diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-03-06 19:25:59 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-06 19:25:59 +0100 |
| commit | 21da53d3a03cad32dffa8447d9c4ae5bae62a3a2 (patch) | |
| tree | 6ed55bf40dfcf2976df48933b38e6f014a3fe852 /tests/cfgs/default | |
| parent | 8f63a1173539a79c1fa1bb5c618fe561175a1ab5 (diff) | |
ahocorasick: improve matching with subdomains (#2331)
The basic idea is to have the following logic:
* pattern "DOMAIN" matches the domain itself (i.e exact match) *and* any
subdomains (i.e. "ANYTHING.DOMAIN")
* pattern "DOMAIN." matches *also* any strings for which is a prefix
[please, note that this kind of match is handy but it is quite
dangerous...]
* pattern "-DOMAIN" matches *also* any strings for which is a postfix
Examples:
* pattern "wikipedia.it":
* "wikipiedia.it" -> OK
* "foo.wikipedia.it -> OK
* "foowikipedia.it -> NO MATCH
* "wikipedia.it.com -> NO MATCH
* pattern "wikipedia.":
* "wikipedia.it" -> OK
* "foo.wikipedia.it -> OK
* "foowikipedia.it -> NO MATCH
* "wikipedia.it.com -> OK
* pattern "-wikipedia.it":
* "wikipedia.it" -> NO MATCH
* "foo.wikipedia.it -> NO MATCH
* "0001-wikipedia.it -> OK
* "foo.0001-wikipedia.it -> OK
Bottom line:
* exact match
* prefix with "." (always, implicit)
* prefix with "-" (only if esplicitly set)
* postfix with "." (only if esplicitly set)
That means that the patterns cannot start with '.' anymore.
Close #2330
Diffstat (limited to 'tests/cfgs/default')
| -rw-r--r-- | tests/cfgs/default/pcap/sites.pcapng | bin | 350344 -> 356692 bytes | |||
| -rw-r--r-- | tests/cfgs/default/result/anyconnect-vpn.pcap.out | 12 | ||||
| -rw-r--r-- | tests/cfgs/default/result/cachefly.pcapng.out | 6 | ||||
| -rw-r--r-- | tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out | 4 | ||||
| -rw-r--r-- | tests/cfgs/default/result/reddit.pcap.out | 2 | ||||
| -rw-r--r-- | tests/cfgs/default/result/sites.pcapng.out | 99 | ||||
| -rw-r--r-- | tests/cfgs/default/result/tls_torrent.pcapng.out | 10 | ||||
| -rw-r--r-- | tests/cfgs/default/result/weibo.pcap.out | 16 | ||||
| -rw-r--r-- | tests/cfgs/default/result/zoom.pcap.out | 8 |
9 files changed, 79 insertions, 78 deletions
diff --git a/tests/cfgs/default/pcap/sites.pcapng b/tests/cfgs/default/pcap/sites.pcapng Binary files differindex 938b72a47..17d294e57 100644 --- a/tests/cfgs/default/pcap/sites.pcapng +++ b/tests/cfgs/default/pcap/sites.pcapng diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index ec9190789..cfca87030 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -15,7 +15,7 @@ LRU cache tls_cert: 0/11/0 (insert/search/found) LRU cache mining: 0/8/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache stun_zoom: 0/1/0 (insert/search/found) -Automa host: 69/13 (search/found) +Automa host: 69/15 (search/found) Automa domain: 69/0 (search/found) Automa tls cert: 4/0 (search/found) Automa risk mask: 22/1 (search/found) @@ -28,7 +28,7 @@ Patricia protocols: 133/7 (search/found) Patricia protocols IPv6: 6/0 (search/found) Unknown 19 1054 2 -DNS 30 3350 15 +DNS 28 3164 14 HTTP 50 11137 5 MDNS 24 4279 4 NetBIOS 15 1542 1 @@ -41,12 +41,12 @@ TLS 328 86914 13 ICMPV6 18 2964 2 Slack 29 4979 2 AJP 5 390 1 -Apple 2 297 1 +Apple 4 483 2 CiscoVPN 3 198 1 ApplePush 6 966 3 -Safe 359 93320 15 -Acceptable 207 36239 52 +Safe 361 93506 16 +Acceptable 205 36053 51 Unrated 19 1054 2 JA3 Host Stats: @@ -106,7 +106,7 @@ JA3 Host Stats: 50 TCP 10.0.0.227:56865 <-> 10.0.0.149:8008 [proto: 161/CiscoVPN][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 3][cat: VPN/2][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 TCP 10.0.0.227:56885 <-> 184.25.56.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 UDP 10.0.0.227:61613 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/97 bytes][Goodput ratio: 56/56][0.02 sec][Hostname/SNI: lb._dns-sd._udp.0.0.0.10.in-addr.arpa][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 UDP 10.0.0.227:49781 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/117 bytes][Goodput ratio: 39/64][0.02 sec][Hostname/SNI: apple.com][17.178.96.59][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 UDP 10.0.0.227:49781 <-> 75.75.75.75:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/117 bytes][Goodput ratio: 39/64][0.02 sec][Hostname/SNI: apple.com][17.178.96.59][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 UDP 10.0.0.227:52879 <-> 75.75.76.76:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.04 sec][Hostname/SNI: vco.pandion.viasat.com][8.37.102.91][PLAIN TEXT (pandion)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 ICMPV6 [fe80::408:3e45:3abc:1552]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][1.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 UDP 10.0.0.227:51990 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/91 bytes][Goodput ratio: 43/53][0.04 sec][Hostname/SNI: mail.viasat.com][8.37.103.196][PLAIN TEXT (viasat)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/cachefly.pcapng.out b/tests/cfgs/default/result/cachefly.pcapng.out index c897e2f60..e1598dfa1 100644 --- a/tests/cfgs/default/result/cachefly.pcapng.out +++ b/tests/cfgs/default/result/cachefly.pcapng.out @@ -5,12 +5,12 @@ LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/2/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache stun_zoom: 0/0/0 (insert/search/found) -Automa host: 44/1 (search/found) -Automa domain: 44/0 (search/found) +Automa host: 1/1 (search/found) +Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 2/2 (search/found) diff --git a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index ef59794b7..5cd21bed6 100644 --- a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -132,13 +132,13 @@ JA3 Host Stats: 83 UDP 168.144.64.5:60551 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 78ba053b9aa352e84a4eea899207839a][JA4: q13d0312h3_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 84 UDP 168.144.64.5:60809 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 78ba053b9aa352e84a4eea899207839a][JA4: q13d0312h3_55b375c5d22e_f3854ce178b3][PLAIN TEXT (XDlJUg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 85 UDP 168.144.64.5:60896 -> 45.228.175.189:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 78ba053b9aa352e84a4eea899207839a][JA4: q13d0312h3_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 169051af8572ac08ea1ddeee0db208bc][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 169051af8572ac08ea1ddeee0db208bc][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 87 UDP 168.144.64.5:60934 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 88 UDP 168.144.64.5:60936 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 78ba053b9aa352e84a4eea899207839a][JA4: q13d0312h3_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 89 UDP 168.144.64.5:60949 -> 185.186.183.185:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 78ba053b9aa352e84a4eea899207839a][JA4: q13d0312h3_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 90 UDP 168.144.64.5:61209 -> 35.194.157.47:443 [proto: 188.284/QUIC.GoogleCloud][IP: 284/GoogleCloud][Encrypted][Confidence: DPI (partial)][DPI packets: 1][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 91 UDP 168.144.64.5:61341 -> 16.232.218.117:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r9---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 93 UDP 168.144.64.5:62047 -> 136.125.67.96:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons4.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 94 UDP 168.144.64.5:62652 -> 158.146.215.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 95 UDP 168.144.64.5:62818 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 78ba053b9aa352e84a4eea899207839a][JA4: q13d0312h3_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] diff --git a/tests/cfgs/default/result/reddit.pcap.out b/tests/cfgs/default/result/reddit.pcap.out index b3fd5bcb4..ba57b3829 100644 --- a/tests/cfgs/default/result/reddit.pcap.out +++ b/tests/cfgs/default/result/reddit.pcap.out @@ -67,7 +67,7 @@ JA3 Host Stats: 22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51100 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][20 pkts/3169 bytes <-> 22 pkts/6495 bytes][Goodput ratio: 45/71][0.25 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 50/31 19/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/295 603/1474 141/415][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA4: t00d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 20,24,15,4,0,4,4,0,0,0,0,0,4,0,0,0,4,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0] 23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47006 <-> [64:ff9b::34d3:acec]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][12 pkts/2260 bytes <-> 11 pkts/7351 bytes][Goodput ratio: 54/87][0.30 sec][Hostname/SNI: d9.flashtalking.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/31 67/134 23/42][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 188/668 663/1474 202/634][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=tag.device9.com][Certificate SHA-1: 8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3][Chrome][Validity: 2020-08-06 10:30:28 - 2021-09-17 11:41:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,30,0,0,0,0] 24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56186 <-> [2600:9000:219c:ee00:6:44e3:f8c0:93a1]:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][14 pkts/2163 bytes <-> 13 pkts/7387 bytes][Goodput ratio: 44/85][0.16 sec][Hostname/SNI: rules.quantcount.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/13 39/40 13/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 154/568 603/1294 140/540][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA4: t00d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,0,25,0,0,0,0,8,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0] - 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59336 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][17 pkts/2490 bytes <-> 16 pkts/7006 bytes][Goodput ratio: 41/80][0.14 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/37 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/438 603/1294 132/466][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA4: t00d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,13,0,0,0,6,0,6,0,0,0,0,6,0,0,6,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0] + 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59336 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][17 pkts/2490 bytes <-> 16 pkts/7006 bytes][Goodput ratio: 41/80][0.14 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/37 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/438 603/1294 132/466][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA4: t00d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,13,0,0,0,6,0,6,0,0,0,0,6,0,0,6,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0] 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38166 <-> [2a00:1450:4007:811::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][18 pkts/2582 bytes <-> 17 pkts/6805 bytes][Goodput ratio: 40/78][0.19 sec][Hostname/SNI: fonts.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 43/43 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 143/400 603/1294 130/409][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA4: t00d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,6,0,12,0,0,0,0,0,6,6,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0] 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39626 <-> [64:ff9b::2278:cf94]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/2444 bytes <-> 15 pkts/6941 bytes][Goodput ratio: 43/81][0.43 sec][Hostname/SNI: id.rlcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/33 104/221 29/63][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/463 603/1474 135/553][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA4: t00d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,7,0,0,0,0,7,0,0,0,0,0,0,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0] 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56578 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 10][cat: SocialNetwork/6][15 pkts/2848 bytes <-> 13 pkts/6172 bytes][Goodput ratio: 54/82][0.14 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.369 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 38/48 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 190/475 603/1134 167/462][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][JA4: t00d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,14,7,0,0,0,0,7,0,0,7,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/sites.pcapng.out b/tests/cfgs/default/result/sites.pcapng.out index 072847a78..d71b23e79 100644 --- a/tests/cfgs/default/result/sites.pcapng.out +++ b/tests/cfgs/default/result/sites.pcapng.out @@ -1,28 +1,28 @@ Guessed flow protos: 4 -DPI Packets (TCP): 281 (5.40 pkts/flow) +DPI Packets (TCP): 287 (5.42 pkts/flow) DPI Packets (UDP): 3 (1.00 pkts/flow) Confidence Match by port : 4 (flows) -Confidence DPI : 51 (flows) -Num dissector calls: 65 (1.18 diss/flow) +Confidence DPI : 52 (flows) +Num dissector calls: 66 (1.18 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/6/0 (insert/search/found) +LRU cache tls_cert: 0/4/0 (insert/search/found) LRU cache mining: 0/4/0 (insert/search/found) LRU cache msteams: 1/1/1 (insert/search/found) LRU cache stun_zoom: 0/0/0 (insert/search/found) -Automa host: 55/50 (search/found) -Automa domain: 55/0 (search/found) -Automa tls cert: 0/0 (search/found) +Automa host: 70/52 (search/found) +Automa domain: 70/0 (search/found) +Automa tls cert: 1/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 92/92 (search/found) +Automa common alpns: 94/94 (search/found) Patricia risk mask: 6/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 4/0 (search/found) -Patricia protocols: 81/33 (search/found) +Patricia protocols: 83/33 (search/found) Patricia protocols IPv6: 4/4 (search/found) HTTP 14 1040 4 @@ -30,7 +30,7 @@ Outlook 9 5954 1 Xbox 4 2245 1 TikTok 31 10560 1 DisneyPlus 29 9717 1 -TLS 4 2215 1 +TLS 24 7824 2 GoogleMaps 4 2215 1 Google 4 5596 2 LastFM 4 2215 1 @@ -69,7 +69,7 @@ GoogleClassroom 1 1292 1 ElectronicArts 16 6539 2 HuaweiCloud 50 35677 3 -Safe 86 43868 8 +Safe 106 49477 9 Acceptable 185 106723 23 Fun 333 176189 23 Potentially Dangerous 4 2225 1 @@ -104,41 +104,42 @@ JA3 Host Stats: 15 TCP 192.168.1.128:48654 <-> 13.107.42.14:443 [proto: 91.233/TLS.LinkedIn][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 7][cat: SocialNetwork/6][3 pkts/857 bytes <-> 6 pkts/5137 bytes][Goodput ratio: 79/93][0.09 sec][Hostname/SNI: www.linkedin.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/0 30/12 34/35 4/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/856 571/1514 209/665][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com][Certificate SHA-1: CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53][Firefox][Validity: 2022-03-01 00:00:00 - 2022-09-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,14,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] 16 TCP 192.168.1.128:43412 <-> 151.101.193.73:443 [proto: 91.246/TLS.Bloomberg][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Cloud/13][3 pkts/816 bytes <-> 6 pkts/5140 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: www.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.726 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 15/6 20/20 5/8][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/857 583/1406 223/565][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com][Certificate SHA-1: 88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82][Firefox][Validity: 2022-02-22 00:00:00 - 2023-03-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0] 17 TCP 192.168.1.128:39828 <-> 40.97.160.2:443 [proto: 91.21/TLS.Outlook][IP: 21/Outlook][Encrypted][Confidence: DPI][DPI packets: 7][cat: Email/3][3 pkts/857 bytes <-> 6 pkts/5097 bytes][Goodput ratio: 79/93][0.55 sec][Hostname/SNI: outlook.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 178/0 184/74 190/189 6/90][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/850 571/1514 209/672][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com][JA3S: 71d9ce75f347e6cf54268d7114ae6925][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com][Certificate SHA-1: 4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58][Firefox][Validity: 2021-12-22 00:00:00 - 2022-12-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 18 TCP 192.168.1.128:57878 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][DPI packets: 6][cat: Collaborative/15][3 pkts/857 bytes <-> 5 pkts/4534 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: teams.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 32/16 44/36 12/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/907 571/1514 209/591][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t00d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: teams.office.com][JA3S: 104071bf77c5f0d7bae5f17542ba9428][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=teams.office.com][Certificate SHA-1: 27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80][Chrome][Validity: 2021-09-06 22:02:06 - 2022-09-06 22:02:06][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 19 TCP 192.168.1.128:57336 <-> 23.1.68.189:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Game/8][3 pkts/849 bytes <-> 5 pkts/4459 bytes][Goodput ratio: 76/92][0.07 sec][Hostname/SNI: www.playstation.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/0 24/12 24/23 0/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/892 583/1514 218/598][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: playstation.com,webforms.playstation.com,www.playstation.com][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com][Certificate SHA-1: 19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A][Firefox][Validity: 2021-11-19 00:00:00 - 2022-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 20 TCP 192.168.1.128:45014 <-> 129.226.107.210:443 [proto: 91.202/TLS.IFLIX][IP: 285/Tencent][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][3 pkts/792 bytes <-> 5 pkts/4228 bytes][Goodput ratio: 77/93][0.97 sec][Hostname/SNI: www.iflix.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.684 (Download)][IAT c2s/s2c min/avg/max/stddev: 324/0 325/162 326/326 1/163][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 264/846 571/1486 219/582][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3][Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com][Certificate SHA-1: 6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0][Firefox][Validity: 2022-01-18 00:00:00 - 2023-01-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 21 TCP 192.168.1.128:56468 <-> 151.101.192.92:443 [proto: 91.186/TLS.Vevo][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Music/25][3 pkts/816 bytes <-> 5 pkts/4204 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: vevo.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 14/7 18/18 4/7][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/841 583/1406 223/551][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.cache.vevo.com,*.cache.vevodev.com,*.cache.vevoprd.com,*.cache.vevostg.com,*.vevodev.com,*.vevoprd.com,*.vevostg.com,stg.vevo.ly,vevo.com,vevo.ly,vevo.pl,vevo.tv,vevoapi.com,vevocdn.com,vevolive.tv,vevosubmit.com,www.vevo.ly,www.vevo.pl,*.vevo.com,*.vevo.ly,*.vevo.pl,*.vevo.tv,*.vevoapi.com,*.vevocdn.com,*.vevolive.tv,*.vevosubmit.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.cache.vevo.com][Certificate SHA-1: ED:55:58:0E:19:94:FE:95:93:86:88:FE:30:27:DF:43:EB:74:17:C2][Firefox][Validity: 2021-06-01 16:55:32 - 2022-07-03 16:55:31][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0] - 22 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48594 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][DPI packets: 6][cat: Chat/9][3 pkts/930 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.04 sec][Hostname/SNI: web.telegram.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 17/18 8/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 750/3710 311/1706][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 23 TCP 192.168.1.128:53978 <-> 208.85.40.158:443 [proto: 91.187/TLS.Pandora][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Streaming/17][3 pkts/849 bytes <-> 5 pkts/3932 bytes][Goodput ratio: 76/91][0.68 sec][Hostname/SNI: pandora.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.645 (Download)][IAT c2s/s2c min/avg/max/stddev: 170/0 254/127 339/173 84/73][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/786 583/1514 218/607][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.pandora.com,pandora.com][JA3S: 7047b9d842ee4b3fba6a86353828c915][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1][Subject: C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com][Certificate SHA-1: 40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF][Firefox][Validity: 2021-05-12 00:00:00 - 2022-06-12 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,16,0,0,0,0,0,0,16,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 24 TCP 192.168.1.128:39302 <-> 95.131.170.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: static.tuenti.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 43/0 46/24 50/49 4/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 25 TCP 192.168.1.128:51248 <-> 95.131.169.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: tuenti.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 46/0 47/24 48/47 1/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 26 TCP 192.168.88.231:49950 <-> 159.153.191.240:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 10][cat: Game/8][5 pkts/807 bytes <-> 5 pkts/3375 bytes][Goodput ratio: 64/91][< 1 sec][Hostname/SNI: accounts.ea.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/36 142/145 70/63][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/675 571/1384 205/599][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_6c96259584c4][ServerNames: accounts.ea.com][JA3S: 7b6819ed58e8d8415604b7dfcef92d55 (WEAK)][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com][Certificate SHA-1: 6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D][Firefox][Validity: 2023-04-18 00:00:00 - 2024-05-18 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (3.digicert.com/DigiCertGlobalRo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] - 27 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48624 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][DPI packets: 6][cat: Chat/9][4 pkts/1011 bytes <-> 3 pkts/2682 bytes][Goodput ratio: 65/90][0.04 sec][Hostname/SNI: telegram.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 12/10 18/20 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 253/894 745/2502 284/1137][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 28 UDP 192.168.1.128:36832 <-> 142.250.181.238:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.02 sec][Hostname/SNI: plus.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: b719940c5ab9a3373cb4475d8143ff88][JA4: q13d0314h][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 29 UDP 192.168.1.128:38642 <-> 216.58.212.142:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.03 sec][Hostname/SNI: hangouts.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: 2a18e6bf307f97c5e27f0ab407dc65db][JA4: q13d0315h][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 30 TCP 192.168.88.231:33920 <-> 185.5.161.203:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][0.08 sec][Hostname/SNI: origin-a.akamaihd.net][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/19 16/24 26/28 10/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_6c96259584c4][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 31 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Shopping/27][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 32 TCP 192.168.1.128:42884 <-> 185.125.190.21:443 [proto: 91.169/TLS.UbuntuONE][IP: 169/UbuntuONE][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.06 sec][Hostname/SNI: assets.ubuntu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 33 TCP 192.168.1.128:45898 <-> 15.160.39.187:443 [proto: 91.254/TLS.AppleSiri][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: VirtAssistant/32][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: guzzoni.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 34 TCP 192.168.1.128:46264 <-> 23.51.246.65:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: static.playstation.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 35 TCP 192.168.1.128:48140 <-> 23.1.66.79:443 [proto: 91.180/TLS.CNN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: cdn.cnn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 36 TCP 192.168.1.128:48902 <-> 2.17.140.63:443 [proto: 91.47/TLS.Xbox][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: account.xbox.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 37 TCP 192.168.1.128:51432 <-> 95.101.195.214:443 [proto: 91.137/TLS.Hulu][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.05 sec][Hostname/SNI: hulu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 38 TCP 192.168.1.128:33664 <-> 108.138.185.106:443 [proto: 91.240/TLS.AmazonVideo][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: www.primevideo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 39 TCP 192.168.1.128:39934 <-> 104.23.98.190:443 [proto: 91.232/TLS.Pastebin][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 4][cat: Download/7][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: pastebin.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unsafe Protocol **][Risk Score: 10][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 40 TCP 192.168.1.128:43150 <-> 108.138.199.67:443 [proto: 91.210/TLS.Deezer][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: deezer.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 41 TCP 192.168.1.128:51806 <-> 18.66.196.102:443 [proto: 91.234/TLS.SoundCloud][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: soundcloud.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 42 TCP 192.168.1.128:53998 <-> 172.65.251.78:443 [proto: 91.262/TLS.GitLab][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 4][cat: Collaborative/15][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.gitlab.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 43 TCP 192.168.1.128:57014 <-> 108.139.210.102:443 [proto: 91.246/TLS.Bloomberg][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: sourcepointcmp.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 44 TCP 192.168.1.128:38858 <-> 142.250.180.142:443 [proto: 91.123/TLS.GoogleMaps][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: maps.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 45 TCP 192.168.1.128:47122 <-> 35.201.112.136:443 [proto: 91.134/TLS.LastFM][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: kerve.last.fm][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 46 TCP 192.168.1.128:50608 <-> 142.250.185.206:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: googleplus.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 47 TCP 192.168.1.128:56458 <-> 142.250.185.142:443 [proto: 91.217/TLS.GoogleDrive][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: drive.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 48 TCP 192.168.1.128:35054 <-> 31.222.67.112:443 [proto: 91.279/TLS.Badoo][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: SocialNetwork/6][2 pkts/645 bytes <-> 2 pkts/1500 bytes][Goodput ratio: 80/92][0.09 sec][Hostname/SNI: www.badoo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] - 49 TCP 192.168.1.128:46084 <-> 146.75.62.167:443 [proto: 91.195/TLS.Twitch][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1480 bytes][Goodput ratio: 79/90][0.05 sec][Hostname/SNI: gql.twitch.tv][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] - 50 UDP 192.168.1.123:59102 -> 216.58.209.46:443 [proto: 188.281/QUIC.GoogleClassroom][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Collaborative/15][1 pkts/1292 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: classroom.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][User-Agent: Chrome/97.0.4692.99 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: V-1][JA3C: a27a03a8478393fe7f8958648bb71ff4][JA4: q13d0310h][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 51 TCP 192.168.12.169:46160 <-> 69.171.250.20:443 [proto: 91.157/TLS.Messenger][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][2 pkts/521 bytes <-> 2 pkts/356 bytes][Goodput ratio: 73/61][0.02 sec][Hostname/SNI: edge-mqtt.facebook.com][(Advertised) ALPNs: h2;h2-fb][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309h2_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 TCP 192.168.1.128:39036 <-> 69.191.252.15:80 [proto: 7/HTTP][IP: 246/Bloomberg][ClearText][Confidence: Match by port][DPI packets: 8][cat: Web/5][7 pkts/518 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][65.08 sec][bytes ratio: 0.738 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1012/0 10830/0 33535/0 11329/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 74/78 74/78 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 TCP 192.168.1.128:44954 <-> 34.96.123.111:80 [proto: 7/HTTP][IP: 284/GoogleCloud][ClearText][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 TCP 192.168.1.128:45936 <-> 208.85.40.158:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.17 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 TCP 192.168.1.128:52070 <-> 18.65.82.67:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 192.168.1.245:46174 <-> 5.61.23.30:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/2084 bytes <-> 10 pkts/3525 bytes][Goodput ratio: 68/82][0.23 sec][Hostname/SNI: 732231.ms.ok.ru][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.257 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/24 46/47 22/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 208/352 905/2236 268/643][TLSv1.2][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][ServerNames: *.ok.ru,odnoklassniki.ru,ok.me,okl.lt,oklive.app,tamtam.chat,tt.me,*.odnoklassniki.ru,*.ok.me,*.okl.lt,*.oklive.app,*.tamtam.chat,*.tt.me,*.ms.ok.ru,ms.ok.ru,ok.ru][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.ok.ru][ECH: version 0xfe0d][Certificate SHA-1: 66:20:81:B9:D0:20:96:BF:13:93:E6:76:FF:C4:19:BD:F6:29:0E:A3][Firefox][Validity: 2023-10-04 08:36:03 - 2024-10-02 09:21:02][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,0,0,12,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12] + 19 TCP 192.168.1.128:57878 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][DPI packets: 6][cat: Collaborative/15][3 pkts/857 bytes <-> 5 pkts/4534 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: teams.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 32/16 44/36 12/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/907 571/1514 209/591][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t00d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: teams.office.com][JA3S: 104071bf77c5f0d7bae5f17542ba9428][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=teams.office.com][Certificate SHA-1: 27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80][Chrome][Validity: 2021-09-06 22:02:06 - 2022-09-06 22:02:06][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 20 TCP 192.168.1.128:57336 <-> 23.1.68.189:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Game/8][3 pkts/849 bytes <-> 5 pkts/4459 bytes][Goodput ratio: 76/92][0.07 sec][Hostname/SNI: www.playstation.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/0 24/12 24/23 0/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/892 583/1514 218/598][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: playstation.com,webforms.playstation.com,www.playstation.com][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com][Certificate SHA-1: 19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A][Firefox][Validity: 2021-11-19 00:00:00 - 2022-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 21 TCP 192.168.1.128:45014 <-> 129.226.107.210:443 [proto: 91.202/TLS.IFLIX][IP: 285/Tencent][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][3 pkts/792 bytes <-> 5 pkts/4228 bytes][Goodput ratio: 77/93][0.97 sec][Hostname/SNI: www.iflix.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.684 (Download)][IAT c2s/s2c min/avg/max/stddev: 324/0 325/162 326/326 1/163][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 264/846 571/1486 219/582][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3][Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com][Certificate SHA-1: 6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0][Firefox][Validity: 2022-01-18 00:00:00 - 2023-01-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 22 TCP 192.168.1.128:56468 <-> 151.101.192.92:443 [proto: 91.186/TLS.Vevo][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Music/25][3 pkts/816 bytes <-> 5 pkts/4204 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: vevo.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 14/7 18/18 4/7][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/841 583/1406 223/551][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.cache.vevo.com,*.cache.vevodev.com,*.cache.vevoprd.com,*.cache.vevostg.com,*.vevodev.com,*.vevoprd.com,*.vevostg.com,stg.vevo.ly,vevo.com,vevo.ly,vevo.pl,vevo.tv,vevoapi.com,vevocdn.com,vevolive.tv,vevosubmit.com,www.vevo.ly,www.vevo.pl,*.vevo.com,*.vevo.ly,*.vevo.pl,*.vevo.tv,*.vevoapi.com,*.vevocdn.com,*.vevolive.tv,*.vevosubmit.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.cache.vevo.com][Certificate SHA-1: ED:55:58:0E:19:94:FE:95:93:86:88:FE:30:27:DF:43:EB:74:17:C2][Firefox][Validity: 2021-06-01 16:55:32 - 2022-07-03 16:55:31][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0] + 23 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48594 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][DPI packets: 6][cat: Chat/9][3 pkts/930 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.04 sec][Hostname/SNI: web.telegram.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 17/18 8/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 750/3710 311/1706][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 24 TCP 192.168.1.128:53978 <-> 208.85.40.158:443 [proto: 91.187/TLS.Pandora][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Streaming/17][3 pkts/849 bytes <-> 5 pkts/3932 bytes][Goodput ratio: 76/91][0.68 sec][Hostname/SNI: pandora.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.645 (Download)][IAT c2s/s2c min/avg/max/stddev: 170/0 254/127 339/173 84/73][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/786 583/1514 218/607][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.pandora.com,pandora.com][JA3S: 7047b9d842ee4b3fba6a86353828c915][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1][Subject: C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com][Certificate SHA-1: 40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF][Firefox][Validity: 2021-05-12 00:00:00 - 2022-06-12 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,16,0,0,0,0,0,0,16,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 25 TCP 192.168.1.128:39302 <-> 95.131.170.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: static.tuenti.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 43/0 46/24 50/49 4/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 26 TCP 192.168.1.128:51248 <-> 95.131.169.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: tuenti.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 46/0 47/24 48/47 1/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 27 TCP 192.168.88.231:49950 <-> 159.153.191.240:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 10][cat: Game/8][5 pkts/807 bytes <-> 5 pkts/3375 bytes][Goodput ratio: 64/91][< 1 sec][Hostname/SNI: accounts.ea.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/36 142/145 70/63][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/675 571/1384 205/599][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_6c96259584c4][ServerNames: accounts.ea.com][JA3S: 7b6819ed58e8d8415604b7dfcef92d55 (WEAK)][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com][Certificate SHA-1: 6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D][Firefox][Validity: 2023-04-18 00:00:00 - 2024-05-18 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (3.digicert.com/DigiCertGlobalRo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] + 28 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48624 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][DPI packets: 6][cat: Chat/9][4 pkts/1011 bytes <-> 3 pkts/2682 bytes][Goodput ratio: 65/90][0.04 sec][Hostname/SNI: telegram.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 12/10 18/20 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 253/894 745/2502 284/1137][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 29 UDP 192.168.1.128:36832 <-> 142.250.181.238:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.02 sec][Hostname/SNI: plus.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: b719940c5ab9a3373cb4475d8143ff88][JA4: q13d0314h][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 30 UDP 192.168.1.128:38642 <-> 216.58.212.142:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.03 sec][Hostname/SNI: hangouts.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: 2a18e6bf307f97c5e27f0ab407dc65db][JA4: q13d0315h][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 31 TCP 192.168.88.231:33920 <-> 185.5.161.203:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][0.08 sec][Hostname/SNI: origin-a.akamaihd.net][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/19 16/24 26/28 10/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_6c96259584c4][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 32 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Shopping/27][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 33 TCP 192.168.1.128:42884 <-> 185.125.190.21:443 [proto: 91.169/TLS.UbuntuONE][IP: 169/UbuntuONE][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.06 sec][Hostname/SNI: assets.ubuntu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 34 TCP 192.168.1.128:45898 <-> 15.160.39.187:443 [proto: 91.254/TLS.AppleSiri][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: VirtAssistant/32][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: guzzoni.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 35 TCP 192.168.1.128:46264 <-> 23.51.246.65:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: static.playstation.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 36 TCP 192.168.1.128:48140 <-> 23.1.66.79:443 [proto: 91.180/TLS.CNN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: cdn.cnn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 37 TCP 192.168.1.128:48902 <-> 2.17.140.63:443 [proto: 91.47/TLS.Xbox][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: account.xbox.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 38 TCP 192.168.1.128:51432 <-> 95.101.195.214:443 [proto: 91.137/TLS.Hulu][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.05 sec][Hostname/SNI: hulu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 39 TCP 192.168.1.128:33664 <-> 108.138.185.106:443 [proto: 91.240/TLS.AmazonVideo][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: www.primevideo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 40 TCP 192.168.1.128:39934 <-> 104.23.98.190:443 [proto: 91.232/TLS.Pastebin][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 4][cat: Download/7][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: pastebin.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unsafe Protocol **][Risk Score: 10][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 41 TCP 192.168.1.128:43150 <-> 108.138.199.67:443 [proto: 91.210/TLS.Deezer][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: deezer.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 42 TCP 192.168.1.128:51806 <-> 18.66.196.102:443 [proto: 91.234/TLS.SoundCloud][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: soundcloud.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 43 TCP 192.168.1.128:53998 <-> 172.65.251.78:443 [proto: 91.262/TLS.GitLab][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 4][cat: Collaborative/15][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.gitlab.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 44 TCP 192.168.1.128:57014 <-> 108.139.210.102:443 [proto: 91.246/TLS.Bloomberg][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: sourcepointcmp.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 45 TCP 192.168.1.128:38858 <-> 142.250.180.142:443 [proto: 91.123/TLS.GoogleMaps][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: maps.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 46 TCP 192.168.1.128:47122 <-> 35.201.112.136:443 [proto: 91.134/TLS.LastFM][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][DPI packets: 4][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: kerve.last.fm][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 47 TCP 192.168.1.128:50608 <-> 142.250.185.206:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: googleplus.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 48 TCP 192.168.1.128:56458 <-> 142.250.185.142:443 [proto: 91.217/TLS.GoogleDrive][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: drive.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 49 TCP 192.168.1.128:35054 <-> 31.222.67.112:443 [proto: 91.279/TLS.Badoo][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: SocialNetwork/6][2 pkts/645 bytes <-> 2 pkts/1500 bytes][Goodput ratio: 80/92][0.09 sec][Hostname/SNI: www.badoo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] + 50 TCP 192.168.1.128:46084 <-> 146.75.62.167:443 [proto: 91.195/TLS.Twitch][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1480 bytes][Goodput ratio: 79/90][0.05 sec][Hostname/SNI: gql.twitch.tv][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] + 51 UDP 192.168.1.123:59102 -> 216.58.209.46:443 [proto: 188.281/QUIC.GoogleClassroom][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Collaborative/15][1 pkts/1292 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: classroom.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][User-Agent: Chrome/97.0.4692.99 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: V-1][JA3C: a27a03a8478393fe7f8958648bb71ff4][JA4: q13d0310h][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 52 TCP 192.168.12.169:46160 <-> 69.171.250.20:443 [proto: 91.157/TLS.Messenger][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][2 pkts/521 bytes <-> 2 pkts/356 bytes][Goodput ratio: 73/61][0.02 sec][Hostname/SNI: edge-mqtt.facebook.com][(Advertised) ALPNs: h2;h2-fb][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309h2_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 TCP 192.168.1.128:39036 <-> 69.191.252.15:80 [proto: 7/HTTP][IP: 246/Bloomberg][ClearText][Confidence: Match by port][DPI packets: 8][cat: Web/5][7 pkts/518 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][65.08 sec][bytes ratio: 0.738 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1012/0 10830/0 33535/0 11329/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 74/78 74/78 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 192.168.1.128:44954 <-> 34.96.123.111:80 [proto: 7/HTTP][IP: 284/GoogleCloud][ClearText][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 TCP 192.168.1.128:45936 <-> 208.85.40.158:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.17 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 TCP 192.168.1.128:52070 <-> 18.65.82.67:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls_torrent.pcapng.out b/tests/cfgs/default/result/tls_torrent.pcapng.out index 7d77f2aa5..3d65c18ff 100644 --- a/tests/cfgs/default/result/tls_torrent.pcapng.out +++ b/tests/cfgs/default/result/tls_torrent.pcapng.out @@ -5,16 +5,16 @@ LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/2/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache stun_zoom: 0/0/0 (insert/search/found) -Automa host: 3/3 (search/found) -Automa domain: 3/0 (search/found) +Automa host: 1/1 (search/found) +Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) -Automa risk mask: 1/0 (search/found) +Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index ebbf6b3df..32e200d5b 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -13,7 +13,7 @@ LRU cache tls_cert: 0/0/0 (insert/search/found) LRU cache mining: 0/21/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache stun_zoom: 0/2/0 (insert/search/found) -Automa host: 32/25 (search/found) +Automa host: 32/28 (search/found) Automa domain: 32/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 12/0 (search/found) @@ -25,17 +25,17 @@ Patricia risk IPv6: 0/0 (search/found) Patricia protocols: 72/16 (search/found) Patricia protocols IPv6: 0/0 (search/found) -DNS 6 630 3 -HTTP 19 2275 5 +DNS 4 476 2 +HTTP 10 676 4 TLS 23 1578 15 QUIC 23 4118 2 Sina 335 220149 11 Alibaba 8 877 3 -SinaWeibo 84 37928 5 +SinaWeibo 95 39681 7 Safe 23 1578 15 -Acceptable 56 7900 13 -Fun 419 258077 16 +Acceptable 45 6147 11 +Fun 430 259830 18 JA3 Host Stats: IP Address # JA3C @@ -51,7 +51,7 @@ JA3 Host Stats: 7 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Goodput ratio: 49/89][0.23 sec][Hostname/SNI: img.t.sinajs.cn][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 45/42 163/160 63/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 135/626 530/1502 161/505][URL: img.t.sinajs.cn/t6/style/images/global_nav/WB_logo_b.png][StatusCode: 200][Content-Type: image/png][Server: PWS/8.1.36][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/images/global)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0] 8 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 13][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes][Goodput ratio: 74/71][1.60 sec][bytes ratio: 0.197 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 76/2 266/14 1385/29 503/13][Pkt Len c2s/s2c min/avg/max/stddev: 67/74 163/146 406/433 122/129][Plen Bins: 21,35,14,0,0,7,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 9][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes][Goodput ratio: 78/83][0.69 sec][bytes ratio: -0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171/228 626/662 264/307][Pkt Len c2s/s2c min/avg/max/stddev: 77/85 193/245 353/660 93/241][Plen Bins: 0,33,11,11,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Goodput ratio: 61/73][1.05 sec][Hostname/SNI: weibo.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/347 176/348 353/348 174/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147/216 500/689 177/273][URL: weibo.com/login.php?lang=en-us][StatusCode: 301][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /login.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7.356/HTTP.SinaWeibo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][5 pkts/736 bytes <-> 4 pkts/863 bytes][Goodput ratio: 61/73][1.05 sec][Hostname/SNI: weibo.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/347 176/348 353/348 174/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147/216 500/689 177/273][URL: weibo.com/login.php?lang=en-us][StatusCode: 301][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /login.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Goodput ratio: 66/0][0.46 sec][Hostname/SNI: js.t.sinajs.cn][URL: js.t.sinajs.cn/t5/register/js/v6/pl/base.js?version=201605130537][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (KGET /t)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Goodput ratio: 70/0][0.38 sec][Hostname/SNI: u1.img.mobile.sina.cn][URL: u1.img.mobile.sina.cn/public/files/image/620x300_img5653d57c6dab2.png][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /public/files/image/620)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91.274/TLS.Alibaba][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][Goodput ratio: 52/0][0.16 sec][Hostname/SNI: g.alicdn.com][(Advertised) ALPNs: h2;spdy/3.1;http/1.1][TLSv1.2][JA3C: 58e7f64db6e4fe4941dd9691d421196c][JA4: t12d1412h2_20a10634286c_ce3753e6c77f][Firefox][PLAIN TEXT (g.alicdn.com)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -67,7 +67,7 @@ JA3 Host Stats: 23 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.36 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.34 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5.274/DNS.Alibaba][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/112 bytes][Goodput ratio: 43/62][0.20 sec][Hostname/SNI: log.mmstat.com][140.205.174.1][PLAIN TEXT (mmstat)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 39/50][0.08 sec][Hostname/SNI: weibo.com][114.134.80.162][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5.356/DNS.SinaWeibo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 39/50][0.08 sec][Hostname/SNI: weibo.com][114.134.80.162][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out index bbf96c7b6..0f530d916 100644 --- a/tests/cfgs/default/result/zoom.pcap.out +++ b/tests/cfgs/default/result/zoom.pcap.out @@ -8,14 +8,14 @@ Confidence DPI : 32 (flows) Num dissector calls: 1050 (30.88 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) -LRU cache zoom: 7/0/0 (insert/search/found) +LRU cache zoom: 8/0/0 (insert/search/found) LRU cache stun: 6/0/0 (insert/search/found) -LRU cache tls_cert: 0/2/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) LRU cache mining: 0/2/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache stun_zoom: 3/0/0 (insert/search/found) -Automa host: 25/20 (search/found) -Automa domain: 24/0 (search/found) +Automa host: 24/20 (search/found) +Automa domain: 23/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 7/0 (search/found) Automa common alpns: 10/10 (search/found) |