aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--example/protos.txt8
-rw-r--r--src/include/ndpi_protocol_ids.h1
-rw-r--r--src/lib/ndpi_content_match.c.inc8
-rw-r--r--src/lib/ndpi_main.c17
-rw-r--r--tests/pcap/teams.pcapbin0 -> 1535303 bytes
-rw-r--r--tests/result/teams.pcap.out107
-rw-r--r--tests/result/tls_long_cert.pcap.out4
7 files changed, 129 insertions, 16 deletions
diff --git a/example/protos.txt b/example/protos.txt
index a840c8545..13f5be7c5 100644
--- a/example/protos.txt
+++ b/example/protos.txt
@@ -10,13 +10,7 @@ tcp:3000@ntop
# Format:
# host:"<value>",host:"<value>",.....@<subproto>
-host:"googlesyndication.com"@Google
-host:"venere.com"@Venere
-host:"kataweb.it",host:"repubblica.it"@Repubblica
-host:"ntop"@ntop
-host:"atv-ext.amazon.com",host:"*.api.amazon.com",host:"*.api.amazonvideo.com"@AmazonVideo
-host:"*.amazonaws.com"@AmazonVideo
-host:"*.netflix.com"@Netflix
+host:"disneyplus.com"host:"cdn.registerdisney.go.com",host:"disney-portal.my.onetrust.com",host:"disneyplus.bn5x.net",host:"disney-plus.net"@DisneyPlus
host:"*.lvlt.dash.us.aiv-cdn.net.c.footprint.net"@AmazonVideo
host:"api-global.netflix.com"@Netflix
# IP based Subprotocols
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index ee71038cc..e24f3eb1b 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -279,6 +279,7 @@ typedef enum {
NDPI_PROTOCOL_CAPWAP = 247,
NDPI_PROTOCOL_ZABBIX = 248,
NDPI_PROTOCOL_S7COMM = 249,
+ NDPI_PROTOCOL_MSTEAMS = 250,
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index e7a745a13..902c70de6 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -8997,7 +8997,13 @@ static ndpi_protocol_match host_match[] = {
{ "bing.com", NULL, "bing" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
{ ".visualstudio.com", NULL, "\\.visualstudio" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE },
{ "login.live.com", NULL, "login\\.live" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-
+ { "teams.microsoft.com", NULL, "teams\\.microsoft\\.com" TLD, "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE },
+ { "-teams.cloudapp.net", NULL, "-teams\\.cloudapp\\.net" TLD, "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE },
+ { "teams.trafficmanager.net", NULL, "teams\\.trafficmanager\\.net" TLD, "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE },
+ { "teams-msgapi.trafficmanager.net", NULL, "teams-msgapi\\.trafficmanager\\.net" TLD, "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE },
+ { "teams.office.net", NULL, "teams\\.office\\.net" TLD, "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE },
+ { "teams.office.com", NULL, "teams\\.office\\.com" TLD, "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE },
+
{ "bn1301.storage.live.com", NULL, "bn1301\\.storage\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
{ "skyapi.live.net", NULL, "skyapi\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
{ "d.docs.live.net", NULL, "d\\.docs\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 1a68acdd5..ed8199c45 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1805,12 +1805,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 10050, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */
);
- ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_S7COMM,
- 1 /* no subprotocol */, no_master,
- no_master, "s7comm", NDPI_PROTOCOL_CATEGORY_NETWORK,
- ndpi_build_default_ports(ports_a, 102, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */
- );
+ ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_S7COMM,
+ 1 /* no subprotocol */, no_master,
+ no_master, "s7comm", NDPI_PROTOCOL_CATEGORY_NETWORK,
+ ndpi_build_default_ports(ports_a, 102, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MSTEAMS,
+ 1 /* no subprotocol */, no_master,
+ no_master, "Teams", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */
+ );
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_main.c"
diff --git a/tests/pcap/teams.pcap b/tests/pcap/teams.pcap
new file mode 100644
index 000000000..16c024585
--- /dev/null
+++ b/tests/pcap/teams.pcap
Binary files differ
diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out
new file mode 100644
index 000000000..4eda3cae9
--- /dev/null
+++ b/tests/result/teams.pcap.out
@@ -0,0 +1,107 @@
+Unknown 35 14201 2
+DNS 14 1947 7
+DHCP 7 2323 2
+ntop 40 9816 3
+SkypeCall 93 19649 12
+ICMP 2 140 1
+TLS 107 45011 5
+Dropbox 18 11162 3
+Skype 44 21248 3
+Apple 2 231 1
+Spotify 1 82 1
+Telegram 3 186 1
+Microsoft 403 283797 11
+Office365 136 52120 6
+Teams 1870 1025774 25
+
+JA3 Host Stats:
+ IP Address # JA3C
+ 1 192.168.1.6 6
+
+
+ 1 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][614 pkts/242051 bytes <-> 686 pkts/579301 bytes][Goodput ratio: 86/93][19.89 sec][ALPN: h2,http/1.1][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/23 3909/3921 278/223][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 394/844 1494/1506 582/685][TLSv1.2][Client: teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 2 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 3 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 4 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][TLSv1.2][Client: config.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 5 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 6 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipeÍ*<—][JA3S: ae4edc6faf64d08308082ad26be60767][Certificate SHA-1: 21:3D:34:04:2E:C6:DE:5B:DB:97:83:FC:EB:36:1C:5E:20:CE:40:57][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 7 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2]
