diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/result/6in4tunnel.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/KakaoTalk_chat.pcap.out | 14 | ||||
| -rw-r--r-- | tests/result/KakaoTalk_talk.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/anyconnect-vpn.pcap.out | 6 | ||||
| -rw-r--r-- | tests/result/dnscrypt.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/instagram.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/malware.pcap.out | 6 | ||||
| -rw-r--r-- | tests/result/ocs.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/pps.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/quickplay.pcap.out | 18 | ||||
| -rw-r--r-- | tests/result/skype.pcap.out | 5 | ||||
| -rw-r--r-- | tests/result/skype_no_unknown.pcap.out | 5 | ||||
| -rw-r--r-- | tests/result/starcraft_battle.pcap.out | 10 | ||||
| -rw-r--r-- | tests/result/tor.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/viber.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/waze.pcap.out | 27 | ||||
| -rw-r--r-- | tests/result/webex.pcap.out | 56 | ||||
| -rw-r--r-- | tests/result/zoom.pcap.out | 4 |
18 files changed, 97 insertions, 98 deletions
diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 3459ffa76..068d3932f 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -9,7 +9,7 @@ JA3 Host Stats: 1 2001:470:1f17:13f:3e97:eff:fe73:4dec 2 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 52.8/36.3 142/142 56.7/54.5][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165.1/934.6 629/1847 138.8/679.8][TLSv1.2][Client: mail.tomasu.net][JA3C: 812d8bce0f85487ba7834d36568ed586][Server: mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Certificate SHA-1: 9C:00:A2:31:8F:66:C6:E2:D8:E8:1E:6F:52:49:AD:15:0A:8B:7C:68][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 52.8/36.3 142/142 56.7/54.5][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165.1/934.6 629/1847 138.8/679.8][TLSv1.2][Client: mail.tomasu.net][JA3C: 812d8bce0f85487ba7834d36568ed586][Server: mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Certificate SHA-1: 9C:00:A2:31:8F:66:C6:E2:D8:E8:1E:6F:52:49:AD:15:0A:8B:7C:68][Validity: 2014-01-29 00:00:00 - 2019-01-28 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 2 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20.1/23.5 98/97 33.1/35.6][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 383.0/468.8 1504/1911 467.5/575.9][TLSv1.2][Client: www.facebook.com][JA3C: eb7cdd4e7dea7a11b3016c3c9acbd2a3][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Certificate SHA-1: 93:C6:FD:1A:84:90:BB:F1:B2:3B:49:A0:9B:1F:6F:0B:46:7A:31:41][Validity: 2014-08-28 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] 3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1000.8/1000.8 1001/1012 0.4/4.2][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138.0/138.0 138/138 0.0/0.0] 4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Host: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 163.8/56.0 495/110 170.8/54.0][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131.0/251.5 248/680 52.4/247.4][PLAIN TEXT (GET / HTTP/1.1)] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index ba69c2dba..2be2a505d 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,12 +1,12 @@ DNS 2 217 1 HTTP 1 56 1 ICMP 1 147 1 -TLS 23 2689 2 +TLS 50 9815 3 Facebook 215 51809 12 Google 16 1031 3 HTTP_Proxy 26 3926 1 Amazon 8 2071 2 -KakaoTalk 55 9990 15 +KakaoTalk 28 2864 14 JA3 Host Stats: IP Address # JA3C @@ -16,13 +16,13 @@ JA3 Host Stats: 1 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33.1/57.0 123/297 41.2/77.4][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 203.6/364.4 1053/1336 304.3/448.8][TLSv1.2][Client: graph.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] 2 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][bytes ratio: -0.433 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31.2/34.8 106/208 36.5/55.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 183.9/433.5 1257/1336 331.5/513.1][TLSv1.2][Client: developers.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] 3 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][bytes ratio: -0.329 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 95.6/75.0 312/350 98.3/119.1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 258.4/569.2 1401/1456 416.1/539.9][TLSv1.2][Client: api.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] - 4 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][bytes ratio: -0.249 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 410.8/374.9 2329/2320 582.3/599.4][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 142.4/263.4 710/1336 154.7/439.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] - 5 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71.3/71.2 489/365 131.0/103.2][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 167.2/388.7 899/1336 222.0/490.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] - 6 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2049.7/118.1 26937/448 6904.3/126.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 132.8/264.6 578/1336 133.6/439.4][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] - 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/TLS.KakaoTalk][cat: Chat/9][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1113.6/74.5 10357/172 3082.4/61.9][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 156.6/363.6 429/1336 151.9/450.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Certificate SHA-1: 0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 4 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][bytes ratio: -0.249 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 410.8/374.9 2329/2320 582.3/599.4][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 142.4/263.4 710/1336 154.7/439.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] + 5 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71.3/71.2 489/365 131.0/103.2][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 167.2/388.7 899/1336 222.0/490.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] + 6 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2049.7/118.1 26937/448 6904.3/126.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 132.8/264.6 578/1336 133.6/439.4][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] + 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91/TLS][cat: Web/5][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1113.6/74.5 10357/172 3082.4/61.9][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 156.6/363.6 429/1336 151.9/450.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Organization: Kakao Corp.][Certificate SHA-1: 0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4][Validity: 2014-04-18 00:00:00 - 2016-04-17 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2833.0/4340.0 12590/13131 4126.4/4406.8][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131.2/188.3 657/274 136.4/75.5] 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3455.9/3426.0 12765/12806 4427.1/4479.6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193.0/74.7 303/98 122.5/20.9] - 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91.178/TLS.Amazon][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107.0/56.5 199/108 92.0/51.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 96.7/533.3 146/1456 35.0/652.4][TLSv1][JA3C: d9ce50c62ab1fd5932da3c6b6d406c65][Server: *.push.samsungosp.com][JA3S: 986d18bb49fadf70a73a06ead3780d55 (INSECURE)][Certificate SHA-1: CE:C6:14:8F:23:A0:C2:C9:C5:9A:B0:BB:EC:1D:4A:7E:33:2A:43:12][Cipher: TLS_RSA_WITH_RC4_128_MD5][PLAIN TEXT (Gyeonggi do)] + 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91.178/TLS.Amazon][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107.0/56.5 199/108 92.0/51.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 96.7/533.3 146/1456 35.0/652.4][TLSv1][JA3C: d9ce50c62ab1fd5932da3c6b6d406c65][Server: *.push.samsungosp.com][JA3S: 986d18bb49fadf70a73a06ead3780d55 (INSECURE)][Organization: SAMSUNG ELECTRONICS CO., LTD][Certificate SHA-1: CE:C6:14:8F:23:A0:C2:C9:C5:9A:B0:BB:EC:1D:4A:7E:33:2A:43:12][Validity: 1999-12-31 15:02:10 - 2049-12-18 15:02:10][Cipher: TLS_RSA_WITH_RC4_128_MD5] 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 114.7/101.7 264/210 105.6/76.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/104.5 243/339 73.2/104.9][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5451.5/101.3 21457/215 9241.2/80.5][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/114.2 243/339 73.2/112.4][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 136/98 3845.2/3844.4 13075/13111 4718.5/4734.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56.0/56.0 56/56 0.0/0.0] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index d590d2ef1..8093905de 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -15,8 +15,8 @@ JA3 Host Stats: 1 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][cat: Media/1][757 pkts/106335 bytes <-> 746 pkts/93906 bytes][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 56.7/47.6 202/340 48.7/48.1][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 140.5/125.9 234/236 43.2/33.1][PLAIN TEXT (46yOXQ)] 2 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][cat: Media/1][746 pkts/93906 bytes <-> 742 pkts/104604 bytes][bytes ratio: -0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/0 58.3/49.1 112/476 22.7/54.4][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 125.9/141.0 236/234 33.1/43.4][PLAIN TEXT (46yOXQ)] - 3 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 91/TLS][cat: Web/5][22 pkts/5326 bytes <-> 18 pkts/5212 bytes][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 14/0 2358.4/3527.6 20472/21237 5097.7/5912.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 242.1/289.6 878/920 253.9/276.1][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][Server: kakao.com][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Certificate SHA-1: 65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 4 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 91/TLS][cat: Web/5][23 pkts/4380 bytes <-> 22 pkts/5728 bytes][bytes ratio: -0.133 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 691.3/1317.3 6069/10226 1399.3/2632.2][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 190.4/260.4 814/920 164.3/240.9][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][Server: kakao.com][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Certificate SHA-1: 65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 3 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 91/TLS][cat: Web/5][22 pkts/5326 bytes <-> 18 pkts/5212 bytes][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 14/0 2358.4/3527.6 20472/21237 5097.7/5912.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 242.1/289.6 878/920 253.9/276.1][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][Server: kakao.com][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Organization: Kakao][Certificate SHA-1: 65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9][Validity: 2011-12-05 09:19:25 - 2021-12-02 09:19:25][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 4 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 91/TLS][cat: Web/5][23 pkts/4380 bytes <-> 22 pkts/5728 bytes][bytes ratio: -0.133 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 691.3/1317.3 6069/10226 1399.3/2632.2][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 190.4/260.4 814/920 164.3/240.9][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][Server: kakao.com][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Organization: Kakao][Certificate SHA-1: 65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9][Validity: 2011-12-05 09:19:25 - 2021-12-02 09:19:25][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 5 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2932 bytes <-> 14 pkts/1092 bytes][bytes ratio: 0.457 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 140.8/117.3 494/295 163.1/91.9][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 195.5/78.0 735/189 228.1/34.6][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 07dddc59e60135c7b479d39c3ae686af][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] 6 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1062/3176 4202.8/4246.6 4716/5160 1130.8/719.3][Pkt Len c2s/s2c min/avg/max/stddev: 122/142 141.0/142.0 150/142 6.1/0.0] 7 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1105/1052 4266.5/3766.4 4903/4991 1244.7/1143.7][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 140.2/140.2 142/142 5.7/5.7] diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 48456a563..ff632a8e5 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -21,10 +21,10 @@ JA3 Host Stats: 1 10.0.0.227 4 - 1 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10.8/10.8 97/138 21.4/26.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189.0/425.1 1514/1514 245.6/579.0][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][Server: *.pandion.viasat.com][JA3S: 01cbbd332fc4ce7d5925ebd825882842 (WEAK)][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 2 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1047.6/486.8 11570/9008 2986.7/2008.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324.6/651.7 1514/1514 493.8/646.0][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][Server: *.pandion.viasat.com][JA3S: 01cbbd332fc4ce7d5925ebd825882842 (WEAK)][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 1 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10.8/10.8 97/138 21.4/26.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189.0/425.1 1514/1514 245.6/579.0][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][Server: *.pandion.viasat.com][JA3S: 01cbbd332fc4ce7d5925ebd825882842 (WEAK)][Organization: Viasat Inc.][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 2 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1047.6/486.8 11570/9008 2986.7/2008.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324.6/651.7 1514/1514 493.8/646.0][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][Server: *.pandion.viasat.com][JA3S: 01cbbd332fc4ce7d5925ebd825882842 (WEAK)][Organization: Viasat Inc.][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 3 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 90.8/63.5 593/619 144.9/135.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185.3/270.7 1261/1434 259.0/387.4][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] - 4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.8/26.1 48/88 21.3/28.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171.2/522.5 1175/1514 273.9/624.5][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][Server: *.pandion.viasat.com][JA3S: 01cbbd332fc4ce7d5925ebd825882842 (WEAK)][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.8/26.1 48/88 21.3/28.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171.2/522.5 1175/1514 273.9/624.5][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][Server: *.pandion.viasat.com][JA3S: 01cbbd332fc4ce7d5925ebd825882842 (WEAK)][Organization: Viasat Inc.][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 5 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866.5/28.1 11074/80 2946.8/34.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184.3/170.5 853/487 228.0/155.1][TLSv1.2][Client: slack.com][JA3C: d8dc5f8940df366b3a58b935569143e8][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 6 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][cat: Web/5][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Host: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824.1/3641.6 10081/10083 3592.5/4384.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 191.9/340.3 373/450 153.1/173.5][PLAIN TEXT (GET /success.txt)] 7 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 161/CiscoVPN][cat: VPN/2][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648.5/5003.6 5001/5006 2494.5/1.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121.0/176.0 176/176 55.0/0.0] diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out index 714269a4b..38547b3c3 100644 --- a/tests/result/dnscrypt.pcap.out +++ b/tests/result/dnscrypt.pcap.out @@ -5,7 +5,7 @@ JA3 Host Stats: 1 192.168.43.167 2 - 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36.3/19.9 114/119 43.4/33.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99.3/694.3 272/1364 67.6/593.9][TLSv1.2][Client: simplednscrypt.org][JA3C: b8f81673c0e1d29908346f3bab892b9b][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24.9/24.9 105/106 34.0/34.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110.4/516.1 334/1364 76.2/542.4][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][8 pkts/780 bytes <-> 10 pkts/7735 bytes][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72.5/31.5 188/124 74.3/50.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 97.5/773.5 264/1364 75.0/597.4][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][8 pkts/780 bytes <-> 10 pkts/7735 bytes][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59.5/32.5 136/140 58.9/52.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 97.5/773.5 264/1364 75.0/597.4][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36.3/19.9 114/119 43.4/33.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99.3/694.3 272/1364 67.6/593.9][TLSv1.2][Client: simplednscrypt.org][JA3C: b8f81673c0e1d29908346f3bab892b9b][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24.9/24.9 105/106 34.0/34.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110.4/516.1 334/1364 76.2/542.4][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][8 pkts/780 bytes <-> 10 pkts/7735 bytes][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72.5/31.5 188/124 74.3/50.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 97.5/773.5 264/1364 75.0/597.4][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91/TLS][cat: Web/5][8 pkts/780 bytes <-> 10 pkts/7735 bytes][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59.5/32.5 136/140 58.9/52.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 97.5/773.5 264/1364 75.0/597.4][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][Server: simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index 0cc0115fa..f1496cbcd 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -14,7 +14,7 @@ JA3 Host Stats: 1 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][103 pkts/150456 bytes <-> 47 pkts/3102 bytes][bytes ratio: 0.960 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18.6/40.9 1246/1247 136.9/216.6][Pkt Len c2s/s2c min/avg/max/stddev: 1128/66 1460.7/66.0 1464/66 32.9/0.0][PLAIN TEXT (dnlN/L)] 2 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com][bytes ratio: -0.962 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.6/0.3 33/2 11.2/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/1484 86.0/1484.0 326/1484 69.3/0.0][URL: photos-h.ak.instagram.com/hphotos-ak-xap1/t51.2885-15/e35/10859994_1009433792434447_1627646062_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)] 3 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2.4/0.5 62/2 11.3/0.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/396 73.0/1435.2 326/1484 42.2/209.5][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11417349_1610424452559638_1559096152_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)] - 4 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244.3/12.2 7254/372 1260.5/65.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.7/1250.6 325/1484 55.7/506.8][URL: photos-e.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11379148_1449120228745316_607477962_n.jpg?se=7][StatusCode: 0][PLAIN TEXT (GET /hphotos)] + 4 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244.3/12.2 7254/372 1260.5/65.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.7/1250.6 325/1484 55.7/506.8][URL: photos-e.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11379148_1449120228745316_607477962_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)] 5 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.5/0.3 321/2 76.4/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/186 76.5/1423.0 319/1484 50.6/248.6][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e15/11386524_110257619317430_379513654_n.jpg][StatusCode: 200][PLAIN TEXT (GET /hphotos)] 6 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][34 pkts/5555 bytes <-> 34 pkts/40133 bytes][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 364.1/362.3 7669/7709 1462.3/1471.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163.4/1180.4 1431/1464 317.9/494.8] 7 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1.2/1.3 7/7 1.7/1.7][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484.0/66.0 1484/66 0.0/0.0][PLAIN TEXT (inOCIM)] diff --git a/tests/result/malware.pcap.out b/tests/result/malware.pcap.out index 508e6c84c..d0338986f 100644 --- a/tests/result/malware.pcap.out +++ b/tests/result/malware.pcap.out @@ -1,7 +1,7 @@ DNS 2 216 1 -HTTP 3 547 2 +HTTP 1 66 1 ICMP 1 98 1 -OpenDNS 20 7140 1 +OpenDNS 22 7621 2 JA3 Host Stats: IP Address # JA3C @@ -9,7 +9,7 @@ JA3 Host Stats: 1 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91.225/TLS.OpenDNS][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71.1/74.8 240/249 99.0/103.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.4/651.1 571/1514 148.2/644.4][TLSv1.2][Client: www.internetbadguys.com][JA3C: f6ce47303dce394049af395fc6d0bc20][Server: api.opendns.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Organization: OpenDNS, Inc.][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 2 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.7/HTTP][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Host: www.internetbadguys.com][URL: www.internetbadguys.com/][StatusCode: 0][PLAIN TEXT (GET / HTTP/1.1)] + 2 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.225/HTTP.OpenDNS][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Host: www.internetbadguys.com][URL: www.internetbadguys.com/][StatusCode: 0][PLAIN TEXT (GET / HTTP/1.1)] 3 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Host: www.internetbadguys.com][PLAIN TEXT (internetbadguys)] 4 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes] 5 TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index bb96dc24d..d68373272 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -19,8 +19,8 @@ JA3 Host Stats: 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/TLS.Google][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 56.9/0.0 112/0 36.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 134.0/0.0 649/0 165.6/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/TLS.Google][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 49.5/0.0 103/0 38.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 111.4/0.0 425/0 106.3/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271.6/0.0 1043/0 394.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182.0/0.0 824/0 287.1/0.0][URL: ocu03.labgency.ws/catalog/vod?v=3][StatusCode: 0][PLAIN TEXT (POST /catalog/vod)] - 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 196.7/0.0 503/0 209.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77.1/0.0 136/0 37.3/0.0][URL: api.eu01.capptain.com/ip-to-country][StatusCode: 0][PLAIN TEXT (GET /ip)] - 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 45.8/0.0 101/0 38.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 79.8/0.0 211/0 58.7/0.0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][StatusCode: 0][PLAIN TEXT (GET /xmpp)] + 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 196.7/0.0 503/0 209.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77.1/0.0 136/0 37.3/0.0][URL: api.eu01.capptain.com/ip-to-country][StatusCode: 0][PLAIN TEXT (GET /ip)] + 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 45.8/0.0 101/0 38.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 79.8/0.0 211/0 58.7/0.0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][StatusCode: 0][PLAIN TEXT (GET /xmpp)] 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes] 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com][PLAIN TEXT (device06)] 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com][PLAIN TEXT (android)] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 3cc0e2871..c26a2be9c 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -6,7 +6,7 @@ Google 2 1093 1 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.7 0/77 0.0/7.9][Pkt Len c2s/s2c min/avg/max/stddev: 303/522 303.0/1312.5 303/1314 0.0/34.0][PLAIN TEXT (GET /preimage/20160506/f0/1)] 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.4 0/51 0.0/6.5][Pkt Len c2s/s2c min/avg/max/stddev: 303/180 303.0/1311.9 303/1314 0.0/49.3][PLAIN TEXT (GET /preimage/20160506/f0/1)] 3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com][bytes ratio: -0.998 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/0 35.0/0.4 35/35 0.0/2.5][Pkt Len c2s/s2c min/avg/max/stddev: 198/566 200.0/1310.0 202/1314 2.0/50.0][PLAIN TEXT (GET /ext/common/qisu2/downloade)] - 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.3 0/3 0.0/0.8][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426.0/1302.8 426/1314 0.0/56.2][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de][StatusCode: 0][PLAIN TEXT (GET /videos/v)] + 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.3 0/3 0.0/0.8][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426.0/1302.8 426/1314 0.0/56.2][PLAIN TEXT (GET /videos/v)] 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7/HTTP][cat: Web/5][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 68.1/0.0 307/0 127.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002.1/1239.1 1314/1314 433.8/214.6][PLAIN TEXT (POST /bc2 HTTP/1.1)] 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 46/0 392.9/0.0 2654/0 854.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 473/0 518.2/0.0 553/0 30.0/0.0][PLAIN TEXT (NOTIFY )] 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com][PLAIN TEXT (GET /vi/500494600/562)] @@ -41,7 +41,7 @@ Google 2 1093 1 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3001.0/0.0 3005/0 2.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179.0/0.0 179/0 0.0/0.0][PLAIN TEXT (SEARCH )] 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3000/0 3003.8/0.0 3014/0 5.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3007.6/0.0 3038/0 15.