diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2024-08-02 12:13:51 +0200 |
|---|---|---|
| committer | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-09-05 16:36:50 +0200 |
| commit | 5b0374c28b60a39f5720cb44ea5f711774c511af (patch) | |
| tree | bb7e99bde4839996a1b5a04f309e4d502dbbea3c | |
| parent | 85ebda434d44f93e656ee5d3e52dc258134495d0 (diff) | |
Add detection of SurfShark VPN
| -rw-r--r-- | doc/configuration_parameters.md | 2 | ||||
| -rw-r--r-- | doc/protocols.rst | 9 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 1 | ||||
| -rw-r--r-- | src/lib/inc_generated/ndpi_surfshark_match.c.inc | 352 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 5 | ||||
| -rw-r--r-- | tests/cfgs/default/pcap/sites.pcapng | bin | 386184 -> 399796 bytes | |||
| -rw-r--r-- | tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out | 4 | ||||
| -rw-r--r-- | tests/cfgs/default/result/sites.pcapng.out | 141 | ||||
| -rw-r--r-- | tests/cfgs/default/result/synscan.pcap.out | 4 | ||||
| -rwxr-xr-x | utils/surfshark_ip_addresses_download.sh | 40 | ||||
| -rwxr-xr-x | utils/update_every_lists.sh | 2 |
12 files changed, 488 insertions, 74 deletions
diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index cb1132fcb..8d826c618 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -52,4 +52,4 @@ TODO | "openvpn" | "subclassification_by_ip" | enable | NULL | NULL | Enable/disable sub-classification of OpenVPN flows using server IP. Useful to detect the specific VPN application/app. At the moment, this knob allows to identify: Mullvad, NordVPN, ProtonVPN. | | "wireguard" | "subclassification_by_ip" | enable | NULL | NULL | Enable/disable sub-classification of Wireguard flows using server IP. Useful to detect the specific VPN application/app. At the moment, this knob allows to identify: Mullvad, NordVPN, ProtonVPN. | | $PROTO_NAME | "log" | disable | NULL | NULL | Enable/disable logging/debug for specific protocol. Use "any" as protocol name if you want to easily enable/disable logging/debug for all protocols | -| $PROTO_NAME | "ip_list.load" | 1 | NULL | NULL | Enable/disable loading of internal list of IP addresses (used for (sub)classification) specific to that protocol. Use "any" as protocol name if you want to easily enable/disable all lists. This knob is valid only for the following protocols: Alibaba, Amazon AWS, Apple, Avast, Bloomberg, Cachefly, Cloudflare, Discord, Disney+, Dropbox, Edgecast, EpicGames, Ethereum, Facebook, Github, Google, Google Cloud, GoTo, Hotspot Shield, Hulu, Line, Microsoft 365, Microsoft Azure, Microsoft One Drive, Microsoft Outlook, Mullvad, Netflix, NordVPN, Nvidia, OpenDNS, ProtonVPN, RiotGames, Roblox, Skype/Teams, Starcraft, Steam, Teamviewer, Telegram, Tencent, Threema, TOR, Twitch, Twitter, UbuntuONE, VK, Yandex, Yandex Cloud, Webex, Whatsapp, Zoom | +| $PROTO_NAME | "ip_list.load" | 1 | NULL | NULL | Enable/disable loading of internal list of IP addresses (used for (sub)classification) specific to that protocol. Use "any" as protocol name if you want to easily enable/disable all lists. This knob is valid only for the following protocols: Alibaba, Amazon AWS, Apple, Avast, Bloomberg, Cachefly, Cloudflare, Discord, Disney+, Dropbox, Edgecast, EpicGames, Ethereum, Facebook, Github, Google, Google Cloud, GoTo, Hotspot Shield, Hulu, Line, Microsoft 365, Microsoft Azure, Microsoft One Drive, Microsoft Outlook, Mullvad, Netflix, NordVPN, Nvidia, OpenDNS, ProtonVPN, RiotGames, Roblox, Skype/Teams, Starcraft, Steam, SurfSharkVPN, Teamviewer, Telegram, Tencent, Threema, TOR, Twitch, Twitter, UbuntuONE, VK, Yandex, Yandex Cloud, Webex, Whatsapp, Zoom | diff --git a/doc/protocols.rst b/doc/protocols.rst index 54e99be60..ae565132b 100644 --- a/doc/protocols.rst +++ b/doc/protocols.rst @@ -938,3 +938,12 @@ References: `Main site: <https://www.lustre.org/>`_ NordVPN is a VPN service. References: `Main site: <https://nordvpn.com>`_ + + +.. _Proto 427: + +`NDPI_PROTOCOL_SURFSHARK` +======================== +Surfshark is a brand of VPN services offered by the Netherlands-based company Surfshark B.V. + +References: `Main site: <https://surfshark.com/>`_ diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1899ba91c..11ebe1b8e 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -455,6 +455,7 @@ typedef enum { NDPI_PROTOCOL_TRDP = 424, NDPI_PROTOCOL_LUSTRE = 425, NDPI_PROTOCOL_NORDVPN = 426, + NDPI_PROTOCOL_SURFSHARK = 427, #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h" diff --git a/src/lib/inc_generated/ndpi_surfshark_match.c.inc b/src/lib/inc_generated/ndpi_surfshark_match.c.inc new file mode 100644 index 000000000..7f1636b1c --- /dev/null +++ b/src/lib/inc_generated/ndpi_surfshark_match.c.inc @@ -0,0 +1,352 @@ +/* + * + * This file is generated automatically and part of nDPI + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/* ****************************************************** */ + + +static ndpi_network ndpi_protocol_surfshark_protocol_list[] = { + { 0x05FDCDD3 /* 5.253.205.211/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x17E69754 /* 23.230.151.84/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x17E69782 /* 23.230.151.130/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513C344 /* 37.19.195.68/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513C867 /* 37.19.200.103/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513CDA2 /* 37.19.205.162/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513CDA4 /* 37.19.205.164/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513CDA7 /* 37.19.205.167/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513CDA9 /* 37.19.205.169/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513CDB1 /* 37.19.205.177/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513CDB3 /* 37.19.205.179/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513CDB6 /* 37.19.205.182/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513CDB8 /* 37.19.205.184/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513CDBB /* 37.19.205.187/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513DD42 /* 37.19.221.66/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2513DD44 /* 37.19.221.68/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x251C9CE3 /* 37.28.156.227/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x251C9FEB /* 37.28.159.235/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2578CDB5 /* 37.120.205.181/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2578CF5B /* 37.120.207.91/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2578CF95 /* 37.120.207.149/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2BE1BD6C /* 43.225.189.108/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D27CB12 /* 45.39.203.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D27CB22 /* 45.39.203.34/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D373C9F /* 45.55.60.159/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D56D30B /* 45.86.211.11/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D56D33A /* 45.86.211.58/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D57D4B3 /* 45.87.212.179/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D57D4B5 /* 45.87.212.181/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D57D4B7 /* 45.87.212.183/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D5FF22C /* 45.95.242.44/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D5FF22E /* 45.95.242.46/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D864F88 /* 45.134.79.136/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D864FA3 /* 45.134.79.163/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D86D421 /* 45.134.212.33/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D889B33 /* 45.136.155.51/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D889B37 /* 45.136.155.55/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D8BFC0A /* 45.139.252.10/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D8BFC14 /* 45.139.252.20/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D8BFD02 /* 45.139.253.2/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D8BFD14 /* 45.139.253.20/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D907382 /* 45.144.115.130/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D90E310 /* 45.144.227.16/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D90E321 /* 45.144.227.33/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D950314 /* 45.149.3.20/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D950324 /* 45.149.3.36/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D960504 /* 45.150.5.4/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2D960512 /* 45.150.5.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2DF84CD5 /* 45.248.76.213/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x2E65BD0E /* 46.101.189.14/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59022 /* 62.197.144.34/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59034 /* 62.197.144.52/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59112 /* 62.197.145.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59114 /* 62.197.145.20/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59213 /* 62.197.146.19/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59216 /* 62.197.146.22/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59333 /* 62.197.147.51/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59343 /* 62.197.147.67/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59445 /* 62.197.148.69/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59455 /* 62.197.148.85/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC5956D /* 62.197.149.109/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59570 /* 62.197.149.112/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59635 /* 62.197.150.53/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59643 /* 62.197.150.67/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59712 /* 62.197.151.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59722 /* 62.197.151.34/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59845 /* 62.197.152.69/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59865 /* 62.197.152.101/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59927 /* 62.197.153.39/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59929 /* 62.197.153.41/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59A11 /* 62.197.154.17/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59A13 /* 62.197.154.19/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59B29 /* 62.197.155.41/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59B2E /* 62.197.155.46/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59C12 /* 62.197.156.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59C14 /* 62.197.156.20/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59D27 /* 62.197.157.39/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59D29 /* 62.197.157.41/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59E27 /* 62.197.158.39/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59E2C /* 62.197.158.44/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59F22 /* 62.197.159.34/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x3EC59F24 /* 62.197.159.36/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x420B7C94 /* 66.11.124.148/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x42EBA8C1 /* 66.235.168.193/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x42EBA8DA /* 66.235.168.218/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x4A50B648 /* 74.80.182.72/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x4A50B64A /* 74.80.182.74/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x4F6E350D /* 79.110.53.13/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x50F61FD5 /* 80.246.31.213/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x50F61FD7 /* 80.246.31.215/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5113D133 /* 81.19.209.51/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x53617011 /* 83.97.112.17/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x53617013 /* 83.97.112.19/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x53617312 /* 83.97.115.