diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/result/1kxun.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/EAQ.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/KakaoTalk_chat.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/KakaoTalk_talk.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/instagram.pcap.out | 14 | ||||
| -rw-r--r-- | tests/result/malware.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/mpeg.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/netflix.pcap.out | 52 | ||||
| -rw-r--r-- | tests/result/ocs.pcap.out | 10 | ||||
| -rw-r--r-- | tests/result/pps.pcap.out | 10 | ||||
| -rw-r--r-- | tests/result/quickplay.pcap.out | 38 | ||||
| -rw-r--r-- | tests/result/starcraft_battle.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/waze.pcap.out | 14 | ||||
| -rw-r--r-- | tests/result/weibo.pcap.out | 18 |
14 files changed, 90 insertions, 90 deletions
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 3c693cea3..752f86d8a 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -34,7 +34,7 @@ JA3 Host Stats: 12 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 559.3/0.0 2044/0 539.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 557.6/0.0 590/0 29.6/0.0][PLAIN TEXT (NOTIFY )] 13 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 559.3/0.0 2044/0 539.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 482/0 529.6/0.0 562/0 29.6/0.0][PLAIN TEXT (NOTIFY )] 14 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 1501.5/2001.9 14373/14274 3983.1/4454.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482.2/116.5 1514/386 581.5/101.3] - 15 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 67.6/143.8 476/506 131.8/177.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197.2/200.0 499/372 175.9/149.1][PLAIN TEXT (POST /getvinfo HTTP/1.1)] + 15 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 67.6/143.8 476/506 131.8/177.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197.2/200.0 499/372 175.9/149.1][URL: vv.video.qq.com/getvinfo][StatusCode: 100][PLAIN TEXT (POST /getvinfo HTTP/1.1)] 16 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3308.1/0.0 12289/0 3131.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342.0/0.0 342/0 0.0/0.0] 17 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60.0/44.0 176/133 82.0/54.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512.5/459.4 1159/1464 468.4/535.8] 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 632.9/3491.7 5622/15254 1764.0/5644.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178.1/210.4 1067/1055 287.5/323.1][TLSv1.2][Client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index d0bc75542..03abc458d 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -1,8 +1,8 @@ Google 23 11743 2 EAQ 174 10092 29 - 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 101.6/101.4 400/349 150.6/124.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 73.9/1666.3 193/2818 45.5/1240.4][PLAIN TEXT (we50oDAAg HTTP/1.1)] - 2 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 50.7/49.5 139/89 62.5/39.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.0/191.0 154/602 38.8/237.3][PLAIN TEXT (GET / HTTP/1.1)] + 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 101.6/101.4 400/349 150.6/124.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 73.9/1666.3 193/2818 45.5/1240.4][URL: www.google.com.br/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg][StatusCode: 200][PLAIN TEXT (we50oDAAg HTTP/1.1)] + 2 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 50.7/49.5 139/89 62.5/39.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.0/191.0 154/602 38.8/237.3][URL: www.google.com/][StatusCode: 302][PLAIN TEXT (GET / HTTP/1.1)] 3 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 21509/21499 21642.0/21641.8 21860/21869 132.0/138.2][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58.0/58.0 58/58 0.0/0.0] 4 UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 20533/20540 21310.5/21309.5 21609/21619 449.8/445.7][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58.0/58.0 58/58 0.0/0.0] 5 UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 20541/20540 21309.5/21304.5 21618/21649 445.1/444.9][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58.0/58.0 58/58 0.0/0.0] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 973c39902..e4f53d649 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -23,8 +23,8 @@ JA3 Host Stats: 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2922.8/5819.6 12590/13598 3981.5/4890.9][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131.2/188.3 657/274 136.4/75.5] 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3064.0/3022.1 12765/12806 4269.0/4324.4][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193.0/74.7 303/98 122.5/20.9] 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91.178/TLS.Amazon][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107.0/56.5 199/108 92.0/51.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 96.7/533.3 146/1456 35.0/652.4][TLSv1][JA3C: d9ce50c62ab1fd5932da3c6b6d406c65][Server: *.push.samsungosp.com][JA3S: 986d18bb49fadf70a73a06ead3780d55 (INSECURE)][Certificate SHA-1: CE:C6:14:8F:23:A0:C2:C9:C5:9A:B0:BB:EC:1D:4A:7E:33:2A:43:12][Cipher: TLS_RSA_WITH_RC4_128_MD5][PLAIN TEXT (Gyeonggi do)] - 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 5491.0/101.7 21620/210 9312.5/76.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/104.5 243/339 73.2/104.9][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] - 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5451.5/101.3 21457/215 9241.2/80.5][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/114.2 243/339 73.2/112.4][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] + 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 5491.0/101.7 21620/210 9312.5/76.