0.0 14907/0 6546.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 164/0 165.5/0.0 167/0 1.5/0.0][PLAIN TEXT (SEARCH )] - 48 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Goodput ratio: 47.2/86.9][0.02 sec][Host: ios.nccp.netflix.com][PLAIN TEXT (netflix)] - 49 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Goodput ratio: 47.2/86.9][0.04 sec][Host: ios.nccp.netflix.com][PLAIN TEXT (netflix)] - 50 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/80 bytes <-> 1 pkts/371 bytes][Goodput ratio: 46.9/88.4][0.04 sec][Host: ios.nccp.netflix.com][PLAIN TEXT (netflix)] - 51 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/83 bytes <-> 1 pkts/248 bytes][Goodput ratio: 48.8/82.7][0.02 sec][Host: ichnaea.geo.netflix.com][PLAIN TEXT (ichnaea)] - 52 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/97 bytes <-> 1 pkts/225 bytes][Goodput ratio: 56.1/81.0][0.02 sec][Host: api-global.latency.prodaa.netflix.com][PLAIN TEXT (global)] - 53 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/97 bytes <-> 1 pkts/225 bytes][Goodput ratio: 56.1/81.0][0.03 sec][Host: api-global.latency.prodaa.netflix.com][PLAIN TEXT (global)] - 54 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/96 bytes <-> 1 pkts/224 bytes][Goodput ratio: 55.7/80.9][0.00 sec][Host: ichnaea.us-west-2.prodaa.netflix.com][PLAIN TEXT (ichnaea)] - 55 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/79 bytes <-> 1 pkts/192 bytes][Goodput ratio: 46.3/77.7][0.02 sec][Host: appboot.netflix.com][PLAIN TEXT (appboot)] - 56 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/84 bytes <-> 1 pkts/148 bytes][Goodput ratio: 49.4/71.1][0.01 sec][Host: artwork.akam.nflximg.net][PLAIN TEXT (artwork)] - 57 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/85 bytes <-> 1 pkts/137 bytes][Goodput ratio: 50.0/68.8][0.02 sec][Host: sha2.san.akam.nflximg.net][PLAIN TEXT (akamaiedge)] - 58 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/113 bytes][Goodput ratio: 47.6/62.3][0.02 sec][Host: a1907.dscg.akamai.net][PLAIN TEXT (akamai)] - 59 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/112 bytes][Goodput ratio: 46.9/61.9][0.02 sec][Host: a803.dscg.akamai.net][PLAIN TEXT (akamai)] + 48 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Goodput ratio: 47.2/86.9][0.02 sec][Host: ios.nccp.netflix.com][54.191.17.51][PLAIN TEXT (netflix)] + 49 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Goodput ratio: 47.2/86.9][0.04 sec][Host: ios.nccp.netflix.com][52.32.22.214][PLAIN TEXT (netflix)] + 50 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/80 bytes <-> 1 pkts/371 bytes][Goodput ratio: 46.9/88.4][0.04 sec][Host: ios.nccp.netflix.com][2620:108:700f::3428:72a3][PLAIN TEXT (netflix)] + 51 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/83 bytes <-> 1 pkts/248 bytes][Goodput ratio: 48.8/82.7][0.02 sec][Host: ichnaea.geo.netflix.com][52.37.36.252][PLAIN TEXT (ichnaea)] + 52 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/97 bytes <-> 1 pkts/225 bytes][Goodput ratio: 56.1/81.0][0.02 sec][Host: api-global.latency.prodaa.netflix.com][52.89.39.139][PLAIN TEXT (global)] + 53 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/97 bytes <-> 1 pkts/225 bytes][Goodput ratio: 56.1/81.0][0.03 sec][Host: api-global.latency.prodaa.netflix.com][52.41.30.5][PLAIN TEXT (global)] + 54 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/96 bytes <-> 1 pkts/224 bytes][Goodput ratio: 55.7/80.9][0.00 sec][Host: ichnaea.us-west-2.prodaa.netflix.com][54.69.204.241][PLAIN TEXT (ichnaea)] + 55 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/79 bytes <-> 1 pkts/192 bytes][Goodput ratio: 46.3/77.7][0.02 sec][Host: appboot.netflix.com][54.201.191.132][PLAIN TEXT (appboot)] + 56 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/84 bytes <-> 1 pkts/148 bytes][Goodput ratio: 49.4/71.1][0.01 sec][Host: artwork.akam.nflximg.net][184.25.204.25][PLAIN TEXT (artwork)] + 57 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/85 bytes <-> 1 pkts/137 bytes][Goodput ratio: 50.0/68.8][0.02 sec][Host: sha2.san.akam.nflximg.net][104.86.97.179][PLAIN TEXT (akamaiedge)] + 58 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/113 bytes][Goodput ratio: 47.6/62.3][0.02 sec][Host: a1907.dscg.akamai.net][184.25.204.10][PLAIN TEXT (akamai)] + 59 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/112 bytes][Goodput ratio: 46.9/61.9][0.02 sec][Host: a803.dscg.akamai.net][184.25.204.24][PLAIN TEXT (akamai)] 60 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/TLS.Amazon][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][14.20 sec] 61 IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index c1751d1a2..0c6965dff 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -17,12 +17,12 @@ JA3 Host Stats: 8 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][cat: Game/8][8 pkts/1024 bytes <-> 8 pkts/1024 bytes][Goodput ratio: 67.1/67.1][1.28 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/58 118.7/111.0 274/242 88.6/65.3][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 128.0/128.0 198/198 40.7/40.7] 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes][Goodput ratio: 67.6/68.0][1.15 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/17 107.5/127.0 288/286 108.6/89.8][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 130.0/131.7 198/198 39.8/42.3] 10 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][21 pkts/1470 bytes -> 0 pkts/0 bytes][Goodput ratio: 40.0/0.0][0.73 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40.3/0.0 315/0 92.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70.0/0.0 70/0 0.0/0.0] - 11 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][4 pkts/368 bytes <-> 4 pkts/400 bytes][Goodput ratio: 54.2/57.9][0.01 sec][Host: g2df33d01-lp1.p.srv.nintendo.net][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 4.3/4.3 5/5 0.5/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 92/92 92.0/100.0 92/108 0.0/8.0][PLAIN TEXT (nintendo)] + 11 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][4 pkts/368 bytes <-> 4 pkts/400 bytes][Goodput ratio: 54.2/57.9][0.01 sec][Host: g2df33d01-lp1.p.srv.nintendo.net][52.10.205.177][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 4.3/4.3 5/5 0.5/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 92/92 92.0/100.0 92/108 0.0/8.0][PLAIN TEXT (nintendo)] 12 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/730 bytes -> 0 pkts/0 bytes][Goodput ratio: 94.1/0.0][< 1 sec] 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][9 pkts/630 bytes -> 0 pkts/0 bytes][Goodput ratio: 39.9/0.0][0.60 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 74.8/0.0 316/0 129.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70.0/0.0 70/0 0.0/0.0] 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27.5/27.5][0.06 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1.0/0.8 4/3 1.7/1.3][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58.0/58.0 58/58 0.0/0.0] - 15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61.3/84.8][0.03 sec][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][PLAIN TEXT (fb203858ebc)] - 16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61.3/84.8][< 1 sec][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][PLAIN TEXT (fb203858ebc)] + 15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61.3/84.8][0.03 sec][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.217][PLAIN TEXT (fb203858ebc)] + 16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61.3/84.8][< 1 sec][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.8][PLAIN TEXT (fb203858ebc)] 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173.178/Nintendo.Amazon][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes][Goodput ratio: 64.2/0.0][0.00 sec] 18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][cat: Web/5][3 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 60.2/0.0][0.00 sec][PLAIN TEXT (NATTestId)] 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/298 bytes -> 0 pkts/0 bytes][Goodput ratio: 85.6/0.0][< 1 sec] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index a88306f76..e79219909 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -22,14 +22,14 @@ JA3 Host Stats: 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Goodput ratio: 31.1/0.0][1.18 sec][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 196.7/0.0 503/0 209.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77.1/0.0 136/0 37.3/0.0][URL: api.eu01.capptain.com/ip-to-country][StatusCode: 0][ContentType: ][UserAgent: ][PLAIN TEXT (GET /ip)] 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Goodput ratio: 33.1/0.0][0.23 sec][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 45.8/0.0 101/0 38.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 79.8/0.0 211/0 58.7/0.0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][StatusCode: 0][ContentType: ][UserAgent: ][PLAIN TEXT (GET /xmpp)] 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][8.01 sec] - 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 62.8/0.0][< 1 sec][Host: xmpp.device06.eu01.capptain.com][PLAIN TEXT (device06)] - 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Goodput ratio: 60.3/0.0][< 1 sec][Host: android.clients.google.com][PLAIN TEXT (android)] - 14 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 59.2/0.0][< 1 sec][Host: settings.crashlytics.com][PLAIN TEXT (settings)] - 15 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 57.4/0.0][< 1 sec][Host: api.eu01.capptain.com][PLAIN TEXT (capptain)] - 16 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][cat: Web/5][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 56.1/0.0][< 1 sec][Host: play.googleapis.com][PLAIN TEXT (googleapis)] - 17 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/63 bytes -> 0 pkts/0 bytes][Goodput ratio: 54.7/0.0][< 1 sec][Host: ocu03.labgency.ws][PLAIN TEXT (labgency)] - 18 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/61 bytes -> 0 pkts/0 bytes][Goodput ratio: 53.2/0.0][< 1 sec][Host: ocs.labgency.ws][PLAIN TEXT (labgency)] - 19 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 49.1/0.0][< 1 sec][Host: www.ocs.fr] + 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 62.8/0.0][< 1 sec][Host: xmpp.device06.eu01.capptain.com][::][PLAIN TEXT (device06)] + 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Goodput ratio: 60.3/0.0][< 1 sec][Host: android.clients.google.com][::][PLAIN TEXT (android)] + 14 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 59.2/0.0][< 1 sec][Host: settings.crashlytics.com][::][PLAIN TEXT (settings)] + 15 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 57.4/0.0][< 1 sec][Host: api.eu01.capptain.com][::][PLAIN TEXT (capptain)] + 16 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][cat: Web/5][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 56.1/0.0][< 1 sec][Host: play.googleapis.com][::][PLAIN TEXT (googleapis)] + 17 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/63 bytes -> 0 pkts/0 bytes][Goodput ratio: 54.7/0.0][< 1 sec][Host: ocu03.labgency.ws][::][PLAIN TEXT (labgency)] + 18 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/61 bytes -> 0 pkts/0 bytes][Goodput ratio: 53.2/0.0][< 1 sec][Host: ocs.labgency.ws][::][PLAIN TEXT (labgency)] + 19 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 49.1/0.0][< 1 sec][Host: www.ocs.fr][::] Undetected flows: diff --git a/tests/result/signal.pcap.out b/tests/result/signal.pcap.out index a6a86150a..af67b040c 100644 --- a/tests/result/signal.pcap.out +++ b/tests/result/signal.pcap.out @@ -27,6 +27,6 @@ JA3 Host Stats: 14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][cat: Web/5][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 11.7/13.3][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158.5/4.0 347/16 156.8/6.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68.0/78.5 90/105 16.1/14.7] 15 TCP 192.168.2.17:56996 <-> 17.248.146.144:443 [proto: 91.140/TLS.Apple][cat: Web/5][4 pkts/341 bytes <-> 4 pkts/264 bytes][Goodput ratio: 22.5/0.0][0.03 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/0 8.3/0.0 25/0 11.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.2/66.0 112/66 20.0/0.0] 16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][cat: Web/5][5 pkts/317 bytes <-> 3 pkts/221 bytes][Goodput ratio: 7.2/10.4][0.03 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6.0/0.0 24/0 10.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63.4/73.7 89/89 13.6/10.8] - 17 UDP 192.168.2.17:56263 <-> 192.168.2.1:53 [proto: 5.39/DNS.Signal][cat: Chat/9][1 pkts/97 bytes <-> 1 pkts/193 bytes][Goodput ratio: 56.1/77.8][0.03 sec][Host: textsecure-service.whispersystems.org][PLAIN TEXT (textsecure)] - 18 UDP 192.168.2.17:60793 <-> 192.168.2.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50.0/57.8][0.04 sec][Host: e673.dsce9.akamaiedge.net][PLAIN TEXT (akamaiedge)] + 17 UDP 192.168.2.17:56263 <-> 192.168.2.1:53 [proto: 5.39/DNS.Signal][cat: Chat/9][1 pkts/97 bytes <-> 1 pkts/193 bytes][Goodput ratio: 56.1/77.8][0.03 sec][Host: textsecure-service.whispersystems.org][54.175.47.110][PLAIN TEXT (textsecure)] + 18 UDP 192.168.2.17:60793 <-> 192.168.2.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50.0/57.8][0.04 sec][Host: e673.dsce9.akamaiedge.net][23.57.24.16][PLAIN TEXT (akamaiedge)] 19 ICMP 192.168.2.17:0 -> 192.168.2.1:0 [proto: 81/ICMP][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39.4/0.0][< 1 sec] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index b3cf38b53..f8fc50da8 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -83,49 +83,49 @@ JA3 Host Stats: 64 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/828 bytes -> 0 pkts/0 bytes][Goodput ratio: 79.6/0.0][13.03 sec][PLAIN TEXT (afpovertc)] 65 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/417 bytes <-> 4 pkts/352 bytes][Goodput ratio: 16.5/31.7][5.54 sec][bytes ratio: 0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/63 1107.2/1825.3 3027/3063 1309.1/1279.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 69.5/88.0 123/166 25.5/45.1] 66 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][8 pkts/656 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.7/0.0][34.64 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 253/0 4948.1/0.0 31039/0 10655.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82.0/0.0 82/0 0.0/0.0] - 67 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 54.8/0.0][26.45 sec][Host: a.config.skype.trafficmanager.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4408.7/0.0 9094/0 3390.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93.0/0.0 93/0 0.0/0.0][PLAIN TEXT (config)] - 68 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 54.8/0.0][26.45 sec][Host: a.config.skype.trafficmanager.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4408.8/0.0 9094/0 3390.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93.0/0.0 93/0 0.0/0.0][PLAIN TEXT (config)] - 69 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][9 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 41.6/0.0][80.52 sec][Host: ui.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1001/0 10064.6/0.0 27100/0 10268.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 72.0/0.0 72/0 0.0/0.0] - 70 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.1/0.0][53.50 sec][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1098/0 7643.0/0.0 27099/0 8538.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81.0/0.0 81/0 0.0/0.0][PLAIN TEXT (akadns)] - 71 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.1/0.0][53.50 sec][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1098/0 7643.0/0.0 27099/0 8538.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81.0/0.0 81/0 0.0/0.0][PLAIN TEXT (akadns)] - 72 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.39 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1051/0 4397.5/0.0 9075/0 3396.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 73 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.33 sec][Host: 335.0.7.7.3.rst13.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1040/0 4388.0/0.0 9099/0 3402.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0] - 74 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.44 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1083/0 4405.8/0.0 9093/0 3395.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 75 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.33 sec][Host: 335.0.7.7.3.rst13.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1040/0 4388.0/0.0 9099/0 3402.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0] - 76 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.39 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1051/0 4397.5/0.0 9075/0 3396.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 77 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.44 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1083/0 4405.8/0.0 9093/0 3395.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 78 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.34 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1055/0 4389.0/0.0 9029/0 3377.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 79 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.34 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1055/0 4389.0/0.0 9029/0 3377.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 80 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.40 sec][Host: 335.0.7.7.3.rst6.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4399.0/0.0 9084/0 3382.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] - 81 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.25 sec][Host: 335.0.7.7.3.rst5.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4374.0/0.0 9080/0 3405.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] - 82 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.25 sec][Host: 335.0.7.7.3.rst5.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4373.8/0.0 9080/0 3405.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] - 83 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.40 sec][Host: 335.0.7.7.3.rst6.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4399.0/0.0 9084/0 3382.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] + 67 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 54.8/0.0][26.45 sec][Host: a.config.skype.trafficmanager.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4408.7/0.0 9094/0 3390.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93.0/0.0 93/0 0.0/0.0][PLAIN TEXT (config)] + 68 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 54.8/0.0][26.45 sec][Host: a.config.skype.trafficmanager.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4408.8/0.0 9094/0 3390.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93.0/0.0 93/0 0.0/0.0][PLAIN TEXT (config)] + 69 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][9 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 41.6/0.0][80.52 sec][Host: ui.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1001/0 10064.6/0.0 27100/0 10268.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 72.0/0.0 72/0 0.0/0.0] + 70 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.1/0.0][53.50 sec][Host: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1098/0 7643.0/0.0 27099/0 8538.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81.0/0.0 81/0 0.0/0.0][PLAIN TEXT (akadns)] + 71 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.1/0.0][53.50 sec][Host: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1098/0 7643.0/0.0 27099/0 8538.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81.0/0.0 81/0 0.0/0.0][PLAIN TEXT (akadns)] + 72 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.39 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1051/0 4397.5/0.0 9075/0 3396.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 73 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.33 sec][Host: 335.0.7.7.3.rst13.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1040/0 4388.0/0.0 9099/0 3402.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0] + 74 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.44 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1083/0 4405.8/0.0 9093/0 3395.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 75 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.33 sec][Host: 335.0.7.7.3.rst13.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1040/0 4388.0/0.0 9099/0 3402.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0] + 76 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.39 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1051/0 4397.5/0.0 9075/0 3396.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 77 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.44 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1083/0 4405.8/0.0 9093/0 3395.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 78 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.34 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1055/0 4389.0/0.0 9029/0 3377.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 79 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.34 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1055/0 4389.0/0.0 9029/0 3377.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 80 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.40 sec][Host: 335.0.7.7.3.rst6.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4399.0/0.0 9084/0 3382.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] + 81 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.25 sec][Host: 335.0.7.7.3.rst5.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4374.0/0.0 9080/0 3405.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] + 82 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.25 sec][Host: 335.0.7.7.3.rst5.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4373.8/0.0 9080/0 3405.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] + 83 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.40 sec][Host: 335.0.7.7.3.rst6.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4399.0/0.0 9084/0 3382.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] 84 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/TLS][cat: Web/5][8 pkts/608 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][11.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1001/0 1573.6/0.0 4002/0 1049.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 76.0/0.0 78/0 5.3/0.0] 85 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes][Goodput ratio: 1.4/2.0][8.32 sec][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/64 1662.8/2751.3 6736/6736 2591.0/2874.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 58.8/61.5 78/66 8.8/2.6] - 86 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.42 sec][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4403.0/0.0 9097/0 3414.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] - 87 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.31 sec][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384.5/0.0 9098/0 3397.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] - 88 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.31 sec][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384.3/0.0 9098/0 3396.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] - 89 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.42 sec][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4403.0/0.0 9097/0 3414.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] - 90 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Goodput ratio: 44.7/0.0][26.46 sec][Host: dsn4.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1006/0 4409.0/0.0 9093/0 3412.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 76.0/0.0 76/0 0.0/0.0] - 91 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Goodput ratio: 44.7/0.0][26.46 sec][Host: dsn4.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1006/0 4409.2/0.0 9093/0 3412.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 76.0/0.0 76/0 0.0/0.0] - 92 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.4/0.0][26.55 sec][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4424.5/0.0 9093/0 3397.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73.0/0.0 73/0 0.0/0.0] - 93 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.4/0.0][26.55 sec][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1087/0 4424.0/0.0 9094/0 3398.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73.0/0.0 73/0 0.0/0.0] + 86 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.42 sec][Host: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4403.0/0.0 9097/0 3414.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] + 87 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.31 sec][Host: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384.5/0.0 9098/0 3397.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] + 88 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.31 sec][Host: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384.3/0.0 9098/0 3396.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] + 89 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.42 sec][Host: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4403.0/0.0 9097/0 3414.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] + 90 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Goodput ratio: 44.7/0.0][26.46 sec][Host: dsn4.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1006/0 4409.0/0.0 9093/0 3412.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 76.0/0.0 76/0 0.0/0.0] + 91 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Goodput ratio: 44.7/0.0][26.46 sec][Host: dsn4.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1006/0 4409.2/0.0 9093/0 3412.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 76.0/0.0 76/0 0.0/0.0] + 92 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.4/0.0][26.55 sec][Host: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4424.5/0.0 9093/0 3397.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73.0/0.0 73/0 0.0/0.0] + 93 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.4/0.0][26.55 sec][Host: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1087/0 4424.0/0.0 9094/0 3398.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73.0/0.0 73/0 0.0/0.0] 94 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/297 bytes <-> 3 pkts/186 bytes][Goodput ratio: 37.2/0.0][0.81 sec][bytes ratio: 0.230 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/43 24.5/43.0 49/43 24.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99.0/62.0 165/66 47.7/2.8] 95 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Music/25][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51.0/0.0][120.02 sec][PLAIN TEXT (SpotUdp)] 96 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 2.6/0.0][0.43 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/43 21.0/43.0 42/43 21.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 63.7/62.0 78/66 10.3/2.8] - 97 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][5 pkts/360 bytes -> 0 pkts/0 bytes][Goodput ratio: 41.6/0.0][8.15 sec][Host: ui.skype.com] + 97 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][5 pkts/360 bytes -> 0 pkts/0 bytes][Goodput ratio: 41.6/0.0][8.15 sec][Host: ui.skype.com][::] 98 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 75.7/0.0][< 1 sec][PLAIN TEXT (SEARCH )] 99 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 75.7/0.0][< 1 sec][PLAIN TEXT (SEARCH )] 100 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 75.7/0.0][< 1 sec][PLAIN TEXT (SEARCH )] 101 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 75.7/0.0][< 1 sec][PLAIN TEXT (SEARCH )] 102 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 29.9/0.0][20.13 sec] 103 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 29.9/0.0][20.13 sec] - 104 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Goodput ratio: 57.8/74.3][0.07 sec][Host: db3msgr5011709.gateway.messenger.live.com][PLAIN TEXT (MSGR5011709)] - 105 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Goodput ratio: 57.8/67.9][0.05 sec][Host: p05-keyvalueservice.icloud.com.akadns.net][PLAIN TEXT (valueservice)] + 104 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Goodput ratio: 57.8/74.3][0.07 sec][Host: db3msgr5011709.gateway.messenger.live.com][::][PLAIN TEXT (MSGR5011709)] + 105 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Goodput ratio: 57.8/67.9][0.05 sec][Host: p05-keyvalueservice.icloud.com.akadns.net][17.172.100.36][PLAIN TEXT (valueservice)] 106 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9.140/NTP.Apple][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 52.7/52.7][0.05 sec] - 107 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.05 sec][Host: e4593.g.akamaiedge.net][PLAIN TEXT (akamaiedge)] - 108 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.05 sec][Host: e4593.g.akamaiedge.net][PLAIN TEXT (akamaiedge)] - 109 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.06 sec][Host: e7768.b.akamaiedge.net][PLAIN TEXT (akamaiedge)] + 107 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.05 sec][Host: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)] + 108 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.05 sec][Host: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)] + 109 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.06 sec][Host: e7768.b.akamaiedge.net][23.223.73.34][PLAIN TEXT (akamaiedge)] 110 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/TLS.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0.0/0.0][0.15 sec] 111 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][125.00 sec] 112 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.3/0.0][< 1 sec] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 098a745a9..9d1127340 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -63,26 +63,26 @@ JA3 Host Stats: 45 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92.2/0.0][30.05 sec][PLAIN TEXT ( 3375359593)] 46 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][7 pkts/680 bytes -> 0 pkts/0 bytes][Goodput ratio: 56.7/0.0][1.26 sec][Host: __msbrowse__][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 210.2/0.0 1261/0 469.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 97.1/0.0 110/0 8.1/0.0][PLAIN TEXT (FPFPENFDECFCEPFHFDEFFPFPACAB)] 47 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 5 pkts/306 bytes][Goodput ratio: 1.4/1.6][11.59 sec][bytes ratio: 0.071 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2640.0/2885.0 10417/10457 4490.2/4391.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 58.8/61.2 78/66 8.8/2.4] - 48 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.1/0.0][53.50 sec][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642.3/0.0 27046/0 8520.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81.0/0.0 81/0 0.0/0.0][PLAIN TEXT (akadns)] - 49 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.1/0.0][53.50 sec][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642.0/0.0 27046/0 8520.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81.0/0.0 81/0 0.0/0.0][PLAIN TEXT (akadns)] - 50 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.41 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1071/0 4400.3/0.0 9094/0 3402.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 51 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.40 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1071/0 4400.3/0.0 9094/0 3402.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 52 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.56 sec][Host: 335.0.7.7.3.rst11.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4425.8/0.0 9099/0 3400.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0] - 53 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.50 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1049/0 4416.0/0.0 9099/0 3405.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 54 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.56 sec][Host: 335.0.7.7.3.rst11.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4425.8/0.0 9099/0 3400.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0] - 55 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.50 sec][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1049/0 4416.0/0.0 9099/0 3405.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] - 56 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.33 sec][Host: 335.0.7.7.3.rst0.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4387.8/0.0 9077/0 3404.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] - 57 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.33 sec][Host: 335.0.7.7.3.rst0.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4387.7/0.0 9077/0 3404.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] + 48 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.1/0.0][53.50 sec][Host: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642.3/0.0 27046/0 8520.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81.0/0.0 81/0 0.0/0.0][PLAIN TEXT (akadns)] + 49 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.1/0.0][53.50 sec][Host: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642.0/0.0 27046/0 8520.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81.0/0.0 81/0 0.0/0.0][PLAIN TEXT (akadns)] + 50 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.41 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1071/0 4400.3/0.0 9094/0 3402.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 51 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.40 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1071/0 4400.3/0.0 9094/0 3402.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 52 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.56 sec][Host: 335.0.7.7.3.rst11.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4425.8/0.0 9099/0 3400.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0] + 53 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.50 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1049/0 4416.0/0.0 9099/0 3405.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 54 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.56 sec][Host: 335.0.7.7.3.rst11.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4425.8/0.0 9099/0 3400.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0] + 55 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][26.50 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1049/0 4416.0/0.0 9099/0 3405.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89.0/0.0 89/0 0.0/0.0][PLAIN TEXT (skypedata)] + 56 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.33 sec][Host: 335.0.7.7.3.rst0.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4387.8/0.0 9077/0 3404.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] + 57 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.2/0.0][26.33 sec][Host: 335.0.7.7.3.rst0.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4387.7/0.0 9077/0 3404.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88.0/0.0 88/0 0.0/0.0] 58 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes][Goodput ratio: 1.4/2.0][13.03 sec][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/42 2605.0/4327.7 8814/8854 3477.6/3601.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 58.8/61.5 78/66 8.8/2.6] - 59 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/576 bytes -> 0 pkts/0 bytes][Goodput ratio: 41.6/0.0][53.51 sec][Host: ui.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1023/0 7644.0/0.0 27037/0 8524.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 72.0/0.0 72/0 0.0/0.0] - 60 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.50 sec][Host: a.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1045/0 4417.2/0.0 9098/0 3408.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] - 61 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.46 sec][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4409.2/0.0 9088/0 3399.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] - 62 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.46 sec][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4409.2/0.0 9088/0 3399.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] - 63 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.50 sec][Host: a.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1044/0 4417.0/0.0 9098/0 3408.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] - 64 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Goodput ratio: 45.4/0.0][26.56 sec][Host: dsn13.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426.0/0.0 9099/0 3400.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/0 77.0/0.0 77/0 0.0/0.0] - 65 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Goodput ratio: 45.4/0.0][26.56 sec][Host: dsn13.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426.0/0.0 9099/0 3400.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/0 77.0/0.0 77/0 0.0/0.0] - 66 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.4/0.0][26.50 sec][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1089/0 4415.7/0.0 9098/0 3405.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73.0/0.0 73/0 0.0/0.0] - 67 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.4/0.0][26.50 sec][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4416.0/0.0 9098/0 3405.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73.0/0.0 73/0 0.0/0.0] + 59 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/576 bytes -> 0 pkts/0 bytes][Goodput ratio: 41.6/0.0][53.51 sec][Host: ui.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1023/0 7644.0/0.0 27037/0 8524.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 72.0/0.0 72/0 0.0/0.0] + 60 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.50 sec][Host: a.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1045/0 4417.2/0.0 9098/0 3408.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] + 61 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.46 sec][Host: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4409.2/0.0 9088/0 3399.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] + 62 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.46 sec][Host: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4409.2/0.0 9088/0 3399.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] + 63 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.1/0.0][26.50 sec][Host: a.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1044/0 4417.0/0.0 9098/0 3408.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0][PLAIN TEXT (config)] + 64 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Goodput ratio: 45.4/0.0][26.56 sec][Host: dsn13.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426.0/0.0 9099/0 3400.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/0 77.0/0.0 77/0 0.0/0.0] + 65 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Goodput ratio: 45.4/0.0][26.56 sec][Host: dsn13.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426.0/0.0 9099/0 3400.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/0 77.0/0.0 77/0 0.0/0.0] + 66 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.4/0.0][26.50 sec][Host: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1089/0 4415.7/0.0 9098/0 3405.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73.0/0.0 73/0 0.0/0.0] + 67 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.4/0.0][26.50 sec][Host: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4416.0/0.0 9098/0 3405.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73.0/0.0 73/0 0.0/0.0] 68 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/293 bytes <-> 3 pkts/186 bytes][Goodput ratio: 36.4/0.0][0.69 sec][bytes ratio: 0.223 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/54 26.5/54.0 53/54 26.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 97.7/62.0 161/66 45.8/2.8] 69 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/TLS][cat: Web/5][6 pkts/468 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][5.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1005/0 1009.8/0.0 1015/0 4.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78.0/0.0 78/0 0.0/0.0] 70 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/452 bytes -> 0 pkts/0 bytes][Goodput ratio: 81.2/0.0][1.26 sec][Host: alicegate][PLAIN TEXT ( EBEMEJEDEFEHEBFEEFCACACACACACA)] @@ -95,16 +95,16 @@ JA3 Host Stats: 77 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][4 pkts/328 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.6/0.0][1.83 sec] 78 UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 29.9/0.0][20.15 sec] 79 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 29.9/0.0][20.15 sec] - 80 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Goodput ratio: 57.8/74.3][0.05 sec][Host: db3msgr5011709.gateway.messenger.live.com][PLAIN TEXT (MSGR5011709)] + 80 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Goodput ratio: 57.8/74.3][0.05 sec][Host: db3msgr5011709.gateway.messenger.live.com][::][PLAIN TEXT (MSGR5011709)] 81 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51.7/0.0][0.16 sec] 82 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 80.2/0.0][< 1 sec][Host: lucas-imac][PLAIN TEXT ( EMFFEDEBFDCNEJENEBEDCACACACACA)] 83 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0.0/0.0][0.30 sec] - 84 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.06 sec][Host: e4593.g.akamaiedge.net][PLAIN TEXT (akamaiedge)] - 85 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.06 sec][Host: e4593.g.akamaiedge.net][PLAIN TEXT (akamaiedge)] + 84 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.06 sec][Host: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)] + 85 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.06 sec][Host: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)] 86 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 69.9/0.0][< 1 sec][Lucas-iMac.local] 87 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 53.8/0.0][< 1 sec][Host: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)] 88 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 53.8/0.0][< 1 sec][Host: lucas-imac][PLAIN TEXT ( EMFFEDEBFDCNEJENEBEDCACACACACA)] - 89 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.9/0.0][< 1 sec][Host: apps.skypeassets.com][PLAIN TEXT (skypeassets)] + 89 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.9/0.0][< 1 sec][Host: apps.skypeassets.com][::][PLAIN TEXT (skypeassets)] 90 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.3/0.0][< 1 sec] 91 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.3/0.0][< 1 sec] 92 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.3/0.0][< 1 sec] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 5a63b3322..5d20157bb 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -29,15 +29,15 @@ Starcraft 236 51494 6 19 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][5 pkts/482 bytes <-> 4 pkts/497 bytes][Goodput ratio: 41.4/52.8][0.17 sec][Host: eu.launcher.battle.net][bytes ratio: -0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 43.0/29.0 58/58 24.8/29.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96.4/124.2 254/317 78.9/111.3][URL: eu.launcher.battle.net/service/s2/alert/en-gb][StatusCode: 200][ContentType: text/plain][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /service/s2/alert/en)] 20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes][Goodput ratio: 13.8/22.4][10.56 sec][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2624.0/2614.0 6381/6342 2710.7/2730.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 62.7/75.1 74/155 8.8/32.8] 21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Goodput ratio: 23.1/53.1][0.60 sec][Host: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 148.2/101.5 198/203 80.4/101.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73.4/128.2 139/327 33.1/114.8][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][ContentType: text/plain][UserAgent: ][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)] - 22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Goodput ratio: 49.7/78.1][0.09 sec][Host: bnetcmsus-a.akamaihd.net][PLAIN TEXT (bnetcmsus)] + 22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Goodput ratio: 49.7/78.1][0.09 sec][Host: bnetcmsus-a.akamaihd.net][2.228.46.112][PLAIN TEXT (bnetcmsus)] 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][Goodput ratio: 48.0/45.5][28.94 sec][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457.0/14457.0 15059/14974 602.0/517.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81.0/77.3 83/83 2.8/8.0] - 24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Goodput ratio: 51.1/70.0][0.05 sec][Host: 110.212.58.216.in-addr.arpa] - 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Goodput ratio: 45.2/70.6][0.08 sec][Host: llnw.blizzard.com][PLAIN TEXT (blizzard)] - 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Goodput ratio: 50.9/67.4][0.06 sec][Host: 100.1.168.192.in-addr.arpa][PLAIN TEXT (dynect)] - 27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Goodput ratio: 50.9/65.4][0.17 sec][Host: 26.186.239.80.in-addr.arpa][PLAIN TEXT (signup)] + 24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Goodput ratio: 51.1/70.0][0.05 sec][Host: 110.212.58.216.in-addr.arpa][::] + 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Goodput ratio: 45.2/70.6][0.08 sec][Host: llnw.blizzard.com][87.248.221.254][PLAIN TEXT (blizzard)] + 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Goodput ratio: 50.9/67.4][0.06 sec][Host: 100.1.168.192.in-addr.arpa][::][PLAIN TEXT (dynect)] + 27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Goodput ratio: 50.9/65.4][0.17 sec][Host: 26.186.239.80.in-addr.arpa][::][PLAIN TEXT (signup)] 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45.5/0.0][0.04 sec][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][StatusCode: 0][ContentType: ][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)] 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45.5/0.0][0.04 sec][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][StatusCode: 0][ContentType: ][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)] - 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Goodput ratio: 44.4/54.1][0.08 sec][Host: nydus.battle.net][PLAIN TEXT (battle)] + 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Goodput ratio: 44.4/54.1][0.08 sec][Host: nydus.battle.net][80.239.186.26][PLAIN TEXT (battle)] 31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0.0/31.5][0.03 sec] 32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0.0/31.5][0.04 sec] 33 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0.0/31.5][0.03 sec] @@ -48,7 +48,7 @@ Starcraft 236 51494 6 38 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0.0/31.5][0.03 sec] 39 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/TLS.Github][cat: Collaborative/15][2 pkts/145 bytes <-> 1 pkts/89 bytes][Goodput ratio: 21.2/38.9][0.13 sec] 40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/120 bytes][Goodput ratio: 0.0/0.0][0.12 sec] - 41 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/124 bytes][Goodput ratio: 50.6/65.6][0.05 sec][Host: 40.186.239.80.in-addr.arpa][PLAIN TEXT (attens)] + 41 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/124 bytes][Goodput ratio: 50.6/65.6][0.05 sec][Host: 40.186.239.80.in-addr.arpa][::][PLAIN TEXT (attens)] 42 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/TLS.Google][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0.0/0.0][0.03 sec] 43 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes][Goodput ratio: 1.8/0.0][0.05 sec] 44 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes][Goodput ratio: 1.8/0.0][0.04 sec] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 6040afee9..0d7a03711 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -24,18 +24,18 @@ JA3 Host Stats: 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: VoIP/10][24 pkts/5035 bytes <-> 22 pkts/2302 bytes][Goodput ratio: 80.0/59.8][7.22 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/15 303.7/333.6 529/529 208.6/187.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 209.8/104.6 299/118 115.2/19.6][PLAIN TEXT (Android)] 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: VoIP/10][25 pkts/4344 bytes <-> 18 pkts/1872 bytes][Goodput ratio: 75.8/59.6][5.68 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 203.1/278.8 513/531 232.5/235.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 173.8/104.0 299/118 120.4/19.8][PLAIN TEXT (Android)] 11 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 97.2/97.2][< 1 sec][PLAIN TEXT (1234567890ABCDEFGHIJKLMNOPQ)] - 12 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Goodput ratio: 45.6/88.5][0.00 sec][Host: mapi.apptimize.com][PLAIN TEXT (apptimize)] + 12 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Goodput ratio: 45.6/88.5][0.00 sec][Host: mapi.apptimize.com][54.69.166.226][PLAIN TEXT (apptimize)] 13 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/TLS][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0.0/0.0][5.72 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 1906.7/0.0 5652/0 2648.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68.0/70.0 74/74 3.5/4.0] 14 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/TLS][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0.0/0.0][7.27 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 2422.0/0.0 7191/0 3372.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68.0/70.0 74/74 3.5/4.0] 15 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes][Goodput ratio: 59.1/0.0][20.01 sec][PLAIN TEXT (805741C)] - 16 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Goodput ratio: 42.7/85.9][0.00 sec][Host: app.adjust.com][PLAIN TEXT (adjust)] - 17 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 45.6/78.9][0.00 sec][Host: graph.facebook.com][PLAIN TEXT (facebook)] - 18 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Goodput ratio: 48.2/76.6][0.03 sec][Host: venetia.iad.appboy.com][PLAIN TEXT (venetia)] - 19 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Goodput ratio: 46.3/76.9][0.12 sec][Host: media.cdn.viber.com][PLAIN TEXT (cloudfront)] - 20 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Goodput ratio: 45.6/76.9][0.03 sec][Host: dl-media.viber.com][PLAIN TEXT (cloudfront)] + 16 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Goodput ratio: 42.7/85.9][0.00 sec][Host: app.adjust.com][178.162.219.58][PLAIN TEXT (adjust)] + 17 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 45.6/78.9][0.00 sec][Host: graph.facebook.com][31.13.86.8][PLAIN TEXT (facebook)] + 18 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Goodput ratio: 48.2/76.6][0.03 sec][Host: venetia.iad.appboy.com][151.101.1.130][PLAIN TEXT (venetia)] + 19 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Goodput ratio: 46.3/76.9][0.12 sec][Host: media.cdn.viber.com][54.230.93.96][PLAIN TEXT (cloudfront)] + 20 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Goodput ratio: 45.6/76.9][0.03 sec][Host: dl-media.viber.com][54.230.93.53][PLAIN TEXT (cloudfront)] 21 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188.126/QUIC.Google][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes][Goodput ratio: 35.1/33.8][0.00 sec] - 22 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46.3/55.2][0.02 sec][Host: app-measurement.com][PLAIN TEXT (measurement)] - 23 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 42.7/52.7][0.00 sec][Host: www.google.com][PLAIN TEXT (google)] + 22 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46.3/55.2][0.02 sec][Host: app-measurement.com][172.217.23.78][PLAIN TEXT (measurement)] + 23 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 42.7/52.7][0.00 sec][Host: www.google.com][216.58.205.100][PLAIN TEXT (google)] 24 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 11.3/0.0][< 1 sec] 25 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/62 bytes][Goodput ratio: 44.2/31.7][0.03 sec] 26 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/62 bytes][Goodput ratio: 44.2/31.7][0.03 sec] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 9f7801469..214eb7585 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -64,7 +64,7 @@ JA3 Host Stats: 44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][3 pkts/751 bytes -> 0 pkts/0 bytes][Goodput ratio: 83.1/0.0][3600.00 sec][Host: giovanni-pc][PLAIN TEXT ( EHEJEPFGEBEOEOEJ)] 45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0.0/0.0][22.72 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 351/910 5596.8/910.0 20327/910 8509.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 67.6/70.0 74/74 3.2/4.0] 46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0.0/0.0][55.41 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 312/33511 13774.2/33511.0 33196/33511 13761.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 67.6/70.0 74/74 3.2/4.0] - 47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][cat: Chat/9][1 pkts/73 bytes <-> 1 pkts/537 bytes][Goodput ratio: 41.9/92.0][0.03 sec][Host: res.wx.qq.com] + 47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][cat: Chat/9][1 pkts/73 bytes <-> 1 pkts/537 bytes][Goodput ratio: 41.9/92.0][0.03 sec][Host: res.wx.qq.com][203.205.158.34] 48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][100.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 259/0 12545.5/0.0 83360/0 26898.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66.0/0.0 66/0 0.0/0.0] 49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][100.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 252/0 12622.4/0.0 82310/0 26533.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66.0/0.0 66/0 0.0/0.0] 50 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][104.85 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 13105.6/0.0 85920/0 27702.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66.0/0.0 66/0 0.0/0.0] @@ -79,15 +79,15 @@ JA3 Host Stats: 59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/TLS][cat: Web/5][5 pkts/290 bytes <-> 4 pkts/234 bytes][Goodput ratio: 0.0/0.0][47.04 sec][bytes ratio: 0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 301/1307 11760.5/23331.0 45054/45355 19226.1/22024.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58.0/58.5 74/66 8.0/5.0] 60 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/TLS.Google][cat: Web/5][3 pkts/198 bytes <-> 4 pkts/319 bytes][Goodput ratio: 0.0/17.2][14.77 sec][bytes ratio: -0.234 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/40 7363.0/7363.5 14726/14687 7363.0/7323.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66.0/79.8 66/121 0.0/23.8] 61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/TLS][cat: Web/5][4 pkts/216 bytes <-> 4 pkts/253 bytes][Goodput ratio: 0.0/12.2][20.65 sec][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/652 6762.7/10145.0 19992/19638 9355.0/9493.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 54.0/63.2 54/85 0.0/12.8] - 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/74 bytes <-> 1 pkts/391 bytes][Goodput ratio: 42.7/89.0][0.28 sec][Host: web.wechat.com][PLAIN TEXT (wechat)] + 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/74 bytes <-> 1 pkts/391 bytes][Goodput ratio: 42.7/89.0][0.28 sec][Host: web.wechat.com][203.205.147.171][PLAIN TEXT (wechat)] 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/TLS.Google][cat: Web/5][3 pkts/198 bytes <-> 3 pkts/198 bytes][Goodput ratio: 0.0/0.0][90.15 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 45055/45054 45055.5/45055.0 45056/45056 0.5/1.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66.0/66.0 66/66 0.0/0.0] 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][6 pkts/396 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][92.42 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 607/0 18483.4/0.0 85584/0 33566.