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x53617314 /* 83.97.115.20/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5411234E /* 84.17.35.78/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x541135DB /* 84.17.53.219/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x54113AC5 /* 84.17.58.197/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x55CC4673 /* 85.204.70.115/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x55CC7C5D /* 85.204.124.93/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x57F9854E /* 87.249.133.78/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x59752943 /* 89.117.41.67/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x59752963 /* 89.117.41.99/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x59BBA102 /* 89.187.161.2/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x59BBA104 /* 89.187.161.4/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C3E7853 /* 92.62.120.83/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C3E7855 /* 92.62.120.85/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C3E7935 /* 92.62.121.53/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C3E7975 /* 92.62.121.117/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C3E7A22 /* 92.62.122.34/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C3E7A24 /* 92.62.122.36/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C3E7B55 /* 92.62.123.85/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C3E7B65 /* 92.62.123.101/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C763E1F /* 92.118.62.31/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C77B113 /* 92.119.177.19/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C77B115 /* 92.119.177.21/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5C77B117 /* 92.119.177.23/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5D762970 /* 93.118.41.112/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5D98D2B5 /* 93.152.210.181/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5D98D2CB /* 93.152.210.203/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5D98D42C /* 93.152.212.44/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5D98D43D /* 93.152.212.61/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5D98DCA5 /* 93.152.220.165/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5D98DCE7 /* 93.152.220.231/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5DB9A20F /* 93.185.162.15/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5DB9A213 /* 93.185.162.19/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5E9A7C63 /* 94.154.124.99/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5E9A7C65 /* 94.154.124.101/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5FADDF6C /* 95.173.223.108/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x5FADDF6E /* 95.173.223.110/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x676DF460 /* 103.109.244.96/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x67B09809 /* 103.176.152.9/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x67B09811 /* 103.176.152.17/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x67C050F3 /* 103.192.80.243/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x67C050FB /* 103.192.80.251/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x67C0CD32 /* 103.192.205.50/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x67C0CD34 /* 103.192.205.52/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x67D614C3 /* 103.214.20.195/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x67D614CD /* 103.214.20.205/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x67DB1580 /* 103.219.21.128/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x71CBDD16 /* 113.203.221.22/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x71CBDD18 /* 113.203.221.24/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x7C968B25 /* 124.150.139.37/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x7C968B2D /* 124.150.139.45/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC5971A /* 138.197.151.26/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC71096 /* 138.199.16.150/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC713A4 /* 138.199.19.164/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC71699 /* 138.199.22.153/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC71DCD /* 138.199.29.205/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC72A81 /* 138.199.42.129/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC73CAA /* 138.199.60.170/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC73CAC /* 138.199.60.172/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC73CAF /* 138.199.60.175/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC73CB1 /* 138.199.60.177/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC73CB4 /* 138.199.60.180/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC73CB6 /* 138.199.60.182/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8AC73E95 /* 138.199.62.149/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8B1CB093 /* 139.28.176.147/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8FF42E42 /* 143.244.46.66/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8FF42E4E /* 143.244.46.78/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x8FF43CAE /* 143.244.60.174/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9030277B /* 144.48.39.123/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x924615B3 /* 146.70.21.179/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246247D /* 146.70.36.125/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x92462A8B /* 146.70.42.139/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x92462DA3 /* 146.70.45.163/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x92462DBB /* 146.70.45.187/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x924637EB /* 146.70.55.235/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x924656DB /* 146.70.86.219/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x92465C1B /* 146.70.92.27/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x924666BB /* 146.70.102.187/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x924666C3 /* 146.70.102.195/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x92466F5B /* 146.70.111.91/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x92466F63 /* 146.70.111.99/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246705D /* 146.70.112.93/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246720D /* 146.70.114.13/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246781B /* 146.70.120.27/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246A1F5 /* 146.70.161.245/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246A363 /* 146.70.163.99/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246A3CB /* 146.70.163.203/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246AF45 /* 146.70.175.69/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246BABD /* 146.70.186.189/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246C2E5 /* 146.70.194.229/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9246CDAD /* 146.70.205.173/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x951651AF /* 149.22.81.175/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x951651B4 /* 149.22.81.180/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9522F254 /* 149.34.242.84/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9522F25E /* 149.34.242.94/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9522F623 /* 149.34.246.35/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9522FD92 /* 149.34.253.146/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9524304B /* 149.36.48.75/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x952832DD /* 149.40.50.221/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x95581082 /* 149.88.16.130/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9558144F /* 149.88.20.79/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x95581644 /* 149.88.22.68/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9558164E /* 149.88.22.78/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x95586202 /* 149.88.98.2/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x95586509 /* 149.88.101.9/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x95586822 /* 149.88.104.34/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x95586824 /* 149.88.104.36/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x95586F4E /* 149.88.111.78/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x95586F62 /* 149.88.111.98/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9566E369 /* 149.102.227.105/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9566F66A /* 149.102.246.106/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9566F66F /* 149.102.246.111/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9566F785 /* 149.102.247.133/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9566F78D /* 149.102.247.141/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9566FE12 /* 149.102.254.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9566FE21 /* 149.102.254.33/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9A10A958 /* 154.16.169.88/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9A2F1E62 /* 154.47.30.98/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9A2F1E6E /* 154.47.30.110/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9C922FED /* 156.146.47.237/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9C9236C7 /* 156.146.54.199/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9C9237C2 /* 156.146.55.194/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9C9237C4 /* 156.146.55.196/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0x9C923889 /* 156.146.56.137/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xA5E83519 /* 165.232.53.25/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xA996C538 /* 169.150.197.56/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xA996CBC2 /* 169.150.203.194/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xA996D1D6 /* 169.150.209.214/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xA996E302 /* 169.150.227.2/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xA996E389 /* 169.150.227.137/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xA996FE63 /* 169.150.254.99/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xAA27D6E3 /* 170.39.214.227/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xAC5D94A5 /* 172.93.148.165/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xAC5D94AB /* 172.93.148.171/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xACFC590A /* 172.252.89.10/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xACFC5928 /* 172.252.89.40/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB0E3F024 /* 176.227.240.36/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB0E3F03E /* 176.227.240.62/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB0E3F142 /* 176.227.241.66/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB0E3F144 /* 176.227.241.68/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB2EFA37B /* 178.239.163.123/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB495E705 /* 180.149.231.5/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB495E70B /* 180.149.231.11/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB92C4CBA /* 185.44.76.186/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB92C4CBC /* 185.44.76.188/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB94C08D9 /* 185.76.8.217/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB95CD248 /* 185.92.210.72/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB966D99F /* 185.102.217.159/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB968BBFB /* 185.104.187.251/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB96C696F /* 185.108.105.111/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9861650 /* 185.134.22.80/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB986165C /* 185.134.22.92/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB98D7760 /* 185.141.119.96/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB99840B2 /* 185.152.64.178/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9999797 /* 185.153.151.151/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB99997A9 /* 185.153.151.169/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9A6548B /* 185.166.84.139/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9AE9F6D /* 185.174.159.109/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9AE9F73 /* 185.174.159.115/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9BC3D26 /* 185.188.61.38/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9BC3D2A /* 185.188.61.42/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9C19DB0 /* 185.193.157.176/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9C4000F /* 185.196.0.15/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9C40019 /* 185.196.0.25/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9F205E3 /* 185.242.5.227/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9F20643 /* 185.242.6.67/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9F48B55 /* 185.244.139.85/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9F48B63 /* 185.244.139.99/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9FD615D /* 185.253.97.93/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xB9FD616B /* 185.253.97.107/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xBC5F3628 /* 188.95.54.40/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xBCA62B75 /* 188.166.43.117/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xBCF03957 /* 188.240.57.87/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xBCF0396D /* 188.240.57.109/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xBCF03A7B /* 188.240.58.123/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC09EEE0E /* 192.158.238.14/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC113CC46 /* 193.19.204.70/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC113CC48 /* 193.19.204.72/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC113CF62 /* 193.19.207.98/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC113CF64 /* 193.19.207.100/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC1387130 /* 193.56.113.48/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC1387138 /* 193.56.113.56/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC1941233 /* 193.148.18.51/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC1941235 /* 193.148.18.53/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC1B05683 /* 193.176.86.131/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC1E43886 /* 193.228.56.134/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC1E4388B /* 193.228.56.139/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC21A8312 /* 194.26.131.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC21A8314 /* 194.26.131.20/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC2A9A816 /* 194.169.168.22/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC2A9A818 /* 194.169.168.24/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC2A9A912 /* 194.169.169.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC2A9A922 /* 194.169.169.34/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC2A9AA27 /* 194.169.170.39/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC2A9AA2E /* 194.169.170.46/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC2A9AB22 /* 194.169.171.34/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC2A9AB24 /* 194.169.171.36/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC39EF917 /* 195.158.249.23/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC39EF91B /* 195.158.249.27/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC3B5A6E2 /* 195.181.166.226/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC3B5ABE4 /* 195.181.171.228/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC3B5AEE2 /* 195.181.174.226/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC3B5AEE4 /* 195.181.174.228/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC42C7653 /* 196.44.118.83/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xC42C7655 /* 196.44.118.85/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xCEBD5EE5 /* 206.189.94.229/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xCEBD775C /* 206.189.119.92/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD4662C42 /* 212.102.44.66/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD4662C69 /* 212.102.44.105/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD466300F /* 212.102.48.15/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD4663014 /* 212.102.48.20/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD46636A5 /* 212.102.54.165/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD4772012 /* 212.119.32.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD4772024 /* 212.119.32.36/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD4772122 /* 212.119.33.34/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD4772124 /* 212.119.33.36/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD56D9712 /* 213.109.151.18/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD56D9714 /* 213.109.151.20/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD909F463 /* 217.9.244.99/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD909F465 /* 217.9.244.101/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD909F553 /* 217.9.245.83/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD909F565 /* 217.9.245.101/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD909F775 /* 217.9.247.117/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD909F7A5 /* 217.9.247.165/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD909FA53 /* 217.9.250.83/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD909FA55 /* 217.9.250.85/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD98AD8FD /* 217.138.216.253/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + { 0xD9925253 /* 217.146.82.83/32 */, 32, NDPI_PROTOCOL_SURFSHARK }, + /* End */ + { 0x0, 0, 0 } +}; + +static ndpi_network6 ndpi_protocol_surfshark_protocol_list_6[] = { + /* End */ + { NULL, 0, 0 } +}; diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index fd194f9d6..94be7ffd4 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1679,6 +1679,8 @@ static ndpi_protocol_match host_match[] = { "napps-1.com", "NordVPN", NDPI_PROTOCOL_NORDVPN, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "napps-2.com", "NordVPN", NDPI_PROTOCOL_NORDVPN, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "surfshark.com", "SurfShark", NDPI_PROTOCOL_SURFSHARK, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_content_match_host_match.c.inc" #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a234f7afe..db3a83bb9 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -88,6 +88,7 @@ #include "inc_generated/ndpi_protonvpn_out_match.c.inc" #include "inc_generated/ndpi_mullvad_match.c.inc" #include "inc_generated/ndpi_nordvpn_match.c.inc" +#include "inc_generated/ndpi_surfshark_match.c.inc" #include "inc_generated/ndpi_asn_telegram.c.inc" #include "inc_generated/ndpi_asn_apple.c.inc" #include "inc_generated/ndpi_asn_twitter.c.inc" @@ -3642,6 +3643,10 @@ int ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str) ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_nordvpn_protocol_list); ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_nordvpn_protocol_list_6); } + if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_SURFSHARK)) { + ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_surfshark_protocol_list); + ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_surfshark_protocol_list_6); + } if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_TELEGRAM)) { ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_telegram_protocol_list); ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_telegram_protocol_list_6); diff --git a/tests/cfgs/default/pcap/sites.pcapng b/tests/cfgs/default/pcap/sites.pcapng Binary files differindex c0d2c55f6..a96f43839 100644 --- a/tests/cfgs/default/pcap/sites.pcapng +++ b/tests/cfgs/default/pcap/sites.pcapng diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out index fbcba6350..0cd01dcb0 100644 --- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out @@ -26,6 +26,6 @@ CustomProtocolC 3 222 1 Acceptable 8 592 3 - 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.433/TLS.CustomProtocolA][IP: 433/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.434/TLS.CustomProtocolA][IP: 434/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 434/CustomProtocolB][IP: 434/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 435/CustomProtocolB][IP: 435/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/sites.pcapng.out b/tests/cfgs/default/result/sites.pcapng.out index 69ad0e551..d26c714ed 100644 --- a/tests/cfgs/default/result/sites.pcapng.out +++ b/tests/cfgs/default/result/sites.pcapng.out @@ -1,27 +1,27 @@ Guessed flow protos: 4 -DPI Packets (TCP): 323 (5.47 pkts/flow) +DPI Packets (TCP): 330 (5.50 pkts/flow) DPI Packets (UDP): 4 (1.00 pkts/flow) Confidence Match by port : 4 (flows) -Confidence DPI : 59 (flows) -Num dissector calls: 73 (1.16 diss/flow) +Confidence DPI : 60 (flows) +Num dissector calls: 74 (1.16 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/4/0 (insert/search/found) LRU cache mining: 0/4/0 (insert/search/found) LRU cache msteams: 1/1/1 (insert/search/found) -LRU cache fpc_dns: 0/59/0 (insert/search/found) -Automa host: 77/59 (search/found) -Automa domain: 77/0 (search/found) +LRU cache fpc_dns: 0/60/0 (insert/search/found) +Automa host: 78/60 (search/found) +Automa domain: 78/0 (search/found) Automa tls cert: 1/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 107/107 (search/found) +Automa common alpns: 109/109 (search/found) Patricia risk mask: 6/0 (search/found) Patricia risk mask IPv6: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 6/0 (search/found) -Patricia protocols: 83/31 (search/found) +Patricia protocols: 85/31 (search/found) Patricia protocols IPv6: 7/5 (search/found) HTTP 14 1040 4 @@ -71,9 +71,10 @@ Bluesky 20 14946 3 Mastodon 6 4819 1 Threads 1 1399 1 NordVPN 22 10597 1 +SurfShark 21 12829 1 Safe 106 49477 9 -Acceptable 197 110527 23 +Acceptable 218 123356 24 Fun 371 199377 30 Potentially Dangerous 4 2225 1 @@ -90,68 +91,70 @@ JA3 Host Stats: 9 192.168.1.227 1 10 192.168.1.123 1 11 2001:b07:a3d:c112:9a00:ba78:86b1:e177 1 + 12 192.168.1.183 1 1 TCP 192.168.1.250:39890 <-> 45.82.241.51:80 [proto: 7.261/HTTP.Likee][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][58 pkts/4414 bytes <-> 54 pkts/74431 bytes][Goodput ratio: 22/96][182.93 sec][Hostname/SNI: videosnap.like.video][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/40 1449/1478 252/226][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 76/1378 244/1514 52/370][URL: videosnap.like.video/eu_live/5uz/1YOmxT.webp?type=8&resize=1&dw=360][StatusCode: 200][Content-Type: image/webp][Server: openresty][User-Agent: Like-Android][PLAIN TEXT (GET /eu)][Plen Bins: 0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,85,0,0] 2 TCP 192.168.1.128:50620 <-> 91.198.174.208:443 [proto: 91.176/TLS.Wikipedia][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][28 pkts/3033 bytes <-> 24 pkts/18149 bytes][Goodput ratio: 39/91][170.60 sec][Hostname/SNI: upload.wikimedia.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5077/6202 58326/58377 16039/17553][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/756 583/1514 106/683][TLSv1.3][JA3C: 6b5e0cfe988c723ee71faf54f8460684][JA4: t13d1815h2_e8a523a41297_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,23,3,3,0,3,0,3,0,3,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,39,0,0] 3 TCP 192.168.1.245:49558 <-> 80.158.42.215:443 [proto: 91.399/TLS.HuaweiCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Cloud/13][14 pkts/4392 bytes <-> 9 pkts/12610 bytes][Goodput ratio: 82/96][0.62 sec][Hostname/SNI: id7.cloud.huawei.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.483 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/93 439/462 123/166][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 314/1401 1081/3954 396/1672][TLSv1.2][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][ServerNames: avatar.id.huawei.com,hts.huawei.com.cn,*.cdn.hicloud.com,*.cloud.dbankcloud.com,*.cloud.hicloud.com,*.cloud.huawei.asia,*.cloud.huawei.com,*.cloud.huawei.com.au,*.cloud.huawei.com.cn,*.cloud.huawei.eu,*.cloud.huawei.ru,*.dbankcloud.cn,*.dbankcloud.com,*.hicloud.com,*.hms.dbankcloud.cn,*.huawei.com,*.platform.dbankcloud.cn,*.platform.dbankcloud.com,*.platform.dbankcloud.ru,*.platform.hicloud.com,*.vmall.com][JA3S: eb7ce657b6814e1bc6402d66a2309dc6][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=avatar.id.huawei.com][ECH: version 0xfe0d][Certificate SHA-1: 4F:6B:EE:C1:86:C1:2D:DB:AB:BF:DB:90:42:2D:06:A9:63:FF:76:52][Firefox][Validity: 2023-07-26 01:16:11 - 2024-08-26 01:16:10][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,8,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] - 4 TCP 192.168.1.245:54690 <-> 160.44.196.198:443 [proto: 91.399/TLS.HuaweiCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Cloud/13][8 pkts/1733 bytes <-> 7 pkts/9520 bytes][Goodput ratio: 74/96][0.18 sec][Hostname/SNI: cloud.huawei.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.692 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 22/12 40/30 15/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 217/1360 718/4434 253/1807][TLSv1.2][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][ServerNames: cloud.huawei.asia,cloud.huawei.com.cn,cloud.huawei.com,cloud.huawei.com.au,cloud.huawei.eu,cloud.huawei.lat,cloud.huawei.ru,*.dbank.com,*.hicloud.com,*.cloud.dbankcloud.cn,*.cloud.dbankcloud.com,*.cloud.dbankcloud.ru,*.cloud.hicloud.com,*.cloud.huawei.asia,*.cloud.huawei.com,*.cloud.huawei.com.au,*.cloud.huawei.com.cn,*.cloud.huawei.eu,*.cloud.huawei.lat,*.cloud.huawei.ru,*.platform.dbankcloud.cn,*.platform.hicloud.com][JA3S: eb7ce657b6814e1bc6402d66a2309dc6][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=cloud.huawei.asia][ECH: version 0xfe0d][Certificate SHA-1: 94:8E:17:DA:5F:C7:62:E4:1E:F0:A5:AB:A0:B9:7B:DE:A5:F4:75:33][Firefox][Validity: 2023-08-11 07:21:05 - 2024-09-11 07:21:04][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,12,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] - 5 TCP 192.168.1.245:58624 <-> 104.16.156.111:443 [proto: 91.426/TLS.NordVPN][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][11 pkts/2405 bytes <-> 11 pkts/8192 bytes][Goodput ratio: 69/91][0.13 sec][Hostname/SNI: s1.nordcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/5 22/22 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 219/745 1219/2848 330/829][TLSv1.3][JA3C: a195b9c006fcb23ab9a2343b0871e362][JA4: t13d1715h2_5b57614c22b0_7121afd63204][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 16,0,16,0,0,0,0,0,7,0,7,0,0,0,7,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,7,0,7] - 6 TCP 192.168.1.250:41878 <-> 92.122.95.99:443 [proto: 91.49/TLS.TikTok][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][16 pkts/3550 bytes <-> 15 pkts/7010 bytes][Goodput ratio: 70/86][16.63 sec][Hostname/SNI: vcs-va.tiktokv.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1381/1506 16408/16423 4531/4717][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/467 1090/1514 286/552][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,0,7,0,0,0,0,0,24,0,0,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,15,0,0] - 7 TCP 192.168.1.227:50071 <-> 52.73.71.226:443 [proto: 91.270/TLS.Fuze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 9][cat: VoIP/10][14 pkts/3035 bytes <-> 17 pkts/7520 bytes][Goodput ratio: 73/87][60.43 sec][Hostname/SNI: presence.fuze.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5482/5008 45124/45106 13235/12754][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 217/442 1019/1514 278/561][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.presence.fuze.com,presence.fuze.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=*.presence.fuze.com][Certificate SHA-1: B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79][Chrome][Validity: 2020-09-23 00:00:00 - 2021-10-25 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,23,5,11,0,0,0,0,5,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,5,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0] - 8 TCP 192.168.1.128:48918 <-> 143.204.9.65:443 [proto: 91.71/TLS.DisneyPlus][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Streaming/17][15 pkts/1802 bytes <-> 14 pkts/7915 bytes][Goodput ratio: 44/88][0.05 sec][Hostname/SNI: prod-static.disney-plus.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 17/11 5/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/565 583/1494 132/660][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,20,0,0,10,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,40,0,0,0] - 9 TCP 192.168.12.169:39248 <-> 23.12.104.83:443 [proto: 91.280/TLS.AccuWeather][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/1964 bytes <-> 14 pkts/6598 bytes][Goodput ratio: 47/86][1.75 sec][Hostname/SNI: api.accuweather.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.541 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/170 1421/1444 375/427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 123/471 583/1514 140/534][TLSv1.3][JA3C: 9b02ebd3a43b62d825e1ac605b621dc8][JA4: t13d1713ht_5b57614c22b0_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 16,0,8,0,0,0,0,0,16,8,0,8,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,16,0,0] - 10 TCP [2001:b07:a3d:c112:c044:a6d4:80d:5d55]:39970 <-> [2600:9000:25ea:1200:1:12d8:5a00:93a1]:443 [proto: 91.399/TLS.HuaweiCloud][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Cloud/13][8 pkts/1965 bytes <-> 4 pkts/5457 bytes][Goodput ratio: 65/94][0.01 sec][Hostname/SNI: contentcenter-dre.dbankcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/3 4/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 246/1364 764/3710 228/1482][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,16] - 11 TCP 192.168.1.128:56836 <-> 13.107.42.13:443 [proto: 91.221/TLS.MS_OneDrive][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 8][cat: Cloud/13][3 pkts/857 bytes <-> 7 pkts/6562 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: onedrive.live.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.769 (Download)][IAT c2s/s2c min/avg/max/stddev: 22/0 28/9 33/33 6/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/60 286/937 571/1514 209/673][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02][Subject: CN=onedrive.com][Certificate SHA-1: 77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D][Firefox][Validity: 2022-02-01 00:13:15 - 2023-02-01 00:13:15][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] - 12 TCP 192.168.1.128:46724 <-> 199.232.82.109:443 [proto: 91.267/TLS.Vimeo][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Streaming/17][13 pkts/1452 bytes <-> 12 pkts/5804 bytes][Goodput ratio: 42/86][52.80 sec][Hostname/SNI: f.vimeocdn.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5278/5835 46637/46651 13906/15427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 112/484 583/1410 138/567][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: *.vimeocdn.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.vimeocdn.com][Certificate SHA-1: 3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37][Chrome][Validity: 2021-05-18 18:45:52 - 2022-06-19 18:45:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,0,0] - 13 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48616 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][5 pkts/1090 bytes <-> 4 pkts/6012 bytes][Goodput ratio: 60/94][0.04 sec][Hostname/SNI: t.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/7 18/22 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 218/1503 738/4182 260/1673][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66] - 14 TCP 192.168.1.128:33102 <-> 13.81.118.91:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Cloud/13][3 pkts/857 bytes <-> 6 pkts/6226 bytes][Goodput ratio: 79/95][0.11 sec][Hostname/SNI: onedrive.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 37/0 40/16 42/41 2/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/1038 571/1514 209/673][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=onedrive.com][Certificate SHA-1: 50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB][Firefox][Validity: 2021-08-13 07:38:24 - 2022-08-13 07:38:24][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] - 15 TCP 192.168.1.128:42580 <-> 2.17.141.128:443 [proto: 91.258/TLS.Activision][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Game/8][3 pkts/849 bytes <-> 6 pkts/5606 bytes][Goodput ratio: 76/93][0.06 sec][Hostname/SNI: www.activision.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.737 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 24/9 27/24 4/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/934 583/1514 218/562][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com][Certificate SHA-1: F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41][Firefox][Validity: 2021-12-07 00:00:00 - 2022-12-07 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0] - 16 TCP 192.168.1.128:48654 <-> 13.107.42.14:443 [proto: 91.233/TLS.LinkedIn][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: SocialNetwork/6][3 pkts/857 bytes <-> 6 pkts/5137 bytes][Goodput ratio: 79/93][0.09 sec][Hostname/SNI: www.linkedin.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/0 30/12 34/35 4/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/856 571/1514 209/665][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com][Certificate SHA-1: CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53][Firefox][Validity: 2022-03-01 00:00:00 - 2022-09-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,14,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 17 TCP 192.168.1.128:43412 <-> 151.101.193.73:443 [proto: 91.246/TLS.Bloomberg][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Cloud/13][3 pkts/816 bytes <-> 6 pkts/5140 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: www.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.726 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 15/6 20/20 5/8][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/857 583/1406 223/565][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com][Certificate SHA-1: 88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82][Firefox][Validity: 2022-02-22 00:00:00 - 2023-03-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0] - 18 TCP 192.168.1.128:39828 <-> 40.97.160.2:443 [proto: 91.21/TLS.Outlook][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 21/Outlook, Confidence: IP address][DPI packets: 7][cat: Email/3][3 pkts/857 bytes <-> 6 pkts/5097 bytes][Goodput ratio: 79/93][0.55 sec][Hostname/SNI: outlook.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 178/0 184/74 190/189 6/90][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/850 571/1514 209/672][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com][JA3S: 71d9ce75f347e6cf54268d7114ae6925][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com][Certificate SHA-1: 4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58][Firefox][Validity: 2021-12-22 00:00:00 - 2022-12-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 19 TCP 192.168.1.245:46174 <-> 5.61.23.30:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/2084 bytes <-> 10 pkts/3525 bytes][Goodput ratio: 68/82][0.23 sec][Hostname/SNI: 732231.ms.ok.ru][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.257 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/24 46/47 22/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 208/352 905/2236 268/643][TLSv1.2][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][ServerNames: *.ok.ru,odnoklassniki.ru,ok.me,okl.lt,oklive.app,tamtam.chat,tt.me,*.odnoklassniki.ru,*.ok.me,*.okl.lt,*.oklive.app,*.tamtam.chat,*.tt.me,*.ms.ok.ru,ms.ok.ru,ok.ru][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.ok.ru][ECH: version 0xfe0d][Certificate SHA-1: 66:20:81:B9:D0:20:96:BF:13:93:E6:76:FF:C4:19:BD:F6:29:0E:A3][Firefox][Validity: 2023-10-04 08:36:03 - 2024-10-02 09:21:02][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,0,0,12,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12] - 20 TCP 192.168.1.245:55362 <-> 44.218.3.81:443 [proto: 91.411/TLS.Bluesky][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][4 pkts/931 bytes <-> 3 pkts/4550 bytes][Goodput ratio: 71/95][0.19 sec][Hostname/SNI: bsky.social][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/48 96/97 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 233/1517 725/4410 284/2046][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 21 TCP 192.168.1.245:50142 <-> 3.136.49.254:443 [proto: 91.411/TLS.Bluesky][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][4 pkts/928 bytes <-> 3 pkts/4550 bytes][Goodput ratio: 71/95][0.24 sec][Hostname/SNI: bsky.app][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.661 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 78/60 117/119 55/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/1517 722/4410 283/2046][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 22 TCP 192.168.1.128:57878 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][FPC: 125/Skype_Teams, Confidence: IP address][DPI packets: 6][cat: Collaborative/15][3 pkts/857 bytes <-> 5 pkts/4534 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: teams.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 32/16 44/36 12/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/907 571/1514 209/591][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: teams.office.com][JA3S: 104071bf77c5f0d7bae5f17542ba9428][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=teams.office.com][Certificate SHA-1: 27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80][Chrome][Validity: 2021-09-06 22:02:06 - 2022-09-06 22:02:06][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 23 TCP 192.168.1.128:57336 <-> 23.1.68.189:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][3 pkts/849 bytes <-> 5 pkts/4459 bytes][Goodput ratio: 76/92][0.07 sec][Hostname/SNI: www.playstation.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/0 24/12 24/23 0/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/892 583/1514 218/598][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: playstation.com,webforms.playstation.com,www.playstation.com][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com][Certificate SHA-1: 19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A][Firefox][Validity: 2021-11-19 00:00:00 - 2022-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 24 TCP 192.168.1.128:45014 <-> 129.226.107.210:443 [proto: 91.202/TLS.IFLIX][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 6][cat: Video/26][3 pkts/792 bytes <-> 5 pkts/4228 bytes][Goodput ratio: 77/93][0.97 sec][Hostname/SNI: www.iflix.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.684 (Download)][IAT c2s/s2c min/avg/max/stddev: 324/0 325/162 326/326 1/163][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 264/846 571/1486 219/582][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3][Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com][Certificate SHA-1: 6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0][Firefox][Validity: 2022-01-18 00:00:00 - 2023-01-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 25 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48594 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][3 pkts/930 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.04 sec][Hostname/SNI: web.telegram.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 17/18 8/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 750/3710 311/1706][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 26 TCP [2001:b07:a3d:c112:6ea5:ab52:9230:ba5]:35968 <-> [2a04:4e42:c00::347]:443 [proto: 91.412/TLS.Mastodon][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][3 pkts/929 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.01 sec][Hostname/SNI: mastodon.social][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 2/2 2/4 0/2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 749/3710 311/1706][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 27 TCP 192.168.1.128:53978 <-> 208.85.40.158:443 [proto: 91.187/TLS.Pandora][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][3 pkts/849 bytes <-> 5 pkts/3932 bytes][Goodput ratio: 76/91][0.68 sec][Hostname/SNI: pandora.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.645 (Download)][IAT c2s/s2c min/avg/max/stddev: 170/0 254/127 339/173 84/73][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/786 583/1514 218/607][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.pandora.com,pandora.com][JA3S: 7047b9d842ee4b3fba6a86353828c915][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1][Subject: C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com][Certificate SHA-1: 40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF][Firefox][Validity: 2021-05-12 00:00:00 - 2022-06-12 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,16,0,0,0,0,0,0,16,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 28 TCP 192.168.88.231:49950 <-> 159.153.191.240:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Game/8][5 pkts/807 bytes <-> 5 pkts/3375 bytes][Goodput ratio: 64/91][< 1 sec][Hostname/SNI: accounts.ea.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/36 142/145 70/63][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/675 571/1384 205/599][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_24695f2957a7][ServerNames: accounts.ea.com][JA3S: 7b6819ed58e8d8415604b7dfcef92d55 (WEAK)][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com][Certificate SHA-1: 6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D][Firefox][Validity: 2023-04-18 00:00:00 - 2024-05-18 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (3.digicert.com/DigiCertGlobalRo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] - 29 TCP 192.168.1.245:33212 <-> 15.204.197.32:443 [proto: 91.411/TLS.Bluesky][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: SocialNetwork/6][4 pkts/951 bytes <-> 2 pkts/3036 bytes][Goodput ratio: 71/95][0.19 sec][Hostname/SNI: enoki.us-east.host.bsky.network][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/97 64/97 95/97 44/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 238/1518 745/2962 293/1444][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 30 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48624 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][4 pkts/1011 bytes <-> 3 pkts/2682 bytes][Goodput ratio: 65/90][0.04 sec][Hostname/SNI: telegram.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 12/10 18/20 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 253/894 745/2502 284/1137][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 31 UDP 192.168.1.128:36832 <-> 142.250.181.238:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.02 sec][Hostname/SNI: plus.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: b719940c5ab9a3373cb4475d8143ff88][JA4: q13d0314h][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 32 UDP 192.168.1.128:38642 <-> 216.58.212.142:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.03 sec][Hostname/SNI: hangouts.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: 2a18e6bf307f97c5e27f0ab407dc65db][JA4: q13d0315h][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 33 TCP 192.168.88.171:55280 <-> 124.237.225.21:443 [proto: 91.54/TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Streaming/17][3 pkts/691 bytes <-> 4 pkts/1680 bytes][Goodput ratio: 75/86][< 1 sec][Hostname/SNI: msg.qy.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.417 (Download)][IAT c2s/s2c min/avg/max/stddev: 295/2 296/198 297/297 1/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/420 571/1494 241/620][TLSv1.3][JA3C: f436b9416f37d134cadd04886327d3e8][JA4: t13d3113h2_e8f1e7e78f70_1b3407e2c936][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 34 TCP 192.168.88.171:55468 <-> 184.86.2.194:443 [proto: 91.54/TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][3 pkts/742 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 76/89][0.05 sec][Hostname/SNI: stc.iqiyipic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.372 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/12 23/23 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 247/540 622/1494 265/675][TLSv1.3][JA3C: 2aafde70b049185ef1cca0d7f821a8d7][JA4: t13d1516h2_8daaf6152771_02713d6af862][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 35 TCP 192.168.88.231:33920 <-> 185.5.161.203:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][0.08 sec][Hostname/SNI: origin-a.akamaihd.net][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/19 16/24 26/28 10/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_24695f2957a7][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 36 TCP 192.168.88.171:49217 <-> 54.208.106.218:443 [proto: 91.59/TLS.AdobeConnect][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Video/26][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][0.28 sec][Hostname/SNI: meet27083742.adobeconnect.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 69/70 138/139 69/70][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 37 TCP 192.168.88.171:55272 <-> 116.211.202.129:443 [proto: 91.54/TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][0.59 sec][Hostname/SNI: opportunarch.iqiyi.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/150 288/299 144/150][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][TLSv1.3][JA3C: f436b9416f37d134cadd04886327d3e8][JA4: t13d3113h2_e8f1e7e78f70_1b3407e2c936][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 38 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Shopping/27][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 39 TCP 192.168.1.128:42884 <-> 185.125.190.21:443 [proto: 91.169/TLS.UbuntuONE][IP: 169/UbuntuONE][Encrypted][Confidence: DPI][FPC: 169/UbuntuONE, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.06 sec][Hostname/SNI: assets.ubuntu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 40 TCP 192.168.1.128:45898 <-> 15.160.39.187:443 [proto: 91.254/TLS.AppleSiri][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: VirtAssistant/32][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: guzzoni.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 41 TCP 192.168.1.128:46264 <-> 23.51.246.65:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: static.playstation.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 42 TCP 192.168.1.128:48140 <-> 23.1.66.79:443 [proto: 91.180/TLS.CNN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: cdn.cnn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 43 TCP 192.168.1.128:48902 <-> 2.17.140.63:443 [proto: 91.47/TLS.Xbox][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: account.xbox.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 44 TCP 192.168.1.128:51432 <-> 95.101.195.214:443 [proto: 91.137/TLS.Hulu][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.05 sec][Hostname/SNI: hulu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 45 TCP 192.168.1.128:33664 <-> 108.138.185.106:443 [proto: 91.240/TLS.AmazonVideo][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: www.primevideo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 46 TCP 192.168.1.128:39934 <-> 104.23.98.190:443 [proto: 91.232/TLS.Pastebin][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Download/7][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: pastebin.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unsafe Protocol **][Risk Score: 10][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 47 TCP 192.168.1.128:43150 <-> 108.138.199.67:443 [proto: 91.210/TLS.Deezer][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: deezer.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 48 TCP 192.168.1.128:51806 <-> 18.66.196.102:443 [proto: 91.234/TLS.SoundCloud][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: soundcloud.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 49 TCP 192.168.1.128:53998 <-> 172.65.251.78:443 [proto: 91.262/TLS.GitLab][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.gitlab.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 50 TCP 192.168.1.128:57014 <-> 108.139.210.102:443 [proto: 91.246/TLS.Bloomberg][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: sourcepointcmp.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 51 TCP 192.168.1.128:38858 <-> 142.250.180.142:443 [proto: 91.123/TLS.GoogleMaps][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: maps.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 52 TCP 192.168.1.128:47122 <-> 35.201.112.136:443 [proto: 91.134/TLS.LastFM][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: kerve.last.fm][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 53 TCP 192.168.1.128:50608 <-> 142.250.185.206:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: googleplus.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 54 TCP 192.168.1.128:56458 <-> 142.250.185.142:443 [proto: 91.217/TLS.GoogleDrive][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: drive.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 55 TCP 192.168.1.128:35054 <-> 31.222.67.112:443 [proto: 91.279/TLS.Badoo][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: SocialNetwork/6][2 pkts/645 bytes <-> 2 pkts/1500 bytes][Goodput ratio: 80/92][0.09 sec][Hostname/SNI: www.badoo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] - 56 TCP 192.168.1.128:46084 <-> 146.75.62.167:443 [proto: 91.195/TLS.Twitch][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1480 bytes][Goodput ratio: 79/90][0.05 sec][Hostname/SNI: gql.twitch.tv][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] - 57 UDP [2001:b07:a3d:c112:6ea5:ab52:9230:ba5]:41590 -> [2a03:2880:f208:c4:face:b00c::43fe]:443 [proto: 188.413/QUIC.Threads][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 188.413/QUIC.Threads, Confidence: DPI][DPI packets: 1][cat: SocialNetwork/6][1 pkts/1399 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: www.threads.net][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: V-1][JA3C: 7a8e625dea44f20fe8d8d657583506d1][JA4: q13d0314h][ECH: version 0xfe0d][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0] - 58 UDP 192.168.1.123:59102 -> 216.58.209.46:443 [proto: 188.281/QUIC.GoogleClassroom][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.281/QUIC.GoogleClassroom, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][1 pkts/1292 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: classroom.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][User-Agent: Chrome/97.0.4692.99 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: V-1][JA3C: a27a03a8478393fe7f8958648bb71ff4][JA4: q13d0310h][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 59 TCP 192.168.12.169:46160 <-> 69.171.250.20:443 [proto: 91.157/TLS.FacebookMessenger][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 4][cat: Chat/9][2 pkts/521 bytes <-> 2 pkts/356 bytes][Goodput ratio: 73/61][0.02 sec][Hostname/SNI: edge-mqtt.facebook.com][(Advertised) ALPNs: h2;h2-fb][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309h2_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 TCP 192.168.1.128:39036 <-> 69.191.252.15:80 [proto: 7/HTTP][IP: 246/Bloomberg][ClearText][Confidence: Match by port][FPC: 246/Bloomberg, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/518 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][65.08 sec][bytes ratio: 0.738 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1012/0 10830/0 33535/0 11329/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 74/78 74/78 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 TCP 192.168.1.128:44954 <-> 34.96.123.111:80 [proto: 7/HTTP][IP: 284/GoogleCloud][ClearText][Confidence: Match by port][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 62 TCP 192.168.1.128:45936 <-> 208.85.40.158:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.17 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 63 TCP 192.168.1.128:52070 <-> 18.65.82.67:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.183:44102 <-> 146.70.182.51:443 [proto: 91.427/TLS.SurfShark][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][11 pkts/5817 bytes <-> 10 pkts/7012 bytes][Goodput ratio: 87/90][0.21 sec][Hostname/SNI: it-mil-v086.prod.surfshark.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/24 99/96 32/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 529/701 2022/3526 696/1053][TLSv1.3][JA3C: d6998527a1dc65a802adeb979a78e1d5][JA4: t13d1517h2_8daaf6152771_b0da82dd1658][JA3S: fcb2d4d0991292272fcb1e464eedfd43][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,8,25,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,25] + 5 TCP 192.168.1.245:54690 <-> 160.44.196.198:443 [proto: 91.399/TLS.HuaweiCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Cloud/13][8 pkts/1733 bytes <-> 7 pkts/9520 bytes][Goodput ratio: 74/96][0.18 sec][Hostname/SNI: cloud.huawei.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.692 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 22/12 40/30 15/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 217/1360 718/4434 253/1807][TLSv1.2][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][ServerNames: cloud.huawei.asia,cloud.huawei.com.cn,cloud.huawei.com,cloud.huawei.com.au,cloud.huawei.eu,cloud.huawei.lat,cloud.huawei.ru,*.dbank.com,*.hicloud.com,*.cloud.dbankcloud.cn,*.cloud.dbankcloud.com,*.cloud.dbankcloud.ru,*.cloud.hicloud.com,*.cloud.huawei.asia,*.cloud.huawei.com,*.cloud.huawei.com.au,*.cloud.huawei.com.cn,*.cloud.huawei.eu,*.cloud.huawei.lat,*.cloud.huawei.ru,*.platform.dbankcloud.cn,*.platform.hicloud.com][JA3S: eb7ce657b6814e1bc6402d66a2309dc6][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=cloud.huawei.asia][ECH: version 0xfe0d][Certificate SHA-1: 94:8E:17:DA:5F:C7:62:E4:1E:F0:A5:AB:A0:B9:7B:DE:A5:F4:75:33][Firefox][Validity: 2023-08-11 07:21:05 - 2024-09-11 07:21:04][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,12,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] + 6 TCP 192.168.1.245:58624 <-> 104.16.156.111:443 [proto: 91.426/TLS.NordVPN][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][11 pkts/2405 bytes <-> 11 pkts/8192 bytes][Goodput ratio: 69/91][0.13 sec][Hostname/SNI: s1.nordcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/5 22/22 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 219/745 1219/2848 330/829][TLSv1.3][JA3C: a195b9c006fcb23ab9a2343b0871e362][JA4: t13d1715h2_5b57614c22b0_7121afd63204][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 16,0,16,0,0,0,0,0,7,0,7,0,0,0,7,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,7,0,7] + 7 TCP 192.168.1.250:41878 <-> 92.122.95.99:443 [proto: 91.49/TLS.TikTok][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][16 pkts/3550 bytes <-> 15 pkts/7010 bytes][Goodput ratio: 70/86][16.63 sec][Hostname/SNI: vcs-va.tiktokv.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1381/1506 16408/16423 4531/4717][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/467 1090/1514 286/552][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,0,7,0,0,0,0,0,24,0,0,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,15,0,0] + 8 TCP 192.168.1.227:50071 <-> 52.73.71.226:443 [proto: 91.270/TLS.Fuze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 9][cat: VoIP/10][14 pkts/3035 bytes <-> 17 pkts/7520 bytes][Goodput ratio: 73/87][60.43 sec][Hostname/SNI: presence.fuze.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5482/5008 45124/45106 13235/12754][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 217/442 1019/1514 278/561][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.presence.fuze.com,presence.fuze.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=*.presence.fuze.com][Certificate SHA-1: B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79][Chrome][Validity: 2020-09-23 00:00:00 - 2021-10-25 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,23,5,11,0,0,0,0,5,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,5,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0] + 9 TCP 192.168.1.128:48918 <-> 143.204.9.65:443 [proto: 91.71/TLS.DisneyPlus][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Streaming/17][15 pkts/1802 bytes <-> 14 pkts/7915 bytes][Goodput ratio: 44/88][0.05 sec][Hostname/SNI: prod-static.disney-plus.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 17/11 5/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/565 583/1494 132/660][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,20,0,0,10,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,40,0,0,0] + 10 TCP 192.168.12.169:39248 <-> 23.12.104.83:443 [proto: 91.280/TLS.AccuWeather][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/1964 bytes <-> 14 pkts/6598 bytes][Goodput ratio: 47/86][1.75 sec][Hostname/SNI: api.accuweather.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.541 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/170 1421/1444 375/427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 123/471 583/1514 140/534][TLSv1.3][JA3C: 9b02ebd3a43b62d825e1ac605b621dc8][JA4: t13d1713ht_5b57614c22b0_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 16,0,8,0,0,0,0,0,16,8,0,8,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,16,0,0] + 11 TCP [2001:b07:a3d:c112:c044:a6d4:80d:5d55]:39970 <-> [2600:9000:25ea:1200:1:12d8:5a00:93a1]:443 [proto: 91.399/TLS.HuaweiCloud][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Cloud/13][8 pkts/1965 bytes <-> 4 pkts/5457 bytes][Goodput ratio: 65/94][0.01 sec][Hostname/SNI: contentcenter-dre.dbankcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/3 4/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 246/1364 764/3710 228/1482][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,16] + 12 TCP 192.168.1.128:56836 <-> 13.107.42.13:443 [proto: 91.221/TLS.MS_OneDrive][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 8][cat: Cloud/13][3 pkts/857 bytes <-> 7 pkts/6562 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: onedrive.live.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.769 (Download)][IAT c2s/s2c min/avg/max/stddev: 22/0 28/9 33/33 6/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/60 286/937 571/1514 209/673][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02][Subject: CN=onedrive.com][Certificate SHA-1: 77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D][Firefox][Validity: 2022-02-01 00:13:15 - 2023-02-01 00:13:15][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] + 13 TCP 192.168.1.128:46724 <-> 199.232.82.109:443 [proto: 91.267/TLS.Vimeo][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Streaming/17][13 pkts/1452 bytes <-> 12 pkts/5804 bytes][Goodput ratio: 42/86][52.80 sec][Hostname/SNI: f.vimeocdn.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5278/5835 46637/46651 13906/15427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 112/484 583/1410 138/567][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: *.vimeocdn.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.vimeocdn.com][Certificate SHA-1: 3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37][Chrome][Validity: 2021-05-18 18:45:52 - 2022-06-19 18:45:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,0,0] + 14 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48616 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][5 pkts/1090 bytes <-> 4 pkts/6012 bytes][Goodput ratio: 60/94][0.04 sec][Hostname/SNI: t.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/7 18/22 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 218/1503 738/4182 260/1673][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66] + 15 TCP 192.168.1.128:33102 <-> 13.81.118.91:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Cloud/13][3 pkts/857 bytes <-> 6 pkts/6226 bytes][Goodput ratio: 79/95][0.11 sec][Hostname/SNI: onedrive.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 37/0 40/16 42/41 2/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/1038 571/1514 209/673][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=onedrive.com][Certificate SHA-1: 50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB][Firefox][Validity: 2021-08-13 07:38:24 - 2022-08-13 07:38:24][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] + 16 TCP 192.168.1.128:42580 <-> 2.17.141.128:443 [proto: 91.258/TLS.Activision][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Game/8][3 pkts/849 bytes <-> 6 pkts/5606 bytes][Goodput ratio: 76/93][0.06 sec][Hostname/SNI: www.activision.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.737 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 24/9 27/24 4/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/934 583/1514 218/562][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com][Certificate SHA-1: F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41][Firefox][Validity: 2021-12-07 00:00:00 - 2022-12-07 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0] + 17 TCP 192.168.1.128:48654 <-> 13.107.42.14:443 [proto: 91.233/TLS.LinkedIn][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: SocialNetwork/6][3 pkts/857 bytes <-> 6 pkts/5137 bytes][Goodput ratio: 79/93][0.09 sec][Hostname/SNI: www.linkedin.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/0 30/12 34/35 4/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/856 571/1514 209/665][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com][Certificate SHA-1: CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53][Firefox][Validity: 2022-03-01 00:00:00 - 2022-09-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,14,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 18 TCP 192.168.1.128:43412 <-> 151.101.193.73:443 [proto: 91.246/TLS.Bloomberg][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Cloud/13][3 pkts/816 bytes <-> 6 pkts/5140 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: www.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.726 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 15/6 20/20 5/8][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/857 583/1406 223/565][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com][Certificate SHA-1: 88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82][Firefox][Validity: 2022-02-22 00:00:00 - 2023-03-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0] + 19 TCP 192.168.1.128:39828 <-> 40.97.160.2:443 [proto: 91.21/TLS.Outlook][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 21/Outlook, Confidence: IP address][DPI packets: 7][cat: Email/3][3 pkts/857 bytes <-> 6 pkts/5097 bytes][Goodput ratio: 79/93][0.55 sec][Hostname/SNI: outlook.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 178/0 184/74 190/189 6/90][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/850 571/1514 209/672][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com][JA3S: 71d9ce75f347e6cf54268d7114ae6925][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com][Certificate SHA-1: 4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58][Firefox][Validity: 2021-12-22 00:00:00 - 2022-12-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 20 TCP 192.168.1.245:46174 <-> 5.61.23.30:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/2084 bytes <-> 10 pkts/3525 bytes][Goodput ratio: 68/82][0.23 sec][Hostname/SNI: 732231.ms.ok.ru][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.257 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/24 46/47 22/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 208/352 905/2236 268/643][TLSv1.2][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][ServerNames: *.ok.ru,odnoklassniki.ru,ok.me,okl.lt,oklive.app,tamtam.chat,tt.me,*.odnoklassniki.ru,*.ok.me,*.okl.lt,*.oklive.app,*.tamtam.chat,*.tt.me,*.ms.ok.ru,ms.ok.ru,ok.ru][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.ok.ru][ECH: version 0xfe0d][Certificate SHA-1: 66:20:81:B9:D0:20:96:BF:13:93:E6:76:FF:C4:19:BD:F6:29:0E:A3][Firefox][Validity: 2023-10-04 08:36:03 - 2024-10-02 09:21:02][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,0,0,12,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12] + 21 TCP 192.168.1.245:55362 <-> 44.218.3.81:443 [proto: 91.411/TLS.Bluesky][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][4 pkts/931 bytes <-> 3 pkts/4550 bytes][Goodput ratio: 71/95][0.19 sec][Hostname/SNI: bsky.social][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/48 96/97 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 233/1517 725/4410 284/2046][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 22 TCP 192.168.1.245:50142 <-> 3.136.49.254:443 [proto: 91.411/TLS.Bluesky][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][4 pkts/928 bytes <-> 3 pkts/4550 bytes][Goodput ratio: 71/95][0.24 sec][Hostname/SNI: bsky.app][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.661 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 78/60 117/119 55/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/1517 722/4410 283/2046][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 23 TCP 192.168.1.128:57878 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][FPC: 125/Skype_Teams, Confidence: IP address][DPI packets: 6][cat: Collaborative/15][3 pkts/857 bytes <-> 5 pkts/4534 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: teams.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 32/16 44/36 12/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/907 571/1514 209/591][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: teams.office.com][JA3S: 104071bf77c5f0d7bae5f17542ba9428][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=teams.office.com][Certificate SHA-1: 27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80][Chrome][Validity: 2021-09-06 22:02:06 - 2022-09-06 22:02:06][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 24 TCP 192.168.1.128:57336 <-> 23.1.68.189:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][3 pkts/849 bytes <-> 5 pkts/4459 bytes][Goodput ratio: 76/92][0.07 sec][Hostname/SNI: www.playstation.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/0 24/12 24/23 0/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/892 583/1514 218/598][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: playstation.com,webforms.playstation.com,www.playstation.com][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com][Certificate SHA-1: 19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A][Firefox][Validity: 2021-11-19 00:00:00 - 2022-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 25 TCP 192.168.1.128:45014 <-> 129.226.107.210:443 [proto: 91.202/TLS.IFLIX][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 6][cat: Video/26][3 pkts/792 bytes <-> 5 pkts/4228 bytes][Goodput ratio: 77/93][0.97 sec][Hostname/SNI: www.iflix.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.684 (Download)][IAT c2s/s2c min/avg/max/stddev: 324/0 325/162 326/326 1/163][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 264/846 571/1486 219/582][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3][Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com][Certificate SHA-1: 6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0][Firefox][Validity: 2022-01-18 00:00:00 - 2023-01-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 26 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48594 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][3 pkts/930 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.04 sec][Hostname/SNI: web.telegram.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 17/18 8/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 750/3710 311/1706][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 27 TCP [2001:b07:a3d:c112:6ea5:ab52:9230:ba5]:35968 <-> [2a04:4e42:c00::347]:443 [proto: 91.412/TLS.Mastodon][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][3 pkts/929 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.01 sec][Hostname/SNI: mastodon.social][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 2/2 2/4 0/2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 749/3710 311/1706][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 28 TCP 192.168.1.128:53978 <-> 208.85.40.158:443 [proto: 91.187/TLS.Pandora][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][3 pkts/849 bytes <-> 5 pkts/3932 bytes][Goodput ratio: 76/91][0.68 sec][Hostname/SNI: pandora.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.645 (Download)][IAT c2s/s2c min/avg/max/stddev: 170/0 254/127 339/173 84/73][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/786 583/1514 218/607][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.pandora.com,pandora.com][JA3S: 7047b9d842ee4b3fba6a86353828c915][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1][Subject: C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com][Certificate SHA-1: 40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF][Firefox][Validity: 2021-05-12 00:00:00 - 2022-06-12 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,16,0,0,0,0,0,0,16,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 29 TCP 192.168.88.231:49950 <-> 159.153.191.240:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Game/8][5 pkts/807 bytes <-> 5 pkts/3375 bytes][Goodput ratio: 64/91][< 1 sec][Hostname/SNI: accounts.ea.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/36 142/145 70/63][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/675 571/1384 205/599][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_24695f2957a7][ServerNames: accounts.ea.com][JA3S: 7b6819ed58e8d8415604b7dfcef92d55 (WEAK)][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com][Certificate SHA-1: 6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D][Firefox][Validity: 2023-04-18 00:00:00 - 2024-05-18 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (3.digicert.com/DigiCertGlobalRo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] + 30 TCP 192.168.1.245:33212 <-> 15.204.197.32:443 [proto: 91.411/TLS.Bluesky][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: SocialNetwork/6][4 pkts/951 bytes <-> 2 pkts/3036 bytes][Goodput ratio: 71/95][0.19 sec][Hostname/SNI: enoki.us-east.host.bsky.network][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/97 64/97 95/97 44/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 238/1518 745/2962 293/1444][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 31 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48624 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][4 pkts/1011 bytes <-> 3 pkts/2682 bytes][Goodput ratio: 65/90][0.04 sec][Hostname/SNI: telegram.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 12/10 18/20 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 253/894 745/2502 284/1137][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 32 UDP 192.168.1.128:36832 <-> 142.250.181.238:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.02 sec][Hostname/SNI: plus.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: b719940c5ab9a3373cb4475d8143ff88][JA4: q13d0314h][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 33 UDP 192.168.1.128:38642 <-> 216.58.212.142:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.03 sec][Hostname/SNI: hangouts.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: 2a18e6bf307f97c5e27f0ab407dc65db][JA4: q13d0315h][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 34 TCP 192.168.88.171:55280 <-> 124.237.225.21:443 [proto: 91.54/TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Streaming/17][3 pkts/691 bytes <-> 4 pkts/1680 bytes][Goodput ratio: 75/86][< 1 sec][Hostname/SNI: msg.qy.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.417 (Download)][IAT c2s/s2c min/avg/max/stddev: 295/2 296/198 297/297 1/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/420 571/1494 241/620][TLSv1.3][JA3C: f436b9416f37d134cadd04886327d3e8][JA4: t13d3113h2_e8f1e7e78f70_1b3407e2c936][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 35 TCP 192.168.88.171:55468 <-> 184.86.2.194:443 [proto: 91.54/TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][3 pkts/742 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 76/89][0.05 sec][Hostname/SNI: stc.iqiyipic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.372 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/12 23/23 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 247/540 622/1494 265/675][TLSv1.3][JA3C: 2aafde70b049185ef1cca0d7f821a8d7][JA4: t13d1516h2_8daaf6152771_02713d6af862][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 36 TCP 192.168.88.231:33920 <-> 185.5.161.203:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][0.08 sec][Hostname/SNI: origin-a.akamaihd.net][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/19 16/24 26/28 10/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_24695f2957a7][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 37 TCP 192.168.88.171:49217 <-> 54.208.106.218:443 [proto: 91.59/TLS.AdobeConnect][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Video/26][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][0.28 sec][Hostname/SNI: meet27083742.adobeconnect.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 69/70 138/139 69/70][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 38 TCP 192.168.88.171:55272 <-> 116.211.202.129:443 [proto: 91.54/TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][0.59 sec][Hostname/SNI: opportunarch.iqiyi.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/150 288/299 144/150][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][TLSv1.3][JA3C: f436b9416f37d134cadd04886327d3e8][JA4: t13d3113h2_e8f1e7e78f70_1b3407e2c936][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 39 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Shopping/27][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 40 TCP 192.168.1.128:42884 <-> 185.125.190.21:443 [proto: 91.169/TLS.UbuntuONE][IP: 169/UbuntuONE][Encrypted][Confidence: DPI][FPC: 169/UbuntuONE, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.06 sec][Hostname/SNI: assets.ubuntu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 41 TCP 192.168.1.128:45898 <-> 15.160.39.187:443 [proto: 91.254/TLS.AppleSiri][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: VirtAssistant/32][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: guzzoni.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 42 TCP 192.168.1.128:46264 <-> 23.51.246.65:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: static.playstation.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 43 TCP 192.168.1.128:48140 <-> 23.1.66.79:443 [proto: 91.180/TLS.CNN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: cdn.cnn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 44 TCP 192.168.1.128:48902 <-> 2.17.140.63:443 [proto: 91.47/TLS.Xbox][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: account.xbox.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 45 TCP 192.168.1.128:51432 <-> 95.101.195.214:443 [proto: 91.137/TLS.Hulu][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.05 sec][Hostname/SNI: hulu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 46 TCP 192.168.1.128:33664 <-> 108.138.185.106:443 [proto: 91.240/TLS.AmazonVideo][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: www.primevideo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 47 TCP 192.168.1.128:39934 <-> 104.23.98.190:443 [proto: 91.232/TLS.Pastebin][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Download/7][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: pastebin.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unsafe Protocol **][Risk Score: 10][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 48 TCP 192.168.1.128:43150 <-> 108.138.199.67:443 [proto: 91.210/TLS.Deezer][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: deezer.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 49 TCP 192.168.1.128:51806 <-> 18.66.196.102:443 [proto: 91.234/TLS.SoundCloud][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: soundcloud.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 50 TCP 192.168.1.128:53998 <-> 172.65.251.78:443 [proto: 91.262/TLS.GitLab][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.gitlab.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 51 TCP 192.168.1.128:57014 <-> 108.139.210.102:443 [proto: 91.246/TLS.Bloomberg][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: sourcepointcmp.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 52 TCP 192.168.1.128:38858 <-> 142.250.180.142:443 [proto: 91.123/TLS.GoogleMaps][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: maps.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 53 TCP 192.168.1.128:47122 <-> 35.201.112.136:443 [proto: 91.134/TLS.LastFM][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: kerve.last.fm][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 54 TCP 192.168.1.128:50608 <-> 142.250.185.206:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: googleplus.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 55 TCP 192.168.1.128:56458 <-> 142.250.185.142:443 [proto: 91.217/TLS.GoogleDrive][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: drive.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 56 TCP 192.168.1.128:35054 <-> 31.222.67.112:443 [proto: 91.279/TLS.Badoo][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: SocialNetwork/6][2 pkts/645 bytes <-> 2 pkts/1500 bytes][Goodput ratio: 80/92][0.09 sec][Hostname/SNI: www.badoo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] + 57 TCP 192.168.1.128:46084 <-> 146.75.62.167:443 [proto: 91.195/TLS.Twitch][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1480 bytes][Goodput ratio: 79/90][0.05 sec][Hostname/SNI: gql.twitch.tv][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] + 58 UDP [2001:b07:a3d:c112:6ea5:ab52:9230:ba5]:41590 -> [2a03:2880:f208:c4:face:b00c::43fe]:443 [proto: 188.413/QUIC.Threads][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 188.413/QUIC.Threads, Confidence: DPI][DPI packets: 1][cat: SocialNetwork/6][1 pkts/1399 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: www.threads.net][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: V-1][JA3C: 7a8e625dea44f20fe8d8d657583506d1][JA4: q13d0314h][ECH: version 0xfe0d][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0] + 59 UDP 192.168.1.123:59102 -> 216.58.209.46:443 [proto: 188.281/QUIC.GoogleClassroom][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.281/QUIC.GoogleClassroom, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][1 pkts/1292 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: classroom.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][User-Agent: Chrome/97.0.4692.99 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: V-1][JA3C: a27a03a8478393fe7f8958648bb71ff4][JA4: q13d0310h][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 60 TCP 192.168.12.169:46160 <-> 69.171.250.20:443 [proto: 91.157/TLS.FacebookMessenger][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 4][cat: Chat/9][2 pkts/521 bytes <-> 2 pkts/356 bytes][Goodput ratio: 73/61][0.02 sec][Hostname/SNI: edge-mqtt.facebook.com][(Advertised) ALPNs: h2;h2-fb][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309h2_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 TCP 192.168.1.128:39036 <-> 69.191.252.15:80 [proto: 7/HTTP][IP: 246/Bloomberg][ClearText][Confidence: Match by port][FPC: 246/Bloomberg, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/518 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][65.08 sec][bytes ratio: 0.738 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1012/0 10830/0 33535/0 11329/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 74/78 74/78 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 TCP 192.168.1.128:44954 <-> 34.96.123.111:80 [proto: 7/HTTP][IP: 284/GoogleCloud][ClearText][Confidence: Match by port][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 TCP 192.168.1.128:45936 <-> 208.85.40.158:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.17 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 TCP 192.168.1.128:52070 <-> 18.65.82.67:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index bf252cd05..ef5971740 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -145,7 +145,7 @@ Unrated 1848 107192 1844 48 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 427/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 428/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 172.16.0.8:36050 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -218,7 +218,7 @@ Unrated 1848 107192 1844 121 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 122 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 123 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 124 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 427/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 124 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 428/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 125 TCP 172.16.0.8:36051 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 126 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 127 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/utils/surfshark_ip_addresses_download.sh b/utils/surfshark_ip_addresses_download.sh new file mode 100755 index 000000000..121478d20 --- /dev/null +++ b/utils/surfshark_ip_addresses_download.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +set -e + +cd "$(dirname "${0}")" || exit 1 +. ./common.sh || exit 1 + +DEST=../src/lib/inc_generated/ndpi_surfshark_match.c.inc +TMP=/tmp/surfshark.json +LIST_DOMAINS=/tmp/surfshark.listd +LIST=/tmp/surfshark.list +LIST_MERGED=/tmp/surfshark.list_m +ORIGIN=https://api.surfshark.com/v4/server/clusters/all +# SurfShark provides a list of DOMAINS, not of IPs! +#TODO: should we convert these domains to ip at runtime? +#No ipv6 support: https://support.surfshark.com/hc/en-us/articles/360011550239-Does-Surfshark-support-IPv6-Do-I-have-it-on-my-network + +echo "(1) Downloading file..." +http_response=$(curl -s -o $TMP -w "%{http_code}" ${ORIGIN}) +check_http_response "${http_response}" +is_file_empty "${TMP}" + +echo "(2) Processing domains..." +jq -r '.[] | .connectionName' $TMP > $LIST_DOMAINS +while read -r DOMAIN +do + dig +short "${DOMAIN}" A >> ${LIST} +# dig +short "${DOMAIN}" AAAA >> ${LIST6} +done < "${LIST_DOMAINS}" + +echo "(3) Processing IP addresses..." +is_file_empty "${LIST}" +./mergeipaddrlist.py $LIST > $LIST_MERGED +is_file_empty "${LIST_MERGED}" +./ipaddr2list.py $LIST_MERGED NDPI_PROTOCOL_SURFSHARK > $DEST +is_file_empty "${DEST}" + +rm -f ${TMP} ${LIST} ${LIST6} ${LIST_DOMAINS} + +echo "(4) SurfShark IPs are available in $DEST" +exit 0 diff --git a/utils/update_every_lists.sh b/utils/update_every_lists.sh index 4bb285fda..ad394621d 100755 --- a/utils/update_every_lists.sh +++ b/utils/update_every_lists.sh @@ -32,6 +32,8 @@ RETVAL=$(( RETVAL + $? )) RETVAL=$(( RETVAL + $? )) ./nordvpn_ip_addresses_download.sh RETVAL=$(( RETVAL + $? )) +./surfshark_ip_addresses_download.sh +RETVAL=$(( RETVAL + $? )) ./asn_update.sh RETVAL=$(( RETVAL + $? )) |