aboutsummaryrefslogtreecommitdiff
path: root/tests/result/tor.pcap.out
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2021-03-03 19:30:01 +0100
committerLuca Deri <deri@ntop.org>2021-03-03 19:30:01 +0100
commit0f8a9948415bceac84148e1965e12e3f19c5050e (patch)
treee0615fc8fbf465178d29c78472638fb56b6ba5e3 /tests/result/tor.pcap.out
parent49843509e54aa70dc69005dab5f02f32df7866e2 (diff)
Improved DGA detection
Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49%
Diffstat (limited to 'tests/result/tor.pcap.out')
-rw-r--r--tests/result/tor.pcap.out8
1 files changed, 4 insertions, 4 deletions
diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out
index f9feb0e70..21bf25cd4 100644
--- a/tests/result/tor.pcap.out
+++ b/tests/result/tor.pcap.out
@@ -1,17 +1,17 @@
SMBv1 1 252 1
-TLS 62 20152 3
+TLS 2029 1601968 5
DHCPV6 6 906 1
Dropbox 10 1860 1
-Tor 3615 2994270 5
+Tor 1648 1412454 3
JA3 Host Stats:
IP Address # JA3C
1 192.168.1.252 1
- 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 91.163/TLS.Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][Goodput ratio: 78/95][134.33 sec][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/86 33482/11394 1582/404][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 262/1176 1514/1514 349/544][Risk: ** Obsolete TLS version (< 1.1) **** Suspicious DGA domain name **** Unsafe Protocol **][TLSv1][Client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,2,0,0,0,1,3,0,1,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,1,0,42,0,0]
+ 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 91/TLS][cat: Web/5][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][Goodput ratio: 78/95][134.33 sec][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/86 33482/11394 1582/404][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 262/1176 1514/1514 349/544][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][Client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,2,0,0,0,1,3,0,1,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,1,0,42,0,0]
2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 91.163/TLS.Tor][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes][Goodput ratio: 77/96][106.13 sec][bytes ratio: -0.790 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/109 30770/31166 1830/1316][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 252/1248 1514/1514 355/507][Risk: ** Obsolete TLS version (< 1.1) **** Suspicious DGA domain name **** Unsafe Protocol **][TLSv1][Client: www.q4cyamnc6mtokjurvdclt.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,1,74,0,0]
- 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 91.163/TLS.Tor][cat: VPN/2][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][Goodput ratio: 84/91][109.04 sec][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2212/966 44777/37995 8343/4770][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 366/580 1514/1514 350/568][Risk: ** Obsolete TLS version (< 1.1) **** Suspicious DGA domain name **** Unsafe Protocol **][TLSv1][Client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.xkgk7fdx362yyyxib.com][Subject: CN=www.g6ghvisevf3ibuu5.net][Certificate SHA-1: 94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7][Validity: 2013-10-03 00:00:00 - 2013-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 2,1,1,1,1,0,1,0,0,3,0,0,0,0,0,0,2,0,58,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,1,0,22,0,0]
+ 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 91/TLS][cat: Web/5][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][Goodput ratio: 84/91][109.04 sec][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2212/966 44777/37995 8343/4770][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 366/580 1514/1514 350/568][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][Client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.xkgk7fdx362yyyxib.com][Subject: CN=www.g6ghvisevf3ibuu5.net][Certificate SHA-1: 94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7][Validity: 2013-10-03 00:00:00 - 2013-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 2,1,1,1,1,0,1,0,0,3,0,0,0,0,0,0,2,0,58,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,1,0,22,0,0]
4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 91.163/TLS.Tor][cat: VPN/2][17 pkts/5489 bytes <-> 21 pkts/7031 bytes][Goodput ratio: 82/84][135.32 sec][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 10378/8441 132386/132736 35221/32094][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 323/335 640/1514 270/385][Risk: ** Obsolete TLS version (< 1.1) **** Suspicious DGA domain name **** Unsafe Protocol **][TLSv1][Client: www.gfu7hbxpfp.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.xkgk7fdx362yyyxib.com][Subject: CN=www.g6ghvisevf3ibuu5.net][Certificate SHA-1: 94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7][Validity: 2013-10-03 00:00:00 - 2013-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,5,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,65,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 91.163/TLS.Tor][cat: VPN/2][16 pkts/4858 bytes <-> 18 pkts/6284 bytes][Goodput ratio: 81/84][108.05 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 6124/2564 71328/34353 19661/8817][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 304/349 640/1514 267/398][Risk: ** Obsolete TLS version (< 1.1) **** Suspicious DGA domain name **** Unsafe Protocol **][TLSv1][Client: www.e6r5p57kbafwrxj3plz.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.gmvuy6mtjbxevwo3w.com][Subject: CN=www.bpcau5b3haif5els.net][Certificate SHA-1: 3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C][Validity: 2013-06-07 00:00:00 - 2014-02-07 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,5,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 91/TLS][cat: Web/5][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][Goodput ratio: 75/87][135.27 sec][bytes ratio: -0.292 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 11234/11261 72591/72890 25060/25130][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 231/421 640/1514 243/403][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][Client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.wohgpas45j6ucw.com][Subject: CN=www.7d43ah2kikrabj.net][Certificate SHA-1: F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B][Validity: 2013-09-11 00:00:00 - 2013-11-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,11,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
Powered by cgit, Themed by Ted Yin.