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66.0/0.0 66/0 0.0/0.0] - 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/94 bytes <-> 1 pkts/272 bytes][Goodput ratio: 54.7/84.2][0.04 sec][Host: safebrowsing.googleusercontent.com][PLAIN TEXT (safebrowsing)] + 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/94 bytes <-> 1 pkts/272 bytes][Goodput ratio: 54.7/84.2][0.04 sec][Host: safebrowsing.googleusercontent.com][172.217.22.14][PLAIN TEXT (safebrowsing)] 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][3 pkts/206 bytes <-> 2 pkts/148 bytes][Goodput ratio: 0.0/0.0][1.65 sec] 67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87.5/0.0][< 1 sec][Host: iphonedimonica][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (iPhonediMonica)] - 68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43.4/81.7][0.04 sec][Host: ssl.gstatic.com][PLAIN TEXT (gstatic)] - 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43.4/81.7][0.03 sec][Host: ssl.gstatic.com][PLAIN TEXT (gstatic)] - 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][cat: Collaborative/15][1 pkts/75 bytes <-> 1 pkts/227 bytes][Goodput ratio: 43.4/81.1][0.04 sec][Host: docs.google.com][PLAIN TEXT (google)] + 68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43.4/81.7][0.04 sec][Host: ssl.gstatic.com][172.217.23.67][PLAIN TEXT (gstatic)] + 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43.4/81.7][0.03 sec][Host: ssl.gstatic.com][172.217.23.67][PLAIN TEXT (gstatic)] + 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][cat: Collaborative/15][1 pkts/75 bytes <-> 1 pkts/227 bytes][Goodput ratio: 43.4/81.1][0.04 sec][Host: docs.google.com][216.58.198.46][PLAIN TEXT (google)] 71 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][3756.16 sec] 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0.0/0.0][0.36 sec] 73 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][4 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][3763.44 sec] @@ -95,13 +95,13 @@ JA3 Host Stats: 75 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 30.9/0.0][0.01 sec][Host: lbjamwptxz][PLAIN TEXT (lbjamwptx)] 76 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Goodput ratio: 29.4/0.0][0.01 sec][Host: cansaqcq][PLAIN TEXT (cansaqcq)] 77 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Goodput ratio: 29.4/0.0][0.01 sec][Host: mcztmpkc][PLAIN TEXT (mcztmpkc)] - 78 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.9/0.0][5.01 sec][Host: webpush.web.wechat.com.lan][PLAIN TEXT (webpush)] - 79 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.3/0.0][< 1 sec][Host: 1.debian.pool.ntp.org.lan][PLAIN TEXT (debian)] - 80 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.5/0.0][2.46 sec][Host: webpush.web.wechat.com][PLAIN TEXT (webpush)] - 81 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.5/0.0][5.01 sec][Host: webpush.web.wechat.com][PLAIN TEXT (webpush)] - 82 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Goodput ratio: 47.9/0.0][< 1 sec][Host: 2.debian.pool.ntp.org][PLAIN TEXT (debian)] - 83 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Goodput ratio: 47.9/0.0][< 1 sec][Host: 1.debian.pool.ntp.org][PLAIN TEXT (debian)] - 84 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][2 pkts/158 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.5/0.0][5.01 sec][Host: ssl.gstatic.com.lan][PLAIN TEXT (gstatic)] + 78 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.9/0.0][5.01 sec][Host: webpush.web.wechat.com.lan][::][PLAIN TEXT (webpush)] + 79 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.3/0.0][< 1 sec][Host: 1.debian.pool.ntp.org.lan][::][PLAIN TEXT (debian)] + 80 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.5/0.0][2.46 sec][Host: webpush.web.wechat.com][::][PLAIN TEXT (webpush)] + 81 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.5/0.0][5.01 sec][Host: webpush.web.wechat.com][::][PLAIN TEXT (webpush)] + 82 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Goodput ratio: 47.9/0.0][< 1 sec][Host: 2.debian.pool.ntp.org][::][PLAIN TEXT (debian)] + 83 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Goodput ratio: 47.9/0.0][< 1 sec][Host: 1.debian.pool.ntp.org][::][PLAIN TEXT (debian)] + 84 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][2 pkts/158 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.5/0.0][5.01 sec][Host: ssl.gstatic.com.lan][::][PLAIN TEXT (gstatic)] 85 UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 39.7/0.0][0.01 sec][Host: lbjamwptxz][PLAIN TEXT (lbjamwptx)] 86 UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38.0/0.0][0.01 sec][Host: cansaqcq][PLAIN TEXT (cansaqcq)] 87 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38.0/0.0][0.01 sec][Host: mcztmpkc][PLAIN TEXT (mcztmpkc)] @@ -112,12 +112,12 @@ JA3 Host Stats: 92 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 6.0/0.0][1.43 sec] 93 0 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] 94 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][< 1 sec] - 95 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.6/0.0][< 1 sec][Host: webpush.web.wechat.com.lan][PLAIN TEXT (webpush)] - 96 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.6/0.0][< 1 sec][Host: webpush.web.wechat.com.lan][PLAIN TEXT (webpush)] + 95 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.6/0.0][< 1 sec][Host: webpush.web.wechat.com.lan][::][PLAIN TEXT (webpush)] + 96 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.6/0.0][< 1 sec][Host: webpush.web.wechat.com.lan][::][PLAIN TEXT (webpush)] 97 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 27.6/0.0][< 1 sec] - 98 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.2/0.0][< 1 sec][Host: webpush.web.wechat.com][PLAIN TEXT (webpush)] - 99 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.2/0.0][< 1 sec][Host: webpush.web.wechat.com][PLAIN TEXT (webpush)] - 100 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.2/0.0][< 1 sec][Host: webpush.web.wechat.com][PLAIN TEXT (webpush)] - 101 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.3/0.0][< 1 sec][Host: ssl.gstatic.com.lan][PLAIN TEXT (gstatic)] - 102 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes -> 0 pkts/0 bytes][Goodput ratio: 43.4/0.0][< 1 sec][Host: ssl.gstatic.com][PLAIN TEXT (gstatic)] + 98 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.2/0.0][< 1 sec][Host: webpush.web.wechat.com][::][PLAIN TEXT (webpush)] + 99 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.2/0.0][< 1 sec][Host: webpush.web.wechat.com][::][PLAIN TEXT (webpush)] + 100 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.2/0.0][< 1 sec][Host: webpush.web.wechat.com][::][PLAIN TEXT (webpush)] + 101 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46.3/0.0][< 1 sec][Host: ssl.gstatic.com.lan][::][PLAIN TEXT (gstatic)] + 102 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes -> 0 pkts/0 bytes][Goodput ratio: 43.4/0.0][< 1 sec][Host: ssl.gstatic.com][::][PLAIN TEXT (gstatic)] 103 IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 70899b950..9d7c4f90f 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -23,26 +23,26 @@ JA3 Host Stats: 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Goodput ratio: 65.8/0.0][0.46 sec][Host: js.t.sinajs.cn][URL: js.t.sinajs.cn/t5/register/js/v6/pl/base.js?version=201605130537][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (KGET /t)] 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Goodput ratio: 70.0/0.0][0.38 sec][Host: u1.img.mobile.sina.cn][URL: u1.img.mobile.sina.cn/public/files/image/620x300_img5653d57c6dab2.png][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /public/files/image/620)] 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/TLS][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][Goodput ratio: 52.2/0.0][0.16 sec][TLSv1.2][Client: g.alicdn.com][JA3C: 58e7f64db6e4fe4941dd9691d421196c][PLAIN TEXT (g.alicdn.com)] - 14 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/75 bytes <-> 1 pkts/191 bytes][Goodput ratio: 43.4/77.6][0.11 sec][Host: img.t.sinajs.cn] - 15 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/190 bytes][Goodput ratio: 42.7/77.5][0.54 sec][Host: js.t.sinajs.cn] - 16 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/171 bytes][Goodput ratio: 41.1/75.0][0.19 sec][Host: g.alicdn.com][PLAIN TEXT (alicdn)] - 17 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/166 bytes][Goodput ratio: 44.2/74.3][0.47 sec][Host: login.taobao.com][PLAIN TEXT (taobao)] - 18 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/81 bytes <-> 1 pkts/159 bytes][Goodput ratio: 47.6/73.1][0.11 sec][Host: u1.img.mobile.sina.cn][PLAIN TEXT (mobile)] - 19 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/157 bytes][Goodput ratio: 44.9/72.8][0.47 sec][Host: acjstb.aliyun.com][PLAIN TEXT (alibabadns)] - 20 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/73 bytes <-> 1 pkts/142 bytes][Goodput ratio: 41.9/69.9][0.06 sec][Host: www.weibo.com] + 14 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/75 bytes <-> 1 pkts/191 bytes][Goodput ratio: 43.4/77.6][0.11 sec][Host: img.t.sinajs.cn][93.188.134.246] + 15 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/190 bytes][Goodput ratio: 42.7/77.5][0.54 sec][Host: js.t.sinajs.cn][93.188.134.246] + 16 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/171 bytes][Goodput ratio: 41.1/75.0][0.19 sec][Host: g.alicdn.com][47.89.65.229][PLAIN TEXT (alicdn)] + 17 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/166 bytes][Goodput ratio: 44.2/74.3][0.47 sec][Host: login.taobao.com][140.205.170.63][PLAIN TEXT (taobao)] + 18 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/81 bytes <-> 1 pkts/159 bytes][Goodput ratio: 47.6/73.1][0.11 sec][Host: u1.img.mobile.sina.cn][222.73.28.96][PLAIN TEXT (mobile)] + 19 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/157 bytes][Goodput ratio: 44.9/72.8][0.47 sec][Host: acjstb.aliyun.com][42.156.184.19][PLAIN TEXT (alibabadns)] + 20 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/73 bytes <-> 1 pkts/142 bytes][Goodput ratio: 41.9/69.9][0.06 sec][Host: www.weibo.com][93.188.134.137] 21 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0.0/0.0][0.06 sec] 22 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/TLS][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.22 sec] 23 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.36 sec] 24 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.34 sec] - 25 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/112 bytes][Goodput ratio: 42.7/61.9][0.20 sec][Host: log.mmstat.com][PLAIN TEXT (mmstat)] - 26 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 38.6/50.0][0.08 sec][Host: weibo.com] + 25 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/112 bytes][Goodput ratio: 42.7/61.9][0.20 sec][Host: log.mmstat.com][140.205.174.1][PLAIN TEXT (mmstat)] + 26 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 38.6/50.0][0.08 sec][Host: weibo.com][114.134.80.162] 27 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.02 sec] 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.05 sec] 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.03 sec] 30 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/TLS.Amazon][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.14 sec] 31 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.04 sec] 32 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0.0/0.0][0.05 sec] - 33 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 44.9/0.0][< 1 sec][Host: account.weibo.com][PLAIN TEXT (account)] + 33 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 44.9/0.0][< 1 sec][Host: account.weibo.com][::][PLAIN TEXT (account)] 34 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] 35 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/TLS][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] 36 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/TLS][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] @@ -52,5 +52,5 @@ JA3 Host Stats: 40 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/TLS][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] 41 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/TLS][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] 42 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/TLS][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] - 43 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.7/0.0][< 1 sec][Host: data.weibo.com] - 44 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39.4/0.0][< 1 sec][Host: c.weibo.cn] + 43 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 42.7/0.0][< 1 sec][Host: data.weibo.com][::] + 44 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39.4/0.0][< 1 sec][Host: c.weibo.cn][::] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index d16cec350..a148e0fd5 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -45,8 +45,8 @@ JA3 Host Stats: 28 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 74.9/50.9][14.33 sec] 29 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/TLS][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/217 bytes][Goodput ratio: 0.0/39.0][0.03 sec] 30 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes <-> 2 pkts/132 bytes][Goodput ratio: 0.0/0.0][0.20 sec] - 31 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/251 bytes][Goodput ratio: 46.3/82.9][0.07 sec][Host: query.ess.apple.com][PLAIN TEXT (akadns)] - 32 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44.2/79.0][0.03 sec][Host: e13.whatsapp.net][PLAIN TEXT (whatsapp)] + 31 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/251 bytes][Goodput ratio: 46.3/82.9][0.07 sec][Host: query.ess.apple.com][17.178.104.12][PLAIN TEXT (akadns)] + 32 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44.2/79.0][0.03 sec][Host: e13.whatsapp.net][158.85.233.52][PLAIN TEXT (whatsapp)] 33 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][cat: Music/25][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51.0/0.0][77.07 sec][PLAIN TEXT (SpotUdp)] 34 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51.7/0.0][0.24 sec] 35 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51.7/0.0][0.24 sec] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 34936abdb..13caba000 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -10,7 +10,7 @@ Spotify 1 86 1 2 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238.140/ApplePush.Apple][cat: Cloud/13][6 pkts/2095 bytes -> 0 pkts/0 bytes][Goodput ratio: 81.1/0.0][20.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 659/0 4000.2/0.0 10199/0 3475.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 220/0 349.2/0.0 375/0 57.8/0.0] 3 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Goodput ratio: 87.7/0.0][25.29 sec][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1983/0 5058.0/0.0 8569/0 2765.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342.0/0.0 342/0 0.0/0.0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46] 4 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92.2/0.0][30.04 sec][PLAIN TEXT ( 3375359593)] - 5 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44.2/79.0][0.03 sec][Host: e12.whatsapp.net][PLAIN TEXT (whatsapp)] + 5 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44.2/79.0][0.03 sec][Host: e12.whatsapp.net][184.173.179.47][PLAIN TEXT (whatsapp)] 6 UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/111 bytes -> 0 pkts/0 bytes][Goodput ratio: 43.8/0.0][< 1 sec][PLAIN TEXT (airplay)] 7 UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 53.3/0.0][< 1 sec][PLAIN TEXT (airplay)] 8 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.6/0.0][< 1 sec][PLAIN TEXT (SpotUdp)] diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index dff863194..83032affb 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -37,13 +37,13 @@ JA3 Host Stats: 19 UDP 192.168.1.117:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][3 pkts/330 bytes -> 0 pkts/0 bytes][Goodput ratio: 61.6/0.0][< 1 sec][Host: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)] 20 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/321 bytes -> 0 pkts/0 bytes][Goodput ratio: 86.6/0.0][< 1 sec][Host: tl-sg116e][DHCP Fingerprint: 1,3] 21 TCP 192.168.1.117:54341 -> 62.149.152.153:993 [proto: 51/IMAPS][cat: Email/3][2 pkts/226 bytes -> 0 pkts/0 bytes][Goodput ratio: 41.4/0.0][3.59 sec] - 22 UDP 192.168.1.117:65394 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 34.8/69.5][0.04 sec][Host: local][PLAIN TEXT (servers)] - 23 UDP 192.168.1.117:51185 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/80 bytes <-> 1 pkts/96 bytes][Goodput ratio: 46.9/55.7][0.04 sec][Host: zoomfrn99mmr.zoom.us][PLAIN TEXT (zoomfrn)] - 24 UDP 192.168.1.117:58063 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/78 bytes <-> 1 pkts/94 bytes][Goodput ratio: 45.6/54.7][0.03 sec][Host: zoomfr84zc.zoom.us][PLAIN TEXT (zoomfr84z)] - 25 UDP 192.168.1.117:62563 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/78 bytes <-> 1 pkts/94 bytes][Goodput ratio: 45.6/54.7][0.03 sec][Host: zoomfr85zc.zoom.us][PLAIN TEXT (zoomfr85z)] + 22 UDP 192.168.1.117:65394 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 34.8/69.5][0.04 sec][Host: local][::][PLAIN TEXT (servers)] + 23 UDP 192.168.1.117:51185 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/80 bytes <-> 1 pkts/96 bytes][Goodput ratio: 46.9/55.7][0.04 sec][Host: zoomfrn99mmr.zoom.us][109.94.160.99][PLAIN TEXT (zoomfrn)] + 24 UDP 192.168.1.117:58063 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/78 bytes <-> 1 pkts/94 bytes][Goodput ratio: 45.6/54.7][0.03 sec][Host: zoomfr84zc.zoom.us][213.244.140.84][PLAIN TEXT (zoomfr84z)] + 25 UDP 192.168.1.117:62563 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/78 bytes <-> 1 pkts/94 bytes][Goodput ratio: 45.6/54.7][0.03 sec][Host: zoomfr85zc.zoom.us][213.244.140.85][PLAIN TEXT (zoomfr85z)] 26 UDP 192.168.1.117:57025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 74.6/0.0][< 1 sec][PLAIN TEXT (SEARCH )] - 27 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41.1/51.7][0.04 sec][Host: www3.zoom.us] - 28 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40.3/51.1][0.04 sec][Host: log.zoom.us] + 27 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41.1/51.7][0.04 sec][Host: www3.zoom.us][52.202.62.236] + 28 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40.3/51.1][0.04 sec][Host: log.zoom.us][52.202.62.238] 29 ICMP 192.168.1.117:0 -> 162.255.38.14:0 [proto: 81.189/ICMP.Zoom][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 39.7/0.0][0.01 sec] 30 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0.0/0.0][0.04 sec] 31 UDP 192.168.1.117:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51.1/0.0][< 1 sec][PLAIN TEXT (spotify)] |