aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/kerberos.pcap.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2024-04-11 13:36:26 +0200
committerToni Uhlig <matzeton@googlemail.com>2024-05-09 13:43:12 +0200
commitf8f669a7ce92da582f0dbef7337639bf060ef47d (patch)
tree8f2d7033aa0fe3a695134e7554c624be3e8fb472 /tests/cfgs/default/result/kerberos.pcap.out
parentb65a755e8569d428732f54bc72f7da3ffb94a3ff (diff)
Add extra entropy checks and more precise(?) analysis.add/more-and-detailed-entropy-checks
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'tests/cfgs/default/result/kerberos.pcap.out')
-rw-r--r--tests/cfgs/default/result/kerberos.pcap.out52
1 files changed, 26 insertions, 26 deletions
diff --git a/tests/cfgs/default/result/kerberos.pcap.out b/tests/cfgs/default/result/kerberos.pcap.out
index e4834cf35..26cd2ab95 100644
--- a/tests/cfgs/default/result/kerberos.pcap.out
+++ b/tests/cfgs/default/result/kerberos.pcap.out
@@ -17,7 +17,7 @@ Automa domain: 0/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
-Patricia risk mask: 44/0 (search/found)
+Patricia risk mask: 68/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
@@ -35,39 +35,39 @@ Unrated 9 3031 2
1 TCP 172.16.8.201:49171 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1486 bytes <-> 1 pkts/1506 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0]
2 TCP 172.16.8.201:49160 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0]
3 TCP 172.16.8.201:49176 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0]
- 4 TCP 172.16.8.201:49173 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/1118 bytes <-> 1 pkts/190 bytes][Goodput ratio: 95/71][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.78][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 TCP 172.16.8.201:49194 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/410 bytes <-> 1 pkts/314 bytes][Goodput ratio: 87/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.33][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 TCP 172.16.8.201:49193 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/384 bytes <-> 1 pkts/264 bytes][Goodput ratio: 86/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.34][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 172.16.8.201:49191 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/368 bytes <-> 1 pkts/264 bytes][Goodput ratio: 85/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.29][Plen Bins: 0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 172.16.8.201:49173 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/1118 bytes <-> 1 pkts/190 bytes][Goodput ratio: 95/71][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.775 (Encrypted or Random?)][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 TCP 172.16.8.201:49194 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/410 bytes <-> 1 pkts/314 bytes][Goodput ratio: 87/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.333 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 TCP 172.16.8.201:49193 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/384 bytes <-> 1 pkts/264 bytes][Goodput ratio: 86/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.338 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 TCP 172.16.8.201:49191 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/368 bytes <-> 1 pkts/264 bytes][Goodput ratio: 85/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.290 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 172.16.8.201:49157 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/293 bytes <-> 1 pkts/332 bytes][Goodput ratio: 81/83][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 172.16.8.201:49166 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/293 bytes <-> 1 pkts/332 bytes][Goodput ratio: 81/83][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 172.16.8.201:49181 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/293 bytes <-> 1 pkts/332 bytes][Goodput ratio: 81/83][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (JOHNSON)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 TCP 172.16.8.201:49156 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.07][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 TCP 172.16.8.201:49174 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.14][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 TCP 172.16.8.201:49156 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.068 (Compressed Executable?)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 TCP 172.16.8.201:49174 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.145 (Compressed Executable?)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 172.16.8.201:49188 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/369 bytes <-> 1 pkts/216 bytes][Goodput ratio: 85/75][< 1 sec][happycraft\theresa.johnson][PLAIN TEXT (theresa.johnson)][Plen Bins: 0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 TCP 172.16.8.201:49161 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.21][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 TCP 172.16.8.201:49179 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.16][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 TCP 172.16.8.201:49180 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.27][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 TCP 172.16.8.201:49161 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.210 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 TCP 172.16.8.201:49179 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.156 (Compressed Executable?)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 TCP 172.16.8.201:49180 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.273 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 TCP 172.16.8.201:49187 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/289 bytes <-> 1 pkts/294 bytes][Goodput ratio: 81/81][0.00 sec][happycraft\theresa.johnson][PLAIN TEXT (theresa.johnson)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 TCP 172.16.8.201:49169 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.18][PLAIN TEXT (PSTUsM)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 TCP 172.16.8.201:49172 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.17][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 TCP 172.16.8.201:49169 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.177 (Encrypted Executable?)][PLAIN TEXT (PSTUsM)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 TCP 172.16.8.201:49172 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.175 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 TCP 172.16.8.201:49158 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/373 bytes <-> 1 pkts/166 bytes][Goodput ratio: 85/67][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 TCP 172.16.8.201:49167 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/373 bytes <-> 1 pkts/166 bytes][Goodput ratio: 85/67][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 TCP 172.16.8.201:49182 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/373 bytes <-> 1 pkts/166 bytes][Goodput ratio: 85/67][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (JOHNSON)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 TCP 172.16.8.201:49190 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/271 bytes <-> 1 pkts/244 bytes][Goodput ratio: 80/78][0.00 sec][PLAIN TEXT (happycraft.org)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 24 TCP 172.16.8.201:49192 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 25 TCP 172.16.8.201:49195 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 26 TCP 172.16.8.201:49162 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][0.00 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 27 TCP 172.16.8.201:49168 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][< 1 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 28 TCP 172.16.8.201:49159 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][< 1 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 29 TCP 172.16.8.201:49175 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 30 TCP 172.16.8.201:49186 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 172.16.8.201:49170 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/167 bytes <-> 1 pkts/122 bytes][Goodput ratio: 67/55][0.00 sec][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 32 TCP 172.16.8.201:49183 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/134 bytes <-> 1 pkts/94 bytes][Goodput ratio: 59/42][0.00 sec][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 33 TCP 172.16.8.201:49189 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/120 bytes][Goodput ratio: 43/55][< 1 sec][PLAIN TEXT (370913024805Z)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 34 TCP 172.16.8.201:49196 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/102 bytes][Goodput ratio: 39/47][< 1 sec][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 TCP 172.16.8.201:49190 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/271 bytes <-> 1 pkts/244 bytes][Goodput ratio: 80/78][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.826 (Compressed Executable?)][PLAIN TEXT (happycraft.org)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 24 TCP 172.16.8.201:49192 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.715 (Compressed Executable?)][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 25 TCP 172.16.8.201:49195 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.700 (Compressed Executable?)][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 26 TCP 172.16.8.201:49162 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.691 (Compressed Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 27 TCP 172.16.8.201:49168 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.757 (Compressed Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 28 TCP 172.16.8.201:49159 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.553 (Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 29 TCP 172.16.8.201:49175 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.578 (Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 30 TCP 172.16.8.201:49186 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.623 (Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 31 TCP 172.16.8.201:49170 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/167 bytes <-> 1 pkts/122 bytes][Goodput ratio: 67/55][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.464 (Executable?)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 32 TCP 172.16.8.201:49183 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/134 bytes <-> 1 pkts/94 bytes][Goodput ratio: 59/42][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.172 (Executable?)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 33 TCP 172.16.8.201:49189 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/120 bytes][Goodput ratio: 43/55][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.863 (Executable?)][PLAIN TEXT (370913024805Z)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 34 TCP 172.16.8.201:49196 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/102 bytes][Goodput ratio: 39/47][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.361 (Executable?)][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Undetected flows:
- 1 TCP 172.16.8.201:49165 <-> 172.16.8.8:49155 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][4 pkts/1382 bytes <-> 2 pkts/624 bytes][Goodput ratio: 84/83][21.49 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/21492 7164/21492 21491/21492 10131/0][Pkt Len c2s/s2c min/avg/max/stddev: 274/286 346/312 429/338 72/26][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.41][Plen Bins: 0,0,0,0,0,0,33,16,16,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 172.16.8.201:49185 <-> 172.16.8.8:49155 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][2 pkts/687 bytes <-> 1 pkts/338 bytes][Goodput ratio: 84/84][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.44][Plen Bins: 0,0,0,0,0,0,33,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 172.16.8.201:49165 <-> 172.16.8.8:49155 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][4 pkts/1382 bytes <-> 2 pkts/624 bytes][Goodput ratio: 84/83][21.49 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/21492 7164/21492 21491/21492 10131/0][Pkt Len c2s/s2c min/avg/max/stddev: 274/286 346/312 429/338 72/26][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.413 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,33,16,16,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 172.16.8.201:49185 <-> 172.16.8.8:49155 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][2 pkts/687 bytes <-> 1 pkts/338 bytes][Goodput ratio: 84/84][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.441 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,33,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.