+ 8 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][ALPN: h2,http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TLSv1.2][Client: presence.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd]
+ 9 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Office365][cat: Collaborative/15][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][ALPN: h2,http/1.1][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][TLSv1.2][Client: substrate.office.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Organization: Microsoft Corporation][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 10 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 11 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][ALPN: h2,http/1.1][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][TLSv1.2][Client: teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 12 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][ALPN: h2,http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf]
+ 13 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 14 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][ALPN: h2,http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][Client: chatsvcagg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd]
+ 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][ALPN: h2,http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][Client: emea.ng.msg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd]
+ 17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][ALPN: h2,http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][Client: eu-api.asm.skype.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Office365][cat: Collaborative/15][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][ALPN: h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3]
+ 19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Office365][cat: Collaborative/15][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][ALPN: h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][ALPN: h2,http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TLSv1.2][Client: northeurope.notifications.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd]
+ 21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][cat: Web/5][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][ALPN: h2,http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][Client: api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Certificate SHA-1: E2:21:AD:8A:8D:D3:9F:D4:B4:55:81:4C:34:8D:D9:B0:FF:C8:6D:FD][Validity: 2019-07-16 00:02:30 - 2021-07-16 00:02:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][cat: Web/5][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][ALPN: h2,http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][Client: euno-1.api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Certificate SHA-1: 43:FB:E1:46:1D:0D:C3:44:66:EB:9E:08:EE:3D:71:49:7D:B8:EC:2F][Validity: 2019-07-16 00:02:35 - 2021-07-16 00:02:35][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][ALPN: h2,http/1.1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][TLSv1.2][Client: config.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 25 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91/TLS][cat: Web/5][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][ALPN: h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3]
+ 26 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91/TLS][cat: Web/5][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][ALPN: h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3]
+ 27 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][TLSv1.2][Client: trouter2-asse-a.trouter.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 28 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Office365][cat: Collaborative/15][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][ALPN: h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3]
+ 29 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91.121/TLS.Dropbox][cat: Cloud/13][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500]
+ 30 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][TLSv1.2][Client: api.flightproxy.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a]
+ 31 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][TLSv1.2][Client: teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 32 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][PLAIN TEXT (SMnzNK)]
+ 33 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][TLSv1.2][Client: 52.114.250.153][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 34 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][ALPN: h2,http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd]
+ 35 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][ALPN: h2,http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TLSv1.2][Client: eu-api.asm.skype.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd]
+ 36 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][TLSv1.2][Client: euaz.tr.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a]
+ 37 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][TLSv1.2][Client: euaz.tr.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a]
+ 38 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][TLSv1.2][Client: 52.114.250.152][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 39 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][ALPN: h2,http/1.1][TLS Supported Versions: TLSv1.3,TLSv1.2,TLSv1.1,TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][TLSv1.2][Client: dati.ntop.org][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 40 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][ALPN: h2,http/1.1][TLS Supported Versions: TLSv1.3,TLSv1.2,TLSv1.1,TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][TLSv1.2][Client: dati.ntop.org][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 41 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][PLAIN TEXT (rtcmedia)]
+ 42 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Host: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3]
+ 43 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][PLAIN TEXT (rtcmedia)]
+ 44 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec]
+ 45 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][PLAIN TEXT (The request did not contain a M)]
+ 46 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][PLAIN TEXT (The request did not contain a M)]
+ 47 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27]
+ 48 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec]
+ 49 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec]
+ 50 UDP 192.168.1.6:50016 <-> 52.114.250.123:3478 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][PLAIN TEXT (The request did not contain a M)]
+ 51 UDP 192.168.1.6:50036 <-> 52.114.250.123:3478 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][PLAIN TEXT (The request did not contain a M)]
+ 52 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)]
+ 53 UDP 192.168.1.6:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)]
+ 54 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/397 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (6.10.1)]
+ 55 UDP 192.168.1.6:63930 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][cat: Cloud/13][1 pkts/96 bytes <-> 1 pkts/301 bytes][Goodput ratio: 56/86][0.04 sec][Host: dc.applicationinsights.microsoft.com][40.79.138.41][PLAIN TEXT (applicationinsights)]
+ 56 UDP 192.168.1.6:54069 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/264 bytes][Goodput ratio: 49/84][0.06 sec][Host: api.microsoftstream.com][104.40.187.151][PLAIN TEXT (microsoftstream)]
+ 57 UDP 192.168.1.6:62735 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/225 bytes][Goodput ratio: 53/81][0.01 sec][Host: euno-1.api.microsoftstream.com][52.169.186.119][PLAIN TEXT (microsoftstream)]
+ 58 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][cat: Collaborative/15][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Host: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)]
+ 59 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Office365][cat: Collaborative/15][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Host: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)]
+ 60 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][cat: Collaborative/15][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Host: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)]
+ 61 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec]
+ 62 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec]
+ 63 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Host: b._dns-sd._udp.ntop.org][::][PLAIN TEXT (postmaster)]
+ 64 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][cat: Collaborative/15][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Host: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)]
+ 65 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][cat: Collaborative/15][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Host: euaz.tr.teams.microsoft.com][52.114.250.123][PLAIN TEXT (microsoft)]
+ 66 UDP 192.168.1.6:55765 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][cat: Cloud/13][1 pkts/109 bytes <-> 1 pkts/185 bytes][Goodput ratio: 61/77][0.01 sec][Host: b-tr-teams-euno-05.northeurope.cloudapp.azure.com][::][PLAIN TEXT (northeurope)]
+ 67 UDP 192.168.1.6:59403 <-> 192.168.1.1:53 [proto: 5.219/DNS.Office365][cat: Collaborative/15][1 pkts/80 bytes <-> 1 pkts/214 bytes][Goodput ratio: 47/80][0.01 sec][Host: substrate.office.com][13.107.18.11][PLAIN TEXT (substrate)]
+ 68 UDP 192.168.1.6:49514 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][cat: Collaborative/15][1 pkts/86 bytes <-> 1 pkts/204 bytes][Goodput ratio: 51/79][0.01 sec][Host: config.teams.microsoft.com][52.113.194.132][PLAIN TEXT (config)]
+ 69 UDP 192.168.1.6:57530 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/181 bytes][Goodput ratio: 57/76][0.03 sec][Host: presence.services.sfb.trafficmanager.net][52.114.77.58][PLAIN TEXT (presence)]
+ 70 UDP 192.168.1.6:53678 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][cat: Collaborative/15][1 pkts/103 bytes <-> 1 pkts/173 bytes][Goodput ratio: 59/75][0.01 sec][Host: trouter2-asse-a.trouter.teams.microsoft.com][2a01:111:f100:7000::6fdd:54a1][PLAIN TEXT (trouter)]
+ 71 UDP 192.168.1.6:60837 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/176 bytes][Goodput ratio: 57/76][0.01 sec][Host: c-flightproxy-euno-01-teams.cloudapp.net][::][PLAIN TEXT (flightproxy)]
+ 72 UDP 192.168.1.6:65230 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][cat: Collaborative/15][1 pkts/103 bytes <-> 1 pkts/161 bytes][Goodput ratio: 59/73][0.01 sec][Host: trouter2-asse-a.trouter.teams.microsoft.com][52.114.15.45][PLAIN TEXT (trouter)]
+ 73 UDP 192.168.1.6:65387 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/171 bytes][Goodput ratio: 54/75][0.01 sec][Host: northeuropecns.trafficmanager.net][52.114.76.48][PLAIN TEXT (northeuropecns)]
+ 74 UDP 192.168.1.6:51033 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes <-> 1 pkts/182 bytes][Goodput ratio: 47/77][0.04 sec][Host: eu-api.asm.skype.com][52.114.75.69][PLAIN TEXT (trafficmanager)]
+ 75 UDP 192.168.1.6:51309 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/169 bytes][Goodput ratio: 54/75][0.01 sec][Host: skypedataprdcolneu04.cloudapp.net][::][PLAIN TEXT (skypedataprdcolneu04)]
+ 76 UDP 192.168.1.6:62863 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][cat: Collaborative/15][1 pkts/103 bytes <-> 1 pkts/158 bytes][Goodput ratio: 59/73][0.07 sec][Host: emea.ng.msg.teams-msgapi.trafficmanager.net][52.114.108.8][PLAIN TEXT (msgapi)]
+ 77 UDP 192.168.1.6:56634 <-> 192.168.1.1:53 [proto: 5.140/DNS.Apple][cat: Web/5][1 pkts/89 bytes <-> 1 pkts/142 bytes][Goodput ratio: 52/70][0.03 sec][Host: captive.apple.com.edgekey.net][23.50.158.88][PLAIN TEXT (captive)]
+ 78 UDP 192.168.1.6:60813 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/109 bytes][Goodput ratio: 54/61][0.01 sec][Host: skypedataprdcolneu04.cloudapp.net][52.114.77.33][PLAIN TEXT (skypedataprdcolneu04)]
+ 79 TCP 192.168.1.6:58533 -> 149.154.167.91:443 [proto: 91.185/TLS.Telegram][cat: Chat/9][3 pkts/186 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][4.29 sec]
+ 80 ICMP 93.71.110.205:0 -> 192.168.1.6:0 [proto: 81/ICMP][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec]
+ 81 UDP 192.168.1.112:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Music/25][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (SpotUdp)]
+
+
+Undetected flows:
+ 1 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 0/Unknown][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][PLAIN TEXT (TBHSWF)]
+ 2 TCP 151.11.50.139:2222 <-> 192.168.1.6:54750 [proto: 0/Unknown][2 pkts/252 bytes <-> 2 pkts/204 bytes][Goodput ratio: 47/35][0.05 sec]
diff --git a/tests/result/tls_long_cert.pcap.out b/tests/result/tls_long_cert.pcap.out
index beae4a6f9..15d65002c 100644
--- a/tests/result/tls_long_cert.pcap.out
+++ b/tests/result/tls_long_cert.pcap.out
@@ -1,8 +1,8 @@
-Repubblica 182 117601 1
+TLS 182 117601 1
JA3 Host Stats:
IP Address # JA3C
1 192.168.2.126 1
- 1 TCP 192.168.2.126:60174 <-> 104.111.215.93:443 [proto: 91.252/TLS.Repubblica][cat: Web/5][86 pkts/8534 bytes <-> 96 pkts/109067 bytes][Goodput ratio: 33/94][71.34 sec][ALPN: h2,http/1.1][TLS Supported Versions: TLS (0A0A),TLSv1.3,TLSv1.2,TLSv1.1,TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1046/930 45462/45488 6189/5865][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 99/1136 902/1514 118/525][TLSv1.2][Client: www.repubblica.it][JA3C: 66918128f1b9b03303d77c6f2eefd128][ServerNames: www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Organization: GEDI Digital S.r.l.][Certificate SHA-1: 0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1][Validity: 2019-03-07 00:00:00 - 2020-05-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
+ 1 TCP 192.168.2.126:60174 <-> 104.111.215.93:443 [proto: 91/TLS][cat: Web/5][86 pkts/8534 bytes <-> 96 pkts/109067 bytes][Goodput ratio: 33/94][71.34 sec][ALPN: h2,http/1.1][TLS Supported Versions: TLS (0A0A),TLSv1.3,TLSv1.2,TLSv1.1,TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1046/930 45462/45488 6189/5865][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 99/1136 902/1514 118/525][TLSv1.2][Client: www.repubblica.it][JA3C: 66918128f1b9b03303d77c6f2eefd128][ServerNames: www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Organization: GEDI Digital S.r.l.][Certificate SHA-1: 0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1][Validity: 2019-03-07 00:00:00 - 2020-05-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
Powered by cgit, Themed by Ted Yin.