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/104.5 243/339 73.2/104.9][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] + 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5451.5/101.3 21457/215 9241.2/80.5][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/114.2 243/339 73.2/112.4][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/98 0.0/4284.2 0/13111 0.0/4432.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56.0/56.0 56/56 0.0/0.0] 14 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/TLS][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes] 15 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][2 pkts/139 bytes <-> 2 pkts/112 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index fee5ed358..c54eab91a 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -20,7 +20,7 @@ JA3 Host Stats: 5 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2932 bytes <-> 14 pkts/1092 bytes][bytes ratio: 0.457 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 139.6/145.4 494/452 153.9/122.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 195.5/78.0 735/189 228.1/34.6][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 07dddc59e60135c7b479d39c3ae686af][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] 6 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1062/3176 4099.5/4827.9 4716/8101 1132.3/1387.8][Pkt Len c2s/s2c min/avg/max/stddev: 122/142 141.0/142.0 150/142 6.1/0.0] 7 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1105/1052 4383.7/4322.4 4905/7690 1137.9/1595.2][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 140.2/140.2 142/142 5.7/5.7] - 8 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 342.5/346.0 1312/1166 559.9/473.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 139.6/87.1 665/262 198.8/71.4][PLAIN TEXT (POST http)] + 8 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 342.5/346.0 1312/1166 559.9/473.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 139.6/87.1 665/262 198.8/71.4][URL: hkminorshort.weixin.qq.comhttp://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][PLAIN TEXT (POST http)] 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][6 pkts/543 bytes <-> 5 pkts/945 bytes][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 77/47 4920.2/6109.8 17431/17434 6679.4/7064.4][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 90.5/189.0 130/504 24.3/164.1] 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes] 11 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][cat: Web/5][2 pkts/225 bytes <-> 2 pkts/171 bytes][PLAIN TEXT (xiaomi.com)] diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index f7569aab4..559d43cff 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -12,10 +12,10 @@ JA3 Host Stats: 1 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][103 pkts/150456 bytes <-> 47 pkts/3102 bytes][bytes ratio: 0.960 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 16.4/36.5 1246/1247 127.3/187.9][Pkt Len c2s/s2c min/avg/max/stddev: 1128/66 1460.7/66.0 1464/66 32.9/0.0][PLAIN TEXT (dnlN/L)] - 2 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com][bytes ratio: -0.962 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.0/0.3 33/2 8.9/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/1484 86.0/1484.0 326/1484 69.3/0.0][PLAIN TEXT (GET /hphotos)] - 3 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2.1/0.5 62/2 10.1/0.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/396 73.0/1435.2 326/1484 42.2/209.5][PLAIN TEXT (GET /hphotos)] - 4 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15.5/10.1 310/372 56.9/59.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.7/1250.6 325/1484 55.7/506.8][PLAIN TEXT (GET /hphotos)] - 5 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21.8/13.4 321/322 68.4/57.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/186 76.5/1423.0 319/1484 50.6/248.6][PLAIN TEXT (GET /hphotos)] + 2 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com][bytes ratio: -0.962 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.0/0.3 33/2 8.9/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/1484 86.0/1484.0 326/1484 69.3/0.0][URL: photos-h.ak.instagram.com/hphotos-ak-xap1/t51.2885-15/e35/10859994_1009433792434447_1627646062_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)] + 3 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2.1/0.5 62/2 10.1/0.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/396 73.0/1435.2 326/1484 42.2/209.5][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11417349_1610424452559638_1559096152_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)] + 4 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15.5/10.1 310/372 56.9/59.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.7/1250.6 325/1484 55.7/506.8][URL: photos-e.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11379148_1449120228745316_607477962_n.jpg?se=7][StatusCode: 0][PLAIN TEXT (GET /hphotos)] + 5 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21.8/13.4 321/322 68.4/57.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/186 76.5/1423.0 319/1484 50.6/248.6][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e15/11386524_110257619317430_379513654_n.jpg][StatusCode: 200][PLAIN TEXT (GET /hphotos)] 6 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][34 pkts/5555 bytes <-> 34 pkts/40133 bytes][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 304.3/301.6 7669/7709 1329.2/1337.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163.4/1180.4 1431/1464 317.9/494.8] 7 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1.2/1.2 7/7 1.6/1.6][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484.0/66.0 1484/66 0.0/0.0][PLAIN TEXT (inOCIM)] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][cat: Web/5][14 pkts/924 bytes <-> 20 pkts/28115 bytes][bytes ratio: -0.936 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2.8/0.6 21/3 5.6/1.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66.0/1405.8 66/1484 0.0/309.0][PLAIN TEXT (dGQaNFV)] @@ -27,13 +27,13 @@ JA3 Host Stats: 14 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.3/9.6 71/47 26.6/18.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.0/778.5 292/1484 80.8/657.3][TLSv1][Client: igcdn-photos-a-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: a248.e.akamai.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Organization: Akamai Technologies Inc.][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 15 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][5 pkts/1279 bytes <-> 6 pkts/4118 bytes][bytes ratio: -0.526 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64.0/486.2 254/2227 109.7/873.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 255.8/686.3 1015/1464 379.6/610.1] 16 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][5 pkts/1279 bytes <-> 5 pkts/4020 bytes][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53.8/43.0 215/172 93.1/74.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 255.8/804.0 1015/1464 379.6/595.0] - 17 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com][bytes ratio: -0.722 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 61.3/0.5 184/1 86.7/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 78/488 139.8/1152.0 325/1484 107.0/469.5][PLAIN TEXT (GET /hphotos)] + 17 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com][bytes ratio: -0.722 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 61.3/0.5 184/1 86.7/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 78/488 139.8/1152.0 325/1484 107.0/469.5][URL: photos-f.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11424623_1608163109450421_663315883_n.jpg?se=7][StatusCode: 0][PLAIN TEXT (GET /hphotos)] 18 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 100.1/88.7 183/182 78.4/77.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175.9/133.0 530/231 154.8/70.1][TLSv1][Client: telegraph-ash.instagram.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA3S: acb741bcdffb787c5a52654c78645bdf][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] 19 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/580 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 413767116)] 20 ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][cat: Network/14][5 pkts/510 bytes -> 0 pkts/0 bytes] 21 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/305 bytes][Host: igcdn-photos-h-a.akamaihd.net][PLAIN TEXT (photos)] - 22 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com][PLAIN TEXT (GET /hphotos)] - 23 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com][PLAIN TEXT (GET /hphotos)] + 22 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com][URL: photos-a.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11248829_853782121373976_909936934_n.jpg?se=7][StatusCode: 0][PLAIN TEXT (GET /hphotos)] + 23 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com][URL: photos-g.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11379284_1651416798408214_1525641466_n.jpg][StatusCode: 0][PLAIN TEXT (GET /hphotos)] 24 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net][PLAIN TEXT (photos)] 25 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net][PLAIN TEXT (photos)] 26 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes] diff --git a/tests/result/malware.pcap.out b/tests/result/malware.pcap.out index 6be260fc6..abae150aa 100644 --- a/tests/result/malware.pcap.out +++ b/tests/result/malware.pcap.out @@ -9,7 +9,7 @@ JA3 Host Stats: 1 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91.225/TLS.OpenDNS][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57.1/64.1 199/249 87.3/99.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.4/651.1 571/1514 148.2/644.4][TLSv1.2][Client: www.internetbadguys.com][JA3C: f6ce47303dce394049af395fc6d0bc20][Server: api.opendns.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Organization: OpenDNS, Inc.][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 2 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.7/HTTP][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Host: www.internetbadguys.com][PLAIN TEXT (GET / HTTP/1.1)] + 2 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.7/HTTP][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Host: www.internetbadguys.com][URL: www.internetbadguys.com/][StatusCode: 0][PLAIN TEXT (GET / HTTP/1.1)] 3 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Host: www.internetbadguys.com][PLAIN TEXT (internetbadguys)] 4 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes] 5 TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index e3e2c04dd..8db49a428 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][cat: Network/14][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24.3/5.1 77/41 29.2/13.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/68 83.8/988.9 214/1502 46.2/649.2][PLAIN TEXT (GET /0.mp)] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][cat: Network/14][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24.3/5.1 77/41 29.2/13.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/68 83.8/988.9 214/1502 46.2/649.2][URL: luca.ntop.org/0.mp3][StatusCode: 200][PLAIN TEXT (GET /0.mp)] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index adfab9d81..d8d886ef7 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -9,42 +9,42 @@ JA3 Host Stats: 1 192.168.1.7 4 - 1 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 39.3/21.4 562/505 60.6/39.2][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 75.7/1500.3 584/1514 68.6/116.2][PLAIN TEXT (oMrLRiWL2)] - 2 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 106.5/65.5 5026/5057 397.7/317.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 80.3/1493.7 581/1514 81.4/139.9][PLAIN TEXT (oMrLRiWL)] - 3 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70.3/94.7 5238/26393 315.4/1212.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79.1/1487.1 582/1514 78.6/167.2][PLAIN TEXT (oMrLRiWL1)] - 4 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 199.5/58.8 2078/4093 439.0/257.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78.6/1498.7 282/1514 20.9/140.2][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)] + 1 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 39.3/21.4 562/505 60.6/39.2][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 75.7/1500.3 584/1514 68.6/116.2][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8][StatusCode: 206][PLAIN TEXT (oMrLRiWL2)] + 2 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 106.5/65.5 5026/5057 397.7/317.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 80.3/1493.7 581/1514 81.4/139.9][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][PLAIN TEXT (oMrLRiWL)] + 3 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70.3/94.7 5238/26393 315.4/1212.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79.1/1487.1 582/1514 78.6/167.2][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10][StatusCode: 206][PLAIN TEXT (oMrLRiWL1)] + 4 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 199.5/58.8 2078/4093 439.0/257.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78.6/1498.7 282/1514 20.9/140.2][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)] 5 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 909.9/515.0 69170/69192 7634.2/5765.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87.0/1379.1 293/1514 38.8/401.2][TLSv1.2][Client: art-s.nflximg.net][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: secure.cdn.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Organization: Netflix, Inc.][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] - 6 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 85.2/58.5 504/714 120.4/107.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 88.1/1463.8 582/1514 100.4/228.0][PLAIN TEXT (oMrLRiWL2)] - 7 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/12 103.2/41.6 1300/402 228.7/64.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.3/1455.7 311/1514 38.3/273.5][PLAIN TEXT (GET /5758)] + 6 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 85.2/58.5 504/714 120.4/107.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 88.1/1463.8 582/1514 100.4/228.0][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][PLAIN TEXT (oMrLRiWL2)] + 7 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/12 103.2/41.6 1300/402 228.7/64.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.3/1455.7 311/1514 38.3/273.5][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][PLAIN TEXT (GET /5758)] 8 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 233.2/662.2 5977/30505 806.4/3663.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 413.7/588.1 1514/1514 553.3/593.8][TLSv1.2][Client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 9 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][bytes ratio: 0.727 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1181.9/2214.2 51181/51242 7538.2/10223.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1091.7/317.7 1514/1514 614.5/491.5][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-01 12:30:00 - 2029-01-01 12:30:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 10 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 85.0/57.7 638/579 151.2/113.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1327.5 422/1514 70.8/457.1][PLAIN TEXT (GET /range/0)] - 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 109.1/63.6 708/686 206.2/157.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89.0/1327.6 420/1514 74.7/456.9][PLAIN TEXT (GET /range/0)] - 12 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 392.5/250.1 3643/6030 784.1/1074.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93.3/1378.5 312/1514 58.6/421.3][PLAIN TEXT (GET /af)] - 13 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 82.2/51.1 651/582 154.5/104.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87.0/1349.3 422/1514 75.3/442.6][PLAIN TEXT (GET /range/0)] + 10 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 85.0/57.7 638/579 151.2/113.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1327.5 422/1514 70.8/457.1][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][PLAIN TEXT (GET /range/0)] + 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 109.1/63.6 708/686 206.2/157.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89.0/1327.6 420/1514 74.7/456.9][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][PLAIN TEXT (GET /range/0)] + 12 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 392.5/250.1 3643/6030 784.1/1074.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93.3/1378.5 312/1514 58.6/421.3][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][PLAIN TEXT (GET /af)] + 13 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 82.2/51.1 651/582 154.5/104.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87.0/1349.3 422/1514 75.3/442.6][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][PLAIN TEXT (GET /range/0)] 14 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 309.4/1038.5 6911/30443 1322.5/5031.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 210.9/964.4 1514/1514 376.2/637.4][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 15 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 126.5/34.8 837/81 232.9/18.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101.8/1414.4 311/1514 64.1/365.9][PLAIN TEXT (GET /8b)] - 16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 252.1/269.4 1392/4457 353.8/837.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.7/1294.6 424/1514 62.8/489.1][PLAIN TEXT (czGET /range/0)] - 17 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 137.5/84.7 1389/1416 341.0/281.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97.4/1336.5 311/1514 80.8/428.1][PLAIN TEXT (GET /4e)] - 18 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 43.8/19.2 187/135 52.9/26.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241.7/1136.3 1514/1514 404.6/584.3][PLAIN TEXT (POST /appboot/NFAPPL)] - 19 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 230.2/307.9 1162/2716 282.4/581.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.8/1202.6 424/1514 61.0/563.7][PLAIN TEXT (GET /range/0)] - 20 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 18/4 268.7/256.0 985/1397 248.7/322.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1202.6 423/1514 71.0/563.7][PLAIN TEXT (GET /range/0)] - 21 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 245.9/356.0 1355/1636 317.7/452.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.9/1274.6 423/1514 62.5/516.6][PLAIN TEXT (GET /range/0)] + 15 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 126.5/34.8 837/81 232.9/18.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101.8/1414.4 311/1514 64.1/365.9][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][PLAIN TEXT (GET /8b)] + 16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 252.1/269.4 1392/4457 353.8/837.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.7/1294.6 424/1514 62.8/489.1][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][PLAIN TEXT (czGET /range/0)] + 17 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 137.5/84.7 1389/1416 341.0/281.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97.4/1336.5 311/1514 80.8/428.1][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][PLAIN TEXT (GET /4e)] + 18 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 43.8/19.2 187/135 52.9/26.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241.7/1136.3 1514/1514 404.6/584.3][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 200][PLAIN TEXT (POST /appboot/NFAPPL)] + 19 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 230.2/307.9 1162/2716 282.4/581.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.8/1202.6 424/1514 61.0/563.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][PLAIN TEXT (GET /range/0)] + 20 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 18/4 268.7/256.0 985/1397 248.7/322.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1202.6 423/1514 71.0/563.7][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][PLAIN TEXT (GET /range/0)] + 21 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 245.9/356.0 1355/1636 317.7/452.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.9/1274.6 423/1514 62.5/516.6][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][PLAIN TEXT (GET /range/0)] 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 82.1/59.3 437/500 133.2/106.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290.2/895.3 1514/1514 441.6/626.2][TLSv1.2][Client: api-global.netflix.com][JA3C: d8bfad189bd26664e04570c104ee8418][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 23 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 232.9/347.5 635/1046 208.1/357.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80.4/1159.2 426/1514 62.4/602.9][PLAIN TEXT (fGET /range/0)] - 24 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 235.9/420.4 1250/4431 316.7/1002.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.1 424/1514 58.1/550.7][PLAIN TEXT (GET /range/0)] - 25 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 179.5/299.3 1162/2097 234.5/514.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.2 426/1514 60.5/550.7][PLAIN TEXT (GET /range/0)] - 26 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 268.3/393.4 1317/3546 336.0/788.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85.1/1159.5 423/1514 63.5/589.6][PLAIN TEXT (GET /range/0)] + 23 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 232.9/347.5 635/1046 208.1/357.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80.4/1159.2 426/1514 62.4/602.9][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][PLAIN TEXT (fGET /range/0)] + 24 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 235.9/420.4 1250/4431 316.7/1002.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.1 424/1514 58.1/550.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][PLAIN TEXT (GET /range/0)] + 25 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 179.5/299.3 1162/2097 234.5/514.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.2 426/1514 60.5/550.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][PLAIN TEXT (GET /range/0)] + 26 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 268.3/393.4 1317/3546 336.0/788.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85.1/1159.5 423/1514 63.5/589.6][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][PLAIN TEXT (GET /range/0)] 27 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 51.2/2142.3 332/30970 92.5/7705.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 810.9/308.7 1514/1514 699.9/492.9][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 28 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35.4/30.2 266/316 69.1/63.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237.4/739.0 1514/1514 406.7/541.9][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 29 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 223.2/432.5 636/3094 221.3/735.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.4/1180.4 424/1514 58.9/569.7][PLAIN TEXT (GET /range/0)] - 30 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 256.4/479.3 1152/2608 308.2/686.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 84.7/1118.7 425/1514 60.1/613.7][PLAIN TEXT (GET /range/0)] - 31 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 250.6/412.8 811/3064 252.1/726.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87.0/1121.1 424/1514 63.5/610.6][PLAIN TEXT (GET /range/0)] + 29 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 223.2/432.5 636/3094 221.3/735.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.4/1180.4 424/1514 58.9/569.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][PLAIN TEXT (GET /range/0)] + 30 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 256.4/479.3 1152/2608 308.2/686.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 84.7/1118.7 425/1514 60.1/613.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][PLAIN TEXT (GET /range/0)] + 31 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 250.6/412.8 811/3064 252.1/726.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87.0/1121.1 424/1514 63.5/610.6][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][PLAIN TEXT (GET /range/0)] 32 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47.7/61.3 282/127 72.6/34.9][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 485.7/490.6 1514/1514 602.5/610.3][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-01 12:30:00 - 2029-01-01 12:30:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 33 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 51.8/42.5 185/123 61.9/30.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714.4/500.3 1514/1514 676.3/651.2][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)] + 33 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 51.8/42.5 185/123 61.9/30.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714.4/500.3 1514/1514 676.3/651.2][URL: api-global.netflix.com/msl/nrdjs/2.1.2][StatusCode: 0][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)] 34 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 66.8/86.2 322/423 87.7/111.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 314.5/696.8 1514/1514 477.1/667.4][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-01 12:30:00 - 2029-01-01 12:30:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 35 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][bytes ratio: -0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 435.6/2401.4 7402/30636 1690.0/7511.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 274.0/414.4 1514/1514 437.3/546.1][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 36 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 137.2/34.6 830/63 263.3/16.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94.1/1119.8 311/1514 72.5/643.7][PLAIN TEXT (GET /87)] + 36 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 137.2/34.6 830/63 263.3/16.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94.1/1119.8 311/1514 72.5/643.7][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][PLAIN TEXT (GET /87)] 37 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20.6/2199.1 82/30503 26.8/7850.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382.0/327.2 1514/1514 559.0/501.4][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 38 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 19.1/2332.7 62/30086 24.6/8011.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399.4/342.7 1514/1514 568.6/514.1][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 39 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 236.0/257.7 2449/2522 641.5/686.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 325.2/386.1 1514/1514 478.5/534.2][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-01 12:30:00 - 2029-01-01 12:30:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 363761935..1399d0f8d 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -11,16 +11,16 @@ JA3 Host Stats: 1 192.168.180.2 4 - 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 67.5/0.0 4644/0 279.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 59.6/0.0 715/0 25.1/0.0][PLAIN TEXT (POST /catalog/vod)] + 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 67.5/0.0 4644/0 279.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 59.6/0.0 715/0 25.1/0.0][URL: ocu03.labgency.ws/catalog/vod?v=3][StatusCode: 0][PLAIN TEXT (POST /catalog/vod)] 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/TLS.OCS][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 201.9/0.0 998/0 319.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 304.5/0.0 1440/0 368.0/0.0][TLSv1][Client: ocs.labgency.ws][JA3C: 0534a22b266a64a5cc9a90f7b5c483cc] - 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 45.2/0.0 912/0 104.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 65.2/0.0 208/0 23.6/0.0][PLAIN TEXT (GET /data)] + 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 45.2/0.0 912/0 104.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 65.2/0.0 208/0 23.6/0.0][URL: www.ocs.fr/data_plateforme/program/18496/tv_detail_mortdunpourw0012236_72f6c.jpg][StatusCode: 0][PLAIN TEXT (GET /data)] 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 95.9/0.0 420/0 124.