diff options
| author | Luca <deri@ntop.org> | 2019-08-29 16:08:18 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2019-08-29 16:08:18 +0200 |
| commit | c3284526871f164de42227a3cb466cd3f2f2a335 (patch) | |
| tree | c7e71bf45ce7e8104d937643e275c43d6a4c78e2 /tests/result | |
| parent | 536b5207500cb7a7139c315bcd9bb85dd2276675 (diff) | |
Average calculation fix
Diffstat (limited to 'tests/result')
| -rw-r--r-- | tests/result/1kxun.pcap.out | 32 | ||||
| -rw-r--r-- | tests/result/dropbox.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/hangout.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/msnms.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/mssql_tds.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/netflix.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/nintendo.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/ocs.pcap.out | 22 | ||||
| -rw-r--r-- | tests/result/pps.pcap.out | 18 | ||||
| -rw-r--r-- | tests/result/quic.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/sip.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/skype.pcap.out | 68 | ||||
| -rw-r--r-- | tests/result/skype_no_unknown.pcap.out | 52 | ||||
| -rw-r--r-- | tests/result/ssdp-m-search.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/starcraft_battle.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/tor.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/upnp.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/webex.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/wechat.pcap.out | 30 | ||||
| -rw-r--r-- | tests/result/whatsapp_login_call.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/whatsapp_login_chat.pcap.out | 4 |
21 files changed, 134 insertions, 134 deletions
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 6ce7a5041..b6dae70fb 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -32,11 +32,11 @@ JA3 Host Stats: 9 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 62.6/75.8 101.1/110.0 2.7/2.3][PLAIN TEXT (POST /api/proxy)] 10 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c avg/stddev/entropy: 3.0/1.7 3.6/2.8 1.4/1.2][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)] 11 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c avg/stddev/entropy: 2.6/1.4 3.9/2.3 0.8/1.0][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)] - 12 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 559.3/-nan 539.4/0.0 3.3/0.0][PLAIN TEXT (NOTIFY )] - 13 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 559.3/-nan 539.5/0.0 3.3/0.0][PLAIN TEXT (NOTIFY )] + 12 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 559.3/0.0 539.4/0.0 3.3/0.0][PLAIN TEXT (NOTIFY )] + 13 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 559.3/0.0 539.5/0.0 3.3/0.0][PLAIN TEXT (NOTIFY )] 14 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][bytes ratio: 0.687 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1501.5/2001.9 3983.1/4454.6 0.9/0.9] 15 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c avg/stddev/entropy: 63.6/143.8 128.9/177.3 2.1/1.6][PLAIN TEXT (POST /getvinfo HTTP/1.1)] - 16 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3308.1/-nan 3131.3/0.0 3.2/0.0] + 16 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3308.1/0.0 3131.3/0.0 3.2/0.0] 17 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 64.119/TLS_No_Cert.Facebook][cat: SocialNetwork/6][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 60.0/44.0 82.0/54.3 0.2/0.8] 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 2094.8/2992.9 4694.2/5366.5 0.9/0.9][TLSv1.2][client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 19 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 675.7/965.0 1782.0/2063.5 0.6/0.6][TLSv1.2][client: 1][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] @@ -45,26 +45,26 @@ JA3 Host Stats: 22 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][bytes ratio: 0.211 (Upload)][IAT c2s/s2c avg/stddev/entropy: 888.8/1269.9 1896.9/2158.7 1.0/1.0][TLSv1.2][client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 23 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 5012.3/15033.7 14066.9/21220.5 0.1/0.0][PLAIN TEXT (GET /api/videos/10410.j)] 24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 64.119/TLS_No_Cert.Facebook][cat: SocialNetwork/6][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 63.5/63.5 84.1/87.4 0.7/0.6] - 25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4379.2/-nan 3992.0/0.0 3.3/0.0][PLAIN TEXT (SEARCH )] + 25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4379.2/0.0 3992.0/0.0 3.3/0.0][PLAIN TEXT (SEARCH )] 26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 5015.8/15047.7 14065.4/21224.8 0.1/0.0][PLAIN TEXT (GET /api/videos/alsolikes/10410)] 27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c avg/stddev/entropy: 25.3/51.7 33.6/36.8 1.8/1.0][PLAIN TEXT (GET /vlive.qq)] - 28 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4931.8/-nan 4302.8/0.0 3.2/0.0][PLAIN TEXT (SEARCH )] - 29 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4095.6/-nan 3433.4/0.0 3.1/0.0][PLAIN TEXT (SEARCH )] - 30 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4533.2/-nan 4849.8/0.0 3.0/0.0][PLAIN TEXT (SEARCH )] + 28 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4931.8/0.0 4302.8/0.0 3.2/0.0][PLAIN TEXT (SEARCH )] + 29 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4095.6/0.0 3433.4/0.0 3.1/0.0][PLAIN TEXT (SEARCH )] + 30 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4533.2/0.0 4849.8/0.0 3.0/0.0][PLAIN TEXT (SEARCH )] 31 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 5325.5/7939.2 7733.3/8386.6 1.1/1.0][PLAIN TEXT (GET /comMagicanApi/composite/ap)] - 32 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5540.9/-nan 5204.7/0.0 2.7/0.0][PLAIN TEXT (SEARCH )] - 33 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5631.2/-nan 3854.9/0.0 2.7/0.0][PLAIN TEXT (SEARCH )] - 34 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7126.4/-nan 7503.4/0.0 2.4/0.0][PLAIN TEXT (SEARCH )] - 35 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5631.9/-nan 4842.5/0.0 2.6/0.0][PLAIN TEXT (SEARCH )] + 32 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5540.9/0.0 5204.7/0.0 2.7/0.0][PLAIN TEXT (SEARCH )] + 33 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5631.2/0.0 3854.9/0.0 2.7/0.0][PLAIN TEXT (SEARCH )] + 34 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7126.4/0.0 7503.4/0.0 2.4/0.0][PLAIN TEXT (SEARCH )] + 35 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5631.9/0.0 4842.5/0.0 2.6/0.0][PLAIN TEXT (SEARCH )] 36 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c avg/stddev/entropy: 82.0/215.5 128.0/96.5 1.5/0.9][PLAIN TEXT (GET /api/qq)] - 37 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5441.7/-nan 4875.2/0.0 2.4/0.0][PLAIN TEXT (SEARCH )] - 38 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 8173.7/-nan 8848.2/0.0 2.1/0.0][PLAIN TEXT (SEARCH )] + 37 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5441.7/0.0 4875.2/0.0 2.4/0.0][PLAIN TEXT (SEARCH )] + 38 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 8173.7/0.0 8848.2/0.0 2.1/0.0][PLAIN TEXT (SEARCH )] 39 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)] 40 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][cat: Network/14][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46] - 41 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2798.8/-nan 1567.2/0.0 2.4/0.0][PLAIN TEXT (SEARCH )] - 42 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2550.7/-nan 2826.7/0.0 2.9/0.0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)] + 41 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2798.8/0.0 1567.2/0.0 2.4/0.0][PLAIN TEXT (SEARCH )] + 42 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2550.7/0.0 2826.7/0.0 2.9/0.0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)] 43 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)] - 44 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 299.6/-nan 366.9/0.0 1.0/0.0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)] + 44 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 299.6/0.0 366.9/0.0 1.0/0.0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)] 45 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( FDEBEOEKEJ)] 46 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes] 47 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 430808796..a331b63a0 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -4,8 +4,8 @@ Dropbox 848 90532 15 2 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes][bytes ratio: 0.381 (Upload)][IAT c2s/s2c avg/stddev/entropy: 111.5/111.6 10.1/10.0 5.0/5.0][PLAIN TEXT (messageType)] 3 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes][bytes ratio: 0.382 (Upload)][IAT c2s/s2c avg/stddev/entropy: 109.8/109.7 10.8/10.6 5.0/5.0][PLAIN TEXT (messageType)] 4 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes][bytes ratio: 0.383 (Upload)][IAT c2s/s2c avg/stddev/entropy: 112.6/112.7 10.0/9.4 5.0/5.0][PLAIN TEXT (messageType)] - 5 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2621.4/-nan 5242.8/0.0 0.0/0.0][PLAIN TEXT ( 274363570036934823360341409051)] - 6 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2621.4/-nan 5242.8/0.0 0.0/0.0][PLAIN TEXT ( 274363570036934823360341409051)] + 5 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2621.4/0.0 5242.8/0.0 0.0/0.0][PLAIN TEXT ( 274363570036934823360341409051)] + 6 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2621.4/0.0 5242.8/0.0 0.0/0.0][PLAIN TEXT ( 274363570036934823360341409051)] 7 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com][bytes ratio: -0.551 (Download)][IAT c2s/s2c avg/stddev/entropy: 0.0/0.0 0.0/0.0 0.0/0.0][PLAIN TEXT (getdropbox)] 8 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com][PLAIN TEXT (client)] 9 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com][PLAIN TEXT (dropbox)] diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out index 27a469629..f8ed52bcc 100644 --- a/tests/result/hangout.pcap.out +++ b/tests/result/hangout.pcap.out @@ -1,3 +1,3 @@ GoogleHangoutDuo 19 2774 1 - 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 78.201/STUN.GoogleHangoutDuo][cat: VoIP/10][19 pkts/2774 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1000.5/-nan 5.1/0.0 4.2/0.0][PLAIN TEXT (sdiKGkw)] + 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 78.201/STUN.GoogleHangoutDuo][cat: VoIP/10][19 pkts/2774 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1000.5/0.0 5.1/0.0 4.2/0.0][PLAIN TEXT (sdiKGkw)] diff --git a/tests/result/msnms.pcap.out b/tests/result/msnms.pcap.out index a31c5b63c..07a194850 100644 --- a/tests/result/msnms.pcap.out +++ b/tests/result/msnms.pcap.out @@ -5,4 +5,4 @@ MSN 364 56503 6 3 TCP 192.168.1.14:1217 <-> 207.46.108.41:1863 [proto: 68/MSN][cat: Web/5][46 pkts/7655 bytes <-> 19 pkts/3761 bytes][bytes ratio: 0.341 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7418.1/12033.3 10031.9/30318.3 4.4/2.3][PLAIN TEXT (IRO 131 1 1 cecile260992@hotmai)] 4 TCP 192.168.1.14:1037 <-> 207.46.107.149:1863 [proto: 68/MSN][cat: Web/5][41 pkts/2425 bytes <-> 55 pkts/6426 bytes][bytes ratio: -0.452 (Download)][IAT c2s/s2c avg/stddev/entropy: 48876.1/36204.4 15867.5/15667.3 4.9/4.8][PLAIN TEXT (RNG 17069658 207.46.108.83)] 5 TCP 192.168.1.14:1220 <-> 207.46.108.150:1863 [proto: 68/MSN][cat: Web/5][2 pkts/163 bytes <-> 14 pkts/2737 bytes][bytes ratio: -0.888 (Download)][IAT c2s/s2c avg/stddev/entropy: 168980.0/8367.5 0.0/14555.8 0.0/2.5][PLAIN TEXT (IRO 176 1 1 cecile260992@hotmai)] - 6 TCP 192.168.1.14:1176 -> 207.46.108.39:1863 [proto: 68/MSN][cat: Web/5][13 pkts/2202 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 9181.9/-nan 15331.2/0.0 2.5/0.0][PLAIN TEXT (MSG 77 U 89)] + 6 TCP 192.168.1.14:1176 -> 207.46.108.39:1863 [proto: 68/MSN][cat: Web/5][13 pkts/2202 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 9181.9/0.0 15331.2/0.0 2.5/0.0][PLAIN TEXT (MSG 77 U 89)] diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out index 6f21a0296..d9924b731 100644 --- a/tests/result/mssql_tds.pcap.out +++ b/tests/result/mssql_tds.pcap.out @@ -1,6 +1,6 @@ MsSQL-TDS 38 16260 12 - 1 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][7 pkts/8717 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 0.0/-nan 0.0/0.0 0.0/0.0] + 1 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][7 pkts/8717 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 0.0/0.0 0.0/0.0 0.0/0.0] 2 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][10 pkts/1552 bytes <-> 7 pkts/1521 bytes][bytes ratio: 0.010 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 793.8/1200.3 748.7/882.2 2.5/2.1][PLAIN TEXT (first )] 3 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][2 pkts/614 bytes <-> 2 pkts/524 bytes] 4 TCP 10.111.111.111:4444 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/1136 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index ea0f16f99..c4d891013 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -55,7 +55,7 @@ JA3 Host Stats: 44 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][bytes ratio: -0.503 (Download)][IAT c2s/s2c avg/stddev/entropy: 2061.5/2807.0 7627.8/8806.0 0.1/0.1][TLSv1.2][client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 23.3/25.0 33.4/22.7 1.7/1.8][TLSv1.2][client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 2791.3/4378.9 8757.9/10678.6 0.1/0.0][TLSv1.2][client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/2648 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5274.9/-nan 6826.6/0.0 2.6/0.0][PLAIN TEXT (SEARCH )] + 47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/2648 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5274.9/0.0 6826.6/0.0 2.6/0.0][PLAIN TEXT (SEARCH )] 48 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com][PLAIN TEXT (netflix)] 49 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com][PLAIN TEXT (netflix)] 50 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][1 pkts/80 bytes <-> 1 pkts/371 bytes][Host: ios.nccp.netflix.com][PLAIN TEXT (netflix)] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index dfa7aa4b1..8d20bffbf 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -16,10 +16,10 @@ JA3 Host Stats: 7 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][cat: Game/8][23 pkts/2682 bytes <-> 16 pkts/3408 bytes][bytes ratio: -0.119 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 220.5/198.3 213.0/428.6 3.7/2.1] 8 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][cat: Game/8][8 pkts/1024 bytes <-> 8 pkts/1024 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 173.7/167.7 157.8/151.5 2.3/2.3] 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 163.7/176.0 170.5/136.9 2.0/2.1] - 10 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][21 pkts/1470 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 36.3/-nan 88.5/0.0 1.6/0.0] + 10 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][21 pkts/1470 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 36.3/0.0 88.5/0.0 1.6/0.0] 11 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 4.3/4.3 0.5/0.5 1.6/1.6][PLAIN TEXT (nintendo)] 12 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/730 bytes -> 0 pkts/0 bytes] - 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][9 pkts/630 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 74.8/-nan 129.7/0.0 1.0/0.0] + 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][9 pkts/630 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 74.8/0.0 129.7/0.0 1.0/0.0] 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes <-> 5 pkts/290 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 1.0/0.8 1.7/1.3 0.0/0.0] 15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][PLAIN TEXT (fb203858ebc)] 16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][PLAIN TEXT (fb203858ebc)] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index bfb85aaaa..ac22eb48e 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -12,16 +12,16 @@ JA3 Host Stats: 1 192.168.180.2 4 - 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 68.0/-nan 279.8/0.0 3.5/0.0][PLAIN TEXT (POST /catalog/vod)] - 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/TLS.OCS][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 201.9/-nan 319.5/0.0 2.8/0.0][TLSv1][client: ocs.labgency.ws][JA3C: 0534a22b266a64a5cc9a90f7b5c483cc] - 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 45.2/-nan 104.8/0.0 3.2/0.0][PLAIN TEXT (GET /data)] - 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 137.1/-nan 234.6/0.0 2.8/0.0][TLSv1][client: settings.crashlytics.com][JA3C: b030dba3ca09e2e484b9fa75adc4039c] - 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 37.5/-nan 25.7/0.0 3.0/0.0][TLSv1.2][client: mtalk.google.