diff options
Diffstat (limited to 'tests/cfgs/monitoring/result')
12 files changed, 173 insertions, 136 deletions
diff --git a/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out b/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out index b64c7b000..ba92a5583 100644 --- a/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out +++ b/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out @@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 8/0 (search/found) +Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -25,7 +25,9 @@ SignalVoip 268 50558 4 Acceptable 268 50558 4 - 1 UDP 192.168.12.67:45419 <-> 35.219.226.11:54116 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 178][DPI packets before monitoring: 33][cat: VoIP/10][91 pkts/20258 bytes <-> 87 pkts/18776 bytes][Goodput ratio: 81/81][16.10 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 185/163 2145/2221 406/335][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 223/216 337/337 105/106][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:54116][RTP packets: 56/58][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (zaziGwgI)][Plen Bins: 6,15,11,11,0,0,0,0,46,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] +VoIP 268 50558 4 + + 1 UDP 192.168.12.67:45419 <-> 35.219.226.11:54116 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 178][DPI packets before monitoring: 33][cat: VoIP/10][91 pkts/20258 bytes <-> 87 pkts/18776 bytes][Goodput ratio: 81/81][16.10 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 185/163 2145/2221 406/335][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 223/216 337/337 105/106][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:54116][RTP packets: 56/58][PLAIN TEXT (zaziGwgI)][Plen Bins: 6,15,11,11,0,0,0,0,46,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.67:45419 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 58][DPI packets before monitoring: 33][cat: VoIP/10][29 pkts/3570 bytes <-> 29 pkts/4210 bytes][Goodput ratio: 66/71][19.07 sec][Hostname/SNI: signal.org][bytes ratio: -0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 594/604 2518/2516 688/680][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 123/145 182/182 41/34][Mapped IP/Port: 93.35.168.30:45250, 35.219.226.11:54116, 35.219.252.146:22269, 35.219.226.11:12261][Peer IP/Port: 35.219.226.11:12261, 35.219.226.11:54116, 35.219.226.11:10127][Relayed IP/Port: 35.219.252.146:22269][RTP packets: 0/0][PLAIN TEXT (BDIbPI2)][Plen Bins: 17,8,15,32,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.12.67:45419 <-> 35.219.226.11:12261 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 22][cat: VoIP/10][11 pkts/1238 bytes <-> 11 pkts/1454 bytes][Goodput ratio: 63/68][14.81 sec][bytes ratio: -0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 97/26 1215/1207 2521/2521 1083/1093][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 113/132 146/138 14/12][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:12261][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BV39hIkc1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.12.67:45419 <-> 35.219.226.11:12261 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 22][cat: VoIP/10][11 pkts/1238 bytes <-> 11 pkts/1454 bytes][Goodput ratio: 63/68][14.81 sec][bytes ratio: -0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 97/26 1215/1207 2521/2521 1083/1093][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 113/132 146/138 14/12][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:12261][PLAIN TEXT (BV39hIkc1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.12.67:45419 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.03 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/8 2504/2504 9975/9975 4313/4313][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45250][Relayed IP/Port: 35.216.234.234:45312][PLAIN TEXT (sWCyiFie)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/signal_videocall.pcapng.out b/tests/cfgs/monitoring/result/signal_videocall.pcapng.out index 7dfecbbe0..4a9e49630 100644 --- a/tests/cfgs/monitoring/result/signal_videocall.pcapng.out +++ b/tests/cfgs/monitoring/result/signal_videocall.pcapng.out @@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 6/0 (search/found) +Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -25,6 +25,8 @@ SignalVoip 334 123259 3 Acceptable 334 123259 3 - 1 UDP 192.168.12.67:47926 <-> 35.219.252.146:56377 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 298][DPI packets before monitoring: 33][cat: VoIP/10][167 pkts/87565 bytes <-> 131 pkts/31930 bytes][Goodput ratio: 92/83][10.75 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/82 2304/2449 291/279][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 524/244 1223/900 385/198][Mapped IP/Port: 93.35.168.30:45266, 35.219.252.146:56377][RTP packets: 68/124][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (17uAgN)][Plen Bins: 3,28,9,7,0,0,0,0,16,8,1,0,0,1,1,0,1,1,0,1,0,0,0,0,7,3,0,1,0,0,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0] +VoIP 334 123259 3 + + 1 UDP 192.168.12.67:47926 <-> 35.219.252.146:56377 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 298][DPI packets before monitoring: 33][cat: VoIP/10][167 pkts/87565 bytes <-> 131 pkts/31930 bytes][Goodput ratio: 92/83][10.75 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/82 2304/2449 291/279][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 524/244 1223/900 385/198][Mapped IP/Port: 93.35.168.30:45266, 35.219.252.146:56377][RTP packets: 68/124][PLAIN TEXT (17uAgN)][Plen Bins: 3,28,9,7,0,0,0,0,16,8,1,0,0,1,1,0,1,1,0,1,0,0,0,0,7,3,0,1,0,0,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.67:47926 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 26][cat: VoIP/10][13 pkts/1258 bytes <-> 13 pkts/1454 bytes][Goodput ratio: 57/62][10.01 sec][Hostname/SNI: signal.org][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/6 804/804 4015/4015 1248/1248][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 97/112 162/126 43/14][Mapped IP/Port: 93.35.168.30:45265][Peer IP/Port: 35.219.252.146:56377, 35.219.252.146:34099, 35.219.252.146:37175][Relayed IP/Port: 35.219.252.146:40378][PLAIN TEXT (BFODsIPgWuCIX)][Plen Bins: 34,19,30,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.67:47926 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/4 2503/2503 9988/9988 4321/4321][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45265][Relayed IP/Port: 35.216.234.234:29688][PLAIN TEXT (42oPBlgi)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/signal_videocall_multiparty.pcapng.out b/tests/cfgs/monitoring/result/signal_videocall_multiparty.pcapng.out index a1a9748c3..3f945814b 100644 --- a/tests/cfgs/monitoring/result/signal_videocall_multiparty.pcapng.out +++ b/tests/cfgs/monitoring/result/signal_videocall_multiparty.pcapng.out @@ -13,7 +13,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -24,4 +24,6 @@ SignalVoip 260 96919 1 Acceptable 260 96919 1 - 1 UDP 192.168.1.117:59446 <-> 35.207.67.68:10000 [proto: 338.269/SRTP.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 260][DPI packets before monitoring: 33][cat: VoIP/10][192 pkts/75765 bytes <-> 68 pkts/21154 bytes][Goodput ratio: 89/86][17.98 sec][bytes ratio: 0.563 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 94/273 1011/1358 238/433][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 395/311 1253/1226 355/365][RTP packets: 154/46][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BvkPzIMF7)][Plen Bins: 1,40,2,9,0,1,0,2,1,15,1,0,5,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,3,0,2,2,0,0,0,0,0,0,0,0,0,0] +VoIP 260 96919 1 + + 1 UDP 192.168.1.117:59446 <-> 35.207.67.68:10000 [proto: 338.269/SRTP.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 260][DPI packets before monitoring: 33][cat: VoIP/10][192 pkts/75765 bytes <-> 68 pkts/21154 bytes][Goodput ratio: 89/86][17.98 sec][bytes ratio: 0.563 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 94/273 1011/1358 238/433][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 395/311 1253/1226 355/365][RTP packets: 154/46][PLAIN TEXT (BvkPzIMF7)][Plen Bins: 1,40,2,9,0,1,0,2,1,15,1,0,5,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,3,0,2,2,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/stun.pcap.out b/tests/cfgs/monitoring/result/stun.pcap.out index f1a419832..9126bdbc9 100644 --- a/tests/cfgs/monitoring/result/stun.pcap.out +++ b/tests/cfgs/monitoring/result/stun.pcap.out @@ -2,7 +2,7 @@ DPI Packets (TCP): 35 (17.50 pkts/flow) DPI Packets (UDP): 165 (27.50 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 31 (3.44 diss/flow) +Num dissector calls: 25 (2.78 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache stun: 54/126/0 (insert/search/found) @@ -13,10 +13,10 @@ LRU cache fpc_dns: 0/2/0 (insert/search/found) Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) -Automa risk mask: 1/0 (search/found) +Automa risk mask: 0/0 (search/found) Automa common alpns: 2/2 (search/found) -Patricia risk mask: 10/0 (search/found) -Patricia risk mask IPv6: 4/0 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 2/0 (search/found) Patricia protocols: 9/5 (search/found) @@ -32,13 +32,16 @@ GoogleCall 41 7228 2 Safe 4 766 1 Acceptable 197 28062 8 +VoIP 131 19906 4 +Network 70 8922 5 + JA Host Stats: IP Address # JA4C 1 192.168.12.169 1 2 192.168.43.169 1 - 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 75][DPI packets before monitoring: 33][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162, 185.170.139.1:12176, 31.13.86.54:53789, 185.170.139.1:42272, 31.13.86.54:57556][Peer IP/Port: 192.168.0.102:44459, 10.36.43.120:42272, 185.170.139.1:44459, 185.170.139.1:12176, 185.170.139.1:42272, 31.13.86.54:57556][Relayed IP/Port: 31.13.86.54:53789][RTP packets: 0/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 75][DPI packets before monitoring: 33][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162, 185.170.139.1:12176, 31.13.86.54:53789, 185.170.139.1:42272, 31.13.86.54:57556][Peer IP/Port: 192.168.0.102:44459, 10.36.43.120:42272, 185.170.139.1:44459, 185.170.139.1:12176, 185.170.139.1:42272, 31.13.86.54:57556][Relayed IP/Port: 31.13.86.54:53789][RTP packets: 0/0][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][cat: VoIP/10][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][Mapped IP/Port: 93.47.225.70:12165][DTLSv1.2][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8][Validity: 2022-03-17 02:11:17 - 2023-03-18 02:11:17][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] 3 UDP [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603]:56880 <-> [2a38:e156:8167:a333:face:b00c::24d9]:3478 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 42][DPI packets before monitoring: 33][cat: Network/14][21 pkts/1722 bytes <-> 21 pkts/2226 bytes][Goodput ratio: 24/41][191.49 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/2 9451/9451 10358/10358 2441/2441][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Mapped IP/Port: [2001:1670:c:eb04:70af:f67f:8e49:f603]:56880][RTP packets: 0/0][PLAIN TEXT (WOBTrOXR)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 20][cat: Network/14][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][Mapped IP/Port: 5.37.217.126:37257][Peer IP/Port: 192.168.8.153:60001, 127.0.0.1:38763, 66.55.92.16:64920, 66.55.92.16:58225, 5.162.130.14:16947][Relayed IP/Port: 66.55.92.16:40576][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out b/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out index af048a8de..7112b546a 100644 --- a/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out +++ b/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out @@ -14,8 +14,8 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 12/0 (search/found) -Patricia risk mask IPv6: 2/0 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 1/0 (search/found) Patricia protocols: 6/6 (search/found) @@ -25,6 +25,8 @@ GoogleCall 362 74597 7 Acceptable 362 74597 7 +VoIP 362 74597 7 + JA Host Stats: IP Address # JA4C 1 2001:b07:a3d:c112:48a1:1094:1227:281e 1 @@ -35,6 +37,6 @@ JA Host Stats: 2 UDP 192.168.12.156:38152 <-> 142.250.82.76:19305 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 74][DPI packets before monitoring: 43][cat: VoIP/10][28 pkts/4034 bytes <-> 46 pkts/12188 bytes][Goodput ratio: 71/84][0.87 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/10 205/154 50/29][Pkt Len c2s/s2c min/avg/max/stddev: 87/79 144/265 587/1245 89/180][Mapped IP/Port: 93.35.171.209:39032][RTP packets: 11/31][DTLSv1.2][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61][Validity: 2023-06-19 17:32:20 - 2024-06-19 17:32:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (HrRgpad)][Plen Bins: 0,8,37,9,4,0,0,0,38,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:38152 <-> 142.250.82.76:3478 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 79][DPI packets before monitoring: 43][cat: VoIP/10][55 pkts/7402 bytes <-> 24 pkts/3525 bytes][Goodput ratio: 69/71][6.63 sec][bytes ratio: 0.355 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 109/184 402/761 143/224][Pkt Len c2s/s2c min/avg/max/stddev: 87/82 135/147 423/579 69/115][Mapped IP/Port: 93.35.171.209:39032][RTP packets: 34/0][PLAIN TEXT (HrRgpad)][Plen Bins: 0,39,34,15,0,1,0,0,5,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.12.156:45400 <-> 142.250.82.76:3478 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][DPI packets before monitoring: 33][cat: VoIP/10][17 pkts/2694 bytes <-> 16 pkts/1696 bytes][Goodput ratio: 73/60][54.70 sec][bytes ratio: 0.227 (Upload)][IAT c2s/s2c min/avg/max/stddev: 90/78 3250/2028 17905/6554 4698/2127][Pkt Len c2s/s2c min/avg/max/stddev: 158/106 158/106 166/106 2/0][Mapped IP/Port: 93.35.171.209:39033][RTP packets: 0/0][PLAIN TEXT (HrRgpad)][Plen Bins: 0,0,48,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39032][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39032][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/stun_signal.pcapng.out b/tests/cfgs/monitoring/result/stun_signal.pcapng.out index 287ad74ae..17b2dcc02 100644 --- a/tests/cfgs/monitoring/result/stun_signal.pcapng.out +++ b/tests/cfgs/monitoring/result/stun_signal.pcapng.out @@ -15,7 +15,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 46/0 (search/found) +Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -27,26 +27,29 @@ SignalVoip 407 43310 21 Acceptable 460 48496 23 - 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 106][DPI packets before monitoring: 33][cat: VoIP/10][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Mapped IP/Port: 93.47.225.19:11914, 18.195.131.143:61156][RTP packets: 15/1][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 53][DPI packets before monitoring: 33][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Mapped IP/Port: 93.47.225.19:11932, 18.195.131.143:61498][RTP packets: 19/1][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] +VoIP 407 43310 21 +Network 53 5186 2 + + 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 106][DPI packets before monitoring: 33][cat: VoIP/10][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Mapped IP/Port: 93.47.225.19:11914, 18.195.131.143:61156][RTP packets: 15/1][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 53][DPI packets before monitoring: 33][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Mapped IP/Port: 93.47.225.19:11932, 18.195.131.143:61498][RTP packets: 19/1][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 ICMP 35.158.183.167:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][30 pkts/2780 bytes <-> 4 pkts/552 bytes][Goodput ratio: 55/69][51.83 sec][bytes ratio: 0.669 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 906/1 7931/1 2120/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 5.051 (Executable?)][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 0,88,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.12.169:43068 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 26][cat: VoIP/10][13 pkts/1598 bytes <-> 13 pkts/1638 bytes][Goodput ratio: 66/67][31.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.012 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2090/2098 10035/10033 3616/3611][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 123/126 174/190 47/25][Mapped IP/Port: 93.47.225.19:11910, 35.158.183.167:64458, 18.195.131.143:61156][Peer IP/Port: 18.195.131.143:61156, 18.195.131.143:52463, 18.195.131.143:57646, 18.195.131.143:58207][Relayed IP/Port: 35.158.183.167:64458][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (xYXlLJQ)][Plen Bins: 19,15,26,30,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.12.169:47767 <-> 35.158.122.211:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 22][cat: VoIP/10][11 pkts/1338 bytes <-> 11 pkts/1354 bytes][Goodput ratio: 65/66][22.74 sec][Hostname/SNI: signal.org][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2483/2337 10020/10020 3944/4010][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 122/123 158/190 44/25][Mapped IP/Port: 93.47.225.19:11928, 18.195.131.143:55640][Peer IP/Port: 18.195.131.143:54054, 18.195.131.143:61498, 18.195.131.143:55640, 18.195.131.143:50716][Relayed IP/Port: 35.158.122.211:51358][Rsp Origin IP/Port: 35.158.122.211:3478][Other IP/Port: 35.158.122.211:80][PLAIN TEXT (rMfcsrHE)][Plen Bins: 18,18,27,31,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.12.169:39950 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 22][cat: VoIP/10][11 pkts/1282 bytes <-> 11 pkts/1290 bytes][Goodput ratio: 64/64][30.98 sec][Hostname/SNI: signal.org][bytes ratio: -0.003 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 3757/3735 10023/10021 4493/4510][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 117/117 162/134 48/13][Mapped IP/Port: 93.47.225.19:11911][Peer IP/Port: 18.195.131.143:61156, 18.195.131.143:52463, 18.195.131.143:57646, 18.195.131.143:58207][Relayed IP/Port: 35.158.183.167:52495][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (ovaKDk)][Plen Bins: 22,18,31,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.12.169:37970 <-> 35.158.122.211:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 20][cat: VoIP/10][10 pkts/1196 bytes <-> 10 pkts/1164 bytes][Goodput ratio: 65/64][22.74 sec][Hostname/SNI: signal.org][bytes ratio: 0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 1760/2672 10017/10018 3250/3952][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 120/116 158/134 45/13][Mapped IP/Port: 93.47.225.19:11929][Peer IP/Port: 18.195.131.143:54054, 18.195.131.143:61498, 18.195.131.143:55640, 18.195.131.143:50716][Relayed IP/Port: 35.158.122.211:51073][Rsp Origin IP/Port: 35.158.122.211:3478][Other IP/Port: 35.158.122.211:80][PLAIN TEXT (BSFWxqj)][Plen Bins: 20,20,30,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 ICMP 35.158.122.211:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][17 pkts/1578 bytes <-> 2 pkts/276 bytes][Goodput ratio: 55/69][22.73 sec][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1052/0 7992/0 2154/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 5.051 (Executable?)][PLAIN TEXT (braaHWB)][Plen Bins: 0,89,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.12.169:39950 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 16][cat: VoIP/10][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 37/0 1416/0 7961/0 2721/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 UDP 192.168.12.169:43068 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 16][cat: VoIP/10][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 60/0 1419/0 7937/0 2708/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.12.169:39950 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 16][cat: VoIP/10][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 37/0 1416/0 7961/0 2721/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.12.169:43068 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 16][cat: VoIP/10][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 60/0 1419/0 7937/0 2708/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.169:39518 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 8][cat: VoIP/10][4 pkts/448 bytes <-> 4 pkts/504 bytes][Goodput ratio: 62/67][4.85 sec][Hostname/SNI: signal.org][bytes ratio: -0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 23/30 1612/1611 4762/4754 2228/2222][Pkt Len c2s/s2c min/avg/max/stddev: 62/110 112/126 158/134 46/10][Mapped IP/Port: 93.47.225.19:11888][Relayed IP/Port: 35.158.183.167:62696][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (GBLsrHn)][Plen Bins: 25,0,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.12.169:47204 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 8][cat: VoIP/10][4 pkts/448 bytes <-> 4 pkts/504 bytes][Goodput ratio: 62/67][4.85 sec][Hostname/SNI: signal.org][bytes ratio: -0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 41/42 1612/1612 4721/4721 2198/2199][Pkt Len c2s/s2c min/avg/max/stddev: 62/110 112/126 158/134 46/10][Mapped IP/Port: 93.47.225.19:11889][Relayed IP/Port: 35.158.183.167:54498][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (nYAy610)][Plen Bins: 25,0,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 192.168.12.169:37970 -> 35.158.122.211:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 14][cat: VoIP/10][14 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][15.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 984/0 7992/0 2186/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (braaHWB)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 192.168.12.169:47767 -> 35.158.122.211:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 14][cat: VoIP/10][14 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][15.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 982/0 8022/0 2200/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BtotYst)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 UDP 192.168.12.169:37970 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/250 4201/2720 10126/10103 4828/4263][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11929][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BNEmtWH)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 192.168.12.169:39950 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.40 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/248 4203/2720 10135/10132 4842/4279][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11911][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (quISgYTP)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 UDP 192.168.12.169:43068 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.38 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/249 4201/2720 10128/10128 4837/4277][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11910][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BnDbEJB)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 192.168.12.169:47767 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 249/250 4202/2720 10130/10105 4830/4264][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11928][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (lbMRpRo)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.12.169:47767 <-> 18.195.131.143:54054 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/390 bytes <-> 3 pkts/350 bytes][Goodput ratio: 68/64][0.18 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/4 48/52 90/101 42/48][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 130/117 146/138 17/15][Mapped IP/Port: 93.47.225.19:11928, 18.195.131.143:54054][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (JUrAzE1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 UDP 192.168.12.169:39518 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][10 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][3.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 64/0 424/0 1928/0 598/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 192.168.12.169:47204 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][10 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][3.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 63/0 424/0 1928/0 597/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 UDP 192.168.12.169:39518 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.62 sec][Mapped IP/Port: 93.47.225.19:11888][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.168.12.169:47204 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.63 sec][Mapped IP/Port: 93.47.225.19:11889][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.12.169:37970 -> 35.158.122.211:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 14][cat: VoIP/10][14 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][15.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 984/0 7992/0 2186/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (braaHWB)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.12.169:47767 -> 35.158.122.211:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 14][cat: VoIP/10][14 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][15.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 982/0 8022/0 2200/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BtotYst)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 192.168.12.169:37970 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/250 4201/2720 10126/10103 4828/4263][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11929][PLAIN TEXT (BNEmtWH)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 192.168.12.169:39950 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.40 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/248 4203/2720 10135/10132 4842/4279][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11911][PLAIN TEXT (quISgYTP)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 192.168.12.169:43068 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.38 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/249 4201/2720 10128/10128 4837/4277][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11910][PLAIN TEXT (BnDbEJB)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.12.169:47767 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 249/250 4202/2720 10130/10105 4830/4264][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11928][PLAIN TEXT (lbMRpRo)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.12.169:47767 <-> 18.195.131.143:54054 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/390 bytes <-> 3 pkts/350 bytes][Goodput ratio: 68/64][0.18 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/4 48/52 90/101 42/48][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 130/117 146/138 17/15][Mapped IP/Port: 93.47.225.19:11928, 18.195.131.143:54054][PLAIN TEXT (JUrAzE1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 192.168.12.169:39518 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][10 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][3.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 64/0 424/0 1928/0 598/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.12.169:47204 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][10 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][3.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 63/0 424/0 1928/0 597/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 192.168.12.169:39518 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.62 sec][Mapped IP/Port: 93.47.225.19:11888][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.12.169:47204 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.63 sec][Mapped IP/Port: 93.47.225.19:11889][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/stun_wa_call.pcapng.out b/tests/cfgs/monitoring/result/stun_wa_call.pcapng.out index 59743b098..64e25c4ae 100644 --- a/tests/cfgs/monitoring/result/stun_wa_call.pcapng.out +++ b/tests/cfgs/monitoring/result/stun_wa_call.pcapng.out @@ -15,7 +15,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 26/0 (search/found) +Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -27,14 +27,17 @@ ICMP 1 110 1 Acceptable 591 133689 13 +VoIP 590 133579 12 +Network 1 110 1 + 1 UDP 192.168.12.156:46652 <-> 93.57.123.227:3478 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 377][DPI packets before monitoring: 17][cat: VoIP/10][171 pkts/28371 bytes <-> 206 pkts/29803 bytes][Goodput ratio: 75/71][31.78 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 178/151 2505/2463 255/222][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 166/145 434/446 100/85][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 93.57.123.227:3478][RTP packets: 140/179][Plen Bins: 14,41,11,8,2,2,3,2,5,4,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:49526 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][Stream Content: Audio, Video][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 121][DPI packets before monitoring: 33][cat: VoIP/10][48 pkts/12953 bytes <-> 73 pkts/40083 bytes][Goodput ratio: 84/92][14.68 sec][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 191/164 3009/3009 684/623][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 270/549 542/1155 203/421][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.203.62:3478][RTP packets: 4/30][PLAIN TEXT (dsUmpy)][Plen Bins: 8,18,19,1,0,0,0,0,3,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,2,4,2,1,2,3,4,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 16][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 16][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.12.156:46652 <-> 157.240.21.51:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/831 29269/2494 12355/1176][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.21.51:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.12.156:46652 <-> 157.240.195.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 7942/832 29268/2497 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.195.48:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.12.156:46652 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/832 29269/2496 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.203.62:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.12.156:46652 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/833 29269/2497 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.231.62:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.12.156:49526 -> 10.82.40.241:40436 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 20][cat: VoIP/10][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.68 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 548/0 562/0 602/0 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.12.156:49526 -> 10.82.40.241:40436 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 20][cat: VoIP/10][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.68 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 548/0 562/0 602/0 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.12.156:49526 <-> 157.240.196.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.196.62:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 192.168.12.156:49526 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.231.62:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.156:49526 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 179.60.192.48:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/stun_zoom.pcapng.out b/tests/cfgs/monitoring/result/stun_zoom.pcapng.out index b4325f33b..317582e78 100644 --- a/tests/cfgs/monitoring/result/stun_zoom.pcapng.out +++ b/tests/cfgs/monitoring/result/stun_zoom.pcapng.out @@ -13,7 +13,7 @@ Automa domain: 2/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 4/4 (search/found) -Patricia risk mask: 4/0 (search/found) +Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -24,6 +24,8 @@ Zoom 70 18258 2 Acceptable 70 18258 2 +Video 70 18258 2 + JA Host Stats: IP Address # JA4C 1 192.168.43.169 1 diff --git a/tests/cfgs/monitoring/result/teams.pcap.out b/tests/cfgs/monitoring/result/teams.pcap.out index f8b88d12f..f0f277044 100644 --- a/tests/cfgs/monitoring/result/teams.pcap.out +++ b/tests/cfgs/monitoring/result/teams.pcap.out @@ -4,23 +4,23 @@ DPI Packets (TCP): 349 (8.31 pkts/flow) DPI Packets (UDP): 150 (3.75 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) -Confidence Match by port : 1 (flows) -Confidence DPI (partial) : 5 (flows) +Confidence Match by port : 2 (flows) +Confidence DPI (partial) : 4 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 527 (6.35 diss/flow) +Num dissector calls: 516 (6.22 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache stun: 32/0/0 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) LRU cache mining: 0/3/0 (insert/search/found) -LRU cache msteams: 20/6/6 (insert/search/found) -LRU cache fpc_dns: 15/41/19 (insert/search/found) -Automa host: 85/71 (search/found) +LRU cache msteams: 19/6/6 (insert/search/found) +LRU cache fpc_dns: 16/41/28 (insert/search/found) +Automa host: 85/75 (search/found) Automa domain: 85/0 (search/found) Automa tls cert: 0/0 (search/found) -Automa risk mask: 24/1 (search/found) +Automa risk mask: 2/0 (search/found) Automa common alpns: 67/67 (search/found) -Patricia risk mask: 82/0 (search/found) +Patricia risk mask: 6/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -28,54 +28,59 @@ Patricia protocols: 119/49 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 4 456 1 -DNS 8 1126 4 +DNS 45 6351 22 DHCP 7 2323 2 -ntop 40 9816 3 -TeamsCall 124 33394 13 +ntop 37 9514 2 +TeamsCall 93 19649 12 +STUN 31 13745 1 ICMP 2 140 1 -TLS 20 11474 2 +TLS 23 11660 3 Dropbox 2 1054 2 -Apple 2 231 1 Spotify 1 82 1 -Telegram 3 186 1 -Microsoft 405 284048 12 -Microsoft365 136 52120 6 -Teams 742 280251 33 -Azure 2 294 1 +Microsoft365 531 334618 13 +Teams 722 277403 23 -Safe 1209 585820 51 -Acceptable 284 90637 30 +Safe 782 298577 28 +Acceptable 711 377880 53 Fun 1 82 1 Unrated 4 456 1 +Unspecified 4 456 1 +Web 23 11660 3 +VoIP 93 19649 12 +Cloud 2 1054 2 +Network 122 32073 28 +Collaborative 1253 612021 36 +Music 1 82 1 + JA Host Stats: IP Address # JA4C 1 192.168.1.6 7 - 1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] - 2 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 8][cat: Cloud/13][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0] + 1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 9][cat: Collaborative/15][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] + 2 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0] 3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0] - 4 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 10][cat: Cloud/13][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0] - 5 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Cloud/13][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0] - 6 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 5][cat: Cloud/13][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0] - 7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] + 4 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0] + 5 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0] + 6 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0] + 7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] 8 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] - 9 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 8][cat: Cloud/13][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0] + 9 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0] 10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] 11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] - 12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 8][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0] - 13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 11][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0] - 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 38/TeamsCall][IP: 276/Azure][Encrypted][Confidence: Match by port][FPC: 250/Teams, Confidence: DNS][DPI packets: 7][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.927 (Compressed Executable?)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] - 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] - 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] + 12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0] + 13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0] + 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78/STUN][IP: 276/Azure][ClearText][Confidence: Match by port][FPC: 250/Teams, Confidence: DNS][DPI packets: 7][cat: Network/14][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.927 (Compressed Executable?)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] + 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] + 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] 17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] 18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 5][cat: Collaborative/15][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] 19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 9][cat: Collaborative/15][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] - 20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0] + 20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0] 21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Collaborative/15][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0] 22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Collaborative/15][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0] - 23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 8][cat: Cloud/13][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0] + 23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0] 24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] 25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] 26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] @@ -85,7 +90,7 @@ JA Host Stats: 30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0] 31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 338.38/SRTP.TeamsCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 37][DPI packets before monitoring: 33][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332, 80.181.206.72:57543][RTP packets: 0/18][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0] + 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 338.38/SRTP.TeamsCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 37][DPI packets before monitoring: 33][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332, 80.181.206.72:57543][RTP packets: 0/18][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0] 34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] 35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] 36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] @@ -100,39 +105,39 @@ JA Host Stats: 45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.38/STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.38/STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 8][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333, 80.181.206.72:61310][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 8][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333, 80.181.206.72:61310][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 UDP 192.168.1.6:50016 <-> 52.114.250.123:3478 [proto: 78.38/STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 UDP 192.168.1.6:50036 <-> 52.114.250.123:3478 [proto: 78.38/STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 UDP 192.168.1.6:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/397 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (6.10.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 UDP 192.168.1.6:63930 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.212/DNS.Microsoft, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/301 bytes][Goodput ratio: 56/86][0.04 sec][Hostname/SNI: dc.applicationinsights.microsoft.com][40.79.138.41][PLAIN TEXT (applicationinsights)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 UDP 192.168.1.6:54069 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/264 bytes][Goodput ratio: 49/84][0.06 sec][Hostname/SNI: api.microsoftstream.com][104.40.187.151][PLAIN TEXT (microsoftstream)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 58 UDP 192.168.1.6:62735 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/225 bytes][Goodput ratio: 53/81][0.01 sec][Hostname/SNI: euno-1.api.microsoftstream.com][52.169.186.119][PLAIN TEXT (microsoftstream)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.219/DNS.Microsoft365, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.26/DNS.ntop, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 67 UDP 192.168.1.6:55765 <-> 192.168.1.1:53 [proto: 5.276/DNS.Azure][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.276/DNS.Azure, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/109 bytes <-> 1 pkts/185 bytes][Goodput ratio: 61/77][0.01 sec][Hostname/SNI: b-tr-teams-euno-05.northeurope.cloudapp.azure.com][0.0.0.0][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 68 UDP 192.168.1.6:59403 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.219/DNS.Microsoft365, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/214 bytes][Goodput ratio: 47/80][0.01 sec][Hostname/SNI: substrate.office.com][13.107.18.11][PLAIN TEXT (substrate)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 UDP 192.168.1.6:49514 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/204 bytes][Goodput ratio: 51/79][0.01 sec][Hostname/SNI: config.teams.microsoft.com][52.113.194.132][PLAIN TEXT (config)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 70 UDP 192.168.1.6:57530 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.212/DNS.Microsoft, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/181 bytes][Goodput ratio: 57/76][0.03 sec][Hostname/SNI: presence.services.sfb.trafficmanager.net][52.114.77.58][PLAIN TEXT (presence)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 71 UDP 192.168.1.6:53678 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/173 bytes][Goodput ratio: 59/75][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][2a01:111:f100:7000::6fdd:54a1][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 72 UDP 192.168.1.6:60837 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/176 bytes][Goodput ratio: 57/76][0.01 sec][Hostname/SNI: c-flightproxy-euno-01-teams.cloudapp.net][0.0.0.0][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 73 UDP 192.168.1.6:65230 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/161 bytes][Goodput ratio: 59/73][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][52.114.15.45][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 74 UDP 192.168.1.6:65387 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.212/DNS.Microsoft, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/171 bytes][Goodput ratio: 54/75][0.01 sec][Hostname/SNI: northeuropecns.trafficmanager.net][52.114.76.48][PLAIN TEXT (northeuropecns)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 75 UDP 192.168.1.6:51033 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/182 bytes][Goodput ratio: 47/77][0.04 sec][Hostname/SNI: eu-api.asm.skype.com][52.114.75.69][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 76 UDP 192.168.1.6:51309 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/169 bytes][Goodput ratio: 54/75][0.01 sec][Hostname/SNI: skypedataprdcolneu04.cloudapp.net][0.0.0.0][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 UDP 192.168.1.6:62863 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/158 bytes][Goodput ratio: 59/73][0.07 sec][Hostname/SNI: emea.ng.msg.teams-msgapi.trafficmanager.net][52.114.108.8][PLAIN TEXT (msgapi)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 78 UDP 192.168.1.6:56634 <-> 192.168.1.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.140/DNS.Apple, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/142 bytes][Goodput ratio: 52/70][0.03 sec][Hostname/SNI: captive.apple.com.edgekey.net][23.50.158.88][PLAIN TEXT (captive)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 79 UDP 192.168.1.6:60813 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/109 bytes][Goodput ratio: 54/61][0.01 sec][Hostname/SNI: skypedataprdcolneu04.cloudapp.net][52.114.77.33][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 80 TCP 192.168.1.6:58533 -> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Chat/9][3 pkts/186 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][4.29 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 UDP 192.168.1.6:63930 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/301 bytes][Goodput ratio: 56/86][0.04 sec][Hostname/SNI: dc.applicationinsights.microsoft.com][40.79.138.41][DNS Id: 0x786a][PLAIN TEXT (applicationinsights)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 UDP 192.168.1.6:54069 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/264 bytes][Goodput ratio: 49/84][0.06 sec][Hostname/SNI: api.microsoftstream.com][104.40.187.151][DNS Id: 0x7004][PLAIN TEXT (microsoftstream)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 58 UDP 192.168.1.6:62735 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/225 bytes][Goodput ratio: 53/81][0.01 sec][Hostname/SNI: euno-1.api.microsoftstream.com][52.169.186.119][DNS Id: 0x63e5][PLAIN TEXT (microsoftstream)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][DNS Id: 0x4d31][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][DNS Id: 0x9745][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][DNS Id: 0xaa57][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][DNS Id: 0xa74b][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][DNS Id: 0x72e8][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][DNS Id: 0x54aa][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 UDP 192.168.1.6:55765 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/109 bytes <-> 1 pkts/185 bytes][Goodput ratio: 61/77][0.01 sec][Hostname/SNI: b-tr-teams-euno-05.northeurope.cloudapp.azure.com][0.0.0.0][DNS Id: 0x77c2][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 UDP 192.168.1.6:59403 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/214 bytes][Goodput ratio: 47/80][0.01 sec][Hostname/SNI: substrate.office.com][13.107.18.11][DNS Id: 0x37ee][PLAIN TEXT (substrate)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 UDP 192.168.1.6:49514 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/204 bytes][Goodput ratio: 51/79][0.01 sec][Hostname/SNI: config.teams.microsoft.com][52.113.194.132][DNS Id: 0x9af2][PLAIN TEXT (config)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 UDP 192.168.1.6:57530 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/181 bytes][Goodput ratio: 57/76][0.03 sec][Hostname/SNI: presence.services.sfb.trafficmanager.net][52.114.77.58][DNS Id: 0x2f37][PLAIN TEXT (presence)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 UDP 192.168.1.6:53678 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/173 bytes][Goodput ratio: 59/75][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][2a01:111:f100:7000::6fdd:54a1][DNS Id: 0xf401][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 UDP 192.168.1.6:60837 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/176 bytes][Goodput ratio: 57/76][0.01 sec][Hostname/SNI: c-flightproxy-euno-01-teams.cloudapp.net][0.0.0.0][DNS Id: 0x9fcf][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 UDP 192.168.1.6:65230 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/161 bytes][Goodput ratio: 59/73][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][52.114.15.45][DNS Id: 0x074a][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 UDP 192.168.1.6:65387 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/171 bytes][Goodput ratio: 54/75][0.01 sec][Hostname/SNI: northeuropecns.trafficmanager.net][52.114.76.48][DNS Id: 0x103a][PLAIN TEXT (northeuropecns)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 75 UDP 192.168.1.6:51033 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/182 bytes][Goodput ratio: 47/77][0.04 sec][Hostname/SNI: eu-api.asm.skype.com][52.114.75.69][DNS Id: 0x882d][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 76 UDP 192.168.1.6:51309 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/169 bytes][Goodput ratio: 54/75][0.01 sec][Hostname/SNI: skypedataprdcolneu04.cloudapp.net][0.0.0.0][DNS Id: 0xc863][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 UDP 192.168.1.6:62863 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/158 bytes][Goodput ratio: 59/73][0.07 sec][Hostname/SNI: emea.ng.msg.teams-msgapi.trafficmanager.net][52.114.108.8][DNS Id: 0x74f2][PLAIN TEXT (msgapi)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 78 UDP 192.168.1.6:56634 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/142 bytes][Goodput ratio: 52/70][0.03 sec][Hostname/SNI: captive.apple.com.edgekey.net][23.50.158.88][DNS Id: 0x29fd][PLAIN TEXT (captive)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 79 UDP 192.168.1.6:60813 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/109 bytes][Goodput ratio: 54/61][0.01 sec][Hostname/SNI: skypedataprdcolneu04.cloudapp.net][52.114.77.33][DNS Id: 0xce9d][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 80 TCP 192.168.1.6:58533 -> 149.154.167.91:443 [proto: 91/TLS][IP: 185/Telegram][Encrypted][Confidence: Match by port][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Web/5][3 pkts/186 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][4.29 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 ICMP 93.71.110.205:0 -> 192.168.1.6:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 82 UDP 192.168.1.112:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 156/Spotify, Confidence: DPI][DPI packets: 1][cat: Music/25][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/telegram_videocall.pcapng.out b/tests/cfgs/monitoring/result/telegram_videocall.pcapng.out index 39e75d784..2b7b9a09a 100644 --- a/tests/cfgs/monitoring/result/telegram_videocall.pcapng.out +++ b/tests/cfgs/monitoring/result/telegram_videocall.pcapng.out @@ -3,11 +3,11 @@ Guessed flow protos: 2 DPI Packets (TCP): 36 (3.60 pkts/flow) DPI Packets (UDP): 231 (12.16 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) -Confidence DPI (partial) : 1 (flows) +Confidence Match by port : 1 (flows) Confidence DPI (cache) : 10 (flows) Confidence DPI : 15 (flows) Confidence Match by IP : 8 (flows) -Num dissector calls: 764 (22.47 diss/flow) +Num dissector calls: 741 (21.79 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache stun: 46/49/10 (insert/search/found) @@ -18,9 +18,9 @@ LRU cache fpc_dns: 0/9/0 (insert/search/found) Automa host: 2/0 (search/found) Automa domain: 2/0 (search/found) Automa tls cert: 0/0 (search/found) -Automa risk mask: 6/0 (search/found) +Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 42/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 3/0 (search/found) @@ -29,39 +29,45 @@ Patricia protocols IPv6: 6/0 (search/found) MDNS 2 194 2 ICMP 6 828 3 -TLS 4 295 1 +TLS 7 497 2 ICMPV6 5 350 2 Dropbox 2 348 1 -Telegram 636 339253 8 +Telegram 633 339051 7 AmazonAWS 4 288 1 TelegramVoip 228 41561 16 -Safe 4 295 1 -Acceptable 883 382822 33 +Safe 7 497 2 +Acceptable 880 382620 32 + +Web 7 497 2 +Chat 633 339051 7 +VoIP 228 41561 16 +Cloud 6 636 2 +Network 13 1372 7 1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.257 (Encrypted Executable?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (MMHu@J)][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.638 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (elySaT)][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][Stream Content: Audio, Video][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 114][DPI packets before monitoring: 33][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Mapped IP/Port: 93.47.225.70:11624, 93.36.13.115:35393][RTP packets: 2/7][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][Stream Content: Audio, Video][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 114][DPI packets before monitoring: 33][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Mapped IP/Port: 93.47.225.70:11624, 93.36.13.115:35393][RTP packets: 2/7][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 192.168.12.169:40832 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][18 pkts/2256 bytes <-> 15 pkts/13705 bytes][Goodput ratio: 47/93][28.20 sec][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/280 2909/2997 746/859][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 125/914 644/1294 150/495][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.526 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (lmd/HB)][Plen Bins: 0,0,0,0,6,6,6,0,0,0,6,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0] 5 TCP 192.168.12.169:46862 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][11 pkts/1963 bytes <-> 8 pkts/2558 bytes][Goodput ratio: 63/79][10.13 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1124/32 9909/87 3106/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/320 452/670 155/261][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.322 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,11,0,22,0,0,0,0,22,0,11,0,0,0,11,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 192.168.12.169:46866 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][9 pkts/1879 bytes <-> 6 pkts/1822 bytes][Goodput ratio: 68/78][10.11 sec][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/30 1440/34 9925/41 3464/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 209/304 436/839 161/306][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.504 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,14,0,0,0,14,0,14,0,28,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 18][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Mapped IP/Port: 93.47.225.70:11618, 93.36.13.115:35520][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 93.36.13.115:35520, 91.108.9.35:65410][Relayed IP/Port: 91.108.9.35:56058][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 13][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 13][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 18][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Mapped IP/Port: 93.47.225.70:11618, 93.36.13.115:35520][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 93.36.13.115:35520, 91.108.9.35:65410][Relayed IP/Port: 91.108.9.35:56058][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 13][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 13][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 192.168.12.169:40834 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][5 pkts/788 bytes <-> 3 pkts/890 bytes][Goodput ratio: 57/77][0.17 sec][bytes ratio: -0.061 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/47 24/68 42/90 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/297 315/750 110/321][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.107 (Compressed Executable?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11619][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 91.108.9.35:65410][Relayed IP/Port: 91.108.13.23:62318][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11620][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 91.108.9.35:65410][Relayed IP/Port: 91.108.17.2:45408][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11619][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 91.108.9.35:65410][Relayed IP/Port: 91.108.13.23:62318][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11620][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 91.108.9.35:65410][Relayed IP/Port: 91.108.17.2:45408][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 192.168.12.169:37966 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][5 pkts/1117 bytes <-> 3 pkts/464 bytes][Goodput ratio: 70/55][0.15 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 20/62 33/91 13/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 223/155 532/324 196/120][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.574 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,33,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11623][Relayed IP/Port: 91.108.17.2:35898][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11622][Relayed IP/Port: 91.108.13.23:34290][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11621][Relayed IP/Port: 91.108.9.35:63273][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 UDP 192.168.12.169:40906 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/248 bytes <-> 2 pkts/244 bytes][Goodput ratio: 66/65][0.13 sec][Mapped IP/Port: 93.47.225.70:11616, 93.36.13.115:35393][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 192.168.12.169:40906 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.12.169:40906 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.28 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (RBkPSgr)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 UDP 192.168.12.169:40906 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 192.168.12.169:42197 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BZOyNeHQUCZIf)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 UDP 192.168.12.169:42197 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.27 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BrHWdEqa2)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.168.12.169:42197 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BYyA/MmBER1)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11623][Relayed IP/Port: 91.108.17.2:35898][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11622][Relayed IP/Port: 91.108.13.23:34290][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11621][Relayed IP/Port: 91.108.9.35:63273][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 192.168.12.169:40906 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/248 bytes <-> 2 pkts/244 bytes][Goodput ratio: 66/65][0.13 sec][Mapped IP/Port: 93.47.225.70:11616, 93.36.13.115:35393][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.12.169:40906 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.12.169:40906 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.28 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][PLAIN TEXT (RBkPSgr)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 192.168.12.169:40906 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.12.169:42197 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][PLAIN TEXT (BZOyNeHQUCZIf)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 192.168.12.169:42197 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.27 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][PLAIN TEXT (BrHWdEqa2)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.12.169:42197 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][PLAIN TEXT (BYyA/MmBER1)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.12.1:17500 -> 192.168.12.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][30.01 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 18.195.162.93:443 <-> 192.168.12.169:38956 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/163 bytes <-> 2 pkts/132 bytes][Goodput ratio: 19/0][5.09 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 TCP 192.168.12.169:40710 <-> 52.58.18.25:5222 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/144 bytes <-> 2 pkts/144 bytes][Goodput ratio: 8/8][0.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -69,7 +75,7 @@ Acceptable 883 382822 33 28 ICMP 192.168.12.169:0 -> 91.108.9.35:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.590 (Executable?)][PLAIN TEXT (ORtRLoo/fpi)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 ICMP 192.168.12.169:0 -> 91.108.13.23:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.612 (Executable?)][PLAIN TEXT (BuBNffVSd)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 ICMP 192.168.12.169:0 -> 91.108.17.2:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.01 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.737 (Executable?)][PLAIN TEXT (KHOirrFTCqEz)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Chat/9][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 91/TLS][IP: 185/Telegram][Encrypted][Confidence: Match by port][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / Connection refused (client)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 UDP [fe80::abe:acff:fe0b:176e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 ICMPV6 [fe80::abe:acff:fe0b:176e]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out b/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out index e94a47df8..327a01faa 100644 --- a/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out +++ b/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 315 (39.38 pkts/flow) Confidence DPI : 8 (flows) -Num dissector calls: 204 (25.50 diss/flow) +Num dissector calls: 192 (24.