aboutsummaryrefslogtreecommitdiff
path: root/tests/result/teams.pcap.out
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2021-02-03 11:52:46 +0100
committerLuca Deri <deri@ntop.org>2021-02-03 11:52:46 +0100
commit155b1aaa687f1757cea92071fc053b28a49fab21 (patch)
tree8a81ec8a332ab3edb81ad08ec6dbe4bd8b7d5b23 /tests/result/teams.pcap.out
parent6e87daab699d4117a826994ad84007ef822b0751 (diff)
Updated results due to the new fragment manager handler
Diffstat (limited to 'tests/result/teams.pcap.out')
-rw-r--r--tests/result/teams.pcap.out38
1 files changed, 19 insertions, 19 deletions
diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out
index 800d5f3cb..ea3d63a7d 100644
--- a/tests/result/teams.pcap.out
+++ b/tests/result/teams.pcap.out
@@ -4,13 +4,13 @@ DHCP 7 2323 2
ntop 40 9816 3
SkypeCall 49 10800 4
ICMP 2 140 1
-TLS 107 45011 5
+TLS 65 24255 3
Dropbox 18 11162 3
Skype 44 21248 3
Apple 2 231 1
Spotify 1 82 1
Telegram 3 186 1
-Microsoft 403 283797 11
+Microsoft 445 304553 13
Microsoft365 136 52120 6
Teams 1914 1034623 33
@@ -25,37 +25,37 @@ JA3 Host Stats:
4 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: config.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
5 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0]
6 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0]
- 7 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0]
- 8 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][ALPN: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TLSv1.2][Client: presence.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
+ 7 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0]
+ 8 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][ALPN: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TLSv1.2][Client: presence.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.noam.presence.teams.microsoft.com,*.emea.presence.teams.microsoft.com,*.apac.presence.teams.microsoft.com,*.noamdf.presence.teams.microsoft.com,*.presence.teams.microsoft.com,presence.teams.microsoft.com][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=presence.teams.microsoft.com][Certificate SHA-1: EC:05:57:FD:03:72:4B:67:66:F7:AE:A0:71:61:5E:E9:50:43:E1:BD][Validity: 2018-06-04 17:29:38 - 2020-06-04 17:29:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
9 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][ALPN: h2;http/1.1][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][TLSv1.2][Client: substrate.office.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
10 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0]
11 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][ALPN: h2;http/1.1][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][TLSv1.2][Client: teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
- 12 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][ALPN: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][PLAIN TEXT (Washington1w.teams.microsoft.co)][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
+ 12 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][ALPN: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: *.asyncgw.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=*.asyncgw.teams.microsoft.com][Certificate SHA-1: FF:F7:1C:B4:95:3F:63:29:27:A7:E8:3F:37:0B:03:D3:E0:A3:75:4E][Validity: 2018-06-12 11:52:45 - 2020-06-12 11:52:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
13 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0]
14 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0]
- 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][ALPN: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][Client: chatsvcagg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
- 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][ALPN: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][Client: emea.ng.msg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
+ 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][ALPN: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][Client: chatsvcagg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: chatsvcagg.teams.microsoft.com][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=chatsvcagg.teams.microsoft.com][Certificate SHA-1: 1C:6F:2B:DC:3E:CE:FB:53:27:91:51:D9:9E:94:17:9C:19:28:7E:50][Validity: 2019-04-17 18:05:11 - 2021-04-17 18:05:11][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
+ 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][ALPN: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][Client: emea.ng.msg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: msgapi.teams.microsoft.com,*.msgapi.teams.microsoft.com,pg.msg.infra.teams.microsoft.com,*.pg.msg.infra.teams.microsoft.com,ng.msg.teams.microsoft.com,*.ng.msg.teams.microsoft.com,*.msg.skype.com][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=msgapi.teams.microsoft.com][Certificate SHA-1: F6:D5:A8:31:F9:99:91:B8:12:E9:44:9C:15:77:DE:CC:F6:80:16:02][Validity: 2019-04-16 11:16:30 - 2021-04-16 11:16:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][ALPN: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][Client: eu-api.asm.skype.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
- 18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
+ 18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
- 20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TLSv1.2][Client: northeurope.notifications.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
- 21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][cat: Web/5][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][ALPN: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][Client: api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0]
- 22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][cat: Web/5][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][ALPN: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][Client: euno-1.api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0]
+ 20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TLSv1.2][Client: northeurope.notifications.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.notifications.teams.microsoft.com,*.notifications.skype.com][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.notifications.teams.microsoft.com][Certificate SHA-1: 18:45:1B:21:D0:02:E4:6F:FE:2D:F0:04:E5:CB:D7:93:15:AB:AC:F1][Validity: 2018-05-14 22:43:09 - 2020-05-14 22:43:09][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
+ 21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][cat: Web/5][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][ALPN: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][Client: api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.api.microsoftstream.com,api.microsoftstream.com][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=*.api.microsoftstream.com][Certificate SHA-1: 59:5B:C3:EB:46:1F:80:AE:B9:E4:01:40:14:2B:C1:99:FE:54:32:E0][Validity: 2019-07-16 00:02:30 - 2021-07-16 00:02:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0]
+ 22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][cat: Web/5][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][ALPN: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][Client: euno-1.api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.api.microsoftstream.com,api.microsoftstream.com][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.api.microsoftstream.com][Certificate SHA-1: 87:58:60:92:AE:44:22:F2:68:A8:3B:1F:90:75:DF:03:21:C4:DE:D8][Validity: 2019-07-16 00:02:35 - 2021-07-16 00:02:35][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0]
23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][ALPN: h2;http/1.1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][TLSv1.2][Client: config.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
- 25 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91/TLS][cat: Web/5][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
- 26 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91/TLS][cat: Web/5][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
+ 25 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91.212/TLS.Microsoft][cat: Collaborative/15][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: dc.services.visualstudio.com,dc.applicationinsights.microsoft.com,dc.applicationinsights.azure.com,gate.hockeyapp.net,dc.trafficmanager.net,ausse-breeziest-in.cloudapp.net,brzs-breeziest-in.cloudapp.net,cca-breeziest-in.cloudapp.net,cfr-breeziest-in.cloudapp.net,cin-breeziest-in.cloudapp.net,cko-breeziest-in.cloudapp.net,cus-breeziest-in.cloudapp.net,cus02-breeziest-in.cloudapp.net,eas-breeziest-in.cloudapp.net,eau-breeziest-in.cloudapp.net,ejp-breeziest-in.cloudapp.net,eus-breeziest-in.cloudapp.net,eus02-breeziest-in.cloudapp.net,eus03-breeziest-in.cloudapp.net,eus04-breeziest-in.cloudapp.net,eus05-breeziest-in.cloudapp.net,eus2-breeziest-in.cloudapp.net,ncus-breeziest-in.cloudapp.net,neu-breeziest-in.cloudapp.net,safn-breeziest-in.cloudapp.net,scus-breeziest-in.cloudapp.net,sea-breeziest-in.cloudapp.net,suk-breeziest-in.cloudapp.net,swn-breeziest-in.cloudapp.net,weu-breeziest-in.cloudapp.net,weu02-breeziest-in.cloudapp.net,weu03-breeziest-in.cloudapp.net,wus-breeziest-in.cloudapp.net,wus2-breeziest-in.cloudapp.net,wus202-breeziest-in.cloudapp.net][JA3S: 15381d64ba148f31a70eb87b53085230][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=dc.services.visualstudio.com][Certificate SHA-1: DB:15:BE:C6:84:59:FA:AA:1A:71:CA:0B:CD:F1:F2:FD:E3:1F:FB:B1][Validity: 2020-03-17 21:46:14 - 2022-03-17 21:46:14][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
+ 26 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91.212/TLS.Microsoft][cat: Collaborative/15][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: dc.services.visualstudio.com,dc.applicationinsights.microsoft.com,dc.applicationinsights.azure.com,gate.hockeyapp.net,dc.trafficmanager.net,ausse-breeziest-in.cloudapp.net,brzs-breeziest-in.cloudapp.net,cca-breeziest-in.cloudapp.net,cfr-breeziest-in.cloudapp.net,cin-breeziest-in.cloudapp.net,cko-breeziest-in.cloudapp.net,cus-breeziest-in.cloudapp.net,cus02-breeziest-in.cloudapp.net,eas-breeziest-in.cloudapp.net,eau-breeziest-in.cloudapp.net,ejp-breeziest-in.cloudapp.net,eus-breeziest-in.cloudapp.net,eus02-breeziest-in.cloudapp.net,eus03-breeziest-in.cloudapp.net,eus04-breeziest-in.cloudapp.net,eus05-breeziest-in.cloudapp.net,eus2-breeziest-in.cloudapp.net,ncus-breeziest-in.cloudapp.net,neu-breeziest-in.cloudapp.net,safn-breeziest-in.cloudapp.net,scus-breeziest-in.cloudapp.net,sea-breeziest-in.cloudapp.net,suk-breeziest-in.cloudapp.net,swn-breeziest-in.cloudapp.net,weu-breeziest-in.cloudapp.net,weu02-breeziest-in.cloudapp.net,weu03-breeziest-in.cloudapp.net,wus-breeziest-in.cloudapp.net,wus2-breeziest-in.cloudapp.net,wus202-breeziest-in.cloudapp.net][JA3S: 15381d64ba148f31a70eb87b53085230][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=dc.services.visualstudio.com][Certificate SHA-1: DB:15:BE:C6:84:59:FA:AA:1A:71:CA:0B:CD:F1:F2:FD:E3:1F:FB:B1][Validity: 2020-03-17 21:46:14 - 2022-03-17 21:46:14][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
27 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: trouter2-asse-a.trouter.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
- 28 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0]
+ 28 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0]
29 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91.121/TLS.Dropbox][cat: Cloud/13][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
- 30 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: api.flightproxy.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
+ 30 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: api.flightproxy.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.flightproxy.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.flightproxy.teams.microsoft.com][Certificate SHA-1: C2:12:66:E3:8C:A2:DA:EF:F3:3B:67:0B:02:65:27:3B:DB:C4:EA:D8][Validity: 2020-03-24 04:47:06 - 2022-03-24 04:47:06][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
31 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Risk: ** Known protocol on non standard port **][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
33 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Certificate Mismatch **** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: 52.114.250.153][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
- 34 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][ALPN: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
- 35 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][ALPN: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TLSv1.2][Client: eu-api.asm.skype.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
- 36 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: euaz.tr.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
- 37 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: euaz.tr.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+ 34 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][ALPN: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.asyncgw.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=*.asyncgw.teams.microsoft.com][Certificate SHA-1: FF:F7:1C:B4:95:3F:63:29:27:A7:E8:3F:37:0B:03:D3:E0:A3:75:4E][Validity: 2018-06-12 11:52:45 - 2020-06-12 11:52:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
+ 35 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][ALPN: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TLSv1.2][Client: eu-api.asm.skype.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
+ 36 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: euaz.tr.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+ 37 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: euaz.tr.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Certificate Mismatch **** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: 52.114.250.152][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
39 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known protocol on non standard port **][TLSv1.2][Client: dati.ntop.org][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
40 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known protocol on non standard port **][TLSv1.2][Client: dati.ntop.org][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.