diff options
Diffstat (limited to 'tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out')
| -rw-r--r-- | tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out b/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out index dda49e59a..d281e638f 100644 --- a/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out +++ b/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out @@ -35,6 +35,6 @@ JA3 Host Stats: 1 10.0.2.15 1 - 1 TCP 10.0.2.15:37810 <-> 185.159.159.148:443 [proto: 91.344/TLS.ProtonVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 11][cat: VPN/2][12 pkts/1454 bytes <-> 14 pkts/6607 bytes][Goodput ratio: 52/88][0.09 sec][Hostname/SNI: vpn-api.proton.me][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.639 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/5 22/21 9/7][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 121/472 358/1514 88/611][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 29/May/2023 13:13:28 - 27/Aug/2023 13:13:27][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][JA4: t12d1209h2_d34a8e72043a_b39be8c56a14][ServerNames: *.pr.tn,*.proton.me,*.storage.proton.me,pr.tn,proton.me][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=Let's Encrypt, CN=R3][Subject: CN=proton.me][Certificate SHA-1: AC:31:4E:05:15:6C:29:0B:D7:4F:31:3D:DE:CA:0F:C8:FF:E9:C6:4D][Safari][Validity: 2023-05-29 13:13:28 - 2023-08-27 13:13:27][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,31,15,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,15,0,0] - 2 UDP 10.0.2.15:57701 <-> 217.23.3.76:443 [proto: 206/WireGuard][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: VPN/2][9 pkts/1246 bytes <-> 5 pkts/814 bytes][Goodput ratio: 70/74][0.09 sec][bytes ratio: 0.210 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 11/17 24/25 9/6][Pkt Len c2s/s2c min/avg/max/stddev: 74/122 138/163 190/218 30/39][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 51820][PLAIN TEXT (F/WNBO)][Plen Bins: 0,7,28,42,7,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 2.58.241.67:37710 -> 8.8.8.8:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 10.0.2.15:37810 <-> 185.159.159.148:443 [proto: 91.344/TLS.ProtonVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: VPN/2][12 pkts/1454 bytes <-> 14 pkts/6607 bytes][Goodput ratio: 52/88][0.09 sec][Hostname/SNI: vpn-api.proton.me][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.639 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/5 22/21 9/7][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 121/472 358/1514 88/611][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 29/May/2023 13:13:28 - 27/Aug/2023 13:13:27][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][JA4: t12d1209h2_d34a8e72043a_b39be8c56a14][ServerNames: *.pr.tn,*.proton.me,*.storage.proton.me,pr.tn,proton.me][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=Let's Encrypt, CN=R3][Subject: CN=proton.me][Certificate SHA-1: AC:31:4E:05:15:6C:29:0B:D7:4F:31:3D:DE:CA:0F:C8:FF:E9:C6:4D][Safari][Validity: 2023-05-29 13:13:28 - 2023-08-27 13:13:27][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,31,15,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,15,0,0] + 2 UDP 10.0.2.15:57701 <-> 217.23.3.76:443 [proto: 206/WireGuard][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][9 pkts/1246 bytes <-> 5 pkts/814 bytes][Goodput ratio: 70/74][0.09 sec][bytes ratio: 0.210 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 11/17 24/25 9/6][Pkt Len c2s/s2c min/avg/max/stddev: 74/122 138/163 190/218 30/39][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 51820][PLAIN TEXT (F/WNBO)][Plen Bins: 0,7,28,42,7,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 2.58.241.67:37710 -> 8.8.8.8:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |