diff options
| -rw-r--r-- | src/lib/protocols/tls.c | 18 | ||||
| -rw-r--r-- | tests/pcap/dtls_mid_sessions.pcapng | bin | 0 -> 40988 bytes | |||
| -rw-r--r-- | tests/pcap/dtls_old_version.pcapng | bin | 0 -> 1488 bytes | |||
| -rw-r--r-- | tests/result/anyconnect-vpn.pcap.out | 149 | ||||
| -rw-r--r-- | tests/result/dtls_mid_sessions.pcapng.out | 11 | ||||
| -rw-r--r-- | tests/result/dtls_old_version.pcapng.out | 13 |
6 files changed, 113 insertions, 78 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 326b13434..9a1fa713c 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1108,9 +1108,10 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t block_len; const u_int8_t *block = (const u_int8_t *)&p[processed]; - if((block[0] != 0x16 && block[0] != 0x14) || /* Handshake, change-cipher-spec */ - (block[1] != 0xfe) || /* We ignore old DTLS versions */ - ((block[2] != 0xff) && (block[2] != 0xfd))) { + if((block[0] != 0x16 && block[0] != 0x14 && block[0] != 0x17) || /* Handshake, change-cipher-spec, Application-Data */ + !((block[1] == 0xfe && block[2] == 0xff) || + (block[1] == 0xfe && block[2] == 0xfd) || + (block[1] == 0x01 && block[2] == 0x00))) { #ifdef DEBUG_TLS printf("[TLS] DTLS invalid block 0x%x or old version 0x%x-0x%x-0x%x\n", block[0], block[1], block[2], block[3]); @@ -1154,7 +1155,7 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, packet->payload_packet_len = block_len; processTLSBlock(ndpi_struct, flow); } - } else { + } else if(block[0] == 0x14) { /* Change-cipher-spec: any subsequent block might be encrypted */ #ifdef DEBUG_TLS printf("[TLS] Change-cipher-spec\n"); @@ -1162,6 +1163,15 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, change_cipher_found = 1; processed += block_len + 13; break; + } else { +#ifdef DEBUG_TLS + printf("[TLS] Appllication Data\n"); +#endif + processed += block_len + 13; + /* DTLS mid session: no need to further inspect the flow */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DTLS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + flow->l4.tcp.tls.certificate_processed = 1; /* Fake, to avoid extra dissection */ + break; } processed += block_len + 13; diff --git a/tests/pcap/dtls_mid_sessions.pcapng b/tests/pcap/dtls_mid_sessions.pcapng Binary files differnew file mode 100644 index 000000000..e4084f36a --- /dev/null +++ b/tests/pcap/dtls_mid_sessions.pcapng diff --git a/tests/pcap/dtls_old_version.pcapng b/tests/pcap/dtls_old_version.pcapng Binary files differnew file mode 100644 index 000000000..121ea7ccc --- /dev/null +++ b/tests/pcap/dtls_old_version.pcapng diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index f1fff6009..0f46924aa 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -1,19 +1,20 @@ -Guessed flow protos: 20 +Guessed flow protos: 19 DPI Packets (TCP): 206 (9.36 pkts/flow) DPI Packets (UDP): 109 (2.95 pkts/flow) DPI Packets (other): 10 (1.00 pkts/flow) -Confidence Unknown : 3 (flows) +Confidence Unknown : 2 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) -Confidence DPI : 60 (flows) +Confidence DPI : 61 (flows) -Unknown 2460 893551 3 +Unknown 19 1054 2 DNS 32 3655 16 HTTP 50 11137 5 MDNS 24 4279 4 NetBIOS 15 1542 1 SSDP 15 5625 9 +DTLS 2441 892497 1 ICMP 2 126 2 IGMP 8 378 6 TLS 281 82549 7 @@ -29,78 +30,78 @@ GoogleCloud 4 334 1 JA3 Host Stats: IP Address # JA3C - 1 10.0.0.227 4 + 1 10.0.0.227 5 - 1 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][Goodput ratio: 65/84][21.89 sec][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/11 97/138 21/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189/425 1514/1514 246/579][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No client to server traffic / No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,4,2,21,31,0,2,6,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,21,0,0] - 2 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][ALPN: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **][Risk Score: 150][Risk Info: No client to server traffic / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] - 3 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 160][Risk Info: No client to server traffic / No ALPN / 29/Aug/2019 00:12:40 - 08/Oct/2019 00:12:40][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0] - 4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][ALPN: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **][Risk Score: 150][Risk Info: No client to server traffic / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] - 5 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][Encrypted][Confidence: DPI][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][ALPN: h2;http/1.1][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TLSv1.2][JA3C: d8dc5f8940df366b3a58b935569143e8][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: ConnCheck/30][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][ClearText][Confidence: DPI][cat: Network/14][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP Address **][Risk Score: 60][Risk Info: No client to server traffic / Found host 10.0.0.151][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: ConnCheck/30][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 161.7/CiscoVPN.HTTP][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 0][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: No client to server traffic / Found host 10.0.0.149][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0] - 12 UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91.265/TLS.AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][21.75 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340/2605 9634/9670 4130/3611][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 10.0.0.227:56915 <-> 52.37.243.173:443 [proto: 91.265/TLS.AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][22.76 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 3340/3011 10636/10673 4210/3967][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 UDP 10.0.0.151:1900 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][4 pkts/1412 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][2.86 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 10.0.0.227:56881 <-> 162.222.43.153:443 [proto: 91/TLS][Encrypted][Confidence: Match by port][cat: Web/5][6 pkts/762 bytes <-> 6 pkts/396 bytes][Goodput ratio: 48/0][0.05 sec][bytes ratio: 0.316 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 82/66 127/66 292/66 75/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 50,33,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 10.0.0.227:57547 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][Hostname/SNI: 239.255.255.250:1900][User-Agent: Google Chrome/77.0.3865.90 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 UDP 10.0.0.149:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][4 pkts/655 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.00 sec][Hostname/SNI: _googlezone._tcp.local][_googlezone._tcp.local][PLAIN TEXT (googlezone)][Plen Bins: 0,25,25,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 10.0.0.149:38616 -> 10.0.0.227:61328 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 UDP 10.0.0.149:48166 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 10.0.0.149:49816 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 UDP 10.0.0.149:50081 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 UDP 10.0.0.149:51382 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][12.10 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP 10.0.0.227:56879 <-> 52.10.115.210:443 [proto: 91.265/TLS.AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][4 pkts/342 bytes <-> 2 pkts/202 bytes][Goodput ratio: 23/34][0.61 sec][bytes ratio: 0.257 (Upload)][IAT c2s/s2c min/avg/max/stddev: 33/574 203/574 541/574 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/101 86/101 105/101 20/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Hostname/SNI: 1-courier.sandbox.push.apple.com][17.188.138.71][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 10.0.0.227:56916 -> 10.0.0.151:8009 [proto: 139/AJP][ClearText][Confidence: Match by port][cat: Web/5][5 pkts/390 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 91.140/TLS.Apple][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0/28][0.02 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 UDP 10.0.0.151:1900 -> 10.0.0.227:61328 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 10.0.0.227:56910 <-> 35.201.124.9:443 [proto: 91.284/TLS.GoogleCloud][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/170 bytes <-> 2 pkts/164 bytes][Goodput ratio: 22/19][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 UDP 10.0.0.227:62427 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: ConnCheck/30][1 pkts/84 bytes <-> 1 pkts/242 bytes][Goodput ratio: 49/82][0.02 sec][Hostname/SNI: detectportal.firefox.com][184.25.56.82][PLAIN TEXT (detectportal)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 UDP 10.0.0.227:58074 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/230 bytes][Goodput ratio: 43/81][0.01 sec][Hostname/SNI: www.outlook.com][40.97.222.34][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 UDP 10.0.0.227:60341 <-> 75.75.75.75:53 [proto: 5.140/DNS.Apple][ClearText][Confidence: DPI][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/224 bytes][Goodput ratio: 42/81][0.01 sec][Hostname/SNI: www.apple.com][184.27.115.161][PLAIN TEXT (edgekey)][Plen Bins: 50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 10.0.0.227:64193 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/85 bytes <-> 1 pkts/192 bytes][Goodput ratio: 50/78][0.02 sec][Hostname/SNI: 24-courier.push.apple.com][17.57.144.20][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 UDP 10.0.0.227:51060 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/84 bytes <-> 1 pkts/190 bytes][Goodput ratio: 49/77][0.02 sec][Hostname/SNI: 1-courier.push.apple.com][17.57.144.116][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 UDP 10.0.0.227:52879 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54/75][0.02 sec][Hostname/SNI: vcacrashplan01.hq.corp.viasat.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (cacrashplan)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 UDP 10.0.0.227:57261 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54/75][0.02 sec][Hostname/SNI: vcacrashplan01.hq.corp.viasat.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (cacrashplan)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 UDP 10.0.0.227:61387 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/163 bytes][Goodput ratio: 48/74][0.03 sec][Hostname/SNI: vco.pandion.viasat.com][::][PLAIN TEXT (pandion)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 UDP 10.0.0.227:62322 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/163 bytes][Goodput ratio: 48/74][0.05 sec][Hostname/SNI: vco.pandion.viasat.com][::][PLAIN TEXT (pandion)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 UDP 10.0.0.227:57017 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/145 bytes][Goodput ratio: 54/71][0.02 sec][Hostname/SNI: lp-rkerur-osx.hsd1.ca.comcast.net][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (RKERUR)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 UDP 10.0.0.227:59222 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/145 bytes][Goodput ratio: 54/71][0.02 sec][Hostname/SNI: lp-rkerur-osx.hsd1.ca.comcast.net][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (RKERUR)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 UDP 10.0.0.227:54851 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/157 bytes][Goodput ratio: 44/73][0.05 sec][Hostname/SNI: print.viasat.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (viasat)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 UDP 10.0.0.227:61328 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][User-Agent: Google Chrome/77.0.3865.90 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 UDP 10.0.0.227:63107 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 35/70][0.03 sec][Hostname/SNI: local][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (servers)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 UDP 10.0.0.227:64972 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/101 bytes][Goodput ratio: 58/58][0.02 sec][Hostname/SNI: lb._dns-sd._udp.0.128.28.172.in-addr.arpa][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP 10.0.0.227:56865 <-> 10.0.0.149:8008 [proto: 161/CiscoVPN][Encrypted][Confidence: Match by port][cat: VPN/2][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 10.0.0.227:56885 <-> 184.25.56.53:80 [proto: 7/HTTP][ClearText][Confidence: Match by port][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 UDP 10.0.0.227:61613 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/97 bytes][Goodput ratio: 56/56][0.02 sec][Hostname/SNI: lb._dns-sd._udp.0.0.0.10.in-addr.arpa][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 UDP 10.0.0.227:49781 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/117 bytes][Goodput ratio: 39/64][0.02 sec][Hostname/SNI: apple.com][17.178.96.59][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 UDP 10.0.0.227:52879 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.04 sec][Hostname/SNI: vco.pandion.viasat.com][8.37.102.91][PLAIN TEXT (pandion)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 ICMPV6 [fe80::408:3e45:3abc:1552]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][Confidence: DPI][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][1.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 UDP 10.0.0.227:51990 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/91 bytes][Goodput ratio: 43/53][0.04 sec][Hostname/SNI: mail.viasat.com][8.37.103.196][PLAIN TEXT (viasat)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 UDP 10.0.0.227:57253 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.02 sec][Hostname/SNI: mozilla.org][63.245.208.195][PLAIN TEXT (mozilla)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 UDP 10.0.0.227:58155 <-> 75.75.76.76:53 [proto: 5.118/DNS.Slack][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 39/50][0.03 sec][Hostname/SNI: slack.com][99.86.34.156][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 58 TCP 10.0.0.227:56874 <-> 74.125.197.188:443 [proto: 91.126/TLS.Google][Encrypted][Confidence: Match by IP][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 IGMP 10.0.0.213:0 -> 224.0.0.2:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][13.31 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 IGMP 10.0.0.213:0 -> 224.0.0.251:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][13.31 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 ICMP 10.0.0.227:0 -> 75.75.76.76:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 62 ICMP 10.0.0.1:0 -> 224.0.0.1:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 14/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 63 IGMP 10.0.0.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 64 IGMP 10.0.0.149:0 -> 224.0.0.251:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 65 IGMP 10.0.0.149:0 -> 239.255.3.22:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 66 IGMP 10.0.0.149:0 -> 239.255.255.250:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 30/DTLS][Encrypted][Confidence: DPI][cat: Web/5][1413 pkts/395331 bytes <-> 1028 pkts/497166 bytes][Goodput ratio: 85/91][20.52 sec][bytes ratio: -0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/13 669/953 35/48][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 280/484 1511/1511 283/514][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: No server to client traffic / TLS (0100)][TLS (0100)][JA3C: ee2a8029d94a1e0f64493aac044a9a9e][JA3S: cee68a158056f16c2d1b274dde4e2ec3][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (m@GOC.)][Plen Bins: 0,0,10,45,17,5,7,1,1,2,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + 2 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][Goodput ratio: 65/84][21.89 sec][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/11 97/138 21/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189/425 1514/1514 246/579][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No client to server traffic / No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,4,2,21,31,0,2,6,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,21,0,0] + 3 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][ALPN: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **][Risk Score: 150][Risk Info: No client to server traffic / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] + 4 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 160][Risk Info: No client to server traffic / No ALPN / 29/Aug/2019 00:12:40 - 08/Oct/2019 00:12:40][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0] + 5 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][ALPN: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **][Risk Score: 150][Risk Info: No client to server traffic / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] + 6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][Encrypted][Confidence: DPI][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][ALPN: h2;http/1.1][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TLSv1.2][JA3C: d8dc5f8940df366b3a58b935569143e8][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: ConnCheck/30][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][ClearText][Confidence: DPI][cat: Network/14][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP Address **][Risk Score: 60][Risk Info: No client to server traffic / Found host 10.0.0.151][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: ConnCheck/30][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 161.7/CiscoVPN.HTTP][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 0][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: No client to server traffic / Found host 10.0.0.149][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0] + 13 UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91.265/TLS.AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][21.75 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340/2605 9634/9670 4130/3611][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 10.0.0.227:56915 <-> 52.37.243.173:443 [proto: 91.265/TLS.AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][22.76 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 3340/3011 10636/10673 4210/3967][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 10.0.0.151:1900 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][4 pkts/1412 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][2.86 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 10.0.0.227:56881 <-> 162.222.43.153:443 [proto: 91/TLS][Encrypted][Confidence: Match by port][cat: Web/5][6 pkts/762 bytes <-> 6 pkts/396 bytes][Goodput ratio: 48/0][0.05 sec][bytes ratio: 0.316 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 82/66 127/66 292/66 75/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 50,33,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 10.0.0.227:57547 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][Hostname/SNI: 239.255.255.250:1900][User-Agent: Google Chrome/77.0.3865.90 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 10.0.0.149:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][4 pkts/655 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.00 sec][Hostname/SNI: _googlezone._tcp.local][_googlezone._tcp.local][PLAIN TEXT (googlezone)][Plen Bins: 0,25,25,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 10.0.0.149:38616 -> 10.0.0.227:61328 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 10.0.0.149:48166 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 UDP 10.0.0.149:49816 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 10.0.0.149:50081 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 10.0.0.149:51382 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][12.10 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP 10.0.0.227:56879 <-> 52.10.115.210:443 [proto: 91.265/TLS.AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][4 pkts/342 bytes <-> 2 pkts/202 bytes][Goodput ratio: 23/34][0.61 sec][bytes ratio: 0.257 (Upload)][IAT c2s/s2c min/avg/max/stddev: 33/574 203/574 541/574 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/101 86/101 105/101 20/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Hostname/SNI: 1-courier.sandbox.push.apple.com][17.188.138.71][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 10.0.0.227:56916 -> 10.0.0.151:8009 [proto: 139/AJP][ClearText][Confidence: Match by port][cat: Web/5][5 pkts/390 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 91.140/TLS.Apple][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0/28][0.02 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 UDP 10.0.0.151:1900 -> 10.0.0.227:61328 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 10.0.0.227:56910 <-> 35.201.124.9:443 [proto: 91.284/TLS.GoogleCloud][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/170 bytes <-> 2 pkts/164 bytes][Goodput ratio: 22/19][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 UDP 10.0.0.227:62427 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: ConnCheck/30][1 pkts/84 bytes <-> 1 pkts/242 bytes][Goodput ratio: 49/82][0.02 sec][Hostname/SNI: detectportal.firefox.com][184.25.56.82][PLAIN TEXT (detectportal)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 UDP 10.0.0.227:58074 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/230 bytes][Goodput ratio: 43/81][0.01 sec][Hostname/SNI: www.outlook.com][40.97.222.34][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 10.0.0.227:60341 <-> 75.75.75.75:53 [proto: 5.140/DNS.Apple][ClearText][Confidence: DPI][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/224 bytes][Goodput ratio: 42/81][0.01 sec][Hostname/SNI: www.apple.com][184.27.115.161][PLAIN TEXT (edgekey)][Plen Bins: 50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 UDP 10.0.0.227:64193 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/85 bytes <-> 1 pkts/192 bytes][Goodput ratio: 50/78][0.02 sec][Hostname/SNI: 24-courier.push.apple.com][17.57.144.20][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 UDP 10.0.0.227:51060 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/84 bytes <-> 1 pkts/190 bytes][Goodput ratio: 49/77][0.02 sec][Hostname/SNI: 1-courier.push.apple.com][17.57.144.116][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 UDP 10.0.0.227:52879 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54/75][0.02 sec][Hostname/SNI: vcacrashplan01.hq.corp.viasat.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (cacrashplan)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 UDP 10.0.0.227:57261 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54/75][0.02 sec][Hostname/SNI: vcacrashplan01.hq.corp.viasat.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (cacrashplan)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 UDP 10.0.0.227:61387 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/163 bytes][Goodput ratio: 48/74][0.03 sec][Hostname/SNI: vco.pandion.viasat.com][::][PLAIN TEXT (pandion)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 UDP 10.0.0.227:62322 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/163 bytes][Goodput ratio: 48/74][0.05 sec][Hostname/SNI: vco.pandion.viasat.com][::][PLAIN TEXT (pandion)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 UDP 10.0.0.227:57017 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/145 bytes][Goodput ratio: 54/71][0.02 sec][Hostname/SNI: lp-rkerur-osx.hsd1.ca.comcast.net][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (RKERUR)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 10.0.0.227:59222 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/145 bytes][Goodput ratio: 54/71][0.02 sec][Hostname/SNI: lp-rkerur-osx.hsd1.ca.comcast.net][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (RKERUR)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 UDP 10.0.0.227:54851 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/157 bytes][Goodput ratio: 44/73][0.05 sec][Hostname/SNI: print.viasat.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (viasat)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 UDP 10.0.0.227:61328 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][User-Agent: Google Chrome/77.0.3865.90 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 UDP 10.0.0.227:63107 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 35/70][0.03 sec][Hostname/SNI: local][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][PLAIN TEXT (servers)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 UDP 10.0.0.227:64972 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/101 bytes][Goodput ratio: 58/58][0.02 sec][Hostname/SNI: lb._dns-sd._udp.0.128.28.172.in-addr.arpa][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 10.0.0.227:56865 <-> 10.0.0.149:8008 [proto: 161/CiscoVPN][Encrypted][Confidence: Match by port][cat: VPN/2][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 10.0.0.227:56885 <-> 184.25.56.53:80 [proto: 7/HTTP][ClearText][Confidence: Match by port][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 UDP 10.0.0.227:61613 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/97 bytes][Goodput ratio: 56/56][0.02 sec][Hostname/SNI: lb._dns-sd._udp.0.0.0.10.in-addr.arpa][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: No server to client traffic / DNS Error Code 3][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 UDP 10.0.0.227:49781 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/117 bytes][Goodput ratio: 39/64][0.02 sec][Hostname/SNI: apple.com][17.178.96.59][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 UDP 10.0.0.227:52879 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.04 sec][Hostname/SNI: vco.pandion.viasat.com][8.37.102.91][PLAIN TEXT (pandion)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 ICMPV6 [fe80::408:3e45:3abc:1552]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][Confidence: DPI][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][1.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 UDP 10.0.0.227:51990 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/91 bytes][Goodput ratio: 43/53][0.04 sec][Hostname/SNI: mail.viasat.com][8.37.103.196][PLAIN TEXT (viasat)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 UDP 10.0.0.227:57253 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.02 sec][Hostname/SNI: mozilla.org][63.245.208.195][PLAIN TEXT (mozilla)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 58 UDP 10.0.0.227:58155 <-> 75.75.76.76:53 [proto: 5.118/DNS.Slack][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 39/50][0.03 sec][Hostname/SNI: slack.com][99.86.34.156][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 TCP 10.0.0.227:56874 <-> 74.125.197.188:443 [proto: 91.126/TLS.Google][Encrypted][Confidence: Match by IP][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 IGMP 10.0.0.213:0 -> 224.0.0.2:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][13.31 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 IGMP 10.0.0.213:0 -> 224.0.0.251:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][13.31 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 ICMP 10.0.0.227:0 -> 75.75.76.76:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 ICMP 10.0.0.1:0 -> 224.0.0.1:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 14/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 IGMP 10.0.0.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 IGMP 10.0.0.149:0 -> 224.0.0.251:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 66 IGMP 10.0.0.149:0 -> 239.255.3.22:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 IGMP 10.0.0.149:0 -> 239.255.255.250:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: - 1 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 0/Unknown][ClearText][Confidence: Unknown][1413 pkts/395331 bytes <-> 1028 pkts/497166 bytes][Goodput ratio: 85/91][20.52 sec][bytes ratio: -0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/13 669/953 35/48][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 280/484 1511/1511 283/514][PLAIN TEXT (m@GOC.)][Plen Bins: 0,0,10,41,16,5,7,1,1,2,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] - 2 TCP 10.0.0.227:56866 -> 10.0.0.151:8060 [proto: 0/Unknown][ClearText][Confidence: Unknown][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][21.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 311/0 2655/0 6845/0 2564/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 10.0.0.227:52595 -> 10.0.0.1:192 [proto: 0/Unknown][ClearText][Confidence: Unknown][10 pkts/460 bytes -> 0 pkts/0 bytes][Goodput ratio: 9/0][17.54 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 503/0 1948/0 5506/0 2007/0][Pkt Len c2s/s2c min/avg/max/stddev: 46/0 46/0 46/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 10.0.0.227:56866 -> 10.0.0.151:8060 [proto: 0/Unknown][ClearText][Confidence: Unknown][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][21.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 311/0 2655/0 6845/0 2564/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 10.0.0.227:52595 -> 10.0.0.1:192 [proto: 0/Unknown][ClearText][Confidence: Unknown][10 pkts/460 bytes -> 0 pkts/0 bytes][Goodput ratio: 9/0][17.54 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 503/0 1948/0 5506/0 2007/0][Pkt Len c2s/s2c min/avg/max/stddev: 46/0 46/0 46/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dtls_mid_sessions.pcapng.out b/tests/result/dtls_mid_sessions.pcapng.out new file mode 100644 index 000000000..2906cd226 --- /dev/null +++ b/tests/result/dtls_mid_sessions.pcapng.out @@ -0,0 +1,11 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 4 (1.00 pkts/flow) +Confidence DPI : 4 (flows) + +DTLS 91 37868 4 + + 1 UDP 170.151.105.215:443 <-> 121.152.255.238:8460 [proto: 30/DTLS][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/16320 bytes <-> 13 pkts/2086 bytes][Goodput ratio: 96/74][0.55 sec][bytes ratio: 0.773 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/24 152/154 51/46][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 960/160 1495/352 623/62][Plen Bins: 0,0,44,6,3,0,3,0,3,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,30,0,0] + 2 UDP 170.151.105.215:443 <-> 72.102.179.218:62811 [proto: 30/DTLS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/6283 bytes <-> 17 pkts/3803 bytes][Goodput ratio: 91/81][3.28 sec][bytes ratio: 0.246 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 240/212 1725/941 499/287][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 483/224 1495/833 556/172][Plen Bins: 0,0,34,20,13,0,6,3,3,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] + 3 UDP 135.215.56.198:443 -> 124.73.140.89:61189 [proto: 30/DTLS][Encrypted][Confidence: DPI][cat: Web/5][30 pkts/9241 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.27 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/0 28/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 308/0 1381/0 280/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (q/SCmS.)][Plen Bins: 0,0,20,3,13,0,41,0,3,0,3,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0] + 4 UDP 53.214.238.65:53558 -> 199.186.151.155:443 [proto: 30/DTLS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/135 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dtls_old_version.pcapng.out b/tests/result/dtls_old_version.pcapng.out new file mode 100644 index 000000000..5c49a45ea --- /dev/null +++ b/tests/result/dtls_old_version.pcapng.out @@ -0,0 +1,13 @@ +Guessed flow protos: 1 + +DPI Packets (UDP): 7 (7.00 pkts/flow) +Confidence DPI : 1 (flows) + +DTLS 7 994 1 + +JA3 Host Stats: + IP Address # JA3C + 1 37.188.4.115 1 + + + 1 UDP 37.188.4.115:56453 <-> 70.66.6.128:443 [proto: 30/DTLS][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/584 bytes <-> 3 pkts/410 bytes][Goodput ratio: 71/69][7.22 sec][bytes ratio: 0.175 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1003/2008 2377/3064 4119/4119 1298/1055][Pkt Len c2s/s2c min/avg/max/stddev: 141/90 146/137 161/230 9/66][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: No server to client traffic / TLS (0100) / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLS (0100)][JA3C: be3660f0bdab46442f52b205919fee37][JA3S: 8f48e117ae3543615168a2b087cda528 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,57,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |