aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/gnutella.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'tests/cfgs/default/result/gnutella.pcap.out')
-rw-r--r--tests/cfgs/default/result/gnutella.pcap.out8
1 files changed, 4 insertions, 4 deletions
diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out
index 88d3ede43..736c762db 100644
--- a/tests/cfgs/default/result/gnutella.pcap.out
+++ b/tests/cfgs/default/result/gnutella.pcap.out
@@ -60,10 +60,10 @@ JA3 Host Stats:
4 TCP 10.0.2.15:50300 <-> 188.61.52.183:11852 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Download/7][66 pkts/6593 bytes <-> 69 pkts/10484 bytes][Goodput ratio: 46/64][502.91 sec][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 8559/7533 32308/32351 8859/8516][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 100/152 653/1514 91/201][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 1,43,9,6,26,4,0,1,1,0,1,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
5 UDP [fe80::c50d:519f:96a4:e108]:63958 -> [ff02::c]:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 153/WSD, Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/15504 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][586.41 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/0 48849/0 583774/0 161286/0][Pkt Len c2s/s2c min/avg/max/stddev: 834/0 1107/0 1153/0 112/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,85,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 10.0.2.15:63957 -> 239.255.255.250:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 153/WSD, Confidence: DPI][DPI packets: 1][cat: Network/14][13 pkts/14194 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][586.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/0 53286/0 583775/0 167755/0][Pkt Len c2s/s2c min/avg/max/stddev: 814/0 1092/0 1115/0 80/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,92,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 10.0.2.15:50330 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/1011 bytes <-> 12 pkts/11017 bytes][Goodput ratio: 51/94][3.38 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/240 1119/1115 493/448][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/918 567/1514 161/644][URL: 69.118.162.229:46906/gnutella/thex/v1?urn:tree:tiger/:3WMUS6WM2ZC7XIPRQDKXWHHJRV4IKYC4OX4ELCA&depth=9&ed2k=1][StatusCode: 200][Content-Type: application/dime][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **][Risk Score: 80][Risk Info: Found host 69.118.162.229 / Entropy: 5.691 (Executable?)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /gnutella/thex/v1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,55,0,0]
+ 7 TCP 10.0.2.15:50330 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/1011 bytes <-> 12 pkts/11017 bytes][Goodput ratio: 51/94][3.38 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/240 1119/1115 493/448][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/918 567/1514 161/644][URL: 69.118.162.229:46906/gnutella/thex/v1?urn:tree:tiger/:3WMUS6WM2ZC7XIPRQDKXWHHJRV4IKYC4OX4ELCA&depth=9&ed2k=1][StatusCode: 200][Content-Type: application/dime][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **][Risk Score: 80][Risk Info: Found host 69.118.162.229 / Expected on port 80 / Entropy: 5.691 (Executable?)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /gnutella/thex/v1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,55,0,0]
8 TCP 10.0.2.15:50248 <-> 109.214.154.216:6346 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Download/7][45 pkts/3196 bytes <-> 54 pkts/8256 bytes][Goodput ratio: 24/65][522.53 sec][bytes ratio: -0.442 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/1 12254/10032 54436/54424 15860/15019][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/153 358/1078 50/183][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 56,1,12,5,3,1,1,7,3,1,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 10.0.2.15:50249 <-> 86.208.180.181:45883 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Download/7][43 pkts/3087 bytes <-> 47 pkts/7704 bytes][Goodput ratio: 24/67][522.17 sec][bytes ratio: -0.428 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 11973/13240 47909/55396 14672/15777][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/164 357/1119 51/213][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 57,0,4,6,4,4,4,2,6,2,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][5 pkts/815 bytes <-> 7 pkts/5620 bytes][Goodput ratio: 65/93][1.25 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 416/228 1138/1123 513/447][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/803 587/1514 212/666][URL: 69.118.162.229:46906/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary File/Data Transfer (Attempt) **][Risk Score: 130][Risk Info: Found host 69.118.162.229 / Entropy: 5.630 (Executable?) / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
+ 10 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][5 pkts/815 bytes <-> 7 pkts/5620 bytes][Goodput ratio: 65/93][1.25 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 416/228 1138/1123 513/447][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/803 587/1514 212/666][URL: 69.118.162.229:46906/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary File/Data Transfer (Attempt) **][Risk Score: 130][Risk Info: Found host 69.118.162.229 / Expected on port 80 / Entropy: 5.630 (Executable?) / File download Nickelback%20-%20Hero%20(Spider][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
11 UDP 10.0.2.15:28681 <-> 80.61.221.246:30577 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5195 bytes][Goodput ratio: 68/93][197.38 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 39/35 26439/26440 107210/107216 34356/34358][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 132/577 274/769 53/274][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,33,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 UDP 10.0.2.15:28681 <-> 193.37.255.130:61616 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5176 bytes][Goodput ratio: 68/93][197.67 sec][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 127/126 26488/26488 107228/107229 34539/34539][Pkt Len c2s/s2c min/avg/max/stddev: 70/129 132/575 274/769 53/277][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,39,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 UDP 10.0.2.15:28681 <-> 103.232.107.100:43508 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1157 bytes <-> 8 pkts/4890 bytes][Goodput ratio: 67/93][230.22 sec][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 4875/4875 31136/30836 107031/107033 32420/35010][Pkt Len c2s/s2c min/avg/max/stddev: 70/128 129/611 274/769 56/273][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 11,0,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -80,11 +80,11 @@ JA3 Host Stats:
24 UDP 10.0.2.15:28681 <-> 89.75.52.19:46010 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][7 pkts/939 bytes <-> 7 pkts/3639 bytes][Goodput ratio: 69/92][197.35 sec][bytes ratio: -0.590 (Download)][IAT c2s/s2c min/avg/max/stddev: 98/59 16969/16961 46205/46196 16968/16973][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 134/520 274/769 60/291][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (.LGTKG)][Plen Bins: 7,7,35,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 UDP 10.0.2.15:28681 <-> 203.220.198.244:1194 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][7 pkts/939 bytes <-> 7 pkts/3509 bytes][Goodput ratio: 69/92][197.83 sec][bytes ratio: -0.578 (Download)][IAT c2s/s2c min/avg/max/stddev: 313/315 17988/17988 51261/51260 18094/18093][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 134/501 274/769 60/309][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 7,7,35,14,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 UDP 10.0.2.15:28681 <-> 46.128.114.107:6578 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][7 pkts/939 bytes <-> 7 pkts/3501 bytes][Goodput ratio: 69/92][197.45 sec][bytes ratio: -0.577 (Download)][IAT c2s/s2c min/avg/max/stddev: 60/40 16942/16932 46247/46248 16994/16998][Pkt Len c2s/s2c min/avg/max/stddev: 70/128 134/500 274/769 60/311][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 7,7,35,14,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 27 TCP 10.0.2.15:50314 <-> 80.7.252.192:6888 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1582 bytes <-> 11 pkts/2813 bytes][Goodput ratio: 65/79][0.20 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/17 69/69 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 158/256 663/1514 187/429][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert Validity Too Long **][Risk Score: 360][Risk Info: No ALPN / SNI should always be present / TLS Cert lasts 5870 days / 05/Dec/2021 22:34:00 - 31/Dec/2037 23:00:00 / CN=gtk-gnute][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA3C: 6992dc627532d4fbccd43fb03d3bdeb4][JA4: t12d700800_738c12401e81_7448b1316cd7][JA3S: 1249fb68f48c0444718e4d3b48b27188][Issuer: CN=gtk-gnutella/1.2.1][Subject: CN=gtk-gnutella/1.2.1][Certificate SHA-1: E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93][Firefox][Validity: 2021-12-05 22:34:00 - 2037-12-31 23:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,12,12,0,0,0,12,0,0,0,0,0,0,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0]
+ 27 TCP 10.0.2.15:50314 <-> 80.7.252.192:6888 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1582 bytes <-> 11 pkts/2813 bytes][Goodput ratio: 65/79][0.20 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/17 69/69 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 158/256 663/1514 187/429][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert Validity Too Long **][Risk Score: 360][Risk Info: No ALPN / SNI should always be present / Expected on port 443 / TLS Cert lasts 5870 days / 05/Dec/2021 22:34:00 - 31/Dec/2037 ][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA3C: 6992dc627532d4fbccd43fb03d3bdeb4][JA4: t12d700800_738c12401e81_7448b1316cd7][JA3S: 1249fb68f48c0444718e4d3b48b27188][Issuer: CN=gtk-gnutella/1.2.1][Subject: CN=gtk-gnutella/1.2.1][Certificate SHA-1: E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93][Firefox][Validity: 2021-12-05 22:34:00 - 2037-12-31 23:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,12,12,0,0,0,12,0,0,0,0,0,0,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0]
28 UDP 10.0.2.15:28681 <-> 45.31.152.112:26851 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][186.46 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 7100/7142 19000/19000 44374/44331 14989/14962][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 UDP 10.0.2.15:28681 <-> 96.65.68.194:35481 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][197.61 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 5017/5014 21044/21044 46304/46310 15712/15715][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 UDP 10.0.2.15:28681 <-> 181.84.178.16:60262 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/766 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 72/93][84.70 sec][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 5114/5194 21079/21064 46304/46263 15704/15629][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 153/645 274/769 60/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 0,0,40,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][4 pkts/766 bytes <-> 5 pkts/2826 bytes][Goodput ratio: 70/90][1.41 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 470/304 1214/1208 532/522][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 192/565 592/1514 231/558][URL: 189.147.72.83:26108/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary File/Data Transfer (Attempt) **][Risk Score: 130][Risk Info: Found host 189.147.72.83 / Entropy: 5.619 (Executable?) / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
+ 31 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][4 pkts/766 bytes <-> 5 pkts/2826 bytes][Goodput ratio: 70/90][1.41 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 470/304 1214/1208 532/522][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 192/565 592/1514 231/558][URL: 189.147.72.83:26108/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary File/Data Transfer (Attempt) **][Risk Score: 130][Risk Info: Found host 189.147.72.83 / Expected on port 80 / Entropy: 5.619 (Executable?) / File download Nickelback%20-%20Hero%20(Spiderm][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
32 UDP 10.0.2.15:28681 <-> 80.7.252.192:6888 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/844 bytes <-> 5 pkts/2741 bytes][Goodput ratio: 70/92][170.75 sec][bytes ratio: -0.529 (Download)][IAT c2s/s2c min/avg/max/stddev: 1605/1482 42670/42669 111028/111025 42886/42893][Pkt Len c2s/s2c min/avg/max/stddev: 98/148 141/548 274/769 61/274][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (.LGTKG)][Plen Bins: 0,18,27,9,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 UDP 10.0.2.15:28681 <-> 94.54.66.82:63637 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/537 bytes <-> 5 pkts/2722 bytes][Goodput ratio: 61/92][192.07 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 168/360 47931/46734 147616/141167 58240/55279][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 107/544 123/769 21/279][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 10,10,40,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 UDP 10.0.2.15:28681 <-> 96.236.205.7:34794 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/537 bytes <-> 5 pkts/2721 bytes][Goodput ratio: 61/92][191.79 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 123/120 47920/47919 147559/147561 58219/58220][Pkt Len c2s/s2c min/avg/max/stddev: 70/129 107/544 123/769 21/280][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 10,10,40,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.