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1] - 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/TLS.Google][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 52.4/-nan 37.5/0.0 3.0/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] - 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/TLS.Google][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 66.8/-nan 68.2/0.0 2.9/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] - 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 271.6/-nan 394.5/0.0 1.0/0.0][PLAIN TEXT (POST /catalog/vod)] - 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 196.7/-nan 209.5/0.0 1.7/0.0][PLAIN TEXT (GET /ip)] - 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 45.8/-nan 38.7/0.0 1.7/0.0][PLAIN TEXT (GET /xmpp)] + 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 68.0/0.0 279.8/0.0 3.5/0.0][PLAIN TEXT (POST /catalog/vod)] + 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/TLS.OCS][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 201.9/0.0 319.5/0.0 2.8/0.0][TLSv1][client: ocs.labgency.ws][JA3C: 0534a22b266a64a5cc9a90f7b5c483cc] + 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 45.2/0.0 104.8/0.0 3.2/0.0][PLAIN TEXT (GET /data)] + 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 137.1/0.0 234.6/0.0 2.8/0.0][TLSv1][client: settings.crashlytics.com][JA3C: b030dba3ca09e2e484b9fa75adc4039c] + 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 37.5/0.0 25.7/0.0 3.0/0.0][TLSv1.2][client: mtalk.google.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1] + 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/TLS.Google][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 52.4/0.0 37.5/0.0 3.0/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] + 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/TLS.Google][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 66.8/0.0 68.2/0.0 2.9/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] + 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 271.6/0.0 394.5/0.0 1.0/0.0][PLAIN TEXT (POST /catalog/vod)] + 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 196.7/0.0 209.5/0.0 1.7/0.0][PLAIN TEXT (GET /ip)] + 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 45.8/0.0 38.7/0.0 1.7/0.0][PLAIN TEXT (GET /xmpp)] 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes] 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5.5/DNS][cat: Network/14][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com][PLAIN TEXT (device06)] 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com][PLAIN TEXT (android)] @@ -34,4 +34,4 @@ JA3 Host Stats: Undetected flows: - 1 TCP 192.168.180.2:46166 -> 137.135.131.52:5122 [proto: 0/Unknown][6 pkts/360 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 6216.4/-nan 5472.9/0.0 1.8/0.0] + 1 TCP 192.168.180.2:46166 -> 137.135.131.52:5122 [proto: 0/Unknown][6 pkts/360 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 6216.4/0.0 5472.9/0.0 1.8/0.0] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index ca7e4b1b8..271ce3d9f 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -4,12 +4,12 @@ SSDP 63 17143 10 Google 2 1093 1 GenericProtocol 1429 1780307 49 - 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c avg/stddev/entropy: -nan/1.6 0.0/7.7 0.0/0.6][PLAIN TEXT (GET /preimage/20160506/f0/1)] - 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c avg/stddev/entropy: -nan/1.3 0.0/6.2 0.0/0.8][PLAIN TEXT (GET /preimage/20160506/f0/1)] + 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c avg/stddev/entropy: 0.0/1.6 0.0/7.7 0.0/0.6][PLAIN TEXT (GET /preimage/20160506/f0/1)] + 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c avg/stddev/entropy: 0.0/1.3 0.0/6.2 0.0/0.8][PLAIN TEXT (GET /preimage/20160506/f0/1)] 3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com][bytes ratio: -0.998 (Download)][IAT c2s/s2c avg/stddev/entropy: 35.0/0.4 0.0/2.4 0.0/1.0][PLAIN TEXT (GET /ext/common/qisu2/downloade)] - 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c avg/stddev/entropy: -nan/0.4 0.0/1.0 0.0/2.0][PLAIN TEXT (GET /videos/v)] + 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c avg/stddev/entropy: 0.0/0.4 0.0/1.0 0.0/2.0][PLAIN TEXT (GET /videos/v)] 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7/HTTP][cat: Web/5][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 1273.3/1097.5 3617.6/3470.7 0.3/0.0][PLAIN TEXT (POST /bc2 HTTP/1.1)] - 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 373.6/-nan 832.6/0.0 2.1/0.0][PLAIN TEXT (NOTIFY )] + 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 373.6/0.0 832.6/0.0 2.1/0.0][PLAIN TEXT (NOTIFY )] 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com][PLAIN TEXT (GET /vi/500494600/562)] 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am][bytes ratio: 0.653 (Upload)][IAT c2s/s2c avg/stddev/entropy: 216.0/217.0 99.0/99.0 0.8/0.8][PLAIN TEXT (GET /cp)] 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] @@ -20,8 +20,8 @@ GenericProtocol 1429 1780307 49 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] - 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3002.0/-nan 3.5/0.0 3.0/0.0][PLAIN TEXT (SEARCH )] - 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 752.8/-nan 1188.5/0.0 1.4/0.0][PLAIN TEXT (SEARCH )] + 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3002.0/0.0 3.5/0.0 3.0/0.0][PLAIN TEXT (SEARCH )] + 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 752.8/0.0 1188.5/0.0 1.4/0.0][PLAIN TEXT (SEARCH )] 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com][PLAIN TEXT (GET /clk)] 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /2efc)] 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] @@ -39,9 +39,9 @@ GenericProtocol 1429 1780307 49 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com][PLAIN TEXT (GET /pca3)] 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com][PLAIN TEXT (GET /ocsp/MEkwRzBFMEMwQ)] - 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3001.0/-nan 2.1/0.0 2.3/0.0][PLAIN TEXT (SEARCH )] - 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3003.8/-nan 5.5/0.0 2.3/0.0][PLAIN TEXT (SEARCH )] - 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3007.6/-nan 15.2/0.0 2.3/0.0][PLAIN TEXT (SEARCH )] + 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3001.0/0.0 2.1/0.0 2.3/0.0][PLAIN TEXT (SEARCH )] + 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3003.8/0.0 5.5/0.0 2.3/0.0][PLAIN TEXT (SEARCH )] + 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3007.6/0.0 15.2/0.0 2.3/0.0][PLAIN TEXT (SEARCH )] 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /ccs HTTP/1.1)] 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index 92e6759e7..b03ee5e1a 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -15,4 +15,4 @@ Google 14 10427 3 Undetected flows: - 1 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 0/Unknown][6 pkts/7072 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 799.8/-nan 595.5/0.0 1.9/0.0] + 1 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 0/Unknown][6 pkts/7072 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 799.8/0.0 595.5/0.0 1.9/0.0] diff --git a/tests/result/sip.pcap.out b/tests/result/sip.pcap.out index 86a020a41..954be6eff 100644 --- a/tests/result/sip.pcap.out +++ b/tests/result/sip.pcap.out @@ -4,5 +4,5 @@ RTCP 1 146 1 1 UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][cat: VoIP/10][53 pkts/21940 bytes <-> 31 pkts/15635 bytes][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 29260.5/48196.1 43285.0/75970.9 4.0/3.6][PLAIN TEXT (REGISTER sip)] 2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][cat: VoIP/10][15 pkts/7568 bytes <-> 3 pkts/1944 bytes][bytes ratio: 0.591 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4693.8/32436.5 7892.0/2119.5 2.7/1.0][PLAIN TEXT (INVITE sip)] - 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 19.8/-nan 23.1/0.0 2.1/0.0][PLAIN TEXT (VRUDKBuYs)] + 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 19.8/0.0 23.1/0.0 2.1/0.0][PLAIN TEXT (VRUDKBuYs)] 4 UDP 192.168.1.2:30001 -> 212.242.33.36:40393 [proto: 165/RTCP][cat: VoIP/10][1 pkts/146 bytes -> 0 pkts/0 bytes][PLAIN TEXT (11894297)] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 6afdd6091..1dd0d150c 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -22,20 +22,20 @@ JA3 Host Stats: 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/TLS.MS_OneDrive][cat: Cloud/13][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][bytes ratio: -0.571 (Download)][IAT c2s/s2c avg/stddev/entropy: 893.0/683.9 4224.2/3588.2 3.2/3.0][TLSv1][server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes][bytes ratio: -0.268 (Download)][IAT c2s/s2c avg/stddev/entropy: 418.8/332.6 1054.3/998.7 3.7/3.0][PLAIN TEXT ( 0sKWL)] - 3 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][79 pkts/29479 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2052.4/-nan 6020.9/0.0 1.7/0.0][PLAIN TEXT (NOTIFY )] + 3 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][79 pkts/29479 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2052.4/0.0 6020.9/0.0 1.7/0.0][PLAIN TEXT (NOTIFY )] 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 1102.2/1098.6 6370.8/6397.3 0.7/0.6][TLSv1.2][client: p05-keyvalueservice.icloud.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 5 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][62 pkts/6941 bytes <-> 38 pkts/5325 bytes][bytes ratio: 0.132 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 1526.0/2020.8 5632.1/6606.9 2.3/2.0] - 6 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/7281 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 468.9/-nan 1099.8/0.0 1.0/0.0][PLAIN TEXT (NOTIFY )] + 6 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/7281 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 468.9/0.0 1099.8/0.0 1.0/0.0][PLAIN TEXT (NOTIFY )] 7 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 64.121/TLS_No_Cert.Dropbox][cat: Cloud/13][8 pkts/1636 bytes <-> 8 pkts/4344 bytes][bytes ratio: -0.453 (Download)][IAT c2s/s2c avg/stddev/entropy: 20148.7/20128.9 23475.9/23611.6 1.6/1.6] 8 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][24 pkts/3136 bytes <-> 19 pkts/2618 bytes][bytes ratio: 0.090 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 1742.7/2214.8 5394.8/5950.9 1.7/1.8] 9 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes][bytes ratio: 0.856 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2193.9/10972.3 2204.3/15486.8 3.1/0.0] 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][19 pkts/2797 bytes <-> 13 pkts/2175 bytes][bytes ratio: 0.125 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 2015.9/440.9 6850.2/781.0 1.1/2.4] 11 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][18 pkts/2588 bytes <-> 13 pkts/2100 bytes][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 2351.0/3320.2 6264.2/7287.1 1.5/1.4] 12 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][15 pkts/2395 bytes <-> 8 pkts/1724 bytes][bytes ratio: 0.163 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 2645.0/653.9 7850.4/1136.7 1.0/1.4] - 13 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][17 pkts/3605 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.960 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4358.4/-nan 3743.8/0.0 3.3/0.0][TLSv1][client: apps.skypeassets.com][JA3C: 799135475da362592a4be9199d258726] - 14 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.958 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3704.7/-nan 2915.8/0.0 3.3/0.0][TLSv1][client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726] - 15 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 30073.4/-nan 11.8/0.0 2.3/0.0][PLAIN TEXT ( 1573195445)] - 16 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 30073.8/-nan 12.0/0.0 2.3/0.0][PLAIN TEXT ( 1573195445)] + 13 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][17 pkts/3605 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.960 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4358.4/0.0 3743.8/0.0 3.3/0.0][TLSv1][client: apps.skypeassets.com][JA3C: 799135475da362592a4be9199d258726] + 14 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.958 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3704.7/0.0 2915.8/0.0 3.3/0.0][TLSv1][client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726] + 15 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 30073.4/0.0 11.8/0.0 2.3/0.0][PLAIN TEXT ( 1573195445)] + 16 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 30073.8/0.0 12.0/0.0 2.3/0.0][PLAIN TEXT ( 1573195445)] 17 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 3375359593)] 18 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 3375359593)] 19 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 64.125/TLS_No_Cert.Skype][cat: VoIP/10][12 pkts/2140 bytes <-> 3 pkts/200 bytes][bytes ratio: 0.829 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1825.4/10040.0 2167.8/10001.0 2.5/0.0][PLAIN TEXT (apps.skype.com)] @@ -111,34 +111,34 @@ JA3 Host Stats: 89 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/908 bytes -> 0 pkts/0 bytes][PLAIN TEXT (afpovertc)] 90 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/828 bytes -> 0 pkts/0 bytes][PLAIN TEXT (afpovertc)] 91 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/417 bytes <-> 4 pkts/352 bytes][bytes ratio: 0.085 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 1107.2/1825.3 1309.1/1279.7 1.2/1.1] - 92 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][8 pkts/656 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4948.1/-nan 10655.5/0.0 0.7/0.0] - 93 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4408.7/-nan 3390.5/0.0 2.2/0.0][PLAIN TEXT (config)] - 94 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4408.8/-nan 3390.7/0.0 2.2/0.0][PLAIN TEXT (config)] - 95 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 10064.6/-nan 10268.9/0.0 2.3/0.0] - 96 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7643.0/-nan 8538.0/0.0 2.1/0.0][PLAIN TEXT (akadns)] - 97 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7643.0/-nan 8538.0/0.0 2.1/0.0][PLAIN TEXT (akadns)] - 98 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4397.5/-nan 3396.2/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 99 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4388.0/-nan 3402.6/0.0 2.2/0.0] - 100 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4405.8/-nan 3395.3/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 101 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4388.0/-nan 3402.6/0.0 2.2/0.0] - 102 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4397.5/-nan 3396.2/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 103 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4405.8/-nan 3395.3/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 104 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4389.0/-nan 3377.8/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 105 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4389.0/-nan 3377.8/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 106 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4399.0/-nan 3382.9/0.0 2.2/0.0] - 107 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4374.0/-nan 3405.4/0.0 2.1/0.0] - 108 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4373.8/-nan 3405.4/0.0 2.1/0.0] - 109 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4399.0/-nan 3382.9/0.0 2.2/0.0] - 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/TLS][cat: Web/5][8 pkts/608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1573.6/-nan 1049.7/0.0 2.6/0.0] + 92 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][8 pkts/656 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4948.1/0.0 10655.5/0.0 0.7/0.0] + 93 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4408.7/0.0 3390.5/0.0 2.2/0.0][PLAIN TEXT (config)] + 94 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4408.8/0.0 3390.7/0.0 2.2/0.0][PLAIN TEXT (config)] + 95 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 10064.6/0.0 10268.9/0.0 2.3/0.0] + 96 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7643.0/0.0 8538.0/0.0 2.1/0.0][PLAIN TEXT (akadns)] + 97 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7643.0/0.0 8538.0/0.0 2.1/0.0][PLAIN TEXT (akadns)] + 98 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4397.5/0.0 3396.2/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 99 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4388.0/0.0 3402.6/0.0 2.2/0.0] + 100 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4405.8/0.0 3395.3/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 101 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4388.0/0.0 3402.6/0.0 2.2/0.0] + 102 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4397.5/0.0 3396.2/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 103 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4405.8/0.0 3395.3/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 104 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4389.0/0.0 3377.8/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 105 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4389.0/0.0 3377.8/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 106 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4399.0/0.0 3382.9/0.0 2.2/0.0] + 107 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4374.0/0.0 3405.4/0.0 2.1/0.0] + 108 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4373.8/0.0 3405.4/0.0 2.1/0.0] + 109 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4399.0/0.0 3382.9/0.0 2.2/0.0] + 110 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/TLS][cat: Web/5][8 pkts/608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1573.6/0.0 1049.7/0.0 2.6/0.0] 111 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 1662.8/2751.3 2591.0/2874.2 0.8/0.7] - 112 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4403.0/-nan 3414.1/0.0 2.2/0.0][PLAIN TEXT (config)] - 113 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4384.5/-nan 3397.1/0.0 2.2/0.0][PLAIN TEXT (config)] - 114 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4384.3/-nan 3396.9/0.0 2.2/0.0][PLAIN TEXT (config)] - 115 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4403.0/-nan 3414.1/0.0 2.2/0.0][PLAIN TEXT (config)] - 116 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4409.0/-nan 3412.6/0.0 2.2/0.0] - 117 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4409.2/-nan 3412.6/0.0 2.2/0.0] - 118 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4424.5/-nan 3397.4/0.0 2.2/0.0] - 119 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4424.0/-nan 3398.3/0.0 2.2/0.0] + 112 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4403.0/0.0 3414.1/0.0 2.2/0.0][PLAIN TEXT (config)] + 113 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4384.5/0.0 3397.1/0.0 2.2/0.0][PLAIN TEXT (config)] + 114 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4384.3/0.0 3396.9/0.0 2.2/0.0][PLAIN TEXT (config)] + 115 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4403.0/0.0 3414.1/0.0 2.2/0.0][PLAIN TEXT (config)] + 116 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4409.0/0.0 3412.6/0.0 2.2/0.0] + 117 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4409.2/0.0 3412.6/0.0 2.2/0.0] + 118 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4424.5/0.0 3397.4/0.0 2.2/0.0] + 119 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4424.0/0.0 3398.3/0.0 2.2/0.0] 120 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/297 bytes <-> 3 pkts/186 bytes][bytes ratio: 0.230 (Upload)][IAT c2s/s2c avg/stddev/entropy: 24.5/377.0 24.5/334.0 0.0/0.3] 121 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Music/25][5 pkts/430 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SpotUdp)] 122 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 21.0/192.5 21.0/149.5 0.0/0.5] @@ -312,7 +312,7 @@ Undetected flows: 5 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes][bytes ratio: 0.044 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 7149.1/7141.2 20139.8/20141.2 0.3/0.3] 6 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][12 pkts/985 bytes <-> 6 pkts/489 bytes][bytes ratio: 0.336 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2200.5/1101.4 4848.5/1401.2 1.4/1.3] 7 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes][bytes ratio: 0.399 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2057.2/107.7 5345.2/16.9 0.5/1.6] - 8 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1573.3/-nan 1050.0/0.0 2.6/0.0] + 8 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1573.3/0.0 1050.0/0.0 2.6/0.0] 9 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] 10 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index c93a3491f..7c3ec2425 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -21,13 +21,13 @@ JA3 Host Stats: 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/TLS.MS_OneDrive][cat: Cloud/13][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][bytes ratio: -0.570 (Download)][IAT c2s/s2c avg/stddev/entropy: 310.0/282.2 3520.1/3369.6 0.4/0.4][TLSv1][server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes][bytes ratio: -0.323 (Download)][IAT c2s/s2c avg/stddev/entropy: 227.1/220.7 375.1/372.4 4.2/4.1][PLAIN TEXT (nZREBS)] 3 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 64.140/TLS_No_Cert.Apple][cat: Web/5][38 pkts/9082 bytes <-> 38 pkts/10499 bytes][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 1847.3/1843.3 9059.8/9088.0 1.1/1.0][PLAIN TEXT (/tBGEll)] - 4 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][36 pkts/13402 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1714.9/-nan 5553.3/0.0 1.7/0.0][PLAIN TEXT (NOTIFY )] + 4 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][36 pkts/13402 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1714.9/0.0 5553.3/0.0 1.7/0.0][PLAIN TEXT (NOTIFY )] 5 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][17 pkts/2686 bytes <-> 13 pkts/2218 bytes][bytes ratio: 0.095 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 283.8/370.7 537.2/593.2 2.5/2.5] 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/2194 bytes <-> 8 pkts/1711 bytes][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 372.6/570.4 770.9/897.4 1.7/1.6] - 7 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.958 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3637.7/-nan 2862.5/0.0 3.3/0.0][TLSv1][client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726] + 7 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.958 (Upload)][IAT c2s/s2c avg/stddev/entropy: 3637.7/0.0 2862.5/0.0 3.3/0.0][TLSv1][client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726] 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes][bytes ratio: 0.836 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1351.5/27.5 1858.0/27.5 2.3/0.0] 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 64.121/TLS_No_Cert.Dropbox][cat: Cloud/13][4 pkts/818 bytes <-> 4 pkts/2172 bytes][bytes ratio: -0.453 (Download)][IAT c2s/s2c avg/stddev/entropy: 10212.3/10139.0 14128.5/14335.9 0.1/0.0][PLAIN TEXT (ZeNjsq)] - 10 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 64.125/TLS_No_Cert.Skype][cat: VoIP/10][11 pkts/2074 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.931 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1481.9/-nan 1816.5/0.0 2.4/0.0][PLAIN TEXT (apps.skype.com)] + 10 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 64.125/TLS_No_Cert.Skype][cat: VoIP/10][11 pkts/2074 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.931 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1481.9/0.0 1816.5/0.0 2.4/0.0][PLAIN TEXT (apps.skype.com)] 11 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][13 pkts/1446 bytes <-> 4 pkts/266 bytes][bytes ratio: 0.689 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2354.1/9422.0 3071.2/8612.0 2.6/0.8] 12 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/TLS][cat: Web/5][13 pkts/1437 bytes <-> 3 pkts/200 bytes][bytes ratio: 0.756 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2062.6/12371.5 2194.9/12312.5 2.8/0.0] 13 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][12 pkts/1333 bytes <-> 3 pkts/251 bytes][bytes ratio: 0.683 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1653.7/9035.0 1776.4/8912.0 2.6/0.1] @@ -81,30 +81,30 @@ JA3 Host Stats: 61 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 3375359593)] 62 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 3375359593)] 63 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][7 pkts/571 bytes <-> 3 pkts/286 bytes][bytes ratio: 0.333 (Upload)][IAT c2s/s2c avg/stddev/entropy: 183.2/37.5 215.6/37.5 1.5/0.0] - 64 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][7 pkts/680 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 210.2/-nan 469.9/0.0 0.0/0.0][PLAIN TEXT (FPFPENFDECFCEPFHFDEFFPFPACAB)] + 64 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][7 pkts/680 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 210.2/0.0 469.9/0.0 0.0/0.0][PLAIN TEXT (FPFPENFDECFCEPFHFDEFFPFPACAB)] 65 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 5 pkts/306 bytes][bytes ratio: 0.071 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 2318.4/2885.0 4067.3/4391.0 0.5/0.5] - 66 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7642.3/-nan 8520.2/0.0 2.1/0.0][PLAIN TEXT (akadns)] - 67 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7642.0/-nan 8520.4/0.0 2.1/0.0][PLAIN TEXT (akadns)] - 68 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4400.3/-nan 3402.8/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 69 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4400.3/-nan 3402.8/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 70 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4425.8/-nan 3400.2/0.0 2.2/0.0] - 71 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4416.0/-nan 3405.2/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 72 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4425.8/-nan 3400.2/0.0 2.2/0.0] - 73 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4416.0/-nan 3405.2/0.0 2.2/0.0][PLAIN TEXT (skypedata)] - 74 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4387.8/-nan 3404.8/0.0 2.1/0.0] - 75 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4387.7/-nan 3404.9/0.0 2.1/0.0] + 66 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7642.3/0.0 8520.2/0.0 2.1/0.0][PLAIN TEXT (akadns)] + 67 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7642.0/0.0 8520.4/0.0 2.1/0.0][PLAIN TEXT (akadns)] + 68 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4400.3/0.0 3402.8/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 69 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4400.3/0.0 3402.8/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 70 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4425.8/0.0 3400.2/0.0 2.2/0.0] + 71 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4416.0/0.0 3405.2/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 72 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4425.8/0.0 3400.2/0.0 2.2/0.0] + 73 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4416.0/0.0 3405.2/0.0 2.2/0.0][PLAIN TEXT (skypedata)] + 74 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4387.8/0.0 3404.8/0.0 2.1/0.0] + 75 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4387.7/0.0 3404.9/0.0 2.1/0.0] 76 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 2605.0/4327.7 3477.6/3601.5 1.0/0.9] - 77 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7644.0/-nan 8524.9/0.0 2.1/0.0] - 78 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4417.2/-nan 3408.0/0.0 2.2/0.0][PLAIN TEXT (config)] - 79 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4409.2/-nan 3399.3/0.0 2.2/0.0][PLAIN TEXT (config)] - 80 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4409.2/-nan 3399.3/0.0 2.2/0.0][PLAIN TEXT (config)] - 81 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4417.0/-nan 3408.1/0.0 2.2/0.0][PLAIN TEXT (config)] - 82 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4426.0/-nan 3400.1/0.0 2.2/0.0] - 83 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4426.0/-nan 3400.1/0.0 2.2/0.0] - 84 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4415.7/-nan 3405.3/0.0 2.2/0.0] - 85 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4416.0/-nan 3405.0/0.0 2.2/0.0] + 77 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 7644.0/0.0 8524.9/0.0 2.1/0.0] + 78 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4417.2/0.0 3408.0/0.0 2.2/0.0][PLAIN TEXT (config)] + 79 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4409.2/0.0 3399.3/0.0 2.2/0.0][PLAIN TEXT (config)] + 80 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4409.2/0.0 3399.3/0.0 2.2/0.0][PLAIN TEXT (config)] + 81 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4417.0/0.0 3408.1/0.0 2.2/0.0][PLAIN TEXT (config)] + 82 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4426.0/0.0 3400.1/0.0 2.2/0.0] + 83 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4426.0/0.0 3400.1/0.0 2.2/0.0] + 84 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4415.7/0.0 3405.3/0.0 2.2/0.0] + 85 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4416.0/0.0 3405.0/0.0 2.2/0.0] 86 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/293 bytes <-> 3 pkts/186 bytes][bytes ratio: 0.223 (Upload)][IAT c2s/s2c avg/stddev/entropy: 26.5/320.0 26.5/266.0 0.0/0.4] - 87 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/TLS][cat: Web/5][6 pkts/468 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1009.8/-nan 4.0/0.0 2.3/0.0] + 87 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/TLS][cat: Web/5][6 pkts/468 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1009.8/0.0 4.0/0.0 2.3/0.0] 88 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/452 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( EBEMEJEDEFEHEBFEEFCACACACACACA)] 89 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/432 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( EMFFEDEBFDENEBEDECEPEPELFAFCEP)] 90 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/237 bytes <-> 3 pkts/186 bytes][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 34.0/198.0 34.0/136.0 0.0/0.6] @@ -283,8 +283,8 @@ Undetected flows: 5 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][19 pkts/2794 bytes <-> 14 pkts/2303 bytes][bytes ratio: 0.096 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 258.1/352.4 482.5/524.2 2.6/2.7] 6 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes][bytes ratio: 0.367 (Upload)][IAT c2s/s2c avg/stddev/entropy: 94.8/124.9 117.4/166.6 2.3/2.0] 7 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][11 pkts/835 bytes <-> 7 pkts/647 bytes][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 189.5/304.3 311.3/257.7 1.8/2.1] - 8 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1175.2/-nan 378.3/0.0 2.5/0.0] - 9 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1007.4/-nan 2.9/0.0 2.3/0.0] + 8 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1175.2/0.0 378.3/0.0 2.5/0.0] + 9 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1007.4/0.0 2.9/0.0 2.3/0.0] 10 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] 12 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/ssdp-m-search.pcap.out b/tests/result/ssdp-m-search.pcap.out index 7799ee292..b92065885 100644 --- a/tests/result/ssdp-m-search.pcap.out +++ b/tests/result/ssdp-m-search.pcap.out @@ -1,3 +1,3 @@ SSDP 19 1197 1 - 1 UDP 192.168.242.8:42253 -> 192.168.242.255:32412 [proto: 12/SSDP][cat: System/18][19 pkts/1197 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4999.4/-nan 0.5/0.0 4.2/0.0][PLAIN TEXT (SEARCH )] + 1 UDP 192.168.242.8:42253 -> 192.168.242.255:32412 [proto: 12/SSDP][cat: System/18][19 pkts/1197 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4999.4/0.0 0.5/0.0 4.2/0.0][PLAIN TEXT (SEARCH )] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index fe0d14fa0..93d41b0d0 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -15,7 +15,7 @@ Starcraft 236 51494 6 5 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c avg/stddev/entropy: 6.7/2.1 12.9/8.2 1.2/0.2][PLAIN TEXT (GET /cms/bnet)] 6 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c avg/stddev/entropy: 8.1/2.8 13.2/11.0 1.5/0.1][PLAIN TEXT (GET /cms/bnet)] 7 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c avg/stddev/entropy: 6.6/2.0 13.2/7.5 1.0/0.3][PLAIN TEXT (GET /cms/bnet)] - 8 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][11 pkts/4984 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 0.0/-nan 0.0/0.0 0.0/0.0][PLAIN TEXT (osNOTIFY )] + 8 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][11 pkts/4984 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 0.0/0.0 0.0/0.0 0.0/0.0][PLAIN TEXT (osNOTIFY )] 9 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net][bytes ratio: -0.723 (Download)][IAT c2s/s2c avg/stddev/entropy: 34.8/24.4 25.4/25.6 1.8/1.4][PLAIN TEXT (GET /sc)] 10 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net][bytes ratio: -0.703 (Download)][IAT c2s/s2c avg/stddev/entropy: 36.4/32.8 27.1/24.8 1.8/1.4][PLAIN TEXT (GET /sc)] 11 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.702 (Download)][IAT c2s/s2c avg/stddev/entropy: 33.2/22.0 27.1/26.9 1.6/1.0][PLAIN TEXT (GET /service/s2/regions)] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index a0e3e35cf..5badadd69 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -16,7 +16,7 @@ JA3 Host Stats: 5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][cat: VPN/2][16 pkts/4858 bytes <-> 18 pkts/6284 bytes][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 7203.1/6351.4 19137.5/18195.1 1.1/1.1][TLSv1][client: www.e6r5p57kbafwrxj3plz.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (57kbafwrx)] 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][cat: VPN/2][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][bytes ratio: -0.292 (Download)][IAT c2s/s2c avg/stddev/entropy: 9017.5/9013.5 22848.9/22922.1 1.1/1.1][TLSv1][client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (ru.com)] 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][cat: VPN/2][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][bytes ratio: -0.248 (Download)][IAT c2s/s2c avg/stddev/entropy: 5302.1/5705.0 16401.3/16965.3 0.7/0.7][TLSv1][client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (sieb.com)] - 8 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 66765.1/-nan 103867.9/0.0 2.2/0.0][PLAIN TEXT ( 676879976)] - 9 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 6282.2/-nan 5399.5/0.0 1.8/0.0][PLAIN TEXT (Endian)] + 8 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 66765.1/0.0 103867.9/0.0 2.2/0.0][PLAIN TEXT ( 676879976)] + 9 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 6282.2/0.0 5399.5/0.0 1.8/0.0][PLAIN TEXT (Endian)] 10 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( EFEOEEEJEBEOCNFAEDCACACACACACA)] 11 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/TLS][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/upnp.pcap.out b/tests/result/upnp.pcap.out index 1b278b4c9..04c64d0da 100644 --- a/tests/result/upnp.pcap.out +++ b/tests/result/upnp.pcap.out @@ -1,4 +1,4 @@ UPnP 14 9912 2 - 1 UDP [fe80::3441:3d24:6d30:a807]:58932 -> [ff02::c]:3702 [proto: 153/UPnP][cat: Network/14][7 pkts/5026 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 938.5/-nan 751.7/0.0 2.1/0.0][PLAIN TEXT (xml version)] - 2 UDP 192.168.61.66:58931 -> 239.255.255.250:3702 [proto: 153/UPnP][cat: Network/14][7 pkts/4886 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1107.3/-nan 740.1/0.0 2.2/0.0][PLAIN TEXT (xml version)] + 1 UDP [fe80::3441:3d24:6d30:a807]:58932 -> [ff02::c]:3702 [proto: 153/UPnP][cat: Network/14][7 pkts/5026 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 938.5/0.0 751.7/0.0 2.1/0.0][PLAIN TEXT (xml version)] + 2 UDP 192.168.61.66:58931 -> 239.255.255.250:3702 [proto: 153/UPnP][cat: Network/14][7 pkts/4886 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1107.3/0.0 740.1/0.0 2.2/0.0][PLAIN TEXT (xml version)] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 0dfe21703..765bdf9fc 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -17,7 +17,7 @@ JA3 Host Stats: 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c avg/stddev/entropy: 340.8/336.0 530.3/534.0 2.2/2.2][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][bytes ratio: -0.837 (Download)][IAT c2s/s2c avg/stddev/entropy: 122.9/117.3 168.2/143.3 2.4/2.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][bytes ratio: 0.305 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1269.2/704.2 2670.2/1359.1 3.7/3.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4567.2/-nan 6643.7/0.0 3.6/0.0][PLAIN TEXT (REGISTER sip)] + 8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4567.2/0.0 6643.7/0.0 3.6/0.0][PLAIN TEXT (REGISTER sip)] 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 762.9/372.6 1576.3/714.1 2.9/2.6][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][server: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][bytes ratio: -0.585 (Download)][IAT c2s/s2c avg/stddev/entropy: 2744.3/508.0 8586.6/1382.1 0.8/1.1][TLSv1][client: api.crittercism.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][server: *.crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][bytes ratio: -0.663 (Download)][IAT c2s/s2c avg/stddev/entropy: 494.4/409.3 687.0/417.8 1.8/2.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index fb8aa97e0..208d13174 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -49,39 +49,39 @@ JA3 Host Stats: 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c avg/stddev/entropy: 2282.0/3371.3 5998.6/7255.9 0.5/0.2][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c avg/stddev/entropy: 1329.6/1933.8 3238.9/4008.1 0.8/0.4][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][9 pkts/966 bytes <-> 6 pkts/3571 bytes][bytes ratio: -0.574 (Download)][IAT c2s/s2c avg/stddev/entropy: 1442.0/2236.8 3248.1/4093.7 0.8/0.4][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 32 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/4488 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 91043.2/-nan 521942.5/0.0 0.8/0.0][PLAIN TEXT (googlecast)] + 32 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/4488 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 91043.2/0.0 521942.5/0.0 0.8/0.0][PLAIN TEXT (googlecast)] 33 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com][bytes ratio: 0.025 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 24.0/16.0 24.3/19.2 1.0/0.8][PLAIN TEXT (ssl.gstatic.com)] - 34 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/3608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 91043.3/-nan 521942.7/0.0 0.8/0.0][PLAIN TEXT (googlecast)] + 34 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/3608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 91043.3/0.0 521942.7/0.0 0.8/0.0][PLAIN TEXT (googlecast)] 35 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][2 pkts/2508 bytes -> 0 pkts/0 bytes][PLAIN TEXT (G@aRkU)] - 36 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1428 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 9467.5/-nan 20526.0/0.0 1.5/0.0][PLAIN TEXT (googlecast)] + 36 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1428 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 9467.5/0.0 20526.0/0.0 1.5/0.0][PLAIN TEXT (googlecast)] 37 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][cat: Web/5][10 pkts/660 bytes <-> 10 pkts/660 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 60080.4/60080.6 42471.2/42471.5 2.9/2.9] - 38 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1148 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 9467.5/-nan 20525.4/0.0 1.5/0.0][PLAIN TEXT (googlecast)] + 38 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1148 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 9467.5/0.0 20525.4/0.0 1.5/0.0][PLAIN TEXT (googlecast)] 39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][13 pkts/866 bytes <-> 4 pkts/280 bytes][bytes ratio: 0.511 (Upload)][IAT c2s/s2c avg/stddev/entropy: 11742.4/22335.7 13457.3/17973.3 2.7/1.0] 40 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/TLS.Google][cat: Web/5][3 pkts/1078 bytes -> 0 pkts/0 bytes] 41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][3 pkts/802 bytes <-> 3 pkts/198 bytes][bytes ratio: 0.604 (Upload)][IAT c2s/s2c avg/stddev/entropy: 8102.0/7947.0 1540.0/1732.0 1.0/1.0] - 42 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][9 pkts/828 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 179.1/-nan 312.7/0.0 1.0/0.0][PLAIN TEXT ( EMECEKEBENFHFAFEFIFKCACACACACA)] - 43 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][15 pkts/810 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 269284.4/-nan 866514.6/0.0 0.6/0.0] + 42 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][9 pkts/828 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 179.1/0.0 312.7/0.0 1.0/0.0][PLAIN TEXT ( EMECEKEBENFHFAFEFIFKCACACACACA)] + 43 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][15 pkts/810 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 269284.4/0.0 866514.6/0.0 0.6/0.0] 44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][3 pkts/751 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( EHEJEPFGEBEOEOEJ)] 45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 4 pkts/280 bytes][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 5596.8/7454.3 8509.2/9102.8 0.6/0.5] 46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 4 pkts/280 bytes][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 13774.2/18366.0 13761.8/13233.5 1.1/1.1] 47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][cat: Chat/9][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] - 48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12545.5/-nan 26898.2/0.0 1.0/0.0] - 49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12622.4/-nan 26533.7/0.0 1.0/0.0] - 50 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 13105.6/-nan 27702.9/0.0 1.0/0.0] - 51 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12574.2/-nan 26588.9/0.0 1.0/0.0] - 52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 13027.5/-nan 27319.6/0.0 1.0/0.0] - 53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12398.5/-nan 26558.4/0.0 1.0/0.0][PLAIN TEXT (PLTbOhOof)] + 48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12545.5/0.0 26898.2/0.0 1.0/0.0] + 49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12622.4/0.0 26533.7/0.0 1.0/0.0] + 50 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 13105.6/0.0 27702.9/0.0 1.0/0.0] + 51 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12574.2/0.0 26588.9/0.0 1.0/0.0] + 52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 13027.5/0.0 27319.6/0.0 1.0/0.0] + 53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12398.5/0.0 26558.4/0.0 1.0/0.0][PLAIN TEXT (PLTbOhOof)] 54 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][cat: Web/5][4 pkts/264 bytes <-> 4 pkts/319 bytes][bytes ratio: -0.094 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 4910.0/4909.0 6943.8/6914.8 0.0/0.0][PLAIN TEXT (lMRov.)] 55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 3 pkts/214 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2959.8/5755.0 4044.7/4506.0 0.8/0.5] 56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 3 pkts/214 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c avg/stddev/entropy: 2890.5/5643.0 3943.5/4303.0 0.8/0.5] - 57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12971.6/-nan 28714.1/0.0 0.6/0.0] - 58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 13502.0/-nan 29594.4/0.0 0.6/0.0] + 57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12971.6/0.0 28714.1/0.0 0.6/0.0] + 58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 13502.0/0.0 29594.4/0.0 0.6/0.0] 59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/TLS][cat: Web/5][5 pkts/290 bytes <-> 4 pkts/234 bytes][bytes ratio: 0.107 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 11760.5/15554.7 19226.1/21078.8 0.3/0.2] 60 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/TLS.Google][cat: Web/5][3 pkts/198 bytes <-> 4 pkts/319 bytes][bytes ratio: -0.234 (Download)][IAT c2s/s2c avg/stddev/entropy: 7363.0/4909.0 7363.0/6914.1 0.0/0.0] 61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/TLS][cat: Web/5][4 pkts/216 bytes <-> 4 pkts/253 bytes][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 6762.7/6763.3 9355.0/9107.7 0.1/0.2] 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com][PLAIN TEXT (wechat)] 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/TLS.Google][cat: Web/5][3 pkts/198 bytes <-> 3 pkts/198 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 45055.5/45055.0 0.5/1.0 1.0/1.0] - 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][6 pkts/396 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 18483.4/-nan 33566.2/0.0 0.5/0.0] + 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][6 pkts/396 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 18483.4/0.0 33566.2/0.0 0.5/0.0] 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com][PLAIN TEXT (safebrowsing)] 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][3 pkts/206 bytes <-> 2 pkts/148 bytes] 67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (iPhonediMonica)] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index e4ac77454..cde8bfba1 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -25,13 +25,13 @@ JA3 Host Stats: 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][bytes ratio: 0.271 (Upload)][IAT c2s/s2c avg/stddev/entropy: 58.5/50.1 96.9/86.1 2.2/2.1][TLSv1.2][client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][cat: Cloud/13][11 pkts/4732 bytes <-> 11 pkts/1194 bytes][bytes ratio: 0.597 (Upload)][IAT c2s/s2c avg/stddev/entropy: 12518.4/12519.7 30245.8/30246.0 0.8/0.8][PLAIN TEXT (yfV.nY)] 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 87/RTP][cat: Media/1][12 pkts/2341 bytes <-> 12 pkts/2484 bytes][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 2652.5/1821.0 5702.0/5214.6 1.2/0.6] - 9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 6659.6/-nan 2879.9/0.0 3.0/0.0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46] + 9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 6659.6/0.0 2879.9/0.0 3.0/0.0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46] 10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 87/RTP][cat: Media/1][9 pkts/1842 bytes <-> 11 pkts/1151 bytes][bytes ratio: 0.231 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1790.6/713.6 2740.8/1919.9 1.5/0.6] 11 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/2176 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 3375359593)] 12 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][cat: Web/5][9 pkts/1130 bytes <-> 8 pkts/868 bytes][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c avg/stddev/entropy: 116.9/111.0 106.0/50.4 2.3/2.7] - 13 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][cat: Network/14][15 pkts/1290 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 631.7/-nan 12.9/0.0 3.8/0.0] - 14 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][cat: Network/14][12 pkts/1032 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 631.1/-nan 5.5/0.0 3.5/0.0] - 15 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][cat: Network/14][10 pkts/700 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4794.7/-nan 13366.1/0.0 0.1/0.0] + 13 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][cat: Network/14][15 pkts/1290 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 631.7/0.0 12.9/0.0 3.8/0.0] + 14 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][cat: Network/14][12 pkts/1032 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 631.1/0.0 5.5/0.0 3.5/0.0] + 15 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][cat: Network/14][10 pkts/700 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4794.7/0.0 13366.1/0.0 0.1/0.0] 16 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] 18 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 1410ac1f3..c665d8797 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -8,8 +8,8 @@ ApplePush 6 2095 1 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][24 pkts/15117 bytes <-> 20 pkts/6254 bytes][bytes ratio: 0.415 (Upload)][IAT c2s/s2c avg/stddev/entropy: 169.0/194.5 568.4/671.9 1.5/1.1] 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes][bytes ratio: 0.211 (Upload)][IAT c2s/s2c avg/stddev/entropy: 1231.8/1623.2 2819.0/3176.1 1.9/1.8][PLAIN TEXT (iPhone)] - 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/2095 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4000.2/-nan 3475.6/0.0 1.8/0.0] - 4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5058.0/-nan 2765.5/0.0 2.1/0.0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46] + 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/2095 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 4000.2/0.0 3475.6/0.0 1.8/0.0] + 4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c avg/stddev/entropy: 5058.0/0.0 2765.5/0.0 2.1/0.0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46] 5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 3375359593)] 6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net][PLAIN TEXT (whatsapp)] 7 UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/111 bytes -> 0 pkts/0 bytes][PLAIN TEXT (airplay)] |