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] - 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 0][PLAIN TEXT (GET /cp)] + 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 0][PLAIN TEXT (GET /cp)] 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /ccs HTTP/1.1)] 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] @@ -58,7 +58,7 @@ Google 2 1093 1 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com][PLAIN TEXT (GET /cityjson HTTP/1.1)] 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][PLAIN TEXT (GET /comMagicanApi/index.php/To)] 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)] - 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][StatusCode: 0][PLAIN TEXT (GET /core)] + 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][StatusCode: 0][PLAIN TEXT (GET /core)] 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /k HTTP/1.1)] 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] @@ -70,7 +70,7 @@ Google 2 1093 1 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 302 Found)] - 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_3.jpg?no=3][StatusCode: 0][PLAIN TEXT (GET /preimage/20160506/f0/1)] + 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_3.jpg?no=3][StatusCode: 0][PLAIN TEXT (GET /preimage/20160506/f0/1)] 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 0a52f38f8..e0c6f3c55 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -4,16 +4,16 @@ Facebook 6 1740 3 Google 2 378 1 Amazon 2 1469 1 - 1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/2021 3144.0/2861.7 23289/5776 4036.1/929.1][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511.5/933.3 587/1456 26.6/493.8][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 7708.6/7600.5 23311/23043 9303.4/8905.3][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502.0/1143.5 502/1456 0.0/288.0][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434.2/13893.5 23447/24732 10021.5/10838.5][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502.0/1174.0 502/1456 0.0/263.5][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534.0/3315.0 23958/4204 10199.5/889.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502.0/1013.3 502/1456 0.0/626.0][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390.3/3322.0 3535/3349 106.0/27.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502.0/758.7 502/1456 0.0/525.4][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/2021 3144.0/2861.7 23289/5776 4036.1/929.1][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511.5/933.3 587/1456 26.6/493.8][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 7708.6/7600.5 23311/23043 9303.4/8905.3][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502.0/1143.5 502/1456 0.0/288.0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434.2/13893.5 23447/24732 10021.5/10838.5][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502.0/1174.0 502/1456 0.0/263.5][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534.0/3315.0 23958/4204 10199.5/889.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502.0/1013.3 502/1456 0.0/626.0][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390.3/3322.0 3535/3349 106.0/27.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502.0/758.7 502/1456 0.0/525.4][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] 6 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] 7 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] - 8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.7/HTTP][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com][URL: play-singtelhawk.quickplay.com/vstb/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=091][StatusCode: 0][PLAIN TEXT (GET /vstb/playlist)] + 8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com][URL: play-singtelhawk.quickplay.com/vstb/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=091][StatusCode: 0][PLAIN TEXT (GET /vstb/playlist)] 11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][PLAIN TEXT (GET /pass/v)] 12 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmsnssync][StatusCode: 0][PLAIN TEXT (POST http)] 13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/getcontactlabellist][StatusCode: 200][PLAIN TEXT (POST http)] @@ -23,5 +23,5 @@ Amazon 2 1469 1 17 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] 18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] 19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] - 20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 0][PLAIN TEXT (GET /solr/RestApiSingTel)] + 20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 0][PLAIN TEXT (GET /solr/RestApiSingTel)] 21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com][URL: clients3.google.com/generate_204][StatusCode: 204][PLAIN TEXT (GET /generate)] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 32343b12c..ed8dd2d34 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -6,13 +6,12 @@ SSDP 101 38156 6 SkypeCall 152 10704 144 ICMP 8 656 1 IGMP 5 258 4 -TLS 96 8876 7 +TLS 483 206966 8 Dropbox 38 17948 5 Skype 1409 253031 79 Apple 3 168 1 AppleiCloud 88 20520 2 Spotify 5 430 1 -MS_OneDrive 387 198090 1 ApplePush 12 1877 1 JA3 Host Stats: @@ -20,7 +19,7 @@ JA3 Host Stats: 1 192.168.1.34 2 - 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/TLS.MS_OneDrive][cat: Cloud/13][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002.2/607.6 30166/30261 4602.0/3438.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 227.5/777.8 1506/1506 423.1/552.7][TLSv1][JA3C: 06207a1730b5deeb207b0556e102ded2][Server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] + 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91/TLS][cat: Web/5][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002.2/607.6 30166/30261 4602.0/3438.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 227.5/777.8 1506/1506 423.1/552.7][TLSv1][JA3C: 06207a1730b5deeb207b0556e102ded2][Server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Certificate SHA-1: 95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51][Validity: 2014-10-27 22:51:07 - 2016-10-26 22:51:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 448.5/356.9 8300/8646 1135.8/1099.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 260.7/433.2 1506/1506 342.9/569.4][PLAIN TEXT ( 0sKWL)] 3 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][79 pkts/29479 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1135.8/0.0 19950/0 4578.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 327/0 373.2/0.0 405/0 28.8/0.0][PLAIN TEXT (NOTIFY )] 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 114.6/85.0 899/1012 249.9/251.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 224.1/247.7 680/1494 261.3/323.6][TLSv1.2][Client: p05-keyvalueservice.icloud.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index c3b9fb152..6f605f75f 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -6,11 +6,10 @@ SSDP 40 14100 3 SkypeCall 154 10918 146 ICMP 4 328 1 IGMP 4 226 4 -TLS 79 7742 6 +TLS 427 189429 7 Dropbox 16 7342 5 Skype 837 150140 59 Apple 76 19581 1 -MS_OneDrive 348 181687 1 ApplePush 8 1118 1 JA3 Host Stats: @@ -18,7 +17,7 @@ JA3 Host Stats: 1 192.168.1.34 2 - 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/TLS.MS_OneDrive][cat: Cloud/13][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 369.6/331.3 45360/45460 3946.4/3735.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235.2/783.8 1506/1506 432.7/564.7][TLSv1][JA3C: 06207a1730b5deeb207b0556e102ded2][Server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] + 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91/TLS][cat: Web/5][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 369.6/331.3 45360/45460 3946.4/3735.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235.2/783.8 1506/1506 432.7/564.7][TLSv1][JA3C: 06207a1730b5deeb207b0556e102ded2][Server: *.gateway.messenger.live.com][JA3S: d9699a2032a6c5371343b7f7dfd94abe][Certificate SHA-1: 95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51][Validity: 2014-10-27 22:51:07 - 2016-10-26 22:51:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes][bytes ratio: -0.323 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238.2/214.7 3095/3095 411.2/400.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 303.8/611.6 1506/1506 405.8/625.9][PLAIN TEXT (nZREBS)] 3 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/TLS.Apple][cat: Web/5][38 pkts/9082 bytes <-> 38 pkts/10499 bytes][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2272.9/322.9 55625/8255 10013.7/1510.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 239.0/276.3 680/1494 273.4/358.4] 4 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][36 pkts/13402 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1254.2/0.0 19850/0 4801.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 327/0 372.3/0.0 405/0 28.7/0.0][PLAIN TEXT (NOTIFY )] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index accef9240..c9e4ac2bc 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -31,12 +31,12 @@ Starcraft 236 51494 6 21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 148.2/101.5 198/203 80.4/101.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73.4/128.2 139/327 33.1/114.8][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)] 22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net][PLAIN TEXT (bnetcmsus)] 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457.0/14457.0 15059/14974 602.0/517.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81.0/77.3 83/83 2.8/8.0] - 24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 22.40.194.173.in-addr.arpa] + 24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 110.212.58.216.in-addr.arpa] 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com][PLAIN TEXT (blizzard)] - 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa][PLAIN TEXT (dynect)] - 27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 254.1.168.192.in-addr.arpa][PLAIN TEXT (signup)] - 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7.7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][StatusCode: 0][PLAIN TEXT (GET /cms/bnet)] - 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7.7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][StatusCode: 0][PLAIN TEXT (GET /cms/bnet)] + 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 100.1.168.192.in-addr.arpa][PLAIN TEXT (dynect)] + 27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 26.186.239.80.in-addr.arpa][PLAIN TEXT (signup)] + 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][StatusCode: 0][PLAIN TEXT (GET /cms/bnet)] + 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][StatusCode: 0][PLAIN TEXT (GET /cms/bnet)] 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net][PLAIN TEXT (battle)] 31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] 32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 001315777..4eb9d2efc 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -1,18 +1,18 @@ NetBIOS 1 252 1 -TLS 1 60 1 +TLS 39 12580 2 DHCPV6 6 906 1 Dropbox 10 1860 1 -Tor 3676 3014362 7 +Tor 3638 3001842 6 JA3 Host Stats: IP Address # JA3C 1 192.168.1.252 1 - 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212.9/86.0 33482/11394 1581.9/404.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 261.7/1175.6 1514/1514 348.8/544.1][TLSv1][Client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][Server: www.gg562izcxdvqdk.com][JA3S: e1691a31bfe345d2692da75636ddfb00][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (id.com)] + 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 91.163/TLS.Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212.9/86.0 33482/11394 1581.9/404.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 261.7/1175.6 1514/1514 348.8/544.1][TLSv1][Client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][Server: www.gg562izcxdvqdk.com][JA3S: e1691a31bfe345d2692da75636ddfb00][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA] 2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes][bytes ratio: -0.790 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 202.5/109.1 30770/31166 1830.3/1316.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 251.7/1247.8 1514/1514 354.5/507.1][TLSv1][Client: www.q4cyamnc6mtokjurvdclt.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (cyamnc6)] 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2212.0/966.0 44777/37995 8343.4/4770.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 366.4/580.0 1514/1514 349.5/568.1][TLSv1][Client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (www.ct7)] - 4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][17 pkts/5489 bytes <-> 21 pkts/7031 bytes][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 10377.8/8441.0 132386/132736 35221.5/32093.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 322.9/334.8 640/1514 270.5/384.8][TLSv1][Client: www.gfu7hbxpfp.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][Server: www.xkgk7fdx362yyyxib.com][JA3S: 184d532a16876b78846ae6a03f654890][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (www.gfu)] + 4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 91/TLS][cat: Web/5][17 pkts/5489 bytes <-> 21 pkts/7031 bytes][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 10377.8/8441.0 132386/132736 35221.5/32093.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 322.9/334.8 640/1514 270.5/384.8][TLSv1][Client: www.gfu7hbxpfp.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][Server: www.xkgk7fdx362yyyxib.com][JA3S: 184d532a16876b78846ae6a03f654890][Certificate SHA-1: 94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7][Validity: 2013-10-03 00:00:00 - 2013-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] 5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][cat: VPN/2][16 pkts/4858 bytes <-> 18 pkts/6284 bytes][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 6124.3/2564.1 71328/34353 19660.8/8817.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 303.6/349.1 640/1514 266.5/398.3][TLSv1][Client: www.e6r5p57kbafwrxj3plz.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (57kbafwrx)] 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][cat: VPN/2][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][bytes ratio: -0.292 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 11234.2/11260.6 72591/72890 25060.3/25130.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 230.7/421.2 640/1514 242.6/402.9][TLSv1][Client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (ru.com)] 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][cat: VPN/2][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/15 6155.3/6464.2 63835/63837 17571.0/19124.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 242.3/430.5 640/1514 246.7/415.8][TLSv1][Client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][PLAIN TEXT (sieb.com)] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 42c2baad7..3953a20e3 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -15,12 +15,12 @@ JA3 Host Stats: 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/TLS.Viber][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 162.3/2.3 5370/40 906.6/7.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106.3/1306.2 774/1514 151.1/466.3][TLSv1.2][Client: dl-media.viber.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Organization: Viber Media Sarl][Certificate SHA-1: E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A][Validity: 2016-06-26 00:00:00 - 2018-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 2 TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/TLS.Viber][cat: Chat/9][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][bytes ratio: -0.669 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 622.1/10.0 5492/35 1721.8/14.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154.0/776.4 435/1514 138.2/635.3][TLSv1.2][Client: media.cdn.viber.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.cdn.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Organization: Viber Media Sarl][Certificate SHA-1: B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39][Validity: 2016-07-03 00:00:00 - 2018-07-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58.4/59.8 176/183 76.2/72.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217.2/468.0 1514/1514 380.1/569.8][TLSv1.2][Client: brahe.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58.4/59.8 176/183 76.2/72.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217.2/468.0 1514/1514 380.1/569.8][TLSv1.2][Client: brahe.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Organization: Apptimize, Inc][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1220.3/1488.8 7187/7333 2089.5/2187.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 205.1/107.0 657/176 184.2/42.7] 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2820.8/2646.3 23555/23575 6837.7/7399.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 355.9/286.3 1038/884 369.7/257.9][TLSv1.2][Client: app-measurement.com][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104.0/50.9 273/178 102.4/80.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 130.6/582.9 432/1514 111.7/601.3][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/TLS][cat: Media/1][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29.0/18.6 152/60 47.4/24.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153.4/693.2 631/1514 169.0/615.5][TLSv1.2][Client: venetia.iad.appboy.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: y.ssl.fastly.net][JA3S: 860fcf58fd757e26aa8911e5eaff6b53][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 93.0/53.0 185/189 87.4/83.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 132.9/560.3 433/1514 110.8/605.1][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104.0/50.9 273/178 102.4/80.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 130.6/582.9 432/1514 111.7/601.3][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Organization: Apptimize, Inc][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/TLS][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29.0/18.6 152/60 47.4/24.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153.4/693.2 631/1514 169.0/615.5][TLSv1][Client: venetia.iad.appboy.com][JA3C: d8c87b9bfde38897979e41242626c2f3] + 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 93.0/53.0 185/189 87.4/83.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 132.9/560.3 433/1514 110.8/605.1][TLSv1][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3] 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: VoIP/10][24 pkts/5035 bytes <-> 22 pkts/2302 bytes][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/15 303.7/333.6 529/529 208.6/187.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 209.8/104.6 299/118 115.2/19.6][PLAIN TEXT (Android)] 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: VoIP/10][25 pkts/4344 bytes <-> 18 pkts/1872 bytes][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 203.1/278.8 513/531 232.5/235.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 173.8/104.0 299/118 120.4/19.8][PLAIN TEXT (Android)] 11 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes][PLAIN TEXT (1234567890ABCDEFGHIJKLMNOPQ)] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 4bffe8bd5..137cd0fad 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -3,27 +3,28 @@ HTTP 65 64777 8 NTP 2 180 1 TLS 8 432 2 Google 13 2142 1 -Waze 484 289335 19 +Waze 102 11962 7 WhatsApp 15 1341 1 +Amazon 382 277373 12 JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 2 - 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 287.7/329.3 3806/5018 686.4/819.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 208.8/1360.9 590/17258 183.0/3378.1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.178/TLS.Amazon][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 287.7/329.3 3806/5018 686.4/819.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 208.8/1360.9 590/17258 183.0/3378.1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2002-05-21 04:00:00 - 2018-08-21 04:00:00][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][cat: Web/5][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 320.7/372.6 3680/3677 903.4/959.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68.9/3438.7 317/11833 58.6/3467.6][PLAIN TEXT (GET /xtra)] - 3 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155.3/188.5 387/415 136.9/130.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115.4/3558.4 590/21942 132.3/6124.9][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 4 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217.8/125.8 1449/293 382.9/116.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128.0/2829.5 590/11186 147.3/3901.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 5 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][bytes ratio: -0.890 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 237.2/155.3 1289/609 358.5/182.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102.7/2026.6 411/8150 98.2/2611.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 6 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 578.4/1210.2 5838/5890 1444.5/1891.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139.3/518.8 555/3660 140.6/938.6][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 7 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][cat: Web/5][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][bytes ratio: -0.775 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 162.5/196.0 343/348 153.1/132.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 129.2/1018.9 283/4048 86.6/1610.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 8 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 298.1/360.9 1175/1175 372.1/354.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106.8/594.6 315/1422 85.4/584.3][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 9 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 283.4/305.9 1174/1173 370.4/349.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 111.6/648.7 315/2165 87.6/739.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 10 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 728.7/962.9 4966/4966 1533.8/1663.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 137.5/411.2 380/3201 123.8/874.8][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 11 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 195.8/194.7 883/537 285.6/190.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126.8/383.6 380/2189 106.9/639.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 335.4/261.1 1332/645 428.4/235.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 114.5/490.3 347/2533 94.6/785.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 300.3/341.3 1397/1346 459.1/420.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131.6/485.4 379/2165 107.7/725.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 3 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.178/TLS.Amazon][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155.3/188.5 387/415 136.9/130.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115.4/3558.4 590/21942 132.3/6124.9][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2013-04-05 15:15:55 - 2016-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 4 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.178/TLS.Amazon][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217.8/125.8 1449/293 382.9/116.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128.0/2829.5 590/11186 147.3/3901.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 5 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][bytes ratio: -0.890 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 237.2/155.3 1289/609 358.5/182.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102.7/2026.6 411/8150 98.2/2611.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2002-05-21 04:00:00 - 2018-08-21 04:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 6 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.178/TLS.Amazon][cat: Web/5][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 578.4/1210.2 5838/5890 1444.5/1891.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139.3/518.8 555/3660 140.6/938.6][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 7 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.178/TLS.Amazon][cat: Web/5][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][bytes ratio: -0.775 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 162.5/196.0 343/348 153.1/132.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 129.2/1018.9 283/4048 86.6/1610.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2002-05-21 04:00:00 - 2018-08-21 04:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 8 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 298.1/360.9 1175/1175 372.1/354.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106.8/594.6 315/1422 85.4/584.3][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2013-04-05 15:15:55 - 2016-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 9 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 283.4/305.9 1174/1173 370.4/349.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 111.6/648.7 315/2165 87.6/739.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2013-04-05 15:15:55 - 2016-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 10 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 728.7/962.9 4966/4966 1533.8/1663.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 137.5/411.2 380/3201 123.8/874.8][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2002-05-21 04:00:00 - 2018-08-21 04:00:00][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 11 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 195.8/194.7 883/537 285.6/190.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126.8/383.6 380/2189 106.9/639.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 335.4/261.1 1332/645 428.4/235.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 114.5/490.3 347/2533 94.6/785.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] + 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 300.3/341.3 1397/1346 459.1/420.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131.6/485.4 379/2165 107.7/725.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2013-04-05 15:15:55 - 2016-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/3 75.0/104.8 261/274 88.5/91.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.7/428.0 137/1678 26.0/650.9][URL: roadshields.waze.com/images/HD/CH2.png][StatusCode: 200][PLAIN TEXT (GET /images/HD/CH)] 15 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 91.126/TLS.Google][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 32.2/74.5 53/188 24.3/68.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162.4/167.5 572/602 176.8/200.3][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 23f1f6e2f0015c166df49fdab4280370 (INSECURE)][Cipher: TLS_ECDHE_RSA_WITH_RC4_128_SHA] 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.7/28.7 134/84 49.8/39.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74.2/110.1 194/447 45.7/137.5][URL: cres.waze.com/lang_asr/lang.portuguese_br_asr][StatusCode: 304][PLAIN TEXT (GET /lang)] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index d30e30969..44344e6d2 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -1,8 +1,8 @@ HTTP 22 3182 2 -TLS 106 11841 8 +TLS 120 17043 9 SIP 22 15356 1 Google 17 6375 1 -Webex 1380 818407 43 +Webex 1366 813205 42 Amazon 33 9742 2 JA3 Host Stats: @@ -10,36 +10,36 @@ JA3 Host Stats: 1 10.8.0.1 6 - 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 135.3/140.2 2165/2214 262.0/271.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57.4/1281.6 528/29696 36.0/3034.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 135.3/140.2 2165/2214 262.0/271.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57.4/1281.6 528/29696 36.0/3034.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112.2/100.6 455/404 117.1/99.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172.0/3745.8 590/18020 205.7/4699.9][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 103.7/138.1 1189/1223 219.9/217.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240.4/1716.9 590/17734 233.4/3587.1][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][Server: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2013-10-31 00:00:00 - 2023-10-30 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5] - 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 143.9/154.3 1031/979 260.1/240.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.5/2130.4 590/8901 135.5/2681.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 382.9/399.3 1876/1875 577.4/571.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 127.6/2863.1 528/14373 150.1/4303.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108.1/138.8 519/469 176.0/157.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165.0/1864.5 590/8448 193.3/2710.5][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1424.5/790.5 16039/7189 2910.5/1472.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 228.8/134.1 590/3961 153.6/546.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 143.9/154.3 1031/979 260.1/240.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.5/2130.4 590/8901 135.5/2681.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 382.9/399.3 1876/1875 577.4/571.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 127.6/2863.1 528/14373 150.1/4303.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108.1/138.8 519/469 176.0/157.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165.0/1864.5 590/8448 193.3/2710.5][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1424.5/790.5 16039/7189 2910.5/1472.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 228.8/134.1 590/3961 153.6/546.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1008/0 4782.7/0.0 32494/0 6932.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 698/0 698.0/0.0 698/0 0.0/0.0][PLAIN TEXT (REGISTER sip)] - 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 795.8/451.5 6005/3010 1690.7/777.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.2/276.2 432/3961 108.2/830.4][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3166.5/655.0 34507/5259 9150.7/1545.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124.0/541.7 590/1502 148.6/614.4][TLSv1][Client: api.crittercism.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: *.crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Certificate SHA-1: 68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18][Cipher: TLS_RSA_WITH_RC4_128_MD5] - 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 523.4/352.4 2070/1020 729.8/365.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.4/873.0 576/3993 178.5/1443.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/51 159.6/194.8 357/356 154.1/125.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187.0/990.0 576/3993 192.5/1507.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 385.3/312.0 2171/1116 743.4/395.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/827.6 528/2974 166.2/1098.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 385.9/312.5 2179/1125 745.9/385.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/825.0 528/2633 166.2/1028.2][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 96.8/110.0 277/276 117.0/105.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/831.6 528/2581 172.4/1033.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 545.8/396.2 2119/1071 811.9/386.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 544.8/396.2 2066/1021 793.0/376.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 534.4/640.3 3074/2046 1047.8/713.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/648.7 528/3993 166.2/1254.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 433.0/304.0 2119/1065 771.8/366.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/723.0 528/2633 172.4/919.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112.6/139.1 555/553 188.7/186.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166.4/400.9 590/2581 167.4/757.6][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 126.6/190.1 512/509 170.3/159.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117.8/180.3 470/468 157.2/150.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 304.9/639.3 1712/1786 557.1/738.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 795.8/451.5 6005/3010 1690.7/777.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.2/276.2 432/3961 108.2/830.4][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] + 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3166.5/655.0 34507/5259 9150.7/1545.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124.0/541.7 590/1502 148.6/614.4][TLSv1][Client: api.crittercism.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: *.crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Certificate SHA-1: 68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18][Validity: 2015-01-14 00:00:00 - 2020-01-13 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5] + 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 523.4/352.4 2070/1020 729.8/365.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.4/873.0 576/3993 178.5/1443.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/51 159.6/194.8 357/356 154.1/125.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187.0/990.0 576/3993 192.5/1507.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 385.3/312.0 2171/1116 743.4/395.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/827.6 528/2974 166.2/1098.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 385.9/312.5 2179/1125 745.9/385.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/825.0 528/2633 166.2/1028.2][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 96.8/110.0 277/276 117.0/105.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/831.6 528/2581 172.4/1033.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 545.8/396.2 2119/1071 811.9/386.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 544.8/396.2 2066/1021 793.0/376.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 534.4/640.3 3074/2046 1047.8/713.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/648.7 528/3993 166.2/1254.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 433.0/304.0 2119/1065 771.8/366.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/723.0 528/2633 172.4/919.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112.6/139.1 555/553 188.7/186.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166.4/400.9 590/2581 167.4/757.6][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 126.6/190.1 512/509 170.3/159.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117.8/180.3 470/468 157.2/150.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 304.9/639.3 1712/1786 557.1/738.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][cat: Web/5][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389.4/620.7 1225/1224 477.2/510.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171.1/604.4 590/3751 167.6/1199.5][TLSv1.2][Client: ssl.google-analytics.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][Server: *.google-analytics.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Organization: Google Inc][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Validity: 2002-05-21 04:00:00 - 2018-08-21 04:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263.0/413.2 1025/1231 416.0/511.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99.4/549.8 380/2581 101.1/889.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 300.8/483.5 1105/1237 425.1/496.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 298.7/483.0 1096/1238 422.9/497.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125.4/128.6 463/394 174.1/138.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 168.7/574.4 448/2957 157.6/988.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: www.webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596.2/745.0 1927/1038 776.4/424.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.9/705.2 117/2896 22.0/1054.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] - 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018.2/992.3 2975/1922 1214.3/785.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 67.8/835.4 117/3961 23.2/1562.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263.0/413.2 1025/1231 416.0/511.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99.4/549.8 380/2581 101.1/889.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 300.8/483.5 1105/1237 425.1/496.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 298.7/483.0 1096/1238 422.9/497.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91/TLS][cat: Web/5][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125.4/128.6 463/394 174.1/138.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 168.7/574.4 448/2957 157.6/988.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: www.webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Organization: Cisco Systems][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2010-02-19 22:39:26 - 2020-02-18 22:39:26][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596.2/745.0 1927/1038 776.4/424.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.9/705.2 117/2896 22.0/1054.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2023-10-30 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] + 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018.2/992.3 2975/1922 1214.3/785.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 67.8/835.4 117/3961 23.2/1562.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2006-11-08 00:00:00 - 2021-11-07 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77.1/76.9 283/252 98.2/86.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146.5/96.8 590/396 160.9/101.6][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644.0/1878.7 10453/11491 3421.2/3952.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138.8/108.7 590/472 162.8/127.1][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8503.6/9920.5 59268/59268 20724.6/22069.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 150.8/68.3 590/183 167.8/40.5][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5] diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index 762dbdb17..0d577f08d 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -19,7 +19,7 @@ JA3 Host Stats: 1 UDP 192.168.1.117:58327 <-> 109.94.160.99:8801 [proto: 189/Zoom][cat: Video/26][10 pkts/7806 bytes <-> 175 pkts/184434 bytes][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13.8/7.8 32/35 10.6/4.6][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 780.6/1053.9 1071/1071 444.1/129.4][PLAIN TEXT (replace)] 2 TCP 192.168.1.117:54871 <-> 109.94.160.99:443 [proto: 91.189/TLS.Zoom][cat: Video/26][127 pkts/54118 bytes <-> 83 pkts/17526 bytes][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 16.9/9.2 950/156 93.0/23.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 426.1/211.2 1506/1506 458.2/363.6][TLSv1.2][Client: zoomfrn99mmr.zoom.us][JA3C: c51de225944b7d58d48c0f99f86ba8e6][Server: *.zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 3 TCP 192.168.1.117:54866 <-> 52.202.62.236:443 [proto: 91.189/TLS.Zoom][cat: Video/26][16 pkts/3097 bytes <-> 17 pkts/18622 bytes][bytes ratio: -0.715 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32.5/27.5 114/143 46.8/50.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 193.6/1095.4 864/1506 265.3/617.8][TLSv1.2][Client: www3.zoom.us][JA3C: 535aca3d99fc247509cd50933cd71d37][Server: *.zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 4 TCP 192.168.1.117:54865 <-> 52.202.62.196:443 [proto: 91.189/TLS.Zoom][cat: Video/26][15 pkts/2448 bytes <-> 15 pkts/16505 bytes][bytes ratio: -0.742 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31.2/21.7 112/136 46.2/45.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 163.2/1100.3 687/1506 200.1/622.5][TLSv1.2][Client: zoom.us][JA3C: 535aca3d99fc247509cd50933cd71d37][Server: *.zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 4 TCP 192.168.1.117:54865 <-> 52.202.62.196:443 [proto: 91.189/TLS.Zoom][cat: Video/26][15 pkts/2448 bytes <-> 15 pkts/16505 bytes][bytes ratio: -0.742 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31.2/21.7 112/136 46.2/45.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 163.2/1100.3 687/1506 200.1/622.5][TLSv1.2][Client: zoom.us][JA3C: 535aca3d99fc247509cd50933cd71d37][Server: *.zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 5 TCP 192.168.1.117:54868 <-> 213.19.144.104:443 [proto: 91.189/TLS.Zoom][cat: Video/26][17 pkts/2534 bytes <-> 13 pkts/7180 bytes][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.9/41.1 87/168 27.5/61.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149.1/552.3 642/1506 174.8/611.7][TLSv1.2][Client: zoomam104zc.zoom.us][JA3C: c51de225944b7d58d48c0f99f86ba8e6][Server: *.zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 6 TCP 192.168.1.117:54869 <-> 213.244.140.85:443 [proto: 91.189/TLS.Zoom][cat: Video/26][16 pkts/2480 bytes <-> 13 pkts/7182 bytes][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.3/40.9 202/224 51.8/71.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 155.0/552.5 642/1506 178.5/611.7][TLSv1.2][Client: zoomfr85zc.zoom.us][JA3C: c51de225944b7d58d48c0f99f86ba8e6][Server: *.zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 7 TCP 192.168.1.117:54867 <-> 213.19.144.105:443 [proto: 91.189/TLS.Zoom][cat: Video/26][16 pkts/2468 bytes <-> 13 pkts/7188 bytes][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.2/42.6 147/178 40.5/63.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154.2/552.9 642/1506 178.9/611.6][TLSv1.2][Client: zoomam105zc.zoom.us][JA3C: c51de225944b7d58d48c0f99f86ba8e6][Server: *.zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] @@ -27,7 +27,7 @@ JA3 Host Stats: 9 TCP 192.168.1.117:54864 <-> 52.202.62.238:443 [proto: 91.189/TLS.Zoom][cat: Video/26][10 pkts/2030 bytes <-> 8 pkts/6283 bytes][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 58.5/40.3 110/131 49.6/57.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 203.0/785.4 812/1506 256.3/675.1][TLSv1.2][Client: log.zoom.us][JA3C: 535aca3d99fc247509cd50933cd71d37][Server: *.zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 10 TCP 192.168.1.117:53872 <-> 35.186.224.53:443 [proto: 91.126/TLS.Google][cat: Web/5][8 pkts/2017 bytes <-> 8 pkts/4822 bytes][bytes ratio: -0.410 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9.7/9.5 58/45 21.6/16.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252.1/602.8 1434/1484 447.5/585.4] 11 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 644.8/739.7 5003/5003 1647.5/1740.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 219.8/206.7 932/1292 283.1/364.2][TLSv1.2][Client: dati.ntop.org][JA3C: a795593605a13211941d44505b4d1e39][JA3S: dd4b012f7a008e741554bd0a4ed12920][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] - 12 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.126/TLS.Google][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][TLSv1][Client: www.googletagmanager.com][JA3C: d78489b860c8bf7838a6ff0b4d131541][PLAIN TEXT (www.googletagmanager.com)] + 12 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.126/TLS.Google][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][TLSv1][Client: www.googletagmanager.com][JA3C: d78489b860c8bf7838a6ff0b4d131541] 13 TCP 192.168.1.117:53867 <-> 104.199.65.42:80 [proto: 7.126/HTTP.Google][cat: Web/5][4 pkts/710 bytes <-> 2 pkts/242 bytes][bytes ratio: 0.492 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/64 31.0/64.0 32/64 0.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/121 177.5/121.0 329/121 115.0/0.0] 14 UDP 192.168.1.117:61731 <-> 109.94.160.99:8801 [proto: 189/Zoom][cat: Video/26][4 pkts/372 bytes <-> 4 pkts/290 bytes][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/35 28.0/27.3 49/47 18.5/19.9][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 93.0/72.5 151/93 39.9/13.7][PLAIN TEXT (replace)] 15 UDP 192.168.1.117:60620 <-> 109.94.160.99:8801 [proto: 189/Zoom][cat: Video/26][4 pkts/408 bytes <-> 3 pkts/222 bytes][bytes ratio: 0.295 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/31 413.3/15.5 1209/31 562.7/15.5][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 102.0/74.0 149/85 33.3/10.4][PLAIN TEXT (replace)] |