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache stun: 17/18/0 (insert/search/found) @@ -13,7 +13,7 @@ Automa domain: 2/0 (search/found) Automa tls cert: 1/0 (search/found) Automa risk mask: 1/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 12/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 1/0 (search/found) @@ -26,6 +26,9 @@ TelegramVoip 305 130511 4 Acceptable 315 131265 8 +VoIP 305 130511 4 +Network 10 754 4 + JA Host Stats: IP Address # JA4C 1 192.168.12.67 1 @@ -35,7 +38,7 @@ JA Host Stats: 2 UDP 192.168.12.67:44275 <-> 91.108.9.10:597 [proto: 30.355/DTLS.TelegramVoip][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 33][cat: VoIP/10][17 pkts/2958 bytes <-> 16 pkts/2740 bytes][Goodput ratio: 76/75][2.07 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 85/139 514/688 135/213][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 174/171 638/614 119/118][Mapped IP/Port: 91.108.9.10:597][DTLSv1.2][JA4: dd2d110700_c45550529adf_d9dd6182da81][PLAIN TEXT (OUePGE4)][Plen Bins: 0,6,42,39,3,3,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.67:42417 <-> 91.108.13.26:598 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 18][cat: VoIP/10][9 pkts/1266 bytes <-> 9 pkts/1154 bytes][Goodput ratio: 70/67][1.72 sec][bytes ratio: 0.046 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 51/42 198/214 514/512 144/169][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 141/128 162/162 33/15][Mapped IP/Port: 91.108.13.26:598][PLAIN TEXT (03U/SsH)][Plen Bins: 0,11,50,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.12.67:46675 <-> 91.108.17.8:597 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 10][cat: VoIP/10][5 pkts/650 bytes <-> 5 pkts/602 bytes][Goodput ratio: 68/65][1.68 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 191/190 333/382 514/569 125/162][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 130/120 162/130 39/12][Mapped IP/Port: 91.108.17.8:597][Plen Bins: 0,20,50,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP 192.168.12.67:39329 -> 91.108.13.3:1400 [proto: 78/STUN][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][1.75 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.12.67:44679 -> 91.108.17.49:1400 [proto: 78/STUN][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][1.75 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (sENzap5)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.12.67:39329 -> 91.108.13.3:1400 [proto: 78/STUN][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][1.75 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.12.67:44679 -> 91.108.17.49:1400 [proto: 78/STUN][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][1.75 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (sENzap5)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP [fe80::76da:38ff:feed:5332]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/telegram_voice.pcapng.out b/tests/cfgs/monitoring/result/telegram_voice.pcapng.out index eaff24359..53f1f259d 100644 --- a/tests/cfgs/monitoring/result/telegram_voice.pcapng.out +++ b/tests/cfgs/monitoring/result/telegram_voice.pcapng.out @@ -1,7 +1,7 @@ DPI Packets (UDP): 863 (95.89 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 206 (20.60 diss/flow) +Num dissector calls: 194 (19.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache stun: 27/24/0 (insert/search/found) @@ -12,23 +12,27 @@ LRU cache fpc_dns: 1/0/0 (insert/search/found) Automa host: 4/2 (search/found) Automa domain: 4/0 (search/found) Automa tls cert: 0/0 (search/found) -Automa risk mask: 4/0 (search/found) +Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 16/0 (search/found) +Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 1/0 (search/found) Patricia protocols: 11/7 (search/found) Patricia protocols IPv6: 2/0 (search/found) +DNS 2 208 1 MDNS 2 194 2 ICMP 5 812 1 Telegram 6 564 1 -GoogleServices 2 208 1 TelegramVoip 853 161775 5 Acceptable 868 163553 10 +Chat 6 564 1 +VoIP 853 161775 5 +Network 9 1214 4 + JA Host Stats: IP Address # JA4C 1 192.168.12.67 1 @@ -36,11 +40,11 @@ JA Host Stats: 1 UDP 192.168.12.67:42567 <-> 91.108.9.34:1400 [proto: 30.355/DTLS.TelegramVoip][IP: 185/Telegram][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 742][DPI packets before monitoring: 43][cat: VoIP/10][401 pkts/72973 bytes <-> 341 pkts/67660 bytes][Goodput ratio: 77/79][14.03 sec][Hostname/SNI: telegram.org][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/37 364/362 30/30][Pkt Len c2s/s2c min/avg/max/stddev: 70/84 182/198 329/330 82/86][Mapped IP/Port: 93.35.170.144:39263, 91.108.9.34:51052, 91.108.9.34:47026][Peer IP/Port: 91.108.9.34:47026][Relayed IP/Port: 91.108.9.34:51052][RTP packets: 247/214][PLAIN TEXT (Unauthorized)][Plen Bins: 0,28,6,5,5,1,6,21,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.67:41011 <-> 91.108.9.68:596 [proto: 30.355/DTLS.TelegramVoip][IP: 185/Telegram][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 72][DPI packets before monitoring: 43][cat: VoIP/10][12 pkts/2100 bytes <-> 60 pkts/14416 bytes][Goodput ratio: 76/83][10.53 sec][bytes ratio: -0.746 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 55/27 245/216 71/45][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 175/240 614/682 138/121][Mapped IP/Port: 91.108.9.68:596][RTP packets: 0/34][DTLSv1.2][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 6431b01c80e20aa21a6d7a54b248a3bf][Issuer: CN=WebRTC][Subject: CN=WebRTC][Certificate SHA-1: 4B:2E:58:BF:EC:DB:36:D0:D1:46:24:49:66:83:AC:04:2B:AE:8D:E3][Validity: 2024-11-17 16:02:08 - 2024-12-18 16:02:08][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (kWpcVUz)][Plen Bins: 0,4,28,20,2,1,1,2,35,2,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.12.67:46013 <-> 91.108.13.52:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 16][cat: VoIP/10][10 pkts/1084 bytes <-> 6 pkts/804 bytes][Goodput ratio: 61/69][12.44 sec][Hostname/SNI: telegram.org][bytes ratio: 0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/0 1188/0 4001/0 1191/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 108/134 166/134 47/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (v/cApISKdp)][Plen Bins: 37,0,37,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 192.168.12.67:44405 <-> 91.108.17.41:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 15][cat: VoIP/10][11 pkts/1346 bytes <-> 4 pkts/536 bytes][Goodput ratio: 66/69][12.70 sec][Hostname/SNI: telegram.org][bytes ratio: 0.430 (Upload)][IAT c2s/s2c min/avg/max/stddev: 251/0 1355/0 4002/0 1120/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 122/134 166/134 48/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BIWk/i)][Plen Bins: 33,0,26,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.12.67:46013 <-> 91.108.13.52:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 16][cat: VoIP/10][10 pkts/1084 bytes <-> 6 pkts/804 bytes][Goodput ratio: 61/69][12.44 sec][Hostname/SNI: telegram.org][bytes ratio: 0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/0 1188/0 4001/0 1191/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 108/134 166/134 47/0][PLAIN TEXT (v/cApISKdp)][Plen Bins: 37,0,37,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.12.67:44405 <-> 91.108.17.41:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 15][cat: VoIP/10][11 pkts/1346 bytes <-> 4 pkts/536 bytes][Goodput ratio: 66/69][12.70 sec][Hostname/SNI: telegram.org][bytes ratio: 0.430 (Upload)][IAT c2s/s2c min/avg/max/stddev: 251/0 1355/0 4002/0 1120/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 122/134 166/134 48/0][PLAIN TEXT (BIWk/i)][Plen Bins: 33,0,26,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.12.67:39027 <-> 91.108.13.51:597 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 8][cat: VoIP/10][4 pkts/376 bytes <-> 4 pkts/480 bytes][Goodput ratio: 55/65][10.63 sec][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 36/88 3502/3502 9969/10006 4577/4601][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 94/120 130/162 21/24][Mapped IP/Port: 91.108.13.51:597][PLAIN TEXT (BDlMWdxrdJP)][Plen Bins: 0,37,50,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 ICMP 192.168.12.67:0 -> 91.108.9.34:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/812 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.07 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 6.979 (Compressed Executable?)][PLAIN TEXT (XYRpDQCom)][Plen Bins: 0,0,20,60,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.12.67:46868 <-> 91.108.17.7:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 6][cat: Chat/9][3 pkts/246 bytes <-> 3 pkts/318 bytes][Goodput ratio: 49/60][10.65 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 500/500 5253/5253 10006/10006 4753/4753][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.12.67:44574 <-> 192.168.12.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.239/DNS.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/112 bytes][Goodput ratio: 56/62][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][0.0.0.0][PLAIN TEXT (crashlyticsreports)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.12.67:44574 <-> 192.168.12.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/112 bytes][Goodput ratio: 56/62][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][0.0.0.0][DNS Id: 0x80d1][PLAIN TEXT (crashlyticsreports)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP [fe80::76da:38ff:feed:5332]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |