diff options
| author | Luca Deri <deri@ntop.org> | 2020-08-30 20:48:58 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-08-30 20:48:58 +0200 |
| commit | 638624869a343468c6b2cc6c09d5f50542fa87e1 (patch) | |
| tree | a951cc04adfbeb9e204b6d6b7e1d0931236d53bc | |
| parent | 647c7d59bbf98e0feff5253a9c8bb8b6d84d3758 (diff) | |
Added new risk for NDPI_UNSAFE_PROTOCOL that identifies protocols that are not condidered safe/secure
| -rw-r--r-- | python/ndpi.py | 2 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 21 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 4 | ||||
| -rw-r--r-- | tests/result/1kxun.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/dos_win98_smb_netbeui.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/ethereum.pcap.out | 102 | ||||
| -rw-r--r-- | tests/result/ftp.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/fuzz-2006-06-26-2594.pcap.out | 6 | ||||
| -rw-r--r-- | tests/result/monero.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/netbios.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/skype_no_unknown.pcap.out | 6 | ||||
| -rw-r--r-- | tests/result/smbv1.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/telegram.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/tor.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/wechat.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/zcash.pcap.out | 2 |
17 files changed, 96 insertions, 79 deletions
diff --git a/python/ndpi.py b/python/ndpi.py index ee33f6a37..c60faa96b 100644 --- a/python/ndpi.py +++ b/python/ndpi.py @@ -313,7 +313,7 @@ typedef enum { NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER, NDPI_SMB_INSECURE_VERSION, NDPI_TLS_SUSPICIOUS_ESNI_USAGE, - NDPI_BLACKLISTED_HOST, + NDPI_UNSAFE_PROTOCOL, /* Leave this as last member */ NDPI_MAX_RISK } ndpi_risk_enum; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 153651cec..ab6f56d31 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -80,7 +80,7 @@ typedef enum { NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER, NDPI_SMB_INSECURE_VERSION, NDPI_TLS_SUSPICIOUS_ESNI_USAGE, - NDPI_BLACKLISTED_HOST, + NDPI_UNSAFE_PROTOCOL, /* Leave this as last member */ NDPI_MAX_RISK /* must be <= 31 due to (**) */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index de95726ef..a84d650bc 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -805,7 +805,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, 0 /* can_have_a_subprotocol */, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, 0 /* can_have_a_subprotocol */, no_master, no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); @@ -1303,6 +1303,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, no_master, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_TOR, 0 /* can_have_a_subprotocol */, + no_master, no_master, "Tor", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY, 0 /* can_have_a_subprotocol */, no_master, no_master, "CiscoSkinny", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */, @@ -4464,7 +4468,6 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s Skype for a host doing MS Teams means MS Teams (MS Teams uses Skype as transport protocol for voice/video) */ - if(flow) { /* Do not go for DNS when there is an application protocol. Example DNS.Apple */ if((flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) @@ -4511,6 +4514,20 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s } break; } /* switch */ + + if(flow) { + switch(ndpi_get_proto_breed(ndpi_str, ret->app_protocol)) { + case NDPI_PROTOCOL_UNSAFE: + case NDPI_PROTOCOL_POTENTIALLY_DANGEROUS: + case NDPI_PROTOCOL_DANGEROUS: + NDPI_SET_BIT(flow->risk, NDPI_UNSAFE_PROTOCOL); + break; + default: + /* Nothign to do */ + break; + } + } + } /* ********************************************************************************* */ diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index e1258bfd2..5cd351ba9 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1537,8 +1537,8 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { case NDPI_TLS_SUSPICIOUS_ESNI_USAGE: return("TLS Suspicious ESNI Usage"); - case NDPI_BLACKLISTED_HOST: - return("Blacklisted Host"); + case NDPI_UNSAFE_PROTOCOL: + return("Unsafe Protocol"); default: snprintf(buf, sizeof(buf), "%d", (int)risk); diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index d56693afc..ab17f5f2e 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -62,9 +62,9 @@ JA3 Host Stats: 40 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][cat: Network/14][2 pkts/684 bytes <-> 2 pkts/684 bytes][Goodput ratio: 88/88][30.01 sec][Host: macbook-air][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][16.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 2799/0 5942/0 1567/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Host: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Host: macbookair-e1d0][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Host: macbookair-e1d0][Risk: ** Unsafe Protocol **][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.50 sec][Host: wpad][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 300/0 749/0 367/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Host: sanji-lifebook-][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Host: sanji-lifebook-][Risk: ** Unsafe Protocol **][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][15.56 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][14.54 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Goodput ratio: 52/85][0.01 sec][Host: dl-obs.official.line.naver.jp][203.69.81.73][PLAIN TEXT (official)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dos_win98_smb_netbeui.pcap.out b/tests/result/dos_win98_smb_netbeui.pcap.out index b26ab004d..3dac63d8c 100644 --- a/tests/result/dos_win98_smb_netbeui.pcap.out +++ b/tests/result/dos_win98_smb_netbeui.pcap.out @@ -3,6 +3,6 @@ SMBv1 15 3447 1 ICMP 1 60 1 1 UDP 192.168.239.129:137 -> 192.168.239.255:137 [proto: 10/NetBIOS][cat: System/18][32 pkts/3520 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][131.29 sec][Host: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1218/0 22000/0 4015/0][Pkt Len c2s/s2c min/avg/max/stddev: 110/0 110/0 110/0 0/0][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.239.129:138 -> 192.168.239.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][15 pkts/3447 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][115.76 sec][Host: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8826/0 43984/0 14224/0][Pkt Len c2s/s2c min/avg/max/stddev: 219/0 230/0 249/0 10/0][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,0,0,0,73,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.239.129:138 -> 192.168.239.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][15 pkts/3447 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][115.76 sec][Host: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8826/0 43984/0 14224/0][Pkt Len c2s/s2c min/avg/max/stddev: 219/0 230/0 249/0 10/0][Risk: ** Unsafe Protocol **][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,0,0,0,73,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.239.129:137 -> 192.168.239.2:137 [proto: 10/NetBIOS][cat: System/18][14 pkts/1540 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][130.51 sec][Host: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10750/0 98690/0 10940/0][Pkt Len c2s/s2c min/avg/max/stddev: 110/0 110/0 110/0 0/0][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 ICMP 192.168.239.129:0 -> 224.0.0.2:0 [proto: 81/ICMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ethereum.pcap.out b/tests/result/ethereum.pcap.out index 1a6c19e7c..7c1a80fae 100644 --- a/tests/result/ethereum.pcap.out +++ b/tests/result/ethereum.pcap.out @@ -1,77 +1,77 @@ Mining 1939 208480 70 Amazon 61 7631 4 - 1 TCP 192.168.1.184:56626 <-> 178.128.195.220:30303 [proto: 42/Mining][cat: Mining/99][32 pkts/3294 bytes <-> 37 pkts/3156 bytes][Goodput ratio: 36/21][0.16 sec][ETH][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/4 42/62 8/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/85 612/470 105/69][Plen Bins: 62,21,0,3,3,0,0,0,3,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.184:56626 <-> 178.128.195.220:30303 [proto: 42/Mining][cat: Mining/99][32 pkts/3294 bytes <-> 37 pkts/3156 bytes][Goodput ratio: 36/21][0.16 sec][ETH][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/4 42/62 8/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/85 612/470 105/69][Risk: ** Unsafe Protocol **][Plen Bins: 62,21,0,3,3,0,0,0,3,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.184:56638 <-> 209.250.240.205:30303 [proto: 42/Mining][cat: Mining/99][34 pkts/3347 bytes <-> 28 pkts/2774 bytes][Goodput ratio: 34/32][0.15 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/3 43/41 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/99 481/560 79/95][Plen Bins: 43,29,0,14,3,3,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.184:56660 <-> 51.161.23.12:30303 [proto: 42/Mining][cat: Mining/99][36 pkts/3241 bytes <-> 29 pkts/2723 bytes][Goodput ratio: 29/31][0.57 sec][ETH][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 147/141 36/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/94 639/487 96/81][Plen Bins: 63,21,3,3,3,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.1.184:56658 <-> 157.230.152.87:30303 [proto: 42/Mining][cat: Mining/99][37 pkts/3341 bytes <-> 27 pkts/2583 bytes][Goodput ratio: 28/32][0.72 sec][ETH][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/22 182/184 53/59][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/96 649/457 96/79][Plen Bins: 63,21,3,3,0,3,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.184:56660 <-> 51.161.23.12:30303 [proto: 42/Mining][cat: Mining/99][36 pkts/3241 bytes <-> 29 pkts/2723 bytes][Goodput ratio: 29/31][0.57 sec][ETH][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 147/141 36/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/94 639/487 96/81][Risk: ** Unsafe Protocol **][Plen Bins: 63,21,3,3,3,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.184:56658 <-> 157.230.152.87:30303 [proto: 42/Mining][cat: Mining/99][37 pkts/3341 bytes <-> 27 pkts/2583 bytes][Goodput ratio: 28/32][0.72 sec][ETH][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/22 182/184 53/59][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/96 649/457 96/79][Risk: ** Unsafe Protocol **][Plen Bins: 63,21,3,3,0,3,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 192.168.1.184:56645 <-> 185.219.133.62:30303 [proto: 42/Mining][cat: Mining/99][34 pkts/3018 bytes <-> 27 pkts/2540 bytes][Goodput ratio: 25/31][0.20 sec][bytes ratio: 0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/8 51/49 13/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 89/94 476/448 71/77][Plen Bins: 61,23,3,3,3,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 192.168.1.184:56650 <-> 35.228.250.140:30303 [proto: 42/Mining][cat: Mining/99][30 pkts/2806 bytes <-> 24 pkts/2380 bytes][Goodput ratio: 29/35][0.23 sec][ETH][bytes ratio: 0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/6 57/56 18/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 94/99 528/508 84/92][PLAIN TEXT (J/hy@y)][Plen Bins: 52,31,3,3,3,0,0,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 192.168.1.184:56646 <-> 172.105.94.62:30303 [proto: 42/Mining][cat: Mining/99][28 pkts/2738 bytes <-> 24 pkts/2370 bytes][Goodput ratio: 32/36][0.22 sec][ETH][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/15 116/91 24/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/99 540/398 89/89][Plen Bins: 56,20,4,4,0,0,4,4,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.1.184:56650 <-> 35.228.250.140:30303 [proto: 42/Mining][cat: Mining/99][30 pkts/2806 bytes <-> 24 pkts/2380 bytes][Goodput ratio: 29/35][0.23 sec][ETH][bytes ratio: 0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/6 57/56 18/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 94/99 528/508 84/92][Risk: ** Unsafe Protocol **][PLAIN TEXT (J/hy@y)][Plen Bins: 52,31,3,3,3,0,0,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 192.168.1.184:56646 <-> 172.105.94.62:30303 [proto: 42/Mining][cat: Mining/99][28 pkts/2738 bytes <-> 24 pkts/2370 bytes][Goodput ratio: 32/36][0.22 sec][ETH][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/15 116/91 24/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/99 540/398 89/89][Risk: ** Unsafe Protocol **][Plen Bins: 56,20,4,4,0,0,4,4,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 192.168.1.184:56661 <-> 52.9.128.68:30303 [proto: 42.178/Mining.Amazon][cat: Mining/99][30 pkts/2768 bytes <-> 23 pkts/2318 bytes][Goodput ratio: 30/36][0.76 sec][ETH][bytes ratio: 0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/18 194/193 61/55][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 92/101 538/494 87/90][Plen Bins: 56,27,3,3,3,0,0,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 192.168.1.184:56674 <-> 94.68.55.162:30303 [proto: 42/Mining][cat: Mining/99][29 pkts/2801 bytes <-> 21 pkts/2262 bytes][Goodput ratio: 32/40][0.29 sec][ETH][bytes ratio: 0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 74/75 24/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 97/108 613/570 101/109][Plen Bins: 48,32,4,4,4,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 192.168.1.184:56671 <-> 86.107.243.62:30303 [proto: 42/Mining][cat: Mining/99][28 pkts/2804 bytes <-> 20 pkts/2138 bytes][Goodput ratio: 34/41][0.18 sec][ETH][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 39/38 13/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 100/107 606/430 100/101][Plen Bins: 56,20,4,4,0,0,4,4,0,0,0,4,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 192.168.1.184:56643 <-> 178.62.29.183:30303 [proto: 42/Mining][cat: Mining/99][31 pkts/2879 bytes <-> 23 pkts/2042 bytes][Goodput ratio: 29/27][0.18 sec][ETH][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/8 48/47 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 93/89 535/384 84/68][Plen Bins: 63,22,0,7,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 TCP 192.168.1.184:56673 <-> 78.47.147.155:30303 [proto: 42/Mining][cat: Mining/99][28 pkts/2855 bytes <-> 9 pkts/1461 bytes][Goodput ratio: 34/59][0.41 sec][ETH][bytes ratio: 0.323 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/65 285/246 57/92][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/162 633/413 105/126][Plen Bins: 56,20,4,4,0,0,4,4,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 192.168.1.184:56634 <-> 159.203.84.31:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2209 bytes <-> 23 pkts/2019 bytes][Goodput ratio: 37/29][0.33 sec][ETH][bytes ratio: 0.045 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/18 109/109 34/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/88 637/579 122/105][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 192.168.1.184:56610 <-> 165.22.107.33:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2212 bytes <-> 24 pkts/1962 bytes][Goodput ratio: 37/23][0.92 sec][ETH][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/58 339/287 99/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/82 640/462 123/80][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 192.168.1.184:56621 <-> 52.187.207.27:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2163 bytes <-> 21 pkts/1843 bytes][Goodput ratio: 35/28][0.99 sec][ETH][bytes ratio: 0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/53 354/316 105/118][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/88 591/517 112/96][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 192.168.1.184:56620 <-> 191.234.162.198:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2150 bytes <-> 21 pkts/1845 bytes][Goodput ratio: 35/28][0.70 sec][ETH][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/37 263/221 76/82][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102/88 578/525 110/98][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 192.168.1.184:56611 <-> 104.42.217.25:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2128 bytes <-> 21 pkts/1859 bytes][Goodput ratio: 34/29][0.57 sec][ETH][bytes ratio: 0.067 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/34 201/202 62/75][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101/89 556/533 105/100][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 192.168.1.184:56623 <-> 18.138.81.28:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2109 bytes <-> 22 pkts/1874 bytes][Goodput ratio: 34/26][0.83 sec][ETH][bytes ratio: 0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/44 308/260 89/97][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 100/85 537/488 101/88][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 192.168.1.184:56615 <-> 35.158.244.151:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2133 bytes <-> 21 pkts/1834 bytes][Goodput ratio: 34/28][0.14 sec][ETH][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 62/63 17/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102/87 561/514 106/96][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 192.168.1.184:56674 <-> 94.68.55.162:30303 [proto: 42/Mining][cat: Mining/99][29 pkts/2801 bytes <-> 21 pkts/2262 bytes][Goodput ratio: 32/40][0.29 sec][ETH][bytes ratio: 0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 74/75 24/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 97/108 613/570 101/109][Risk: ** Unsafe Protocol **][Plen Bins: 48,32,4,4,4,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.1.184:56671 <-> 86.107.243.62:30303 [proto: 42/Mining][cat: Mining/99][28 pkts/2804 bytes <-> 20 pkts/2138 bytes][Goodput ratio: 34/41][0.18 sec][ETH][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 39/38 13/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 100/107 606/430 100/101][Risk: ** Unsafe Protocol **][Plen Bins: 56,20,4,4,0,0,4,4,0,0,0,4,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 192.168.1.184:56643 <-> 178.62.29.183:30303 [proto: 42/Mining][cat: Mining/99][31 pkts/2879 bytes <-> 23 pkts/2042 bytes][Goodput ratio: 29/27][0.18 sec][ETH][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/8 48/47 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 93/89 535/384 84/68][Risk: ** Unsafe Protocol **][Plen Bins: 63,22,0,7,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP 192.168.1.184:56673 <-> 78.47.147.155:30303 [proto: 42/Mining][cat: Mining/99][28 pkts/2855 bytes <-> 9 pkts/1461 bytes][Goodput ratio: 34/59][0.41 sec][ETH][bytes ratio: 0.323 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/65 285/246 57/92][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/162 633/413 105/126][Risk: ** Unsafe Protocol **][Plen Bins: 56,20,4,4,0,0,4,4,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 192.168.1.184:56634 <-> 159.203.84.31:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2209 bytes <-> 23 pkts/2019 bytes][Goodput ratio: 37/29][0.33 sec][ETH][bytes ratio: 0.045 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/18 109/109 34/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/88 637/579 122/105][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 192.168.1.184:56610 <-> 165.22.107.33:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2212 bytes <-> 24 pkts/1962 bytes][Goodput ratio: 37/23][0.92 sec][ETH][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/58 339/287 99/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/82 640/462 123/80][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 192.168.1.184:56621 <-> 52.187.207.27:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2163 bytes <-> 21 pkts/1843 bytes][Goodput ratio: 35/28][0.99 sec][ETH][bytes ratio: 0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/53 354/316 105/118][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/88 591/517 112/96][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 192.168.1.184:56620 <-> 191.234.162.198:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2150 bytes <-> 21 pkts/1845 bytes][Goodput ratio: 35/28][0.70 sec][ETH][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/37 263/221 76/82][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102/88 578/525 110/98][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 192.168.1.184:56611 <-> 104.42.217.25:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2128 bytes <-> 21 pkts/1859 bytes][Goodput ratio: 34/29][0.57 sec][ETH][bytes ratio: 0.067 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/34 201/202 62/75][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101/89 556/533 105/100][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 192.168.1.184:56623 <-> 18.138.81.28:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2109 bytes <-> 22 pkts/1874 bytes][Goodput ratio: 34/26][0.83 sec][ETH][bytes ratio: 0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/44 308/260 89/97][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 100/85 537/488 101/88][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 192.168.1.184:56615 <-> 35.158.244.151:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2133 bytes <-> 21 pkts/1834 bytes][Goodput ratio: 34/28][0.14 sec][ETH][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 62/63 17/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102/87 561/514 106/96][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 TCP 192.168.1.184:56618 <-> 52.231.165.108:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2088 bytes <-> 21 pkts/1845 bytes][Goodput ratio: 33/28][0.70 sec][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/37 261/222 76/83][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 99/88 516/519 97/97][PLAIN TEXT (XMOZOS)][Plen Bins: 65,17,0,5,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.1.184:56628 <-> 3.209.45.79:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2033 bytes <-> 21 pkts/1862 bytes][Goodput ratio: 31/29][0.41 sec][bytes ratio: 0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/27 163/164 47/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 97/89 461/536 86/100][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP 192.168.1.184:56632 <-> 51.38.81.180:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2117 bytes <-> 20 pkts/1765 bytes][Goodput ratio: 34/28][0.22 sec][ETH][bytes ratio: 0.091 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/13 78/78 23/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101/88 545/505 103/96][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP 192.168.1.184:56627 <-> 34.255.23.113:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2150 bytes <-> 20 pkts/1728 bytes][Goodput ratio: 35/27][0.20 sec][ETH][bytes ratio: 0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/11 70/62 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102/86 578/468 110/88][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP 192.168.1.184:56622 <-> 18.138.108.67:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2169 bytes <-> 21 pkts/1704 bytes][Goodput ratio: 36/22][0.81 sec][ETH][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/42 300/253 87/94][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/81 597/384 114/68][Plen Bins: 66,17,0,5,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP 192.168.1.184:56639 <-> 18.219.167.159:30303 [proto: 42/Mining][cat: Mining/99][20 pkts/2093 bytes <-> 19 pkts/1750 bytes][Goodput ratio: 36/32][0.38 sec][ETH][bytes ratio: 0.089 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/25 130/122 41/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/92 587/556 114/110][Plen Bins: 63,18,0,6,0,0,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 UDP 192.168.1.184:30303 <-> 52.231.165.108:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/426 bytes <-> 4 pkts/3132 bytes][Goodput ratio: 80/95][0.27 sec][ETH][bytes ratio: -0.761 (Download)][IAT c2s/s2c min/avg/max/stddev: 40/0 40/6 40/19 0/9][Pkt Len c2s/s2c min/avg/max/stddev: 213/467 213/783 213/1099 0/316][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 192.168.1.184:56632 <-> 51.38.81.180:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2117 bytes <-> 20 pkts/1765 bytes][Goodput ratio: 34/28][0.22 sec][ETH][bytes ratio: 0.091 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/13 78/78 23/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101/88 545/505 103/96][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP 192.168.1.184:56627 <-> 34.255.23.113:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2150 bytes <-> 20 pkts/1728 bytes][Goodput ratio: 35/27][0.20 sec][ETH][bytes ratio: 0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/11 70/62 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102/86 578/468 110/88][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP 192.168.1.184:56622 <-> 18.138.108.67:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2169 bytes <-> 21 pkts/1704 bytes][Goodput ratio: 36/22][0.81 sec][ETH][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/42 300/253 87/94][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/81 597/384 114/68][Risk: ** Unsafe Protocol **][Plen Bins: 66,17,0,5,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP 192.168.1.184:56639 <-> 18.219.167.159:30303 [proto: 42/Mining][cat: Mining/99][20 pkts/2093 bytes <-> 19 pkts/1750 bytes][Goodput ratio: 36/32][0.38 sec][ETH][bytes ratio: 0.089 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/25 130/122 41/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/92 587/556 114/110][Risk: ** Unsafe Protocol **][Plen Bins: 63,18,0,6,0,0,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 192.168.1.184:30303 <-> 52.231.165.108:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/426 bytes <-> 4 pkts/3132 bytes][Goodput ratio: 80/95][0.27 sec][ETH][bytes ratio: -0.761 (Download)][IAT c2s/s2c min/avg/max/stddev: 40/0 40/6 40/19 0/9][Pkt Len c2s/s2c min/avg/max/stddev: 213/467 213/783 213/1099 0/316][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 192.168.1.184:56635 <-> 162.228.29.160:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2051 bytes <-> 16 pkts/1497 bytes][Goodput ratio: 32/31][0.47 sec][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/32 159/152 50/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 98/94 479/471 89/98][Plen Bins: 65,17,0,5,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 TCP 192.168.1.184:56629 <-> 51.38.60.79:30303 [proto: 42/Mining][cat: Mining/99][19 pkts/1927 bytes <-> 19 pkts/1600 bytes][Goodput ratio: 34/25][0.16 sec][bytes ratio: 0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/9 36/43 9/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101/84 487/406 95/77][Plen Bins: 63,18,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP 192.168.1.184:56652 <-> 176.9.136.209:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1971 bytes <-> 17 pkts/1556 bytes][Goodput ratio: 39/32][0.10 sec][ETH][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 34/33 11/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 110/92 597/494 122/101][Plen Bins: 61,20,0,6,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 192.168.1.184:56654 <-> 85.214.108.52:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1930 bytes <-> 14 pkts/1529 bytes][Goodput ratio: 41/42][0.14 sec][ETH][bytes ratio: 0.116 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/12 35/36 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 114/109 574/401 119/103][Plen Bins: 42,21,7,7,0,0,0,7,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 192.168.1.184:56657 <-> 138.75.171.190:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1913 bytes <-> 16 pkts/1521 bytes][Goodput ratio: 41/34][0.79 sec][ETH][bytes ratio: 0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/88 263/261 91/122][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 113/95 605/525 126/112][Plen Bins: 50,28,0,7,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP 192.168.1.184:56652 <-> 176.9.136.209:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1971 bytes <-> 17 pkts/1556 bytes][Goodput ratio: 39/32][0.10 sec][ETH][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 34/33 11/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 110/92 597/494 122/101][Risk: ** Unsafe Protocol **][Plen Bins: 61,20,0,6,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 192.168.1.184:56654 <-> 85.214.108.52:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1930 bytes <-> 14 pkts/1529 bytes][Goodput ratio: 41/42][0.14 sec][ETH][bytes ratio: 0.116 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/12 35/36 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 114/109 574/401 119/103][Risk: ** Unsafe Protocol **][Plen Bins: 42,21,7,7,0,0,0,7,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 192.168.1.184:56657 <-> 138.75.171.190:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1913 bytes <-> 16 pkts/1521 bytes][Goodput ratio: 41/34][0.79 sec][ETH][bytes ratio: 0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/88 263/261 91/122][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 113/95 605/525 126/112][Risk: ** Unsafe Protocol **][Plen Bins: 50,28,0,7,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 192.168.1.184:56630 <-> 40.67.144.128:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1871 bytes <-> 17 pkts/1551 bytes][Goodput ratio: 36/31][0.38 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/28 158/112 46/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 104/91 497/489 99/100][PLAIN TEXT (t ZZUM)][Plen Bins: 60,20,0,6,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 192.168.1.184:56624 <-> 89.38.99.34:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1895 bytes <-> 13 pkts/1495 bytes][Goodput ratio: 40/45][0.22 sec][ETH][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/22 65/66 22/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 111/115 539/433 111/113][Plen Bins: 42,21,7,7,0,0,0,7,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 192.168.1.184:56624 <-> 89.38.99.34:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1895 bytes <-> 13 pkts/1495 bytes][Goodput ratio: 40/45][0.22 sec][ETH][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/22 65/66 22/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 111/115 539/433 111/113][Risk: ** Unsafe Protocol **][Plen Bins: 42,21,7,7,0,0,0,7,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 TCP 192.168.1.184:56651 <-> 138.201.12.87:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1857 bytes <-> 18 pkts/1521 bytes][Goodput ratio: 35/26][0.10 sec][bytes ratio: 0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/9 36/33 12/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/84 483/393 96/76][Plen Bins: 61,20,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 TCP 192.168.1.184:56672 <-> 139.162.255.210:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1826 bytes <-> 18 pkts/1550 bytes][Goodput ratio: 34/27][0.13 sec][bytes ratio: 0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/11 42/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101/86 452/422 90/82][Plen Bins: 61,20,0,6,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 192.168.1.184:56675 <-> 35.235.37.216:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1892 bytes <-> 13 pkts/1450 bytes][Goodput ratio: 41/43][0.10 sec][ETH][bytes ratio: 0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 5/13 25/25 10/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 111/112 596/420 125/106][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP 192.168.1.184:56641 <-> 144.91.120.135:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1914 bytes <-> 14 pkts/1422 bytes][Goodput ratio: 41/37][0.12 sec][ETH][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 30/29 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 113/102 606/390 127/97][Plen Bins: 55,15,0,7,0,0,7,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 TCP 192.168.1.184:56681 <-> 207.180.206.216:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1864 bytes <-> 13 pkts/1420 bytes][Goodput ratio: 40/42][0.16 sec][ETH][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 40/40 16/17][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 110/109 568/384 118/98][Plen Bins: 50,14,7,7,0,0,7,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 TCP 192.168.1.184:56617 <-> 34.97.172.22:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1834 bytes <-> 12 pkts/1437 bytes][Goodput ratio: 39/46][1.13 sec][ETH][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 62/68 318/271 118/117][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 108/120 538/461 111/119][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP 192.168.1.184:56613 <-> 162.243.160.83:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1832 bytes <-> 14 pkts/1433 bytes][Goodput ratio: 38/38][0.51 sec][ETH][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/52 154/153 55/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 108/102 524/401 108/99][PLAIN TEXT (fOZarJ)][Plen Bins: 55,15,0,7,0,0,7,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.1.184:56675 <-> 35.235.37.216:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1892 bytes <-> 13 pkts/1450 bytes][Goodput ratio: 41/43][0.10 sec][ETH][bytes ratio: 0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 5/13 25/25 10/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 111/112 596/420 125/106][Risk: ** Unsafe Protocol **][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP 192.168.1.184:56641 <-> 144.91.120.135:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1914 bytes <-> 14 pkts/1422 bytes][Goodput ratio: 41/37][0.12 sec][ETH][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 30/29 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 113/102 606/390 127/97][Risk: ** Unsafe Protocol **][Plen Bins: 55,15,0,7,0,0,7,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 TCP 192.168.1.184:56681 <-> 207.180.206.216:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1864 bytes <-> 13 pkts/1420 bytes][Goodput ratio: 40/42][0.16 sec][ETH][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 40/40 16/17][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 110/109 568/384 118/98][Risk: ** Unsafe Protocol **][Plen Bins: 50,14,7,7,0,0,7,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 TCP 192.168.1.184:56617 <-> 34.97.172.22:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1834 bytes <-> 12 pkts/1437 bytes][Goodput ratio: 39/46][1.13 sec][ETH][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 62/68 318/271 118/117][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 108/120 538/461 111/119][Risk: ** Unsafe Protocol **][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.184:56613 <-> 162.243.160.83:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1832 bytes <-> 14 pkts/1433 bytes][Goodput ratio: 38/38][0.51 sec][ETH][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/52 154/153 55/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 108/102 524/401 108/99][Risk: ** Unsafe Protocol **][PLAIN TEXT (fOZarJ)][Plen Bins: 55,15,0,7,0,0,7,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 TCP 192.168.1.184:56633 <-> 82.145.220.249:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1816 bytes <-> 15 pkts/1418 bytes][Goodput ratio: 38/34][0.20 sec][bytes ratio: 0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/38 76/77 26/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 107/95 508/488 104/106][Plen Bins: 50,28,0,7,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 TCP 192.168.1.184:56679 <-> 35.228.158.52:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1748 bytes <-> 13 pkts/1472 bytes][Goodput ratio: 36/44][0.23 sec][bytes ratio: 0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 59/60 23/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/113 452/436 92/109][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 TCP 192.168.1.184:56670 <-> 167.86.122.50:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1751 bytes <-> 13 pkts/1439 bytes][Goodput ratio: 36/42][0.16 sec][bytes ratio: 0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/13 43/38 16/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/111 455/403 93/102][Plen Bins: 50,14,7,7,0,0,7,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 TCP 192.168.1.184:56642 <-> 178.62.10.218:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1777 bytes <-> 12 pkts/1369 bytes][Goodput ratio: 37/44][0.17 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 9/22 43/42 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 105/114 481/399 99/104][Plen Bins: 50,14,7,7,0,0,7,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 TCP 192.168.1.184:56684 <-> 51.83.237.44:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1923 bytes <-> 7 pkts/1108 bytes][Goodput ratio: 42/58][0.13 sec][ETH][bytes ratio: 0.269 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/14 43/42 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 113/158 627/432 132/132][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 TCP 192.168.1.184:56655 <-> 202.112.28.106:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1982 bytes <-> 6 pkts/948 bytes][Goodput ratio: 39/57][0.88 sec][ETH][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/110 436/438 148/190][Pkt Len c2s/s2c min/avg/max/stddev: 66/67 110/158 560/434 113/130][Plen Bins: 50,25,0,12,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 TCP 192.168.1.184:56684 <-> 51.83.237.44:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1923 bytes <-> 7 pkts/1108 bytes][Goodput ratio: 42/58][0.13 sec][ETH][bytes ratio: 0.269 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/14 43/42 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 113/158 627/432 132/132][Risk: ** Unsafe Protocol **][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP 192.168.1.184:56655 <-> 202.112.28.106:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1982 bytes <-> 6 pkts/948 bytes][Goodput ratio: 39/57][0.88 sec][ETH][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/110 436/438 148/190][Pkt Len c2s/s2c min/avg/max/stddev: 66/67 110/158 560/434 113/130][Risk: ** Unsafe Protocol **][Plen Bins: 50,25,0,12,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 TCP 192.168.1.184:56662 <-> 35.229.232.19:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/1833 bytes <-> 9 pkts/1016 bytes][Goodput ratio: 37/49][0.59 sec][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/48 298/288 92/107][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 87/113 489/487 94/133][Plen Bins: 65,17,0,5,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 TCP 192.168.1.184:56663 <-> 124.217.235.180:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1919 bytes <-> 5 pkts/730 bytes][Goodput ratio: 41/54][0.77 sec][ETH][bytes ratio: 0.449 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 55/127 388/377 134/177][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/146 611/394 128/125][Plen Bins: 50,28,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 UDP 192.168.1.184:30303 <-> 18.219.167.159:30303 [proto: 42/Mining][cat: Mining/99][3 pkts/575 bytes <-> 4 pkts/1928 bytes][Goodput ratio: 78/91][0.75 sec][ETH][bytes ratio: -0.541 (Download)][IAT c2s/s2c min/avg/max/stddev: 127/0 314/209 501/626 187/295][Pkt Len c2s/s2c min/avg/max/stddev: 170/170 192/482 213/1099 18/375][Plen Bins: 0,0,0,0,57,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 192.168.1.184:56647 <-> 182.162.161.61:30303 [proto: 42/Mining][cat: Mining/99][11 pkts/1520 bytes <-> 5 pkts/842 bytes][Goodput ratio: 46/60][0.75 sec][ETH][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 83/124 372/371 154/175][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 138/168 588/554 147/193][Plen Bins: 51,12,0,12,0,0,0,0,0,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 192.168.1.184:56685 <-> 88.99.93.219:30303 [proto: 42/Mining][cat: Mining/99][9 pkts/1362 bytes <-> 3 pkts/603 bytes][Goodput ratio: 55/66][0.08 sec][ETH][bytes ratio: 0.386 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 11/20 41/38 18/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 151/201 646/463 179/185][Plen Bins: 42,14,0,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 UDP 192.168.1.184:30303 <-> 18.138.108.67:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1566 bytes][Goodput ratio: 80/95][0.27 sec][ETH][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 192.168.1.184:56663 <-> 124.217.235.180:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1919 bytes <-> 5 pkts/730 bytes][Goodput ratio: 41/54][0.77 sec][ETH][bytes ratio: 0.449 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 55/127 388/377 134/177][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/146 611/394 128/125][Risk: ** Unsafe Protocol **][Plen Bins: 50,28,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 UDP 192.168.1.184:30303 <-> 18.219.167.159:30303 [proto: 42/Mining][cat: Mining/99][3 pkts/575 bytes <-> 4 pkts/1928 bytes][Goodput ratio: 78/91][0.75 sec][ETH][bytes ratio: -0.541 (Download)][IAT c2s/s2c min/avg/max/stddev: 127/0 314/209 501/626 187/295][Pkt Len c2s/s2c min/avg/max/stddev: 170/170 192/482 213/1099 18/375][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,57,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 192.168.1.184:56647 <-> 182.162.161.61:30303 [proto: 42/Mining][cat: Mining/99][11 pkts/1520 bytes <-> 5 pkts/842 bytes][Goodput ratio: 46/60][0.75 sec][ETH][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 83/124 372/371 154/175][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 138/168 588/554 147/193][Risk: ** Unsafe Protocol **][Plen Bins: 51,12,0,12,0,0,0,0,0,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 192.168.1.184:56685 <-> 88.99.93.219:30303 [proto: 42/Mining][cat: Mining/99][9 pkts/1362 bytes <-> 3 pkts/603 bytes][Goodput ratio: 55/66][0.08 sec][ETH][bytes ratio: 0.386 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 11/20 41/38 18/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 151/201 646/463 179/185][Risk: ** Unsafe Protocol **][Plen Bins: 42,14,0,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 UDP 192.168.1.184:30303 <-> 18.138.108.67:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1566 bytes][Goodput ratio: 80/95][0.27 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 UDP 192.168.1.184:30303 <-> 35.180.246.169:30301 [proto: 42.178/Mining.Amazon][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1566 bytes][Goodput ratio: 80/95][0.03 sec][ETH][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 UDP 192.168.1.184:30303 <-> 3.209.45.79:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 80/95][0.14 sec][ETH][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 UDP 192.168.1.184:30303 <-> 34.97.172.22:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 80/95][0.27 sec][ETH][PLAIN TEXT (PbEvGi)][Plen Bins: 0,0,0,0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] - 56 UDP 192.168.1.184:30303 <-> 54.36.160.211:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 80/95][0.08 sec][ETH][PLAIN TEXT (PbEvGi)][Plen Bins: 0,0,0,0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] - 57 UDP 192.168.1.184:30303 <-> 128.0.51.140:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 80/95][0.08 sec][ETH][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 UDP 192.168.1.184:30303 <-> 3.209.45.79:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 80/95][0.14 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 UDP 192.168.1.184:30303 <-> 34.97.172.22:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 80/95][0.27 sec][ETH][Risk: ** Unsafe Protocol **][PLAIN TEXT (PbEvGi)][Plen Bins: 0,0,0,0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] + 56 UDP 192.168.1.184:30303 <-> 54.36.160.211:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 80/95][0.08 sec][ETH][Risk: ** Unsafe Protocol **][PLAIN TEXT (PbEvGi)][Plen Bins: 0,0,0,0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] + 57 UDP 192.168.1.184:30303 <-> 128.0.51.140:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 80/95][0.08 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 TCP 192.168.1.184:56612 <-> 66.42.82.246:30303 [proto: 42/Mining][cat: Mining/99][3 pkts/639 bytes <-> 2 pkts/140 bytes][Goodput ratio: 67/0][0.32 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 TCP 192.168.1.184:56680 <-> 138.59.17.58:30303 [proto: 42/Mining][cat: Mining/99][3 pkts/657 bytes <-> 1 pkts/74 bytes][Goodput ratio: 68/0][0.20 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 UDP 183.129.242.164:1024 <-> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/360 bytes <-> 2 pkts/362 bytes][Goodput ratio: 76/77][0.38 sec][ETH][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 UDP 183.129.242.164:1024 <-> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/360 bytes <-> 2 pkts/362 bytes][Goodput ratio: 76/77][0.38 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 61 TCP 192.168.1.184:56686 <-> 206.189.107.35:30303 [proto: 42/Mining][cat: Mining/99][3 pkts/617 bytes <-> 1 pkts/74 bytes][Goodput ratio: 66/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 TCP 192.168.1.184:56678 <-> 13.251.14.199:30303 [proto: 42.178/Mining.Amazon][cat: Web/5][3 pkts/614 bytes <-> 1 pkts/74 bytes][Goodput ratio: 66/0][0.25 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 63 UDP 192.168.1.184:30303 <-> 66.42.82.246:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes <-> 1 pkts/191 bytes][Goodput ratio: 78/78][0.64 sec][ETH][Plen Bins: 0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 64 UDP 87.14.222.25:56693 -> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.06 sec][ETH][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 65 UDP 192.168.1.184:30303 -> 111.229.0.180:20182 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.00 sec][ETH][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 66 UDP 192.168.1.184:30303 -> 209.97.143.1:50000 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.00 sec][ETH][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 67 UDP 192.168.1.184:30303 <-> 202.112.28.106:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/170 bytes <-> 1 pkts/191 bytes][Goodput ratio: 75/78][0.44 sec][ETH][PLAIN TEXT (0/XoR/Q)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 68 UDP 192.168.1.184:30303 <-> 167.86.122.50:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/170 bytes <-> 1 pkts/189 bytes][Goodput ratio: 75/77][0.03 sec][ETH][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 UDP 3.112.138.57:25516 -> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][ETH][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 70 UDP 60.191.32.71:30303 -> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/171 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][ETH][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 71 UDP 192.168.1.184:30303 -> 106.12.39.168:30333 [proto: 42/Mining][cat: Mining/99][1 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][ETH][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 UDP 192.168.1.184:30303 <-> 66.42.82.246:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes <-> 1 pkts/191 bytes][Goodput ratio: 78/78][0.64 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 UDP 87.14.222.25:56693 -> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.06 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 UDP 192.168.1.184:30303 -> 111.229.0.180:20182 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.00 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 66 UDP 192.168.1.184:30303 -> 209.97.143.1:50000 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.00 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 UDP 192.168.1.184:30303 <-> 202.112.28.106:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/170 bytes <-> 1 pkts/191 bytes][Goodput ratio: 75/78][0.44 sec][ETH][Risk: ** Unsafe Protocol **][PLAIN TEXT (0/XoR/Q)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 UDP 192.168.1.184:30303 <-> 167.86.122.50:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/170 bytes <-> 1 pkts/189 bytes][Goodput ratio: 75/77][0.03 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 UDP 3.112.138.57:25516 -> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 UDP 60.191.32.71:30303 -> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/171 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 UDP 192.168.1.184:30303 -> 106.12.39.168:30333 [proto: 42/Mining][cat: Mining/99][1 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][ETH][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 TCP 192.168.1.184:56625 -> 5.1.83.226:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/156 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.10 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 73 TCP 192.168.1.184:56637 -> 35.233.197.131:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/156 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.11 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 74 TCP 192.168.1.184:56644 -> 13.230.108.42:30303 [proto: 42.178/Mining.Amazon][cat: Web/5][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ftp.pcap.out b/tests/result/ftp.pcap.out index 1137a98db..584cbc8b2 100644 --- a/tests/result/ftp.pcap.out +++ b/tests/result/ftp.pcap.out @@ -2,7 +2,7 @@ Unknown 1115 1122198 1 FTP_CONTROL 68 5571 1 FTP_DATA 9 1819 1 - 1 TCP 192.168.1.212:50694 <-> 90.130.70.73:21 [proto: 1/FTP_CONTROL][cat: Download-FileTransfer-FileSharing/7][41 pkts/2892 bytes <-> 27 pkts/2679 bytes][Goodput ratio: 6/33][8.48 sec][User: anonymous][Pwd: NcFTP@][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/108 4743/1377 849/305][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/99 96/307 7/45][PLAIN TEXT (vsFTPd 3.0.3)][Plen Bins: 74,18,5,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.212:50694 <-> 90.130.70.73:21 [proto: 1/FTP_CONTROL][cat: Download-FileTransfer-FileSharing/7][41 pkts/2892 bytes <-> 27 pkts/2679 bytes][Goodput ratio: 6/33][8.48 sec][User: anonymous][Pwd: NcFTP@][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/108 4743/1377 849/305][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/99 96/307 7/45][Risk: ** Unsafe Protocol **][PLAIN TEXT (vsFTPd 3.0.3)][Plen Bins: 74,18,5,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.212:50695 <-> 90.130.70.73:25685 [proto: 175/FTP_DATA][cat: Download-FileTransfer-FileSharing/7][5 pkts/342 bytes <-> 4 pkts/1477 bytes][Goodput ratio: 0/82][0.09 sec][bytes ratio: -0.624 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/28 14/28 29/29 14/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/369 78/1271 5/521][PLAIN TEXT ( 1 0 0 1073741)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out index 36ba3d3e9..bd0995676 100644 --- a/tests/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/result/fuzz-2006-06-26-2594.pcap.out @@ -15,14 +15,14 @@ SIP 85 39540 15 5 UDP 192.168.1.2:5060 -> 212.242.33.35:17860 [proto: 100/SIP][cat: VoIP/10][1 pkts/1118 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][PLAIN TEXT (INVITE six)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][cat: Media/1][5 pkts/1070 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.05 sec][PLAIN TEXT (goxcffj)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.1.2:68 <-> 192.168.1.1:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes <-> 1 pkts/590 bytes][Goodput ratio: 87/93][0.00 sec][Host: d002465][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,43][PLAIN TEXT (002465Q)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.1.41:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][4 pkts/891 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][665.91 sec][Host: lab111][PLAIN TEXT ( EMEBECDBDBDBCACACACACACACACACA)][Plen Bins: 0,0,0,0,0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.1.41:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][4 pkts/891 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][665.91 sec][Host: lab111][Risk: ** Unsafe Protocol **][PLAIN TEXT ( EMEBECDBDBDBCACACACACACACACACA)][Plen Bins: 0,0,0,0,0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.1.2:5060 -> 200.68.120.81:4932 [proto: 100/SIP][cat: VoIP/10][1 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 192.168.1.41:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][7 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][13.52 sec][Host: workgroup][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 751/0 2253/0 4255/0 1348/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 212.242.33.35:5060 -> 192.37.115.0:5060 [proto: 100/SIP][cat: VoIP/10][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (SIP/2.0 401 Unauthorized)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.1.2:20932 -> 212.242.33.35:5060 [proto: 100/SIP][cat: VoIP/10][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 192.168.1.52:5060 -> 212.242.33.35:5060 [proto: 100/SIP][cat: VoIP/10][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.1.2:5060 -> 212.234.33.35:5060 [proto: 100/SIP][cat: VoIP/10][1 pkts/506 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 UDP 192.168.1.2:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][2 pkts/486 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][718.24 sec][Host: d002465][PLAIN TEXT ( EEDADADCDEDGDFC)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 192.168.1.2:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][2 pkts/486 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][718.24 sec][Host: d002465][Risk: ** Unsafe Protocol **][PLAIN TEXT ( EEDADADCDEDGDFC)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.1.2:2740 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed packet **][PLAIN TEXT (cyberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.1.2:2744 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 192.168.1.2:2748 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -69,7 +69,7 @@ SIP 85 39540 15 59 UDP 192.168.1.2:2802 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 UDP 192.168.1.2:2810 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][4.01 sec][Host: _sip._udp.sip.nybercity.dk][::][PLAIN TEXT (Mybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 61 UDP 192.168.1.2:2814 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sib._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 62 UDP 192.168.1.2:138 -> 192.168.1.251:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 UDP 192.168.1.2:138 -> 192.168.1.251:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Risk: ** Unsafe Protocol **][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 63 UDP 192.168.1.2:2719 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/168 bytes][Goodput ratio: 43/75][1.01 sec][147.234.1.253][PLAIN TEXT (ecitele)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 64 UDP 192.168.1.41:138 -> 192.168.1.255:394 [proto: 10/NetBIOS][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][PLAIN TEXT (MEBECDBDBDBCACACACACACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 65 UDP 81.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][cat: Media/1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/monero.pcap.out b/tests/result/monero.pcap.out index b04c4d8c6..0b8b396e1 100644 --- a/tests/result/monero.pcap.out +++ b/tests/result/monero.pcap.out @@ -1,4 +1,4 @@ Mining 319 166676 2 - 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes][Goodput ratio: 93/43][1091.42 sec][ZCash/Monero][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7234/8131 71734/71815 12367/14097][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 900/117 1514/376 1087/99][PLAIN TEXT (method)][Plen Bins: 28,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,29,0,0] - 2 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][cat: Mining/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes][Goodput ratio: 70/78][1065.16 sec][ZCash/Monero][bytes ratio: -0.136 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46166/51528 195463/195463 33257/34488][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 186/255 1498/364 395/138][PLAIN TEXT (method)][Plen Bins: 4,13,4,8,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0] + 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes][Goodput ratio: 93/43][1091.42 sec][ZCash/Monero][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7234/8131 71734/71815 12367/14097][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 900/117 1514/376 1087/99][Risk: ** Unsafe Protocol **][PLAIN TEXT (method)][Plen Bins: 28,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,29,0,0] + 2 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][cat: Mining/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes][Goodput ratio: 70/78][1065.16 sec][ZCash/Monero][bytes ratio: -0.136 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46166/51528 195463/195463 33257/34488][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 186/255 1498/364 395/138][Risk: ** Unsafe Protocol **][PLAIN TEXT (method)][Plen Bins: 4,13,4,8,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0] diff --git a/tests/result/netbios.pcap.out b/tests/result/netbios.pcap.out index 0aa5b116c..6abe1c9c3 100644 --- a/tests/result/netbios.pcap.out +++ b/tests/result/netbios.pcap.out @@ -6,8 +6,8 @@ SMBv1 2 486 2 3 UDP 10.0.5.233:137 <-> 10.0.4.24:137 [proto: 10/NetBIOS][cat: System/18][2 pkts/184 bytes <-> 2 pkts/434 bytes][Goodput ratio: 54/80][10.00 sec][Host: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 10.0.1.87:57836 <-> 10.0.4.24:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes <-> 1 pkts/217 bytes][Goodput ratio: 54/80][< 1 sec][Host: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 10.0.1.87:57921 <-> 10.0.4.24:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes <-> 1 pkts/217 bytes][Goodput ratio: 54/80][< 1 sec][Host: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 10.0.5.9:138 -> 10.0.5.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Host: nvr9][PLAIN TEXT ( EOFGFCDJ)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 10.0.5.93:138 -> 10.0.5.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Host: bowie][PLAIN TEXT ( ECEPFHEJEFCACACACACACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 10.0.5.9:138 -> 10.0.5.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Host: nvr9][Risk: ** Unsafe Protocol **][PLAIN TEXT ( EOFGFCDJ)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 10.0.5.93:138 -> 10.0.5.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Host: bowie][Risk: ** Unsafe Protocol **][PLAIN TEXT ( ECEPFHEJEFCACACACACACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 10.0.4.101:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][18.05 sec][Host: muli][PLAIN TEXT ( ENFFEMEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 10.0.4.24:139 <-> 10.0.4.131:1398 [proto: 10/NetBIOS][cat: System/18][1 pkts/60 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 10.0.4.24:137 -> 10.0.4.165:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/104 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Host: gunnar][PLAIN TEXT ( EHFFEOEOEBFCCACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index b52f3c604..72fa5bcc3 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -86,8 +86,8 @@ JA3 Host Stats: 67 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.50 sec][Host: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4416/0 9098/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 68 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/293 bytes <-> 3 pkts/186 bytes][Goodput ratio: 36/0][0.69 sec][bytes ratio: 0.223 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/54 26/54 53/54 27/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/62 161/66 46/3][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 69 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/TLS][cat: Web/5][6 pkts/468 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1005/0 1010/0 1015/0 4/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 70 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][2 pkts/452 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][1.26 sec][Host: alicegate][PLAIN TEXT ( EBEMEJEDEFEHEBFEEFCACACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 71 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][2 pkts/432 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][1.26 sec][Host: lucasmacbookpro][PLAIN TEXT ( EMFFEDEBFDENEBEDECEPEPELFAFCEP)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][2 pkts/452 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][1.26 sec][Host: alicegate][Risk: ** Unsafe Protocol **][PLAIN TEXT ( EBEMEJEDEFEHEBFEEFCACACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][2 pkts/432 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][1.26 sec][Host: lucasmacbookpro][Risk: ** Unsafe Protocol **][PLAIN TEXT ( EMFFEDEBFDENEBEDECEPEPELFAFCEP)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/237 bytes <-> 3 pkts/186 bytes][Goodput ratio: 21/0][0.47 sec][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/62 34/62 68/62 34/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/62 105/66 21/3][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 73 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 3/0][0.52 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/61 31/61 62/61 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64/62 78/66 10/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 74 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 3/0][0.36 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/65 31/65 62/65 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64/62 78/66 10/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -98,7 +98,7 @@ JA3 Host Stats: 79 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][20.15 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Goodput ratio: 58/74][0.05 sec][Host: db3msgr5011709.gateway.messenger.live.com][::][PLAIN TEXT (MSGR5011709)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][0.16 sec][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 82 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Host: lucas-imac][PLAIN TEXT ( EMFFEDEBFDCNEJENEBEDCACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 82 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Host: lucas-imac][Risk: ** Unsafe Protocol **][PLAIN TEXT ( EMFFEDEBFDCNEJENEBEDCACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 83 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 84 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.06 sec][Host: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 85 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.06 sec][Host: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/smbv1.pcap.out b/tests/result/smbv1.pcap.out index aae0adae8..818d69555 100644 --- a/tests/result/smbv1.pcap.out +++ b/tests/result/smbv1.pcap.out @@ -1,3 +1,3 @@ SMBv1 7 1197 1 - 1 TCP 172.16.156.130:50927 <-> 10.128.0.243:445 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][4 pkts/669 bytes <-> 3 pkts/528 bytes][Goodput ratio: 68/69][0.10 sec][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 27/34 32/35 37/36 4/1][Pkt Len c2s/s2c min/avg/max/stddev: 136/114 167/176 194/243 26/53][Risk: ** Known protocol on non standard port **** SMB Insecure Version **][PLAIN TEXT (PC NETWORK PROGRAM 1.0)][Plen Bins: 0,14,28,14,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 172.16.156.130:50927 <-> 10.128.0.243:445 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][4 pkts/669 bytes <-> 3 pkts/528 bytes][Goodput ratio: 68/69][0.10 sec][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 27/34 32/35 37/36 4/1][Pkt Len c2s/s2c min/avg/max/stddev: 136/114 167/176 194/243 26/53][Risk: ** Known protocol on non standard port **** SMB Insecure Version **** Unsafe Protocol **][PLAIN TEXT (PC NETWORK PROGRAM 1.0)][Plen Bins: 0,14,28,14,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/telegram.pcap.out b/tests/result/telegram.pcap.out index dd4a326c0..fbf89c17c 100644 --- a/tests/result/telegram.pcap.out +++ b/tests/result/telegram.pcap.out @@ -47,7 +47,7 @@ GoogleServices 2 186 1 32 UDP 192.168.1.77:54595 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][8.49 sec][Host: b._dns-sd._udp.ntop.org][::][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 192.168.1.77:52118 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/209 bytes][Goodput ratio: 43/80][0.01 sec][Host: in.appcenter.ms][20.44.78.251][PLAIN TEXT (appcenter)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 UDP 192.168.1.77:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Host: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 UDP 192.168.1.43:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Host: desktop-rb5t12g][PLAIN TEXT ( EEEFFDELFEEPFACNFCECDFFEDBDCEH)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 UDP 192.168.1.43:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Host: desktop-rb5t12g][Risk: ** Unsafe Protocol **][PLAIN TEXT ( EEEFFDELFEEPFACNFCECDFFEDBDCEH)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 UDP 192.168.1.77:23174 -> 87.11.205.195:60723 [proto: 159/OpenVPN][cat: VPN/2][2 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][1.50 sec][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 UDP 192.168.1.77:58615 <-> 192.168.1.1:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][1 pkts/81 bytes <-> 1 pkts/123 bytes][Goodput ratio: 48/65][0.03 sec][Host: telemetry.dropbox.com][162.125.19.9][PLAIN TEXT (telemetry)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 UDP 192.168.1.77:49764 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/121 bytes][Goodput ratio: 42/65][0.05 sec][Host: dati.ntop.org][167.99.215.164][PLAIN TEXT (digitalocean)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 0cad972db..0b0448024 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -9,14 +9,14 @@ JA3 Host Stats: 1 192.168.1.252 1 - 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 91.163/TLS.Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][Goodput ratio: 78/95][134.33 sec][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/86 33482/11394 1592/410][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 262/1176 1514/1514 429/1295][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][Client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,2,0,0,0,1,3,0,1,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,1,0,42,0,0] - 2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 91.163/TLS.Tor][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes][Goodput ratio: 77/96][106.13 sec][bytes ratio: -0.790 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/109 30770/31166 1837/1319][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 252/1248 1514/1514 420/1346][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][Client: www.q4cyamnc6mtokjurvdclt.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,1,74,0,0] + 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 91.163/TLS.Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][Goodput ratio: 78/95][134.33 sec][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/86 33482/11394 1592/410][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 262/1176 1514/1514 429/1295][Risk: ** Obsolete TLS version (< 1.1) **** Unsafe Protocol **][TLSv1][Client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,2,0,0,0,1,3,0,1,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,1,0,42,0,0] + 2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 91.163/TLS.Tor][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes][Goodput ratio: 77/96][106.13 sec][bytes ratio: -0.790 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/109 30770/31166 1837/1319][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 252/1248 1514/1514 420/1346][Risk: ** Obsolete TLS version (< 1.1) **** Unsafe Protocol **][TLSv1][Client: www.q4cyamnc6mtokjurvdclt.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,1,74,0,0] 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 91/TLS][cat: Web/5][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][Goodput ratio: 84/91][109.04 sec][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2212/966 44777/37995 8573/4770][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 366/580 1514/1514 350/568][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][Client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.xkgk7fdx362yyyxib.com][Subject: CN=www.g6ghvisevf3ibuu5.net][Certificate SHA-1: 94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7][Validity: 2013-10-03 00:00:00 - 2013-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 2,1,1,1,1,0,1,0,0,3,0,0,0,0,0,0,2,0,58,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,1,0,22,0,0] 4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 91/TLS][cat: Web/5][17 pkts/5489 bytes <-> 21 pkts/7031 bytes][Goodput ratio: 82/84][135.32 sec][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 10378/8441 132386/132736 4548/4834][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 323/335 640/1514 270/385][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][Client: www.gfu7hbxpfp.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.xkgk7fdx362yyyxib.com][Subject: CN=www.g6ghvisevf3ibuu5.net][Certificate SHA-1: 94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7][Validity: 2013-10-03 00:00:00 - 2013-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,5,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,65,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] 5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 91/TLS][cat: Web/5][16 pkts/4858 bytes <-> 18 pkts/6284 bytes][Goodput ratio: 81/84][108.05 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 6124/2564 71328/34353 7646/8817][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 304/349 640/1514 267/398][Risk: ** Obsolete TLS version (< 1.1) **** Suspicious DGA domain name **][TLSv1][Client: www.e6r5p57kbafwrxj3plz.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.gmvuy6mtjbxevwo3w.com][Subject: CN=www.bpcau5b3haif5els.net][Certificate SHA-1: 3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C][Validity: 2013-06-07 00:00:00 - 2014-02-07 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,5,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 91/TLS][cat: Web/5][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][Goodput ratio: 75/87][135.27 sec][bytes ratio: -0.292 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 11234/11261 72591/72890 19733/19822][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 231/421 640/1514 243/403][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][Client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.wohgpas45j6ucw.com][Subject: CN=www.7d43ah2kikrabj.net][Certificate SHA-1: F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B][Validity: 2013-09-11 00:00:00 - 2013-11-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,11,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] - 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 91.163/TLS.Tor][cat: VPN/2][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][Goodput ratio: 76/87][74.24 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/15 6155/6464 63835/63837 18400/19124][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 242/430 640/1514 247/416][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][Client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.a3uycdf3rn5md.com][Subject: CN=www.l7xvysfnvkb.net][Certificate SHA-1: EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0][Validity: 2013-11-02 00:00:00 - 2014-02-17 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,12,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] + 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 91.163/TLS.Tor][cat: VPN/2][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][Goodput ratio: 76/87][74.24 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/15 6155/6464 63835/63837 18400/19124][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 242/430 640/1514 247/416][Risk: ** Obsolete TLS version (< 1.1) **** Unsafe Protocol **][TLSv1][Client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.a3uycdf3rn5md.com][Subject: CN=www.l7xvysfnvkb.net][Certificate SHA-1: EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0][Validity: 2013-11-02 00:00:00 - 2014-02-17 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,12,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] 8 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][600.89 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30033/0 66765/0 360548/0 30431/0][Pkt Len c2s/s2c min/avg/max/stddev: 186/0 186/0 186/0 0/0][PLAIN TEXT ( 676879976)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][31.41 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 6282/0 16006/0 5400/0][Pkt Len c2s/s2c min/avg/max/stddev: 151/0 151/0 151/0 0/0][PLAIN TEXT (Endian)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Host: endian-pc][PLAIN TEXT ( EFEOEEEJEBEOCNFAEDCACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Host: endian-pc][Risk: ** Unsafe Protocol **][PLAIN TEXT ( EFEOEEEJEBEOCNFAEDCACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/TLS][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 6e1632d8e..6c6542d20 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -62,7 +62,7 @@ JA3 Host Stats: 41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/TLS.WeChat][cat: Chat/9][3 pkts/802 bytes <-> 3 pkts/198 bytes][Goodput ratio: 75/0][16.21 sec][bytes ratio: 0.604 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6562/9679 8102/9679 9642/9679 1540/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 267/66 670/66 285/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][9 pkts/828 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.44 sec][Host: lbjamwptxz][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 179/0 816/0 313/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][Risk: ** Suspicious DGA domain name **][PLAIN TEXT ( EMECEKEBENFHFAFEFIFKCACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][15 pkts/810 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3769.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 409/0 289920/0 3384346/0 24553/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 54/0 54/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][3 pkts/751 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][3600.00 sec][Host: giovanni-pc][PLAIN TEXT ( EHEJEPFGEBEOEOEJ)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][3 pkts/751 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][3600.00 sec][Host: giovanni-pc][Risk: ** Unsafe Protocol **][PLAIN TEXT ( EHEJEPFGEBEOEOEJ)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][22.72 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 351/910 5597/910 20327/910 8509/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][55.41 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 312/33511 13774/33511 33196/33511 13762/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][cat: Chat/9][1 pkts/73 bytes <-> 1 pkts/537 bytes][Goodput ratio: 42/92][0.03 sec][Host: res.wx.qq.com][203.205.158.34][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/zcash.pcap.out b/tests/result/zcash.pcap.out index e32d1384a..0a23ccee6 100644 --- a/tests/result/zcash.pcap.out +++ b/tests/result/zcash.pcap.out @@ -1,3 +1,3 @@ Mining 145 20644 1 - 1 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes][Goodput ratio: 53/53][1154.54 sec][ZCash/Monero][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 15953/19141 60205/60205 26071/28216][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/143 326/369 91/88][PLAIN TEXT (method)][Plen Bins: 0,40,0,0,0,44,0,13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes][Goodput ratio: 53/53][1154.54 sec][ZCash/Monero][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 15953/19141 60205/60205 26071/28216][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/143 326/369 91/88][Risk: ** Unsafe Protocol **][PLAIN TEXT (method)][Plen Bins: 0,40,0,0,0,44,0,13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |