diff options
31 files changed, 271 insertions, 194 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index d0c46d43e..5998a37b5 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1096,19 +1096,30 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa } if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(flow->ssh_tls.ssl_version)); - if(flow->ssh_tls.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_tls.client_info); + if(flow->ssh_tls.client_info[0] != '\0') fprintf(out, "[Client: %s]", flow->ssh_tls.client_info); if(flow->ssh_tls.client_hassh[0] != '\0') fprintf(out, "[HASSH-C: %s]", flow->ssh_tls.client_hassh); if(flow->ssh_tls.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_tls.ja3_client, print_cipher(flow->ssh_tls.client_unsafe_cipher)); - if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_tls.server_info); + if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[Server: %s]", flow->ssh_tls.server_info); if(flow->ssh_tls.server_hassh[0] != '\0') fprintf(out, "[HASSH-S: %s]", flow->ssh_tls.server_hassh); if(flow->ssh_tls.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s%s]", flow->ssh_tls.ja3_server, print_cipher(flow->ssh_tls.server_unsafe_cipher)); - if(flow->ssh_tls.server_organization[0] != '\0') fprintf(out, "[organization: %s]", flow->ssh_tls.server_organization); - if(flow->ssh_tls.server_cipher != '\0') fprintf(out, "[Cipher: %s]", ndpi_cipher2str(flow->ssh_tls.server_cipher)); + if(flow->ssh_tls.server_organization[0] != '\0') fprintf(out, "[Organization: %s]", flow->ssh_tls.server_organization); + + if(flow->ssh_tls.notBefore && flow->ssh_tls.notAfter) { + char notBefore[32], notAfter[32]; + + ctime_r(&flow->ssh_tls.notBefore, notBefore); + notBefore[strlen(notBefore)-1] = '\0'; /* Remove trailer \n */ + ctime_r(&flow->ssh_tls.notAfter, notAfter); + notAfter[strlen(notAfter)-1] = '\0'; /* Remove trailer \n */ + + fprintf(out, "[Validity: %s - %s]", notBefore, notAfter); + } + if(flow->ssh_tls.server_cipher != '\0') fprintf(out, "[Cipher: %s]", ndpi_cipher2str(flow->ssh_tls.server_cipher)); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); if(flow->dhcp_fingerprint[0] != '\0') fprintf(out, "[DHCP Fingerprint: %s]", flow->dhcp_fingerprint); diff --git a/example/reader_util.c b/example/reader_util.c index c716d1766..9ec50486c 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -977,6 +977,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ndpi_flow->protos.stun_ssl.ssl.server_certificate); snprintf(flow->ssh_tls.server_organization, sizeof(flow->ssh_tls.server_organization), "%s", flow->ndpi_flow->protos.stun_ssl.ssl.server_organization); + flow->ssh_tls.notBefore = flow->ndpi_flow->protos.stun_ssl.ssl.notBefore; + flow->ssh_tls.notAfter = flow->ndpi_flow->protos.stun_ssl.ssl.notAfter; snprintf(flow->ssh_tls.ja3_client, sizeof(flow->ssh_tls.ja3_client), "%s", flow->ndpi_flow->protos.stun_ssl.ssl.ja3_client); snprintf(flow->ssh_tls.ja3_server, sizeof(flow->ssh_tls.ja3_server), "%s", diff --git a/example/reader_util.h b/example/reader_util.h index 0d3c2c9d9..95eac67e8 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -162,6 +162,7 @@ typedef struct ndpi_flow_info { client_hassh[33], server_hassh[33], server_organization[64], ja3_client[33], ja3_server[33]; + time_t notBefore, notAfter; u_int16_t server_cipher; ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; } ssh_tls; diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 192c0c63f..67341bcfe 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -301,6 +301,7 @@ void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_imo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 67b4bc035..163bdd053 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1173,6 +1173,7 @@ struct ndpi_flow_struct { struct { u_int16_t ssl_version; char client_certificate[64], server_certificate[64], server_organization[64]; + u_int32_t notBefore, notAfter; char ja3_client[33], ja3_server[33]; u_int16_t server_cipher; ndpi_cipher_weakness server_unsafe_cipher; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index ce78d9322..6245a7ce7 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -87,7 +87,7 @@ static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndp if((protocol != NDPI_PROTOCOL_TLS) && (protocol != NDPI_PROTOCOL_TLS_NO_CERT)) { ; } else - protocol = ndpi_tls_refine_master_protocol(ndpi_struct, flow, protocol); + protocol = ndpi_tls_refine_master_protocol(ndpi_struct, flow, protocol); ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_TLS); } @@ -193,7 +193,7 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, return(0); } } - + flow->protos.stun_ssl.ssl.ssl_version = pkt_tls_version; memset(&ja3, 0, sizeof(ja3)); @@ -225,7 +225,7 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, } total_len += header_len; - + memset(buffer, 0, buffer_len); /* Truncate total len, search at least in incomplete packet */ @@ -235,11 +235,11 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, /* At least "magic" 3 bytes, null for string end, otherwise no need to waste cpu cycles */ if(total_len > 4) { u_int16_t base_offset = packet->tcp ? 43 : 59; - + #ifdef DEBUG_TLS printf("SSL [len: %u][handshake_protocol: %02X]\n", packet->payload_packet_len, handshake_protocol); #endif - + if((handshake_protocol == 0x02) || (handshake_protocol == 0x0b) /* Server Hello and Certificate message types are interesting for us */) { u_int num_found = 0; @@ -249,7 +249,7 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, tls_version = ntohs(*((u_int16_t*)&packet->payload[header_len+4])); else tls_version = ntohs(*((u_int16_t*)&packet->payload[header_len+12])); - + ja3.tls_version = tls_version; if(handshake_protocol == 0x02) { @@ -260,8 +260,8 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, printf("SSL Server Hello [version: 0x%04X]\n", tls_version); #endif - /* - The server hello decides about the SSL version of this flow + /* + The server hello decides about the SSL version of this flow https://networkengineering.stackexchange.com/questions/55752/why-does-wireshark-show-version-tls-1-2-here-instead-of-tls-1-3 */ flow->protos.stun_ssl.ssl.ssl_version = tls_version; @@ -272,7 +272,7 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, if(tls_version < 0x7F15 /* TLS 1.3 lacks of session id */) offset += session_id_len+1; } - + ja3.num_cipher = 1, ja3.cipher[0] = ntohs(*((u_int16_t*)&packet->payload[offset])); flow->protos.stun_ssl.ssl.server_unsafe_cipher = ndpi_is_safe_ssl_cipher(ja3.cipher[0]); flow->protos.stun_ssl.ssl.server_cipher = ja3.cipher[0]; @@ -408,13 +408,13 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, if(packet->tcp) tls_version = ntohs(*((u_int16_t*)&packet->payload[header_len+4])); - else + else tls_version = ntohs(*((u_int16_t*)&packet->payload[header_len+12])); - + session_id_len = packet->payload[base_offset]; - + ja3.tls_version = tls_version; - + if((session_id_len+base_offset+2) <= total_len) { u_int16_t cipher_len, cipher_offset; @@ -425,7 +425,7 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, cipher_len = ntohs(*((u_int16_t*)&packet->payload[base_offset+2])); cipher_offset = base_offset+4; } - + #ifdef DEBUG_TLS printf("Client SSL [client cipher_len: %u][tls_version: 0x%04X]\n", cipher_len, tls_version); #endif @@ -537,7 +537,7 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, } } else if(extension_id == 10 /* supported groups */) { u_int16_t s_offset = offset+extension_offset + 2; - + #ifdef DEBUG_TLS printf("Client SSL [EllipticCurveGroups: len=%u]\n", extension_len); #endif @@ -571,7 +571,7 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, } } else if(extension_id == 11 /* ec_point_formats groups */) { u_int16_t s_offset = offset+extension_offset + 1; - + #ifdef DEBUG_TLS printf("Client SSL [EllipticCurveFormat: len=%u]\n", extension_len); #endif @@ -640,7 +640,7 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, #ifdef DEBUG_TLS printf("[JA3] Client: %s \n", ja3_str); #endif - + ndpi_MD5Init(&ctx); ndpi_MD5Update(&ctx, (const unsigned char *)ja3_str, strlen(ja3_str)); ndpi_MD5Final(md5_hash, &ctx); @@ -670,6 +670,7 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, /* **************************************** */ +/* See https://blog.catchpoint.com/2017/05/12/dissecting-tls-using-wireshark/ */ void getSSLorganization(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *buffer, int buffer_len) { @@ -681,7 +682,8 @@ void getSSLorganization(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t total_len = (packet->payload[3] << 8) + packet->payload[4] + 5 /* SSL Header */; u_int8_t handshake_protocol = packet->payload[5]; /* handshake protocol a bit misleading, it is message type according TLS specs */ - if(handshake_protocol != 0x02 && handshake_protocol != 0xb /* Server Hello and Certificate message types are interesting for us */) + if((handshake_protocol != 0x02) + && (handshake_protocol != 0xb) /* Server Hello and Certificate message types are interesting for us */) return; /* Truncate total len, search at least in incomplete packet */ @@ -729,6 +731,65 @@ void getSSLorganization(struct ndpi_detection_module_struct *ndpi_struct, printf("Certificate organization: %s\n", flow->protos.stun_ssl.ssl.server_organization); #endif } + } else if((packet->payload[i] == 0x30) && (packet->payload[i+1] == 0x1e) && (packet->payload[i+2] == 0x17)) { + u_int8_t len = packet->payload[i+3]; + u_int offset = i+4; + + if((offset+len) < packet->payload_packet_len) { + char utcDate[32]; + +#ifdef DEBUG_TLS + printf("[CERTIFICATE] notBefore [len: %u][", len); + for(j=0; j<len; j++) printf("%c", packet->payload[i+4+j]); + printf("]\n"); +#endif + + if(len < (sizeof(utcDate)-1)) { + struct tm utc; + + strncpy(utcDate, (const char*)&packet->payload[i+4], len); + utcDate[len] = '\0'; + + /* 141021000000Z */ + if(strptime(utcDate, "%y%m%d%H%M%SZ", &utc) != NULL) { +#ifdef DEBUG_TLS + printf("[CERTIFICATE] notBefore %u [%s]\n", mktime(&utc), utcDate); +#endif + flow->protos.stun_ssl.ssl.notBefore = mktime(&utc); + } + } + + offset += len; + + if((offset+1) < packet->payload_packet_len) { + len = packet->payload[offset+1]; + + offset += 2; + + if((offset+len) < packet->payload_packet_len) { +#ifdef DEBUG_TLS + printf("[CERTIFICATE] notAfter [len: %u][", len); + for(j=0; j<len; j++) printf("%c", packet->payload[offset+j]); + printf("]\n"); +#endif + + if(len < (sizeof(utcDate)-1)) { + struct tm utc; + + strncpy(utcDate, (const char*)&packet->payload[offset], len); + utcDate[len] = '\0'; + + /* 141021000000Z */ + if(strptime(utcDate, "%y%m%d%H%M%SZ", &utc) != NULL) { +#ifdef DEBUG_TLS + printf("[CERTIFICATE] notAfter %u [%s]\n", mktime(&utc), utcDate); +#endif + flow->protos.stun_ssl.ssl.notAfter = mktime(&utc); + } + } + } + } + } } } } @@ -1057,17 +1118,17 @@ void ndpi_search_tls_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, flow->guessed_host_protocol_id, rc, packet->payload_packet_len, flow->protos.stun_ssl.ssl.ja3_server, flow->protos.stun_ssl.ssl.ssl_version); #endif - + if((rc == 0) && (flow->protos.stun_ssl.ssl.ssl_version != 0)) { flow->guessed_protocol_id = NDPI_PROTOCOL_TLS; - + if(flow->protos.stun_ssl.stun.num_udp_pkts > 0) { u_int32_t key = get_stun_lru_key(flow, 1); - + if(ndpi_struct->stun_cache == NULL) ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); ndpi_lru_add_to_cache(ndpi_struct->stun_cache, key, NDPI_PROTOCOL_SIGNAL); - + printf("[LRU] Adding Signal cached key %u\n", key); /* In Signal protocol STUN turns into DTLS... */ @@ -1077,10 +1138,10 @@ void ndpi_search_tls_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, ndpi_int_tls_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TLS); } } - + return; } - + if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_TLS) { if(flow->l4.tcp.ssl_stage == 3 && packet->payload_packet_len > 20 && flow->packet_counter < 5) { /* this should only happen, when we detected SSL with a packet that had parts of the certificate in subsequent packets @@ -1098,12 +1159,12 @@ void ndpi_search_tls_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, return; } } - + return; } NDPI_LOG_DBG(ndpi_struct, "search ssl\n"); - + /* Check if this is whatsapp first (this proto runs over port 443) */ if((packet->payload_packet_len > 5) && ((packet->payload[0] == 'W') @@ -1122,8 +1183,8 @@ void ndpi_search_tls_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, /* No whatsapp, let's try SSL */ if(tlsDetectProtocolFromCertificate(ndpi_struct, flow) > 0) return; - } - + } + if(packet->payload_packet_len > 40 && flow->l4.tcp.ssl_stage == 0) { NDPI_LOG_DBG2(ndpi_struct, "first ssl packet\n"); // SSLv2 Record @@ -1155,7 +1216,7 @@ void ndpi_search_tls_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, } } } - + if(packet->payload_packet_len > 40 && flow->l4.tcp.ssl_stage == 1 + packet->packet_direction && flow->packet_direction_counter[packet->packet_direction] < 5) { @@ -1195,7 +1256,7 @@ void ndpi_search_tls_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, } NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - + return; } diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 21e797b07..6c9fa59ba 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -38,11 +38,11 @@ JA3 Host Stats: 15 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 63.6/143.8 476/506 128.9/177.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197.2/200.0 499/372 175.9/149.1][PLAIN TEXT (POST /getvinfo HTTP/1.1)] 16 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3308.1/0.0 12289/0 3131.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342.0/0.0 342/0 0.0/0.0] 17 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/TLS.Facebook][cat: Web/5][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60.0/44.0 176/133 82.0/54.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512.5/459.4 1159/1464 468.4/535.8] - 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2094.8/2992.9 15252/15254 4694.2/5366.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178.1/210.4 1067/1055 287.5/323.1][TLSv1.2][client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 19 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 675.7/965.0 5987/5987 1782.0/2063.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177.7/210.4 1067/1055 287.4/323.1][TLSv1.2][client: 1][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 20 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 674.8/1012.0 5998/5998 1882.1/2229.9][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 189.5/231.9 1067/1055 298.9/340.1][TLSv1.2][client: 1][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2094.8/2992.9 15252/15254 4694.2/5366.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178.1/210.4 1067/1055 287.5/323.1][TLSv1.2][Client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 19 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 675.7/965.0 5987/5987 1782.0/2063.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177.7/210.4 1067/1055 287.4/323.1][TLSv1.2][Client: 1][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 20 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 674.8/1012.0 5998/5998 1882.1/2229.9][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 189.5/231.9 1067/1055 298.9/340.1][TLSv1.2][Client: 1][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 21 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12.0/12.0 47/43 18.9/18.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141.0/456.4 390/1314 143.8/511.5][PLAIN TEXT (GET /api/videos/10410.j)] - 22 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 888.8/1269.9 6000/6000 1896.9/2158.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 176.6/158.4 1051/639 283.0/188.4][TLSv1.2][client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 22 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 888.8/1269.9 6000/6000 1896.9/2158.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 176.6/158.4 1051/639 283.0/188.4][TLSv1.2][Client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 23 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5012.3/15033.7 44799/45044 14066.9/21220.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139.4/366.0 468/1272 164.4/523.1][PLAIN TEXT (GET /api/videos/10410.j)] 24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/TLS.Facebook][cat: Web/5][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63.5/63.5 205/212 84.1/87.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201.2/297.4 471/1223 139.5/462.8] 25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4379.2/0.0 17921/0 3992.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index f291ad84e..10d96ec6b 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -9,8 +9,8 @@ JA3 Host Stats: 1 2001:470:1f17:13f:3e97:eff:fe73:4dec 2 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45.4/37.0 142/142 55.0/53.4][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165.1/934.6 629/1847 138.8/679.8][TLSv1.2][client: mail.tomasu.net][JA3C: 812d8bce0f85487ba7834d36568ed586][server: mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 2 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.5/27.6 161/108 46.6/39.1][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 383.0/468.8 1504/1911 467.5/575.9][TLSv1.2][client: www.facebook.com][JA3C: eb7cdd4e7dea7a11b3016c3c9acbd2a3][server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][organization: Facebook, Inc.][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45.4/37.0 142/142 55.0/53.4][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165.1/934.6 629/1847 138.8/679.8][TLSv1.2][Client: mail.tomasu.net][JA3C: 812d8bce0f85487ba7834d36568ed586][Server: mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 2 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.5/27.6 161/108 46.6/39.1][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 383.0/468.8 1504/1911 467.5/575.9][TLSv1.2][Client: www.facebook.com][JA3C: eb7cdd4e7dea7a11b3016c3c9acbd2a3][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Validity: Thu Aug 28 01:00:00 2014 .. Thu Dec 31 12:00:00 2015][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] 3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1000.9/1001.0 1001/1012 0.3/4.5][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138.0/138.0 138/138 0.0/0.0] 4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Host: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 163.8/237.7 495/601 170.8/260.7][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131.0/251.5 248/680 52.4/247.4][PLAIN TEXT (GET / HTTP/1.1)] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes][PLAIN TEXT (ds 0/u6)] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index f94966c52..f26c7f108 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -21,15 +21,15 @@ JA3 Host Stats: 7 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1.2/1.2 7/7 1.6/1.6][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484.0/66.0 1484/66 0.0/0.0][PLAIN TEXT (inOCIM)] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][cat: Web/5][14 pkts/924 bytes <-> 20 pkts/28115 bytes][bytes ratio: -0.936 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 565.8/387.0 7321/7343 1950.1/1639.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66.0/1405.8 66/1484 0.0/309.0][PLAIN TEXT (dGQaNFV)] 9 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][cat: Web/5][16 pkts/22931 bytes <-> 9 pkts/594 bytes][bytes ratio: 0.950 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.7/1.5 5/4 1.2/1.2][Pkt Len c2s/s2c min/avg/max/stddev: 671/66 1433.2/66.0 1484/66 196.8/0.0][PLAIN TEXT (DD.DOo)] - 10 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][bytes ratio: -0.707 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16.6/20.2 56/88 18.0/29.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136.9/885.7 375/1484 113.9/639.8][TLSv1][client: igcdn-photos-g-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][server: a248.e.akamai.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][organization: Akamai Technologies Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] - 11 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][bytes ratio: -0.515 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18.8/24.3 79/103 24.9/36.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154.5/689.1 516/1484 151.0/647.4][TLSv1][client: igcdn-photos-h-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][server: a248.e.akamai.net][JA3S: 7df57c06f869fc3ce509521cae2f75ce][organization: Akamai Technologies Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] + 10 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][bytes ratio: -0.707 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16.6/20.2 56/88 18.0/29.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136.9/885.7 375/1484 113.9/639.8][TLSv1][Client: igcdn-photos-g-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: a248.e.akamai.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Organization: Akamai Technologies Inc.][Validity: Fri Jun 19 17:52:07 2015 .. Sun Jun 19 17:52:05 2016][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] + 11 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][bytes ratio: -0.515 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18.8/24.3 79/103 24.9/36.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154.5/689.1 516/1484 151.0/647.4][TLSv1][Client: igcdn-photos-h-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: a248.e.akamai.net][JA3S: 7df57c06f869fc3ce509521cae2f75ce][Organization: Akamai Technologies Inc.][Validity: Fri Jun 19 17:52:07 2015 .. Sun Jun 19 17:52:05 2016][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 12 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.64/TLS.TLS_No_Cert][cat: Web/5][6 pkts/4699 bytes <-> 6 pkts/1345 bytes][bytes ratio: 0.555 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 471.8/471.8 2180/2130 856.9/833.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 783.2/224.2 1464/1015 545.1/353.7] - 13 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21.7/9.0 70/40 26.4/15.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.0/778.5 292/1484 80.8/657.3][TLSv1][client: igcdn-photos-a-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][server: a248.e.akamai.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][organization: Akamai Technologies Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] - 14 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.3/9.6 71/47 26.6/18.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.0/778.5 292/1484 80.8/657.3][TLSv1][client: igcdn-photos-a-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][server: a248.e.akamai.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][organization: Akamai Technologies Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] + 13 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21.7/9.0 70/40 26.4/15.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.0/778.5 292/1484 80.8/657.3][TLSv1][Client: igcdn-photos-a-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: a248.e.akamai.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Organization: Akamai Technologies Inc.][Validity: Fri Jun 19 17:52:07 2015 .. Sun Jun 19 17:52:05 2016][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] + 14 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.3/9.6 71/47 26.6/18.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.0/778.5 292/1484 80.8/657.3][TLSv1][Client: igcdn-photos-a-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: a248.e.akamai.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Organization: Akamai Technologies Inc.][Validity: Fri Jun 19 17:52:07 2015 .. Sun Jun 19 17:52:05 2016][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 15 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.64/TLS.TLS_No_Cert][cat: Web/5][5 pkts/1279 bytes <-> 6 pkts/4118 bytes][bytes ratio: -0.526 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64.0/486.2 254/2227 109.7/873.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 255.8/686.3 1015/1464 379.6/610.1] 16 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/TLS.Facebook][cat: Web/5][5 pkts/1279 bytes <-> 5 pkts/4020 bytes][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53.8/43.0 215/172 93.1/74.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 255.8/804.0 1015/1464 379.6/595.0] 17 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com][bytes ratio: -0.722 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 61.3/0.5 184/1 86.7/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 78/488 139.8/1152.0 325/1484 107.0/469.5][PLAIN TEXT (GET /hphotos)] - 18 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 100.1/88.7 183/182 78.4/77.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175.9/133.0 530/231 154.8/70.1][TLSv1][client: telegraph-ash.instagram.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA3S: acb741bcdffb787c5a52654c78645bdf][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 18 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 100.1/88.7 183/182 78.4/77.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175.9/133.0 530/231 154.8/70.1][TLSv1][Client: telegraph-ash.instagram.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA3S: acb741bcdffb787c5a52654c78645bdf][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] 19 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/580 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 413767116)] 20 ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][cat: Network/14][5 pkts/510 bytes -> 0 pkts/0 bytes] 21 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/305 bytes][Host: igcdn-photos-h-a.akamaihd.net][PLAIN TEXT (photos)] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index cd6f4989e..49074ef5a 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -13,16 +13,16 @@ JA3 Host Stats: 1 10.24.82.188 2 - 1 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60.8/58.1 488/297 116.5/77.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 203.6/364.4 1053/1336 304.3/448.8][TLSv1.2][client: graph.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][organization: Facebook, Inc.][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] - 2 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][bytes ratio: -0.433 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 41.5/34.9 179/208 52.1/53.3][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 183.9/433.5 1257/1336 331.5/513.1][TLSv1.2][client: developers.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][organization: Facebook, Inc.][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] - 3 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][bytes ratio: -0.329 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 85.3/84.9 312/350 97.1/114.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 258.4/569.2 1401/1456 416.1/539.9][TLSv1.2][client: api.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][organization: Facebook, Inc.][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] - 4 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][bytes ratio: -0.249 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 566.1/571.5 3802/3771 934.4/961.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 142.4/263.4 710/1336 154.7/439.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] - 5 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 61.3/64.9 489/365 123.7/96.0][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 167.2/388.7 899/1336 222.0/490.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] - 6 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1704.1/1700.9 26937/27030 6310.1/6333.3][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 132.8/264.6 578/1336 133.6/439.4][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] - 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/TLS.KakaoTalk][cat: Chat/9][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 944.1/862.6 10357/10320 2839.5/2730.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 156.6/363.6 429/1336 151.9/450.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][server: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 1 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60.8/58.1 488/297 116.5/77.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 203.6/364.4 1053/1336 304.3/448.8][TLSv1.2][Client: graph.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Validity: Thu Aug 28 01:00:00 2014 .. Wed Oct 28 12:00:00 2015][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + 2 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][bytes ratio: -0.433 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 41.5/34.9 179/208 52.1/53.3][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 183.9/433.5 1257/1336 331.5/513.1][TLSv1.2][Client: developers.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Validity: Thu Aug 28 01:00:00 2014 .. Wed Oct 28 12:00:00 2015][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + 3 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][bytes ratio: -0.329 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 85.3/84.9 312/350 97.1/114.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 258.4/569.2 1401/1456 416.1/539.9][TLSv1.2][Client: api.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Validity: Thu Aug 28 01:00:00 2014 .. Wed Oct 28 12:00:00 2015][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + 4 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][bytes ratio: -0.249 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 566.1/571.5 3802/3771 934.4/961.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 142.4/263.4 710/1336 154.7/439.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] + 5 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 61.3/64.9 489/365 123.7/96.0][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 167.2/388.7 899/1336 222.0/490.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] + 6 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1704.1/1700.9 26937/27030 6310.1/6333.3][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 132.8/264.6 578/1336 133.6/439.4][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] + 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/TLS.KakaoTalk][cat: Chat/9][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 944.1/862.6 10357/10320 2839.5/2730.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 156.6/363.6 429/1336 151.9/450.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2922.8/5819.6 12590/13598 3981.5/4890.9][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131.2/188.3 657/274 136.4/75.5] 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3064.0/3022.1 12765/12806 4269.0/4324.4][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193.0/74.7 303/98 122.5/20.9] - 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91.178/TLS.Amazon][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107.0/56.5 199/108 92.0/51.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 96.7/533.3 146/1456 35.0/652.4][TLSv1][server: *.push.samsungosp.com][JA3S: 986d18bb49fadf70a73a06ead3780d55 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][PLAIN TEXT (Gyeonggi do)] + 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91.178/TLS.Amazon][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107.0/56.5 199/108 92.0/51.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 96.7/533.3 146/1456 35.0/652.4][TLSv1][Server: *.push.samsungosp.com][JA3S: 986d18bb49fadf70a73a06ead3780d55 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][PLAIN TEXT (Gyeonggi do)] 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/0 5491.0/4361.0 21620/21500 9312.5/8569.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/104.5 243/339 73.2/104.9][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5451.5/5418.0 21457/21368 9241.2/9209.0][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/114.2 243/339 73.2/112.4][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 136/98 4276.2/4284.2 13075/13111 4413.9/4432.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56.0/56.0 56/56 0.0/0.0] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index cfc3fa415..8ec656e9f 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -15,8 +15,8 @@ JA3 Host Stats: 1 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][cat: Media/1][757 pkts/106335 bytes <-> 746 pkts/93906 bytes][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 59.7/59.8 202/2844 48.0/119.7][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 140.5/125.9 234/236 43.2/33.1][PLAIN TEXT (46yOXQ)] 2 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][cat: Media/1][746 pkts/93906 bytes <-> 742 pkts/104604 bytes][bytes ratio: -0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/0 59.5/60.1 112/2844 23.2/122.4][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 125.9/141.0 236/234 33.1/43.4][PLAIN TEXT (46yOXQ)] - 3 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 91/TLS][cat: Web/5][22 pkts/5326 bytes <-> 18 pkts/5212 bytes][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2456.1/3025.4 20472/21237 4971.0/5475.6][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 242.1/289.6 878/920 253.9/276.1][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][server: kakao.com][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 4 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 91/TLS][cat: Web/5][23 pkts/4380 bytes <-> 22 pkts/5728 bytes][bytes ratio: -0.133 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 1889.0/2508.9 20336/21232 4517.0/5076.7][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 190.4/260.4 814/920 164.3/240.9][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][server: kakao.com][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 3 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 91/TLS][cat: Web/5][22 pkts/5326 bytes <-> 18 pkts/5212 bytes][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2456.1/3025.4 20472/21237 4971.0/5475.6][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 242.1/289.6 878/920 253.9/276.1][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][Server: kakao.com][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 4 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 91/TLS][cat: Web/5][23 pkts/4380 bytes <-> 22 pkts/5728 bytes][bytes ratio: -0.133 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 1889.0/2508.9 20336/21232 4517.0/5076.7][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 190.4/260.4 814/920 164.3/240.9][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][Server: kakao.com][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 5 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2932 bytes <-> 14 pkts/1092 bytes][bytes ratio: 0.457 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 139.6/145.4 494/452 153.9/122.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 195.5/78.0 735/189 228.1/34.6][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 07dddc59e60135c7b479d39c3ae686af][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] 6 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1062/3176 4099.5/4827.9 4716/8101 1132.3/1387.8][Pkt Len c2s/s2c min/avg/max/stddev: 122/142 141.0/142.0 150/142 6.1/0.0] 7 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1105/1052 4383.7/4322.4 4905/7690 1137.9/1595.2][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 140.2/140.2 142/142 5.7/5.7] diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out index bff53c622..45f36440f 100644 --- a/tests/result/dnscrypt.pcap.out +++ b/tests/result/dnscrypt.pcap.out @@ -5,7 +5,7 @@ JA3 Host Stats: 1 192.168.43.167 2 - 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 41.1/29.4 114/221 44.2/53.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99.3/694.3 272/1364 67.6/593.9][TLSv1.2][client: simplednscrypt.org][JA3C: b8f81673c0e1d29908346f3bab892b9b][server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26.2/25.8 105/106 36.6/35.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110.4/516.1 334/1364 76.2/542.4][TLSv1.2][client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][8 pkts/780 bytes <-> 10 pkts/7735 bytes][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 62.9/28.1 188/124 72.7/48.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 97.5/773.5 264/1364 75.0/597.4][TLSv1.2][client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][8 pkts/780 bytes <-> 10 pkts/7735 bytes][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51.1/28.9 136/140 58.3/50.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 97.5/773.5 264/1364 75.0/597.4][TLSv1.2][client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 41.1/29.4 114/221 44.2/53.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99.3/694.3 272/1364 67.6/593.9][TLSv1.2][Client: simplednscrypt.org][JA3C: b8f81673c0e1d29908346f3bab892b9b][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26.2/25.8 105/106 36.6/35.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110.4/516.1 334/1364 76.2/542.4][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][8 pkts/780 bytes <-> 10 pkts/7735 bytes][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 62.9/28.1 188/124 72.7/48.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 97.5/773.5 264/1364 75.0/597.4][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][8 pkts/780 bytes <-> 10 pkts/7735 bytes][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51.1/28.9 136/140 58.3/50.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 97.5/773.5 264/1364 75.0/597.4][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out index 0704445c2..03c9a2ef1 100644 --- a/tests/result/facebook.pcap.out +++ b/tests/result/facebook.pcap.out @@ -5,5 +5,5 @@ JA3 Host Stats: 1 192.168.43.18 2 - 1 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][bytes ratio: -0.785 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36.6/25.4 154/154 53.5/48.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 140.2/1004.6 583/1454 137.4/604.5][TLSv1.2][client: www.facebook.com][JA3C: 5c60e71f1b8cd40e4d40ed5b6d666e3f][JA3S: 96681175a9547081bf3d417f1a572091][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] - 2 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][bytes ratio: -0.532 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 129.9/110.4 414/408 168.0/159.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 149.4/440.0 449/1454 124.6/521.5][TLSv1.2][client: facebook.com][JA3C: bfcc1a3891601edb4f137ab7ab25b840][server: *.facebook.com][JA3S: 2d1eb5817ece335c24904f516ad5da12][organization: Facebook, Inc.][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + 1 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][bytes ratio: -0.785 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36.6/25.4 154/154 53.5/48.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 140.2/1004.6 583/1454 137.4/604.5][TLSv1.2][Client: www.facebook.com][JA3C: 5c60e71f1b8cd40e4d40ed5b6d666e3f][JA3S: 96681175a9547081bf3d417f1a572091][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + 2 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][bytes ratio: -0.532 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 129.9/110.4 414/408 168.0/159.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 149.4/440.0 449/1454 124.6/521.5][TLSv1.2][Client: facebook.com][JA3C: bfcc1a3891601edb4f137ab7ab25b840][Server: *.facebook.com][JA3S: 2d1eb5817ece335c24904f516ad5da12][Organization: Facebook, Inc.][Validity: Thu Aug 28 01:00:00 2014 .. Fri Dec 30 12:00:00 2016][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index 9eb3b7b1a..c642a7114 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -4,4 +4,4 @@ JA3 Host Stats: IP Address # JA3C - 1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/TLS.Google][cat: Web/5][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][bytes ratio: -0.668 (Download)][IAT c2s/s2c min/avg/max/stddev: 76/66 444.3/598.7 1185/1213 384.2/367.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94.5/633.0 368/1484 86.7/622.2][TLSv1][server: www.google.com][JA3S: 7252ecc446aba4a3e474793ae320609a (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_SHA] + 1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/TLS.Google][cat: Web/5][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][bytes ratio: -0.668 (Download)][IAT c2s/s2c min/avg/max/stddev: 76/66 444.3/598.7 1185/1213 384.2/367.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94.5/633.0 368/1484 86.7/622.2][TLSv1][Server: www.google.com][JA3S: 7252ecc446aba4a3e474793ae320609a (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_SHA] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index e40ba39f9..1e9dd5f2e 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -10,12 +10,12 @@ JA3 Host Stats: 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][cat: Web/5][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it][bytes ratio: -0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 11/1 347.0/394.8 6008/6008 1069.6/1141.4][Pkt Len c2s/s2c min/avg/max/stddev: 99/91 234.6/284.0 1412/1412 285.7/300.8][PLAIN TEXT (www.google.it)] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][cat: Network/14][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32.9/36.8 229/290 58.0/81.0][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 283.5/970.7 919/1514 323.7/538.6][TLSv1][client: www.ntop.org][JA3C: d3e627f423a33ea41841c19b8af79293] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][cat: Network/14][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16.6/20.4 64/83 19.2/27.7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117.5/715.2 298/1514 67.4/607.6][TLSv1][client: www.ntop.org][JA3C: d3e627f423a33ea41841c19b8af79293] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][cat: Network/14][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][bytes ratio: -0.652 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13.1/13.9 50/48 16.0/16.5][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 120.6/715.2 298/1514 69.9/607.6][TLSv1][client: www.ntop.org][JA3C: d3e627f423a33ea41841c19b8af79293] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][cat: Network/14][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18.6/23.8 63/81 18.8/27.7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 120.6/805.1 298/2754 69.9/929.1][TLSv1][client: www.ntop.org][JA3C: d3e627f423a33ea41841c19b8af79293] - 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][7 pkts/960 bytes <-> 5 pkts/4227 bytes][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10.5/4.5 46/10 16.2/4.2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137.1/845.4 310/2942 82.6/1077.9][TLSv1.2][client: s-static.ak.facebook.com][JA3C: d3e627f423a33ea41841c19b8af79293][server: *.ak.fbcdn.net][JA3S: b898351eb5e266aefd3723d466935494][organization: Facebook, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][6 pkts/874 bytes <-> 4 pkts/4141 bytes][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 11.8/5.3 43/8 15.9/3.1][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 145.7/1035.2 310/3633 86.4/1503.0][TLSv1.2][client: s-static.ak.facebook.com][JA3C: d3e627f423a33ea41841c19b8af79293][server: *.ak.fbcdn.net][JA3S: b898351eb5e266aefd3723d466935494][organization: Facebook, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][cat: Network/14][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32.9/36.8 229/290 58.0/81.0][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 283.5/970.7 919/1514 323.7/538.6][TLSv1][Client: www.ntop.org][JA3C: d3e627f423a33ea41841c19b8af79293] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][cat: Network/14][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16.6/20.4 64/83 19.2/27.7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117.5/715.2 298/1514 67.4/607.6][TLSv1][Client: www.ntop.org][JA3C: d3e627f423a33ea41841c19b8af79293] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][cat: Network/14][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][bytes ratio: -0.652 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13.1/13.9 50/48 16.0/16.5][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 120.6/715.2 298/1514 69.9/607.6][TLSv1][Client: www.ntop.org][JA3C: d3e627f423a33ea41841c19b8af79293] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][cat: Network/14][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18.6/23.8 63/81 18.8/27.7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 120.6/805.1 298/2754 69.9/929.1][TLSv1][Client: www.ntop.org][JA3C: d3e627f423a33ea41841c19b8af79293] + 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][7 pkts/960 bytes <-> 5 pkts/4227 bytes][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10.5/4.5 46/10 16.2/4.2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137.1/845.4 310/2942 82.6/1077.9][TLSv1.2][Client: s-static.ak.facebook.com][JA3C: d3e627f423a33ea41841c19b8af79293][Server: *.ak.fbcdn.net][JA3S: b898351eb5e266aefd3723d466935494][Organization: Facebook, Inc.][Validity: Wed Apr 2 12:00:00 2008 .. Sun Apr 3 01:00:00 2022][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][6 pkts/874 bytes <-> 4 pkts/4141 bytes][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 11.8/5.3 43/8 15.9/3.1][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 145.7/1035.2 310/3633 86.4/1503.0][TLSv1.2][Client: s-static.ak.facebook.com][JA3C: d3e627f423a33ea41841c19b8af79293][Server: *.ak.fbcdn.net][JA3S: b898351eb5e266aefd3723d466935494][Organization: Facebook, Inc.][Validity: Wed Apr 2 12:00:00 2008 .. Sun Apr 3 01:00:00 2022][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/TLS][cat: Web/5][7 pkts/860 bytes <-> 7 pkts/1353 bytes][bytes ratio: -0.223 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9.0/15.0 30/60 12.8/22.9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 122.9/193.3 268/592 61.5/171.9] 9 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][cat: Web/5][2 pkts/359 bytes <-> 1 pkts/143 bytes] 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/TLS][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index 4a77d840c..65761a2d9 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -13,16 +13,16 @@ JA3 Host Stats: 2 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 105.5/65.5 5026/5057 395.4/317.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 80.3/1493.7 581/1514 81.4/139.9][PLAIN TEXT (oMrLRiWL)] 3 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 160.4/94.5 26359/26393 1567.7/1210.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79.1/1487.1 582/1514 78.6/167.2][PLAIN TEXT (oMrLRiWL1)] 4 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 407.8/121.3 30607/30629 2545.8/1404.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78.6/1498.7 282/1514 20.9/140.2][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)] - 5 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 898.9/504.7 69170/69192 7588.2/5706.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87.0/1379.1 293/1514 38.8/401.2][TLSv1.2][client: art-s.nflximg.net][JA3C: c07cb55f88702033a8f52c046d23e0b2][server: secure.cdn.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] + 5 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 898.9/504.7 69170/69192 7588.2/5706.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87.0/1379.1 293/1514 38.8/401.2][TLSv1.2][Client: art-s.nflximg.net][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: secure.cdn.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Organization: Netflix, Inc.][Validity: Wed Apr 6 01:00:00 2016 .. Thu Apr 6 00:59:59 2017][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] 6 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 82.0/58.5 504/714 116.9/107.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 88.1/1463.8 582/1514 100.4/228.0][PLAIN TEXT (oMrLRiWL2)] 7 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/12 894.8/410.0 30978/31361 4885.4/3377.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.3/1455.7 311/1514 38.3/273.5][PLAIN TEXT (GET /5758)] - 8 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 636.0/653.0 30450/30505 3577.9/3638.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 413.7/588.1 1514/1514 553.3/593.8][TLSv1.2][client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 9 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][bytes ratio: 0.727 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1181.9/2214.2 51181/51242 7538.2/10223.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1091.7/317.7 1514/1514 614.5/491.5][TLSv1.2][client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 8 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 636.0/653.0 30450/30505 3577.9/3638.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 413.7/588.1 1514/1514 553.3/593.8][TLSv1.2][Client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Tue Apr 12 01:00:00 2016 .. Wed Apr 11 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 9 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][bytes ratio: 0.727 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1181.9/2214.2 51181/51242 7538.2/10223.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1091.7/317.7 1514/1514 614.5/491.5][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Mon Jan 1 12:30:00 2001 .. Mon Jan 1 12:30:00 2029][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 10 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 81.4/56.0 638/579 148.8/112.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1327.5 422/1514 70.8/457.1][PLAIN TEXT (GET /range/0)] 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 103.8/61.7 708/686 202.3/155.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89.0/1327.6 420/1514 74.7/456.9][PLAIN TEXT (GET /range/0)] 12 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 1415.0/1368.0 31068/34906 5560.1/6213.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93.3/1378.5 312/1514 58.6/421.3][PLAIN TEXT (GET /af)] 13 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 78.3/49.5 651/582 151.6/103.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87.0/1349.3 422/1514 75.3/442.6][PLAIN TEXT (GET /range/0)] - 14 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1327.1/1011.2 30390/30443 5633.8/4967.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 210.9/964.4 1514/1514 376.2/637.4][TLSv1.2][client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 14 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1327.1/1011.2 30390/30443 5633.8/4967.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 210.9/964.4 1514/1514 376.2/637.4][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Tue Apr 12 01:00:00 2016 .. Wed Apr 11 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 15 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 126.5/34.8 837/81 232.9/18.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101.8/1414.4 311/1514 64.1/365.9][PLAIN TEXT (GET /8b)] 16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244.0/259.8 1392/4457 350.6/823.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.7/1294.6 424/1514 62.8/489.1][PLAIN TEXT (czGET /range/0)] 17 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 137.5/84.7 1389/1416 341.0/281.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97.4/1336.5 311/1514 80.8/428.1][PLAIN TEXT (GET /4e)] @@ -30,31 +30,31 @@ JA3 Host Stats: 19 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 223.2/295.1 1162/2716 280.7/572.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.8/1202.6 424/1514 61.0/563.7][PLAIN TEXT (GET /range/0)] 20 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/0 257.2/245.4 985/1397 249.2/319.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1202.6 423/1514 71.0/563.7][PLAIN TEXT (GET /range/0)] 21 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 237.8/339.0 1355/1636 315.3/448.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.9/1274.6 423/1514 62.5/516.6][PLAIN TEXT (GET /range/0)] - 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 82.1/59.3 437/500 133.2/106.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290.2/895.3 1514/1514 441.6/626.2][TLSv1.2][client: api-global.netflix.com][JA3C: d8bfad189bd26664e04570c104ee8418][server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 82.1/59.3 437/500 133.2/106.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290.2/895.3 1514/1514 441.6/626.2][TLSv1.2][Client: api-global.netflix.com][JA3C: d8bfad189bd26664e04570c104ee8418][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Tue Apr 12 01:00:00 2016 .. Wed Apr 11 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 23 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 225.6/318.0 635/1046 208.6/353.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80.4/1159.2 426/1514 62.4/602.9][PLAIN TEXT (fGET /range/0)] 24 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 229.3/399.4 1250/4431 314.5/981.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.1 424/1514 58.1/550.7][PLAIN TEXT (GET /range/0)] 25 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 174.2/284.3 1162/2097 232.9/506.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.2 426/1514 60.5/550.7][PLAIN TEXT (GET /range/0)] 26 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 259.2/357.2 1317/3546 333.7/758.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85.1/1159.5 423/1514 63.5/589.6][PLAIN TEXT (GET /range/0)] - 27 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1192.6/2008.4 30905/30970 5827.8/7478.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 810.9/308.7 1514/1514 699.9/492.9][TLSv1.2][client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 28 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35.4/30.2 266/316 69.1/63.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237.4/739.0 1514/1514 406.7/541.9][TLSv1.2][client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 27 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1192.6/2008.4 30905/30970 5827.8/7478.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 810.9/308.7 1514/1514 699.9/492.9][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Tue Apr 12 01:00:00 2016 .. Wed Apr 11 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 28 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35.4/30.2 266/316 69.1/63.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237.4/739.0 1514/1514 406.7/541.9][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 29 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 216.7/408.5 636/3094 221.2/721.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.4/1180.4 424/1514 58.9/569.7][PLAIN TEXT (GET /range/0)] 30 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248.6/431.0 1152/2608 306.6/664.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 84.7/1118.7 425/1514 60.1/613.7][PLAIN TEXT (GET /range/0)] 31 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 242.1/372.3 811/3064 251.7/697.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87.0/1121.1 424/1514 63.5/610.6][PLAIN TEXT (GET /range/0)] - 32 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 43.3/57.2 282/127 68.4/37.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 485.7/490.6 1514/1514 602.5/610.3][TLSv1.2][client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 32 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 43.3/57.2 282/127 68.4/37.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 485.7/490.6 1514/1514 602.5/610.3][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Mon Jan 1 12:30:00 2001 .. Mon Jan 1 12:30:00 2029][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 33 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2439.2/2638.7 31088/31196 8270.4/8610.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714.4/500.3 1514/1514 676.3/651.2][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)] - 34 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59.1/79.0 322/423 82.4/109.2][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 314.5/696.8 1514/1514 477.1/667.4][TLSv1.2][client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 35 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][bytes ratio: -0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1832.2/2260.2 30585/30636 6618.0/7308.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 274.0/414.4 1514/1514 437.3/546.1][TLSv1.2][client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 34 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59.1/79.0 322/423 82.4/109.2][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 314.5/696.8 1514/1514 477.1/667.4][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Mon Jan 1 12:30:00 2001 .. Mon Jan 1 12:30:00 2029][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 35 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][bytes ratio: -0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1832.2/2260.2 30585/30636 6618.0/7308.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 274.0/414.4 1514/1514 437.3/546.1][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Tue Apr 12 01:00:00 2016 .. Wed Apr 11 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 36 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 3562.3/3202.9 30963/31718 9690.8/9505.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94.1/1119.8 311/1514 72.5/643.7][PLAIN TEXT (GET /87)] - 37 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1623.1/2052.5 30431/30503 6790.2/7603.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382.0/327.2 1514/1514 559.0/501.4][TLSv1.2][client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 38 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1687.3/2166.1 30033/30086 6874.9/7743.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399.4/342.7 1514/1514 568.6/514.1][TLSv1.2][client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 39 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 196.2/237.8 2449/2522 584.4/663.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 325.2/386.1 1514/1514 478.5/534.2][TLSv1.2][client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 40 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.8/31.7 85/65 30.6/28.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430.4/507.4 1514/1514 532.6/591.2][TLSv1.2][client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 41 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1550.7/2064.5 30348/30405 6606.9/7574.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 145.3/389.6 422/1514 131.7/519.8][TLSv1.2][client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 42 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24.2/26.7 72/63 26.0/26.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222.1/465.4 1514/1514 382.1/579.1][TLSv1.2][client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 43 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2366.1/3070.3 30444/30500 8105.5/9143.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 253.4/423.0 1514/1514 421.8/511.9][TLSv1.2][client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 44 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2061.5/2807.0 30602/30654 7627.8/8806.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 103.6/417.1 309/1514 78.3/548.0][TLSv1.2][client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][organization: Netflix, Inc.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 23.3/25.0 92/54 33.4/22.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283.0/354.9 1450/1066 419.0/412.7][TLSv1.2][client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2791.3/4378.9 30486/30536 8757.9/10678.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 107.8/215.4 309/989 83.5/296.5][TLSv1.2][client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 37 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1623.1/2052.5 30431/30503 6790.2/7603.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382.0/327.2 1514/1514 559.0/501.4][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Tue Apr 12 01:00:00 2016 .. Wed Apr 11 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 38 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1687.3/2166.1 30033/30086 6874.9/7743.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399.4/342.7 1514/1514 568.6/514.1][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Tue Apr 12 01:00:00 2016 .. Wed Apr 11 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 39 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 196.2/237.8 2449/2522 584.4/663.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 325.2/386.1 1514/1514 478.5/534.2][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Mon Jan 1 12:30:00 2001 .. Mon Jan 1 12:30:00 2029][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 40 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.8/31.7 85/65 30.6/28.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430.4/507.4 1514/1514 532.6/591.2][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Mon Jan 1 12:30:00 2001 .. Mon Jan 1 12:30:00 2029][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 41 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1550.7/2064.5 30348/30405 6606.9/7574.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 145.3/389.6 422/1514 131.7/519.8][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Tue Apr 12 01:00:00 2016 .. Wed Apr 11 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 42 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24.2/26.7 72/63 26.0/26.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222.1/465.4 1514/1514 382.1/579.1][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Mon Jan 1 12:30:00 2001 .. Mon Jan 1 12:30:00 2029][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 43 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2366.1/3070.3 30444/30500 8105.5/9143.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 253.4/423.0 1514/1514 421.8/511.9][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 44 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2061.5/2807.0 30602/30654 7627.8/8806.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 103.6/417.1 309/1514 78.3/548.0][TLSv1.2][Client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Validity: Tue Apr 12 01:00:00 2016 .. Wed Apr 11 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 23.3/25.0 92/54 33.4/22.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283.0/354.9 1450/1066 419.0/412.7][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2791.3/4378.9 30486/30536 8757.9/10678.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 107.8/215.4 309/989 83.5/296.5][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/2648 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 105/0 5274.9/0.0 14907/0 6826.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 164/0 165.5/0.0 167/0 1.5/0.0][PLAIN TEXT (SEARCH )] 48 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com][PLAIN TEXT (netflix)] 49 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com][PLAIN TEXT (netflix)] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index dc4ea8fb0..a476adbb8 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -12,8 +12,8 @@ JA3 Host Stats: 2 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][cat: Game/8][122 pkts/48332 bytes <-> 35 pkts/5026 bytes][bytes ratio: 0.812 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 46.5/140.7 607/506 64.7/155.2][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 396.2/143.6 1254/886 210.0/128.5] 3 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][cat: Game/8][122 pkts/46476 bytes <-> 38 pkts/5268 bytes][bytes ratio: 0.796 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44.9/130.4 649/589 67.4/156.5][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 381.0/138.6 886/886 192.7/123.7][PLAIN TEXT (FutwCa)] 4 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.64/TLS.TLS_No_Cert][cat: Web/5][34 pkts/4466 bytes <-> 20 pkts/4021 bytes][bytes ratio: 0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 652.3/1121.3 14019/13944 2435.0/3114.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131.4/201.1 400/983 85.6/219.4] - 5 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/TLS.Nintendo][cat: Game/8][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][bytes ratio: -0.253 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 55.2/57.9 287/250 82.7/80.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 263.5/486.5 1414/1414 387.3/570.3][TLSv1.2][client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][JA3C: 200a99534ce50d35cf40cc3cce4c69b5][server: *.baas.nintendo.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Nintendo Co., Ltd.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 6 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/TLS.Nintendo][cat: Game/8][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][bytes ratio: -0.264 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56.1/51.8 243/198 71.6/65.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283.3/486.6 1414/1414 400.9/570.5][TLSv1.2][client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][JA3C: 200a99534ce50d35cf40cc3cce4c69b5][server: *.baas.nintendo.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Nintendo Co., Ltd.][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 5 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/TLS.Nintendo][cat: Game/8][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][bytes ratio: -0.253 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 55.2/57.9 287/250 82.7/80.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 263.5/486.5 1414/1414 387.3/570.3][TLSv1.2][Client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][JA3C: 200a99534ce50d35cf40cc3cce4c69b5][Server: *.baas.nintendo.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Nintendo Co., Ltd.][Validity: Wed Aug 12 01:00:00 2015 .. Wed Aug 15 13:00:00 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 6 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/TLS.Nintendo][cat: Game/8][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][bytes ratio: -0.264 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56.1/51.8 243/198 71.6/65.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283.3/486.6 1414/1414 400.9/570.5][TLSv1.2][Client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][JA3C: 200a99534ce50d35cf40cc3cce4c69b5][Server: *.baas.nintendo.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Nintendo Co., Ltd.][Validity: Wed Aug 12 01:00:00 2015 .. Wed Aug 15 13:00:00 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 7 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][cat: Game/8][23 pkts/2682 bytes <-> 16 pkts/3408 bytes][bytes ratio: -0.119 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 220.5/198.3 514/1729 213.0/428.6][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 116.6/213.0 230/854 27.1/243.3] 8 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][cat: Game/8][8 pkts/1024 bytes <-> 8 pkts/1024 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/58 173.7/167.7 504/508 157.8/151.5][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 128.0/128.0 198/198 40.7/40.7] 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/17 163.7/176.0 501/421 170.5/136.9][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 130.0/131.7 198/198 39.8/42.3] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index bdd225ebf..acb48880d 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -13,10 +13,10 @@ JA3 Host Stats: 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 68.0/0.0 4644/0 279.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 59.6/0.0 715/0 25.1/0.0][PLAIN TEXT (POST /catalog/vod)] - 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/TLS.OCS][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 201.9/0.0 998/0 319.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 304.5/0.0 1440/0 368.0/0.0][TLSv1][client: ocs.labgency.ws][JA3C: 0534a22b266a64a5cc9a90f7b5c483cc] + 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/TLS.OCS][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 201.9/0.0 998/0 319.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 304.5/0.0 1440/0 368.0/0.0][TLSv1][Client: ocs.labgency.ws][JA3C: 0534a22b266a64a5cc9a90f7b5c483cc] 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 45.2/0.0 912/0 104.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 65.2/0.0 208/0 23.6/0.0][PLAIN TEXT (GET /data)] - 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 137.1/0.0 1003/0 234.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 40/0 135.8/0.0 1209/0 253.5/0.0][TLSv1][client: settings.crashlytics.com][JA3C: b030dba3ca09e2e484b9fa75adc4039c] - 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 37.5/0.0 75/0 25.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 184.3/0.0 1287/0 339.0/0.0][TLSv1.2][client: mtalk.google.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1] + 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 137.1/0.0 1003/0 234.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 40/0 135.8/0.0 1209/0 253.5/0.0][TLSv1][Client: settings.crashlytics.com][JA3C: b030dba3ca09e2e484b9fa75adc4039c] + 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 37.5/0.0 75/0 25.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 184.3/0.0 1287/0 339.0/0.0][TLSv1.2][Client: mtalk.google.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1] 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/TLS.Google][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 52.4/0.0 112/0 37.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 134.0/0.0 649/0 165.6/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/TLS.Google][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 66.8/0.0 258/0 68.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 111.4/0.0 425/0 106.3/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271.6/0.0 1043/0 394.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182.0/0.0 824/0 287.1/0.0][PLAIN TEXT (POST /catalog/vod)] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 28e72fc78..8ab39ced1 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -21,10 +21,10 @@ JA3 Host Stats: 1 192.168.1.34 1 - 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/TLS.MS_OneDrive][cat: Cloud/13][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 893.0/683.9 30166/30261 4224.2/3588.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 227.5/777.8 1506/1506 423.1/552.7][TLSv1][server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] + 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/TLS.MS_OneDrive][cat: Cloud/13][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 893.0/683.9 30166/30261 4224.2/3588.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 227.5/777.8 1506/1506 423.1/552.7][TLSv1][Server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 418.8/332.6 8300/8646 1054.3/998.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 260.7/433.2 1506/1506 342.9/569.4][PLAIN TEXT ( 0sKWL)] 3 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][79 pkts/29479 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2052.4/0.0 19950/0 6020.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 327/0 373.2/0.0 405/0 28.8/0.0][PLAIN TEXT (NOTIFY )] - 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1102.2/1098.6 41869/42024 6370.8/6397.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 224.1/247.7 680/1494 261.3/323.6][TLSv1.2][client: p05-keyvalueservice.icloud.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1102.2/1098.6 41869/42024 6370.8/6397.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 224.1/247.7 680/1494 261.3/323.6][TLSv1.2][Client: p05-keyvalueservice.icloud.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 5 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][62 pkts/6941 bytes <-> 38 pkts/5325 bytes][bytes ratio: 0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1526.0/2020.8 30032/29763 5632.1/6606.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.0/140.1 820/1249 115.1/200.8] 6 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/7281 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 468.9/0.0 3090/0 1099.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 475/0 520.1/0.0 555/0 30.8/0.0][PLAIN TEXT (NOTIFY )] 7 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.64/TLS.TLS_No_Cert][cat: Web/5][8 pkts/1636 bytes <-> 8 pkts/4344 bytes][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 141/2 20148.7/20128.9 53811/53950 23475.9/23611.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 204.5/543.0 343/1020 138.5/477.0] @@ -33,8 +33,8 @@ JA3 Host Stats: 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][19 pkts/2797 bytes <-> 13 pkts/2175 bytes][bytes ratio: 0.125 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/74 2015.9/440.9 30125/3022 6850.2/781.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 147.2/167.3 842/1090 204.7/267.5] 11 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][18 pkts/2588 bytes <-> 13 pkts/2100 bytes][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2351.0/3320.2 25785/25654 6264.2/7287.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143.8/161.5 843/1090 211.7/269.5] 12 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][15 pkts/2395 bytes <-> 8 pkts/1724 bytes][bytes ratio: 0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/109 2645.0/653.9 30778/3423 7850.4/1136.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 159.7/215.5 842/1090 228.3/331.7] - 13 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][17 pkts/3605 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.960 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4358.4/0.0 8437/0 3743.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 212.1/74.0 257/74 81.1/0.0][TLSv1][client: apps.skypeassets.com][JA3C: 799135475da362592a4be9199d258726] - 14 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.958 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3704.7/0.0 6700/0 2915.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 216.3/74.0 251/74 72.3/0.0][TLSv1][client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726] + 13 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][17 pkts/3605 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.960 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4358.4/0.0 8437/0 3743.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 212.1/74.0 257/74 81.1/0.0][TLSv1][Client: apps.skypeassets.com][JA3C: 799135475da362592a4be9199d258726] + 14 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.958 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3704.7/0.0 6700/0 2915.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 216.3/74.0 251/74 72.3/0.0][TLSv1][Client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726] 15 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30053/0 30073.4/0.0 30087/0 11.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 544/0 544.0/0.0 544/0 0.0/0.0][PLAIN TEXT ( 1573195445)] 16 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30053/0 30073.8/0.0 30087/0 12.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 544/0 544.0/0.0 544/0 0.0/0.0][PLAIN TEXT ( 1573195445)] 17 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 3375359593)] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index f103ea6b1..14d52a308 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -18,13 +18,13 @@ JA3 Host Stats: 1 192.168.1.34 1 - 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/TLS.MS_OneDrive][cat: Cloud/13][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 310.0/282.2 45360/45460 3520.1/3369.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235.2/783.8 1506/1506 432.7/564.7][TLSv1][server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] + 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/TLS.MS_OneDrive][cat: Cloud/13][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 310.0/282.2 45360/45460 3520.1/3369.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235.2/783.8 1506/1506 432.7/564.7][TLSv1][Server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes][bytes ratio: -0.323 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 227.1/220.7 3095/3095 375.1/372.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 303.8/611.6 1506/1506 405.8/625.9][PLAIN TEXT (nZREBS)] 3 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.64/TLS.TLS_No_Cert][cat: Web/5][38 pkts/9082 bytes <-> 38 pkts/10499 bytes][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1847.3/1843.3 55625/55761 9059.8/9088.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 239.0/276.3 680/1494 273.4/358.4] 4 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][36 pkts/13402 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1714.9/0.0 19856/0 5553.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 327/0 372.3/0.0 405/0 28.7/0.0][PLAIN TEXT (NOTIFY )] 5 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][17 pkts/2686 bytes <-> 13 pkts/2218 bytes][bytes ratio: 0.095 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 283.8/370.7 2303/2313 537.2/593.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158.0/170.6 843/1090 214.6/266.9] 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/2194 bytes <-> 8 pkts/1711 bytes][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/102 372.6/570.4 2746/2734 770.9/897.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 182.8/213.9 843/1090 250.3/332.2] - 7 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.958 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3637.7/0.0 6616/0 2862.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 216.3/74.0 251/74 72.3/0.0][TLSv1][client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726] + 7 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.958 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3637.7/0.0 6616/0 2862.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 216.3/74.0 251/74 72.3/0.0][TLSv1][Client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726] 8 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes][bytes ratio: 0.836 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1351.5/27.5 6276/55 1858.0/27.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 270.2/96.7 401/150 156.2/37.9] 9 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/TLS.Dropbox][cat: Web/5][4 pkts/818 bytes <-> 4 pkts/2172 bytes][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 222/2 10212.3/10139.0 30193/30413 14128.5/14335.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 204.5/543.0 343/1020 138.5/477.0] 10 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 64.125/TLS_No_Cert.Skype][cat: VoIP/10][11 pkts/2074 bytes <-> 1 pkts/74 bytes][bytes ratio: 0.931 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1481.9/0.0 6406/0 1816.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 188.5/74.0 233/74 72.7/0.0][PLAIN TEXT (apps.skype.com)] diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out index d6843ab5f..baa0b1eb8 100644 --- a/tests/result/snapchat.pcap.out +++ b/tests/result/snapchat.pcap.out @@ -6,6 +6,6 @@ JA3 Host Stats: 1 10.8.0.1 2 - 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][cat: SocialNetwork/6][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 89.4/94.9 503/453 164.1/154.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 254.4/206.6 590/1123 236.6/349.9][TLSv1.2][client: feelinsonice-hrd.appspot.com][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][cat: SocialNetwork/6][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][bytes ratio: 0.389 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70.8/73.6 403/353 135.6/125.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 260.6/129.0 590/502 235.8/149.5][TLSv1.2][client: feelinsonice-hrd.appspot.com][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][cat: SocialNetwork/6][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 89.4/94.9 503/453 164.1/154.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 254.4/206.6 590/1123 236.6/349.9][TLSv1.2][Client: feelinsonice-hrd.appspot.com][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][cat: SocialNetwork/6][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][bytes ratio: 0.389 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70.8/73.6 403/353 135.6/125.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 260.6/129.0 590/502 235.8/149.5][TLSv1.2][Client: feelinsonice-hrd.appspot.com][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 91.126/TLS.Google][cat: Web/5][11 pkts/1910 bytes <-> 11 pkts/969 bytes][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 226.5/226.5 2052/2000 609.5/592.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 173.6/88.1 590/292 162.7/75.5][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA3S: fbe78c619e7ea20046131294ad087f05][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] diff --git a/tests/result/ssh.pcap.out b/tests/result/ssh.pcap.out index 4652ab8d1..e44c5ada6 100644 --- a/tests/result/ssh.pcap.out +++ b/tests/result/ssh.pcap.out @@ -1,3 +1,3 @@ SSH 258 35546 1 - 1 TCP 172.16.238.1:58395 <-> 172.16.238.168:22 [proto: 92/SSH][cat: RemoteAccess/12][159 pkts/15615 bytes <-> 99 pkts/19931 bytes][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1572.2/2535.0 166223/166224 13588.8/17183.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98.2/201.3 970/1346 83.1/283.2][client: SSH-2.0-OpenSSH_5.3][HASSH-C: 21B457A327CE7A2D4FCE5EF2C42400BD][server: SSH-2.0-OpenSSH_5.6][HASSH-S: B1C6C0D56317555B85C7005A3DE29325] + 1 TCP 172.16.238.1:58395 <-> 172.16.238.168:22 [proto: 92/SSH][cat: RemoteAccess/12][159 pkts/15615 bytes <-> 99 pkts/19931 bytes][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1572.2/2535.0 166223/166224 13588.8/17183.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98.2/201.3 970/1346 83.1/283.2][Client: SSH-2.0-OpenSSH_5.3][HASSH-C: 21B457A327CE7A2D4FCE5EF2C42400BD][Server: SSH-2.0-OpenSSH_5.6][HASSH-S: B1C6C0D56317555B85C7005A3DE29325] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 1db4cd2dd..a24820a61 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -9,13 +9,13 @@ JA3 Host Stats: 1 192.168.1.252 1 - 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 193.6/118.1 33482/33627 1364.2/1072.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 261.7/1175.6 1514/1514 348.8/544.1][TLSv1][client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][server: www.gg562izcxdvqdk.com][JA3S: e1691a31bfe345d2692da75636ddfb00][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (id.com)] - 2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes][bytes ratio: -0.790 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 182.8/106.2 30770/31166 1568.4/1214.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 251.7/1247.8 1514/1514 354.5/507.1][TLSv1][client: www.q4cyamnc6mtokjurvdclt.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (cyamnc6)] - 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1787.0/1396.5 44777/45097 7366.6/6600.9][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 366.4/580.0 1514/1514 349.5/568.1][TLSv1][client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (www.ct7)] - 4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][17 pkts/5489 bytes <-> 21 pkts/7031 bytes][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8457.2/6762.5 132386/132736 31999.0/28901.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 322.9/334.8 640/1514 270.5/384.8][TLSv1][client: www.gfu7hbxpfp.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][server: www.xkgk7fdx362yyyxib.com][JA3S: 184d532a16876b78846ae6a03f654890][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (www.gfu)] - 5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][cat: VPN/2][16 pkts/4858 bytes <-> 18 pkts/6284 bytes][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7203.1/6351.4 71328/71646 19137.5/18195.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 303.6/349.1 640/1514 266.5/398.3][TLSv1][client: www.e6r5p57kbafwrxj3plz.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (57kbafwrx)] - 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][cat: VPN/2][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][bytes ratio: -0.292 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 9017.5/9013.5 72591/72890 22848.9/22922.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 230.7/421.2 640/1514 242.6/402.9][TLSv1][client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (ru.com)] - 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][cat: VPN/2][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5302.1/5705.0 63835/63837 16401.3/16965.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 242.3/430.5 640/1514 246.7/415.8][TLSv1][client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (sieb.com)] + 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 193.6/118.1 33482/33627 1364.2/1072.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 261.7/1175.6 1514/1514 348.8/544.1][TLSv1][Client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][Server: www.gg562izcxdvqdk.com][JA3S: e1691a31bfe345d2692da75636ddfb00][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (id.com)] + 2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes][bytes ratio: -0.790 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 182.8/106.2 30770/31166 1568.4/1214.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 251.7/1247.8 1514/1514 354.5/507.1][TLSv1][Client: www.q4cyamnc6mtokjurvdclt.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (cyamnc6)] + 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1787.0/1396.5 44777/45097 7366.6/6600.9][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 366.4/580.0 1514/1514 349.5/568.1][TLSv1][Client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (www.ct7)] + 4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][17 pkts/5489 bytes <-> 21 pkts/7031 bytes][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8457.2/6762.5 132386/132736 31999.0/28901.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 322.9/334.8 640/1514 270.5/384.8][TLSv1][Client: www.gfu7hbxpfp.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][Server: www.xkgk7fdx362yyyxib.com][JA3S: 184d532a16876b78846ae6a03f654890][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (www.gfu)] + 5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][cat: VPN/2][16 pkts/4858 bytes <-> 18 pkts/6284 bytes][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7203.1/6351.4 71328/71646 19137.5/18195.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 303.6/349.1 640/1514 266.5/398.3][TLSv1][Client: www.e6r5p57kbafwrxj3plz.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (57kbafwrx)] + 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][cat: VPN/2][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][bytes ratio: -0.292 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 9017.5/9013.5 72591/72890 22848.9/22922.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 230.7/421.2 640/1514 242.6/402.9][TLSv1][Client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (ru.com)] + 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][cat: VPN/2][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5302.1/5705.0 63835/63837 16401.3/16965.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 242.3/430.5 640/1514 246.7/415.8][TLSv1][Client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (sieb.com)] 8 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30033/0 66765.1/0.0 360548/0 103867.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 186/0 186.0/0.0 186/0 0.0/0.0][PLAIN TEXT ( 676879976)] 9 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 6282.2/0.0 16006/0 5399.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 151/0 151.0/0.0 151/0 0.0/0.0][PLAIN TEXT (Endian)] 10 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( EFEOEEEJEBEOCNFAEDCACACACACACA)] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index fce46e93b..d345577c3 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -14,14 +14,14 @@ JA3 Host Stats: 1 192.168.0.17 2 - 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/TLS.Viber][cat: VoIP/10][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 134.0/124.5 5370/5467 817.9/805.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106.3/1306.2 774/1514 151.1/466.3][TLSv1.2][client: dl-media.viber.com][JA3C: d8c87b9bfde38897979e41242626c2f3][server: *.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][organization: Viber Media Sarl][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 2 TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/TLS.Viber][cat: VoIP/10][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][bytes ratio: -0.669 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 517.0/515.3 5492/5543 1573.4/1590.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154.0/776.4 435/1514 138.2/635.3][TLSv1.2][client: media.cdn.viber.com][JA3C: d8c87b9bfde38897979e41242626c2f3][server: *.cdn.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][organization: Viber Media Sarl][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68.2/63.1 235/222 87.3/81.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217.2/468.0 1514/1514 380.1/569.8][TLSv1.2][client: brahe.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/TLS.Viber][cat: VoIP/10][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 134.0/124.5 5370/5467 817.9/805.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106.3/1306.2 774/1514 151.1/466.3][TLSv1.2][Client: dl-media.viber.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Organization: Viber Media Sarl][Validity: Sun Jun 26 01:00:00 2016 .. Wed Jun 27 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 2 TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/TLS.Viber][cat: VoIP/10][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][bytes ratio: -0.669 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 517.0/515.3 5492/5543 1573.4/1590.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154.0/776.4 435/1514 138.2/635.3][TLSv1.2][Client: media.cdn.viber.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.cdn.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Organization: Viber Media Sarl][Validity: Sun Jul 3 01:00:00 2016 .. Wed Jul 4 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68.2/63.1 235/222 87.3/81.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217.2/468.0 1514/1514 380.1/569.8][TLSv1.2][Client: brahe.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1508.3/1866.6 10563/10701 2617.1/2836.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 205.1/107.0 657/176 184.2/42.7] - 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2423.6/3084.5 23555/23575 6404.8/7092.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 355.9/286.3 1038/884 369.7/257.9][TLSv1.2][client: app-measurement.com][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 83.6/83.5 273/298 100.3/107.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 130.6/582.9 432/1514 111.7/601.3][TLSv1.2][client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91.137/TLS.GenericProtocol][cat: Media/1][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.8/22.0 152/60 45.6/24.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153.4/693.2 631/1514 169.0/615.5][TLSv1.2][client: venetia.iad.appboy.com][JA3C: d8c87b9bfde38897979e41242626c2f3][server: y.ssl.fastly.net][JA3S: 860fcf58fd757e26aa8911e5eaff6b53][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74.6/74.5 185/191 86.4/91.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 132.9/560.3 433/1514 110.8/605.1][TLSv1.2][client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2423.6/3084.5 23555/23575 6404.8/7092.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 355.9/286.3 1038/884 369.7/257.9][TLSv1.2][Client: app-measurement.com][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 83.6/83.5 273/298 100.3/107.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 130.6/582.9 432/1514 111.7/601.3][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91.137/TLS.GenericProtocol][cat: Media/1][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.8/22.0 152/60 45.6/24.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153.4/693.2 631/1514 169.0/615.5][TLSv1.2][Client: venetia.iad.appboy.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: y.ssl.fastly.net][JA3S: 860fcf58fd757e26aa8911e5eaff6b53][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74.6/74.5 185/191 86.4/91.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 132.9/560.3 433/1514 110.8/605.1][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: VoIP/10][24 pkts/5035 bytes <-> 22 pkts/2302 bytes][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/15 313.5/341.8 529/529 202.0/188.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 209.8/104.6 299/118 115.2/19.6][PLAIN TEXT (Android)] 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: VoIP/10][25 pkts/4344 bytes <-> 18 pkts/1872 bytes][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 236.1/328.9 531/531 238.8/225.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 173.8/104.0 299/118 120.4/19.8][PLAIN TEXT (Android)] 11 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes][PLAIN TEXT (1234567890ABCDEFGHIJKLMNOPQ)] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 344206163..bfa9dc437 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -11,19 +11,19 @@ JA3 Host Stats: 1 10.8.0.1 2 - 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 385.5/364.0 5018/5018 912.5/887.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 208.8/1360.9 590/17258 183.0/3378.1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 385.5/364.0 5018/5018 912.5/887.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 208.8/1360.9 590/17258 183.0/3378.1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][cat: Web/5][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 292.4/309.3 3680/3677 830.1/849.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68.9/3438.7 317/11833 58.6/3467.6][PLAIN TEXT (GET /xtra)] - 3 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 164.6/175.4 387/415 139.7/129.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115.4/3558.4 590/21942 132.3/6124.9][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 4 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 230.7/159.8 1449/475 359.2/142.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128.0/2829.5 590/11186 147.3/3901.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 5 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][bytes ratio: -0.890 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 229.9/253.7 1289/1340 339.6/367.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102.7/2026.6 411/8150 98.2/2611.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 6 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 883.3/934.9 5838/5890 1684.8/1727.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139.3/518.8 555/3660 140.6/938.6][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 7 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][cat: Web/5][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][bytes ratio: -0.775 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 183.3/175.1 343/348 150.6/132.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 129.2/1018.9 283/4048 86.6/1610.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 8 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 274.6/295.9 1175/1175 344.0/342.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106.8/594.6 315/1422 85.4/584.3][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 9 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255.5/278.0 1174/1173 342.1/338.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 111.6/648.7 315/2165 87.6/739.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 10 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 622.4/622.1 4966/4966 1406.9/1401.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 137.5/411.2 380/3201 123.8/874.8][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 11 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 213.9/234.9 883/935 289.8/290.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126.8/383.6 380/2189 106.9/639.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 331.3/242.5 1332/645 406.6/226.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 114.5/490.3 347/2533 94.6/785.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 305.8/301.0 1397/1346 429.7/407.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131.6/485.4 379/2165 107.7/725.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 3 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 164.6/175.4 387/415 139.7/129.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115.4/3558.4 590/21942 132.3/6124.9][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 4 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 230.7/159.8 1449/475 359.2/142.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128.0/2829.5 590/11186 147.3/3901.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 5 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][bytes ratio: -0.890 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 229.9/253.7 1289/1340 339.6/367.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102.7/2026.6 411/8150 98.2/2611.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 6 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 883.3/934.9 5838/5890 1684.8/1727.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139.3/518.8 555/3660 140.6/938.6][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 7 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][cat: Web/5][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][bytes ratio: -0.775 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 183.3/175.1 343/348 150.6/132.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 129.2/1018.9 283/4048 86.6/1610.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 8 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 274.6/295.9 1175/1175 344.0/342.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106.8/594.6 315/1422 85.4/584.3][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 9 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255.5/278.0 1174/1173 342.1/338.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 111.6/648.7 315/2165 87.6/739.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 10 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 622.4/622.1 4966/4966 1406.9/1401.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 137.5/411.2 380/3201 123.8/874.8][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 11 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 213.9/234.9 883/935 289.8/290.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126.8/383.6 380/2189 106.9/639.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 331.3/242.5 1332/645 406.6/226.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 114.5/490.3 347/2533 94.6/785.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 305.8/301.0 1397/1346 429.7/407.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131.6/485.4 379/2165 107.7/725.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 65.8/75.0 261/274 86.4/90.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.7/428.0 137/1678 26.0/650.9][PLAIN TEXT (GET /images/HD/CH)] 15 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 91.126/TLS.Google][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 66.8/69.8 240/188 80.6/62.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162.4/167.5 572/602 176.8/200.3][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 23f1f6e2f0015c166df49fdab4280370 (INSECURE)][Cipher: TLS_ECDHE_RSA_WITH_RC4_128_SHA] 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 19.4/22.7 134/84 46.8/32.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74.2/110.1 194/447 45.7/137.5][PLAIN TEXT (GET /lang)] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 10869f57b..75c979caa 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -10,36 +10,36 @@ JA3 Host Stats: 1 10.8.0.1 6 - 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 243.9/242.9 23985/24042 1526.9/1523.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57.4/1281.6 528/29696 36.0/3034.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 101.7/99.6 455/404 110.2/96.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172.0/3745.8 590/18020 205.7/4699.9][TLSv1.2][client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] - 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117.1/118.3 1189/1223 208.0/199.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240.4/1716.9 590/17734 233.4/3587.1][TLSv1.2][client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][server: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][organization: Cisco Systems, Inc.][Cipher: TLS_RSA_WITH_RC4_128_MD5] - 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144.9/142.0 1031/979 239.6/221.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.5/2130.4 590/8901 135.5/2681.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 340.8/336.0 1876/1875 530.3/534.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 127.6/2863.1 528/14373 150.1/4303.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 122.9/117.3 519/469 168.2/143.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165.0/1864.5 590/8448 193.3/2710.5][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1269.2/704.2 16039/7189 2670.2/1359.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 228.8/134.1 590/3961 153.6/546.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 243.9/242.9 23985/24042 1526.9/1523.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57.4/1281.6 528/29696 36.0/3034.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 101.7/99.6 455/404 110.2/96.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172.0/3745.8 590/18020 205.7/4699.9][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117.1/118.3 1189/1223 208.0/199.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240.4/1716.9 590/17734 233.4/3587.1][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][Server: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Organization: Cisco Systems, Inc.][Validity: Wed Oct 30 23:00:00 2013 .. Mon Oct 30 22:59:59 2023][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144.9/142.0 1031/979 239.6/221.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.5/2130.4 590/8901 135.5/2681.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 340.8/336.0 1876/1875 530.3/534.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 127.6/2863.1 528/14373 150.1/4303.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 122.9/117.3 519/469 168.2/143.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165.0/1864.5 590/8448 193.3/2710.5][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1269.2/704.2 16039/7189 2670.2/1359.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 228.8/134.1 590/3961 153.6/546.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1008/0 4567.2/0.0 32494/0 6643.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 698/0 698.0/0.0 698/0 0.0/0.0][PLAIN TEXT (REGISTER sip)] - 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 762.9/372.6 6005/3010 1576.3/714.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.2/276.2 432/3961 108.2/830.4][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][server: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2744.3/508.0 34507/5259 8586.6/1382.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124.0/541.7 590/1502 148.6/614.4][TLSv1][client: api.crittercism.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][server: *.crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] - 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 494.4/409.3 2070/1051 687.0/417.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.4/873.0 576/3993 178.5/1443.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/50 177.0/170.7 357/356 145.9/126.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187.0/990.0 576/3993 192.5/1507.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 374.9/277.0 2171/1116 696.0/376.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/827.6 528/2974 166.2/1098.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 375.2/277.7 2179/1125 698.3/366.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/825.0 528/2633 166.2/1028.2][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 111.1/101.7 277/276 113.9/99.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/831.6 528/2581 172.4/1033.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 515.8/340.8 2119/1071 744.2/373.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 513.8/338.8 2066/1021 727.2/367.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 504.5/487.0 3074/2046 983.3/672.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/648.7 528/3993 166.2/1254.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 413.6/262.3 2119/1065 716.1/354.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/723.0 528/2633 172.4/919.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 115.0/104.3 555/553 177.8/168.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166.4/400.9 590/2581 167.4/757.6][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 139.8/138.6 512/509 166.3/155.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 131.9/131.3 470/468 155.0/147.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 458.4/458.1 1840/1786 701.0/676.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][cat: Web/5][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 480.4/547.7 1225/1224 507.1/505.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171.1/604.4 590/3751 167.6/1199.5][TLSv1.2][client: ssl.google-analytics.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][server: *.google-analytics.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][organization: Google Inc][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 387.8/296.6 1261/1231 510.3/469.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99.4/549.8 380/2581 101.1/889.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 583.0/496.3 2276/1237 795.3/505.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 582.6/496.8 2286/1238 798.1/506.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 127.8/115.7 463/394 159.1/129.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 168.7/574.4 448/2957 157.6/988.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: www.webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 681.5/596.0 1927/1038 733.9/482.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.9/705.2 117/2896 22.0/1054.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 814.6/744.5 2975/1922 1160.0/804.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 67.8/835.4 117/3961 23.2/1562.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 762.9/372.6 6005/3010 1576.3/714.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.2/276.2 432/3961 108.2/830.4][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2744.3/508.0 34507/5259 8586.6/1382.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124.0/541.7 590/1502 148.6/614.4][TLSv1][Client: api.crittercism.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: *.crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 494.4/409.3 2070/1051 687.0/417.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.4/873.0 576/3993 178.5/1443.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/50 177.0/170.7 357/356 145.9/126.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187.0/990.0 576/3993 192.5/1507.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 374.9/277.0 2171/1116 696.0/376.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/827.6 528/2974 166.2/1098.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 375.2/277.7 2179/1125 698.3/366.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/825.0 528/2633 166.2/1028.2][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 111.1/101.7 277/276 113.9/99.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/831.6 528/2581 172.4/1033.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 515.8/340.8 2119/1071 744.2/373.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 513.8/338.8 2066/1021 727.2/367.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 504.5/487.0 3074/2046 983.3/672.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/648.7 528/3993 166.2/1254.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 413.6/262.3 2119/1065 716.1/354.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/723.0 528/2633 172.4/919.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 115.0/104.3 555/553 177.8/168.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166.4/400.9 590/2581 167.4/757.6][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 139.8/138.6 512/509 166.3/155.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 131.9/131.3 470/468 155.0/147.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 458.4/458.1 1840/1786 701.0/676.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][cat: Web/5][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 480.4/547.7 1225/1224 507.1/505.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171.1/604.4 590/3751 167.6/1199.5][TLSv1.2][Client: ssl.google-analytics.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][Server: *.google-analytics.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Organization: Google Inc][Validity: Tue May 21 04:00:00 2002 .. Tue Aug 21 05:00:00 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 387.8/296.6 1261/1231 510.3/469.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99.4/549.8 380/2581 101.1/889.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 583.0/496.3 2276/1237 795.3/505.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 582.6/496.8 2286/1238 798.1/506.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 127.8/115.7 463/394 159.1/129.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 168.7/574.4 448/2957 157.6/988.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: www.webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 681.5/596.0 1927/1038 733.9/482.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.9/705.2 117/2896 22.0/1054.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 814.6/744.5 2975/1922 1160.0/804.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 67.8/835.4 117/3961 23.2/1562.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 60.0/53.8 283/252 92.3/80.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146.5/96.8 590/396 160.9/101.6][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1461.3/1461.3 10453/11491 3266.7/3571.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138.8/108.7 590/472 162.8/127.1][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7440.8/7440.5 59268/59268 19588.9/19589.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 150.8/68.3 590/183 167.8/40.5][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] @@ -48,8 +48,8 @@ JA3 Host Stats: 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 261.5/312.4 1555/1504 578.5/596.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 182.9/75.5 590/183 180.3/48.1][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/0 10286.0/10285.0 40778/40779 17604.8/17606.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124.8/153.4 388/551 131.8/198.8][PLAIN TEXT (POST /j)] 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][cat: VoIP/10][14 pkts/1071 bytes <-> 2 pkts/100 bytes][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1556.4/117.0 8966/117 2183.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76.5/50.0 84/50 14.4/0.0] - 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 100.6/125.0 442/392 171.7/155.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102.3/79.8 281/146 81.4/36.1][TLSv1.2][client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] - 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112.0/148.3 444/442 191.7/207.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112.0/86.2 281/183 86.0/55.9][TLSv1.2][client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 100.6/125.0 442/392 171.7/155.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102.3/79.8 281/146 81.4/36.1][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112.0/148.3 444/442 191.7/207.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112.0/86.2 281/183 86.0/55.9][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/501 bytes <-> 4 pkts/216 bytes][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 337.8/340.7 1009/1013 472.1/475.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.6/54.0 117/54 20.7/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f] 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1078.8/1346.8 5297/5301 2109.2/2283.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.2/54.0 117/54 22.4/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f] 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2407.4/3007.2 11950/11953 4771.4/5164.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.2/54.0 117/54 22.4/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 6fce43af0..29f9310bc 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -20,36 +20,36 @@ JA3 Host Stats: 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.64/TLS.TLS_No_Cert][cat: Web/5][88 pkts/15114 bytes <-> 91 pkts/61842 bytes][bytes ratio: -0.607 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/11 6361.1/6145.5 150373/150695 17282.8/17139.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171.8/679.6 264/1254 98.8/593.7] - 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][bytes ratio: -0.619 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 349.1/392.2 10035/9998 1472.1/1580.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 273.4/1335.6 1306/4350 407.2/922.0][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 471.3/504.3 9999/10002 1663.9/1763.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 479.2/862.7 1306/4059 492.4/921.8][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 741.7/807.0 10037/10000 2245.0/2387.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235.1/1003.2 1306/1494 368.4/649.4][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 5 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 598.1/512.8 9996/9997 1976.7/1850.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 360.5/946.2 1306/1754 450.4/673.4][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][bytes ratio: -0.475 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1106.7/1202.7 9696/9658 2638.7/2818.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312.7/951.5 1306/2922 423.4/963.9][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1147.7/1578.3 15327/15635 3200.1/3737.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 516.4/486.9 1306/1754 494.4/579.4][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 660.5/695.1 9999/9999 2150.4/2203.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 372.7/938.0 1306/5892 453.9/1304.2][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1093.9/1287.2 10039/10001 2259.3/2471.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 372.6/994.3 1306/8291 453.8/1870.8][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1098.0/1618.3 15319/15624 3304.3/3978.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 605.0/346.1 1494/1494 586.5/471.8][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][bytes ratio: 0.207 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1954.8/2606.3 15313/15715 3724.2/4264.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 482.5/417.5 1306/1754 480.2/530.0][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][bytes ratio: 0.105 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1053.7/1301.9 10037/10001 2289.2/2552.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 463.3/459.0 1306/1754 478.0/578.6][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 13 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][bytes ratio: -0.743 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1055.2/906.1 9996/9998 2716.9/2557.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178.2/1048.3 1153/3182 289.6/878.3][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 14 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2222.1/3111.5 15693/16086 3959.2/4562.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 386.7/410.9 1306/1754 451.5/550.6][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1308.1/1657.3 9999/10000 2778.8/3130.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 419.9/410.4 1306/1494 461.7/506.9][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 822.4/1124.8 9811/10007 2497.0/2963.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430.0/460.7 1306/1494 463.0/553.0][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][bytes ratio: 0.119 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 839.9/1144.1 9639/9999 2446.3/2955.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 429.2/460.7 1306/1494 462.8/553.0][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1007.8/1284.7 10004/10002 2520.0/2799.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 308.5/492.1 1306/1798 406.0/692.3][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1741.0/2057.5 10879/11228 3716.5/4044.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 330.4/427.9 1306/1494 415.8/540.7][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][bytes ratio: -0.051 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048.4/1246.7 10000/10001 2834.6/3097.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 376.3/500.4 1306/1754 434.4/627.5][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/TLS.QQ][cat: Chat/9][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][bytes ratio: -0.544 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6528.9/6528.8 44960/45306 13428.4/13505.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 167.1/565.6 571/3484 197.3/986.9][TLSv1.2][client: res.wx.qq.com][JA3C: 550dce18de1bb143e69d6dd9413b8355][server: wx.qq.com][JA3S: 290adf098a54ade688d1df074dbecbf2 (WEAK)][organization: Shenzhen Tencent Computer Systems Company Limited][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384] - 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/TLS.Google][cat: Web/5][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8459.1/8459.1 45056/45055 17578.3/17578.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 141.9/368.7 895/1484 195.7/525.4][TLSv1.2][client: safebrowsing.googleusercontent.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][server: *.googleusercontent.com][JA3S: d655f7cd00e93ea8969c3c6e06f0156f][organization: Google Inc][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256] + 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][bytes ratio: -0.619 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 349.1/392.2 10035/9998 1472.1/1580.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 273.4/1335.6 1306/4350 407.2/922.0][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 471.3/504.3 9999/10002 1663.9/1763.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 479.2/862.7 1306/4059 492.4/921.8][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 741.7/807.0 10037/10000 2245.0/2387.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235.1/1003.2 1306/1494 368.4/649.4][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 5 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 598.1/512.8 9996/9997 1976.7/1850.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 360.5/946.2 1306/1754 450.4/673.4][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][bytes ratio: -0.475 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1106.7/1202.7 9696/9658 2638.7/2818.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312.7/951.5 1306/2922 423.4/963.9][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1147.7/1578.3 15327/15635 3200.1/3737.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 516.4/486.9 1306/1754 494.4/579.4][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 660.5/695.1 9999/9999 2150.4/2203.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 372.7/938.0 1306/5892 453.9/1304.2][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1093.9/1287.2 10039/10001 2259.3/2471.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 372.6/994.3 1306/8291 453.8/1870.8][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1098.0/1618.3 15319/15624 3304.3/3978.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 605.0/346.1 1494/1494 586.5/471.8][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][bytes ratio: 0.207 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1954.8/2606.3 15313/15715 3724.2/4264.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 482.5/417.5 1306/1754 480.2/530.0][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][bytes ratio: 0.105 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1053.7/1301.9 10037/10001 2289.2/2552.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 463.3/459.0 1306/1754 478.0/578.6][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 13 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][bytes ratio: -0.743 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1055.2/906.1 9996/9998 2716.9/2557.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178.2/1048.3 1153/3182 289.6/878.3][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Tue Nov 5 20:36:50 2013 .. Fri May 20 21:36:50 2022][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 14 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2222.1/3111.5 15693/16086 3959.2/4562.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 386.7/410.9 1306/1754 451.5/550.6][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1308.1/1657.3 9999/10000 2778.8/3130.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 419.9/410.4 1306/1494 461.7/506.9][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 822.4/1124.8 9811/10007 2497.0/2963.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430.0/460.7 1306/1494 463.0/553.0][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][bytes ratio: 0.119 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 839.9/1144.1 9639/9999 2446.3/2955.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 429.2/460.7 1306/1494 462.8/553.0][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1007.8/1284.7 10004/10002 2520.0/2799.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 308.5/492.1 1306/1798 406.0/692.3][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1741.0/2057.5 10879/11228 3716.5/4044.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 330.4/427.9 1306/1494 415.8/540.7][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][bytes ratio: -0.051 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048.4/1246.7 10000/10001 2834.6/3097.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 376.3/500.4 1306/1754 434.4/627.5][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/TLS.QQ][cat: Chat/9][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][bytes ratio: -0.544 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6528.9/6528.8 44960/45306 13428.4/13505.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 167.1/565.6 571/3484 197.3/986.9][TLSv1.2][Client: res.wx.qq.com][JA3C: 550dce18de1bb143e69d6dd9413b8355][Server: wx.qq.com][JA3S: 290adf098a54ade688d1df074dbecbf2 (WEAK)][Organization: Shenzhen Tencent Computer Systems Company Limited][Validity: Tue May 10 01:00:00 2016 .. Fri Aug 10 00:59:59 2018][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384] + 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/TLS.Google][cat: Web/5][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8459.1/8459.1 45056/45055 17578.3/17578.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 141.9/368.7 895/1484 195.7/525.4][TLSv1.2][Client: safebrowsing.googleusercontent.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][Server: *.googleusercontent.com][JA3S: d655f7cd00e93ea8969c3c6e06f0156f][Organization: Google Inc][Validity: Wed Apr 5 18:14:46 2017 .. Wed Jun 28 17:57:00 2017][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256] 23 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com][bytes ratio: 0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 29.2/9.8 76/41 25.4/15.7][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 501.0/554.8 1392/1392 573.8/598.8][PLAIN TEXT (ssl.gstatic.com)] 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][cat: Collaborative/15][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 265.8/207.7 1244/1178 489.5/434.5][Pkt Len c2s/s2c min/avg/max/stddev: 77/70 447.8/303.6 1392/1392 532.3/455.1][PLAIN TEXT (docs.google.comr)] - 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3047.0/3918.0 19999/20000 6180.0/6802.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/463.9 304/1754 76.6/673.1][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3389.1/4357.6 20004/20001 6103.7/6660.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/463.9 304/1754 76.6/673.1][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2734.2/3515.7 20000/20001 6155.3/6808.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/462.9 304/1494 76.6/600.9][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1480.2/2160.8 10763/11158 3297.0/4055.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/519.6 304/1494 76.6/622.0][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2282.0/3371.3 19243/19593 5998.6/7255.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/519.6 304/1494 76.6/622.0][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1329.6/1933.8 10477/10889 3238.9/4008.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/519.6 304/1494 76.6/622.0][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][9 pkts/966 bytes <-> 6 pkts/3571 bytes][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1442.0/2236.8 10023/10417 3248.1/4093.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107.3/595.2 304/1754 79.7/731.6][TLSv1.2][client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][organization: Tencent Mobility Limited][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3047.0/3918.0 19999/20000 6180.0/6802.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/463.9 304/1754 76.6/673.1][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3389.1/4357.6 20004/20001 6103.7/6660.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/463.9 304/1754 76.6/673.1][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2734.2/3515.7 20000/20001 6155.3/6808.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/462.9 304/1494 76.6/600.9][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1480.2/2160.8 10763/11158 3297.0/4055.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/519.6 304/1494 76.6/622.0][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2282.0/3371.3 19243/19593 5998.6/7255.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/519.6 304/1494 76.6/622.0][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1329.6/1933.8 10477/10889 3238.9/4008.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/519.6 304/1494 76.6/622.0][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: SocialNetwork/6][9 pkts/966 bytes <-> 6 pkts/3571 bytes][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1442.0/2236.8 10023/10417 3248.1/4093.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107.3/595.2 304/1754 79.7/731.6][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][Server: web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Organization: Tencent Mobility Limited][Validity: Mon Sep 21 01:00:00 2015 .. Fri Sep 21 00:59:59 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 32 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/4488 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 91043.2/0.0 3468394/0 521942.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 102/0 102.0/0.0 102/0 0.0/0.0][PLAIN TEXT (googlecast)] 33 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com][bytes ratio: 0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 24.0/16.0 53/47 24.3/19.2][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 407.0/387.4 1392/1392 507.8/512.0][PLAIN TEXT (ssl.gstatic.com)] 34 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/3608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 91043.3/0.0 3468395/0 521942.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82.0/0.0 82/0 0.0/0.0][PLAIN TEXT (googlecast)] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 999a871a8..4b7e383ae 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -22,7 +22,7 @@ JA3 Host Stats: 10 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 175.8/231.7 353/348 174.3/163.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147.2/215.8 500/689 176.6/273.3][PLAIN TEXT (GET /login.php)] 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn][PLAIN TEXT (KGET /t)] 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn][PLAIN TEXT (GET /public/files/image/620)] - 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/TLS][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][TLSv1][client: g.alicdn.com][JA3C: 58e7f64db6e4fe4941dd9691d421196c][PLAIN TEXT (g.alicdn.com)] + 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/TLS][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][TLSv1][Client: g.alicdn.com][JA3C: 58e7f64db6e4fe4941dd9691d421196c][PLAIN TEXT (g.alicdn.com)] 14 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/75 bytes <-> 1 pkts/191 bytes][Host: img.t.sinajs.cn] 15 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/190 bytes][Host: js.t.sinajs.cn] 16 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/171 bytes][Host: g.alicdn.com][PLAIN TEXT (alicdn)] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index bb20425c3..3a1bfc4e0 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -20,9 +20,9 @@ JA3 Host Stats: 1 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][186 pkts/27025 bytes <-> 278 pkts/25895 bytes][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49.3/34.3 209/352 59.0/50.4][Pkt Len c2s/s2c min/avg/max/stddev: 68/64 145.3/93.1 525/488 100.0/64.5][PLAIN TEXT (zTdFPOk)] 2 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][141 pkts/17530 bytes <-> 57 pkts/12888 bytes][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 51.7/132.2 307/539 65.0/84.2][Pkt Len c2s/s2c min/avg/max/stddev: 65/68 124.3/226.1 484/552 75.0/128.5] 3 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][cat: Chat/9][100 pkts/14711 bytes <-> 80 pkts/10163 bytes][bytes ratio: 0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1356.0/1696.8 28162/28146 4142.9/4597.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 147.1/127.0 1506/754 238.5/99.0][PLAIN TEXT (iPhone)] - 4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][bytes ratio: 0.281 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1224.0/1483.8 31033/31176 5745.1/6337.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 405.9/275.5 1494/1002 488.5/347.9][TLSv1.2][client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] - 5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/TLS.Apple][cat: Web/5][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1641.8/2031.8 30435/30711 6607.5/7407.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 364.0/563.3 1494/1494 552.5/634.4][TLSv1.2][client: query.ess.apple.com][JA3C: 799135475da362592a4be9199d258726][server: *.ess.apple.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][organization: Apple Inc.][Cipher: TLS_RSA_WITH_RC4_128_MD5] - 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][bytes ratio: 0.271 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 58.5/50.1 271/228 96.9/86.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 362.7/235.9 1494/1002 464.1/321.5][TLSv1.2][client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][bytes ratio: 0.281 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1224.0/1483.8 31033/31176 5745.1/6337.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 405.9/275.5 1494/1002 488.5/347.9][TLSv1.2][Client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/TLS.Apple][cat: Web/5][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1641.8/2031.8 30435/30711 6607.5/7407.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 364.0/563.3 1494/1494 552.5/634.4][TLSv1.2][Client: query.ess.apple.com][JA3C: 799135475da362592a4be9199d258726][Server: *.ess.apple.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Organization: Apple Inc.][Validity: Sat Mar 8 00:53:04 2014 .. Thu Mar 8 00:53:04 2029][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][bytes ratio: 0.271 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 58.5/50.1 271/228 96.9/86.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 362.7/235.9 1494/1002 464.1/321.5][TLSv1.2][Client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][cat: Cloud/13][11 pkts/4732 bytes <-> 11 pkts/1194 bytes][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 53/0 12518.4/12519.7 101116/101113 30245.8/30246.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430.2/108.5 1506/300 466.8/82.6][PLAIN TEXT (yfV.nY)] 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 87/RTP][cat: Media/1][12 pkts/2341 bytes <-> 12 pkts/2484 bytes][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2652.5/1821.0 18656/18299 5702.0/5214.6][Pkt Len c2s/s2c min/avg/max/stddev: 64/68 195.1/207.0 331/358 97.6/107.5] 9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1255/0 6659.6/0.0 9061/0 2879.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342.0/0.0 342/0 0.0/0.0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46] diff --git a/tests/result/whatsappfiles.pcap.out b/tests/result/whatsappfiles.pcap.out index 6d8fc1032..d77bf3ebb 100644 --- a/tests/result/whatsappfiles.pcap.out +++ b/tests/result/whatsappfiles.pcap.out @@ -5,5 +5,5 @@ JA3 Host Stats: 1 192.168.2.29 2 - 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 91.242/TLS.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes][bytes ratio: -0.920 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54.7/40.4 5775/5834 504.8/438.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75.0/1333.7 583/1464 51.0/391.7][TLSv1.2][client: mmg-fna.whatsapp.net][JA3C: 4e1a414c4f4c99097edd2a9a98e336c8][JA3S: 96681175a9547081bf3d417f1a572091][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] - 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 91.242/TLS.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes][bytes ratio: 0.846 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 686.3/742.3 64838/64743 5490.8/5698.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 1175.1/105.6 1464/1464 540.1/167.3][TLSv1.2][client: mmg-fna.whatsapp.net][JA3C: 107144b88827da5da9ed42d8776ccdc5][server: *.whatsapp.net][JA3S: 2d1eb5817ece335c24904f516ad5da12][organization: Facebook, Inc.][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 91.242/TLS.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes][bytes ratio: -0.920 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54.7/40.4 5775/5834 504.8/438.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75.0/1333.7 583/1464 51.0/391.7][TLSv1.2][Client: mmg-fna.whatsapp.net][JA3C: 4e1a414c4f4c99097edd2a9a98e336c8][JA3S: 96681175a9547081bf3d417f1a572091][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 91.242/TLS.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes][bytes ratio: 0.846 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 686.3/742.3 64838/64743 5490.8/5698.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 1175.1/105.6 1464/1464 540.1/167.3][TLSv1.2][Client: mmg-fna.whatsapp.net][JA3C: 107144b88827da5da9ed42d8776ccdc5][Server: *.whatsapp.net][JA3S: 2d1eb5817ece335c24904f516ad5da12][Organization: Facebook, Inc.][Validity: Wed Apr 26 01:00:00 2017 .. Tue May 1 13:00:00 2018][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] diff --git a/tests/result/youtubeupload.pcap.out b/tests/result/youtubeupload.pcap.out index fb1fa577d..ded6bd2a1 100644 --- a/tests/result/youtubeupload.pcap.out +++ b/tests/result/youtubeupload.pcap.out @@ -7,4 +7,4 @@ JA3 Host Stats: 1 UDP 192.168.2.27:51925 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][cat: Media/1][80 pkts/100473 bytes <-> 20 pkts/6003 bytes][Host: upload.youtube.com][bytes ratio: 0.887 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 43.8/180.3 1825/1883 238.0/467.2][Pkt Len c2s/s2c min/avg/max/stddev: 77/58 1255.9/300.1 1392/1392 385.3/473.5][PLAIN TEXT (upload.youtube.comQ)] 2 UDP 192.168.2.27:62232 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][cat: Media/1][13 pkts/8651 bytes <-> 11 pkts/6463 bytes][Host: upload.youtube.com][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1393.9/1682.2 14942/15097 4108.2/4494.1][Pkt Len c2s/s2c min/avg/max/stddev: 65/60 665.5/587.5 1392/1392 633.6/618.0][PLAIN TEXT (upload.youtube.comQ)] - 3 TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/TLS.YouTubeUpload][cat: Media/1][6 pkts/649 bytes <-> 7 pkts/4799 bytes][bytes ratio: -0.762 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23.2/14.8 57/39 21.2/15.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 108.2/685.6 256/1484 73.1/634.0][TLSv1.2][client: upload.youtube.com][JA3C: bc6c386f480ee97b9d9e52d472b772d8][server: upload.video.google.com][JA3S: b26c652e0a402a24b5ca2a660e84f9d5][organization: Google Inc][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 3 TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/TLS.YouTubeUpload][cat: Media/1][6 pkts/649 bytes <-> 7 pkts/4799 bytes][bytes ratio: -0.762 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23.2/14.8 57/39 21.2/15.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 108.2/685.6 256/1484 73.1/634.0][TLSv1.2][Client: upload.youtube.com][JA3C: bc6c386f480ee97b9d9e52d472b772d8][Server: upload.video.google.com][JA3S: b26c652e0a402a24b5ca2a660e84f9d5][Organization: Google Inc][Validity: Wed Nov 1 13:50:15 2017 .. Wed Jan 24 13:31:00 2018][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] |