diff options
| author | Luca <deri@ntop.org> | 2019-08-28 14:02:39 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2019-08-28 14:02:39 +0200 |
| commit | e4e40e3c70e2cd49fd537a526fa70805c8c391c5 (patch) | |
| tree | 98c605df4ac69cdef449d4eec700f5b74f621feb /tests/result/tor.pcap.out | |
| parent | 84aeee49bda71f71877ca114a1946a6d359be5d5 (diff) | |
Added entropy, average, stddev, variance, bytes ratio calculation
Diffstat (limited to 'tests/result/tor.pcap.out')
| -rw-r--r-- | tests/result/tor.pcap.out | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 601cacc4c..e58bf3d1a 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -9,14 +9,14 @@ JA3 Host Stats: 1 192.168.1.252 1 - 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][TLSv1][client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][server: www.gg562izcxdvqdk.com][JA3S: e1691a31bfe345d2692da75636ddfb00][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (id.com)] - 2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes][TLSv1][client: www.q4cyamnc6mtokjurvdclt.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (cyamnc6)] - 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][TLSv1][client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (www.ct7)] - 4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][17 pkts/5489 bytes <-> 21 pkts/7031 bytes][TLSv1][client: www.gfu7hbxpfp.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][server: www.xkgk7fdx362yyyxib.com][JA3S: 184d532a16876b78846ae6a03f654890][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (www.gfu)] - 5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][cat: VPN/2][16 pkts/4858 bytes <-> 18 pkts/6284 bytes][TLSv1][client: www.e6r5p57kbafwrxj3plz.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (57kbafwrx)] - 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][cat: VPN/2][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][TLSv1][client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (ru.com)] - 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][cat: VPN/2][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][TLSv1][client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (sieb.com)] - 8 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 676879976)] - 9 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes][PLAIN TEXT (Endian)] - 10 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( EFEOEEEJEBEOCNFAEDCACACACACACA)] - 11 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/TLS][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes] + 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][pktlen c2s avg(stddev)/entropy: 4.1(261.7)/348.8][pktlen s2c avg(stddev)/entropy: 4.4(1175.6)/544.1][bytes ratio: -0.76][TLSv1][client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][server: www.gg562izcxdvqdk.com][JA3S: e1691a31bfe345d2692da75636ddfb00][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (id.com)] + 2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes][pktlen c2s avg(stddev)/entropy: 4.0(251.7)/354.5][pktlen s2c avg(stddev)/entropy: 4.5(1247.8)/507.1][bytes ratio: -0.79][TLSv1][client: www.q4cyamnc6mtokjurvdclt.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (cyamnc6)] + 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][pktlen c2s avg(stddev)/entropy: 4.3(366.4)/349.5][pktlen s2c avg(stddev)/entropy: 4.3(580.0)/568.1][bytes ratio: -0.34][TLSv1][client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (www.ct7)] + 4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][17 pkts/5489 bytes <-> 21 pkts/7031 bytes][pktlen c2s avg(stddev)/entropy: 3.5(322.9)/270.5][pktlen s2c avg(stddev)/entropy: 3.5(334.8)/384.8][bytes ratio: -0.12][TLSv1][client: www.gfu7hbxpfp.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][server: www.xkgk7fdx362yyyxib.com][JA3S: 184d532a16876b78846ae6a03f654890][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (www.gfu)] + 5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][cat: VPN/2][16 pkts/4858 bytes <-> 18 pkts/6284 bytes][pktlen c2s avg(stddev)/entropy: 3.4(303.6)/266.5][pktlen s2c avg(stddev)/entropy: 3.3(349.1)/398.3][bytes ratio: -0.13][TLSv1][client: www.e6r5p57kbafwrxj3plz.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (57kbafwrx)] + 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][cat: VPN/2][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][pktlen c2s avg(stddev)/entropy: 3.3(230.7)/242.6][pktlen s2c avg(stddev)/entropy: 3.3(421.2)/402.9][bytes ratio: -0.29][TLSv1][client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (ru.com)] + 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][cat: VPN/2][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][pktlen c2s avg(stddev)/entropy: 3.2(242.3)/246.7][pktlen s2c avg(stddev)/entropy: 3.1(430.5)/415.8][bytes ratio: -0.25][TLSv1][client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (sieb.com)] + 8 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes][pktlen c2s avg(stddev)/entropy: 3.3(186.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(nan)/0.0][bytes ratio: 1.00][PLAIN TEXT ( 676879976)] + 9 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes][pktlen c2s avg(stddev)/entropy: 2.6(151.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(nan)/0.0][bytes ratio: 1.00][PLAIN TEXT (Endian)] + 10 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes][pktlen c2s avg(stddev)/entropy: 0.0(252.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(nan)/0.0][bytes ratio: 1.00][PLAIN TEXT ( EFEOEEEJEBEOCNFAEDCACACACACACA)] + 11 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/TLS][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][pktlen c2s avg(stddev)/entropy: 0.0(60.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(nan)/0.0][bytes ratio: 1.00] |