diff options
Diffstat (limited to 'tests/result/dns_exfiltration.pcap.out')
| -rw-r--r-- | tests/result/dns_exfiltration.pcap.out | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tests/result/dns_exfiltration.pcap.out b/tests/result/dns_exfiltration.pcap.out index 5233f8222..409bf7470 100644 --- a/tests/result/dns_exfiltration.pcap.out +++ b/tests/result/dns_exfiltration.pcap.out @@ -1,7 +1,8 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) +Confidence DPI : 1 (flows) DNS 300 73545 1 - 1 UDP 192.168.220.56:56373 <-> 192.168.203.167:53 [proto: 5/DNS][ClearText][cat: Network/14][150 pkts/32419 bytes <-> 150 pkts/41126 bytes][Goodput ratio: 81/85][59.99 sec][Hostname/SNI: e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02][::][bytes ratio: -0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 398/397 1035/1015 491/489][Pkt Len c2s/s2c min/avg/max/stddev: 101/148 216/274 300/386 97/97][Risk: ** Suspicious DGA domain name **][Risk Score: 100][PLAIN TEXT (dnscat)][Plen Bins: 0,24,0,23,0,0,0,0,26,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.220.56:56373 <-> 192.168.203.167:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][150 pkts/32419 bytes <-> 150 pkts/41126 bytes][Goodput ratio: 81/85][59.99 sec][Hostname/SNI: e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02][::][bytes ratio: -0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 398/397 1035/1015 491/489][Pkt Len c2s/s2c min/avg/max/stddev: 101/148 216/274 300/386 97/97][Risk: ** Suspicious DGA domain name **][Risk Score: 100][PLAIN TEXT (dnscat)][Plen Bins: 0,24,0,23,0,0,0,0,26,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |