aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/starcraft_battle.pcap.out
diff options
context:
space:
mode:
authorToni <matzeton@googlemail.com>2024-05-09 15:24:11 +0200
committerGitHub <noreply@github.com>2024-05-09 15:24:11 +0200
commit18e03a26ca781490f06bfdbd34628614fcb65ca9 (patch)
tree8f2d7033aa0fe3a695134e7554c624be3e8fb472 /tests/cfgs/default/result/starcraft_battle.pcap.out
parentb65a755e8569d428732f54bc72f7da3ffb94a3ff (diff)
Add extra entropy checks and more precise(?) analysis. (#2383)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'tests/cfgs/default/result/starcraft_battle.pcap.out')
-rw-r--r--tests/cfgs/default/result/starcraft_battle.pcap.out4
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out
index ea8410962..48efd048d 100644
--- a/tests/cfgs/default/result/starcraft_battle.pcap.out
+++ b/tests/cfgs/default/result/starcraft_battle.pcap.out
@@ -19,7 +19,7 @@ Automa domain: 41/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 7/1 (search/found)
Automa common alpns: 0/0 (search/found)
-Patricia risk mask: 22/0 (search/found)
+Patricia risk mask: 24/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
@@ -62,7 +62,7 @@ Fun 245 52374 7
20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 13][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes][Goodput ratio: 14/22][10.56 sec][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2624/2614 6381/6342 2711/2730][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 63/75 74/155 9/33][Plen Bins: 80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Goodput ratio: 23/53][0.60 sec][Hostname/SNI: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 148/102 198/203 80/102][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/128 139/327 33/115][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][Content-Type: text/plain][Server: Apache/2.2.3 (CentOS)][Risk: ** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 150][Risk Info: Empty or missing User-Agent / Obsolete Apache server 2.2.3][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)][Plen Bins: 0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Goodput ratio: 50/78][0.09 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][2.228.46.112][PLAIN TEXT (bnetcmsus)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][Goodput ratio: 48/45][28.94 sec][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457/14457 15059/14974 602/517][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81/77 83/83 3/8][Plen Bins: 16,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][Goodput ratio: 48/45][28.94 sec][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457/14457 15059/14974 602/517][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81/77 83/83 3/8][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.072 (Executable?)][Plen Bins: 16,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Goodput ratio: 51/70][0.05 sec][Hostname/SNI: 110.212.58.216.in-addr.arpa][::][Plen Bins: 0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Goodput ratio: 45/71][0.08 sec][Hostname/SNI: llnw.blizzard.com][87.248.221.254][Risk: ** Susp DGA Domain name **** Risky Domain Name **][Risk Score: 150][Risk Info: llnw.blizzard.com / DGA Name Query with no Error Code][PLAIN TEXT (blizzard)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Goodput ratio: 51/67][0.06 sec][Hostname/SNI: 100.1.168.192.in-addr.arpa][::][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (dynect)][Plen Bins: 0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.