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 40/0 135.8/0.0 1209/0 253.5/0.0][TLSv1][Client: settings.crashlytics.com][JA3C: b030dba3ca09e2e484b9fa75adc4039c] 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 37.5/0.0 75/0 25.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 184.3/0.0 1287/0 339.0/0.0][TLSv1.2][Client: mtalk.google.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1] 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/TLS.Google][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 52.4/0.0 112/0 37.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 134.0/0.0 649/0 165.6/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/TLS.Google][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 72.9/0.0 258/0 68.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 111.4/0.0 425/0 106.3/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66] - 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271.6/0.0 1043/0 394.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182.0/0.0 824/0 287.1/0.0][PLAIN TEXT (POST /catalog/vod)] - 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 232.6/0.0 503/0 211.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77.1/0.0 136/0 37.3/0.0][PLAIN TEXT (GET /ip)] - 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 56.8/0.0 101/0 35.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 79.8/0.0 211/0 58.7/0.0][PLAIN TEXT (GET /xmpp)] + 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271.6/0.0 1043/0 394.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182.0/0.0 824/0 287.1/0.0][URL: ocu03.labgency.ws/catalog/vod?v=3][StatusCode: 0][PLAIN TEXT (POST /catalog/vod)] + 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 232.6/0.0 503/0 211.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77.1/0.0 136/0 37.3/0.0][URL: api.eu01.capptain.com/ip-to-country][StatusCode: 0][PLAIN TEXT (GET /ip)] + 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7.7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 56.8/0.0 101/0 35.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 79.8/0.0 211/0 58.7/0.0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][StatusCode: 0][PLAIN TEXT (GET /xmpp)] 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes] 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com][PLAIN TEXT (device06)] 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com][PLAIN TEXT (android)] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 544abe1c3..714e59db4 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -6,7 +6,7 @@ Google 2 1093 1 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.6 0/77 0.0/7.7][Pkt Len c2s/s2c min/avg/max/stddev: 303/522 303.0/1312.5 303/1314 0.0/34.0][PLAIN TEXT (GET /preimage/20160506/f0/1)] 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.3 0/51 0.0/6.3][Pkt Len c2s/s2c min/avg/max/stddev: 303/180 303.0/1311.9 303/1314 0.0/49.3][PLAIN TEXT (GET /preimage/20160506/f0/1)] 3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com][bytes ratio: -0.998 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/0 35.0/0.4 35/35 0.0/2.4][Pkt Len c2s/s2c min/avg/max/stddev: 198/566 200.0/1310.0 202/1314 2.0/50.0][PLAIN TEXT (GET /ext/common/qisu2/downloade)] - 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.4 0/3 0.0/1.0][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426.0/1302.8 426/1314 0.0/56.2][PLAIN TEXT (GET /videos/v)] + 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.4 0/3 0.0/1.0][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426.0/1302.8 426/1314 0.0/56.2][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de][StatusCode: 0][PLAIN TEXT (GET /videos/v)] 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7/HTTP][cat: Web/5][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1273.3/1097.5 12120/12073 3617.6/3470.7][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002.1/1239.1 1314/1314 433.8/214.6][PLAIN TEXT (POST /bc2 HTTP/1.1)] 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 46/0 373.6/0.0 2654/0 832.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 473/0 518.2/0.0 553/0 30.0/0.0][PLAIN TEXT (NOTIFY )] 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com][PLAIN TEXT (GET /vi/500494600/562)] @@ -37,11 +37,11 @@ Google 2 1093 1 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com][PLAIN TEXT (GET /pca3)] 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com][PLAIN TEXT (GET /ocsp/MEkwRzBFMEMwQ)] + 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com][URL: clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz][StatusCode: 200][PLAIN TEXT (GET /ocsp/MEkwRzBFMEMwQ)] 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3001.0/0.0 3005/0 2.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179.0/0.0 179/0 0.0/0.0][PLAIN TEXT (SEARCH )] 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3000/0 3003.8/0.0 3014/0 5.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3007.6/0.0 3038/0 15.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] - 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] + 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 0][PLAIN TEXT (GET /cp)] 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /ccs HTTP/1.1)] 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] @@ -58,7 +58,7 @@ Google 2 1093 1 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com][PLAIN TEXT (GET /cityjson HTTP/1.1)] 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][PLAIN TEXT (GET /comMagicanApi/index.php/To)] 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)] - 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][StatusCode: 0][PLAIN TEXT (GET /core)] 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /k HTTP/1.1)] 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] @@ -70,7 +70,7 @@ Google 2 1093 1 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 302 Found)] - 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com][PLAIN TEXT (GET /preimage/20160506/f0/1)] + 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_3.jpg?no=3][StatusCode: 0][PLAIN TEXT (GET /preimage/20160506/f0/1)] 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index a22b89a70..2e05c9553 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -4,24 +4,24 @@ Facebook 6 1740 3 Google 2 378 1 Amazon 2 1469 1 - 1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/645 2984.8/2693.8 23289/5776 3679.9/941.1][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511.5/933.3 587/1456 26.6/493.8][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 9041.5/8621.5 23311/23043 9741.8/9388.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502.0/1143.5 502/1456 0.0/288.0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434.2/13893.5 23447/24732 10021.5/10838.5][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502.0/1174.0 502/1456 0.0/263.5][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534.0/3315.0 23958/4204 10199.5/889.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502.0/1013.3 502/1456 0.0/626.0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390.3/3322.0 3535/3349 106.0/27.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502.0/758.7 502/1456 0.0/525.4][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/645 2984.8/2693.8 23289/5776 3679.9/941.1][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511.5/933.3 587/1456 26.6/493.8][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 9041.5/8621.5 23311/23043 9741.8/9388.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502.0/1143.5 502/1456 0.0/288.0][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434.2/13893.5 23447/24732 10021.5/10838.5][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502.0/1174.0 502/1456 0.0/263.5][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534.0/3315.0 23958/4204 10199.5/889.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502.0/1013.3 502/1456 0.0/626.0][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390.3/3322.0 3535/3349 106.0/27.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502.0/758.7 502/1456 0.0/525.4][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] 6 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] 7 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] - 8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.7/HTTP][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com][PLAIN TEXT (GET /vstb/playlist)] - 11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com][PLAIN TEXT (GET /pass/v)] - 12 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com][PLAIN TEXT (POST http)] - 13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com][PLAIN TEXT (POST http)] - 14 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com][PLAIN TEXT (POST http)] - 15 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com][PLAIN TEXT (POST http)] - 16 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com][PLAIN TEXT (POST http)] - 17 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] - 18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] - 19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] - 20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] - 21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com][PLAIN TEXT (GET /generate)] + 8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.7/HTTP][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com][URL: play-singtelhawk.quickplay.com/vstb/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=091][StatusCode: 0][PLAIN TEXT (GET /vstb/playlist)] + 11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][PLAIN TEXT (GET /pass/v)] + 12 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmsnssync][StatusCode: 0][PLAIN TEXT (POST http)] + 13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/getcontactlabellist][StatusCode: 200][PLAIN TEXT (POST http)] + 14 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com][URL: hkminorshort.weixin.qq.comhttp://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][PLAIN TEXT (POST http)] + 15 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/androidgcmreg][StatusCode: 200][PLAIN TEXT (POST http)] + 16 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmbatchemojidownload][StatusCode: 200][PLAIN TEXT (POST http)] + 17 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] + 18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] + 19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] + 20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 0][PLAIN TEXT (GET /solr/RestApiSingTel)] + 21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com][URL: clients3.google.com/generate_204][StatusCode: 204][PLAIN TEXT (GET /generate)] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index fbcd1ce8e..0adb56bd5 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -20,7 +20,7 @@ Starcraft 236 51494 6 10 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net][bytes ratio: -0.703 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 45.5/26.3 70/61 22.4/25.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91.2/627.8 265/1514 77.9/695.8][PLAIN TEXT (GET /sc)] 11 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.702 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 41.5/13.8 56/55 24.0/23.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91.5/521.8 267/1514 78.6/654.3][PLAIN TEXT (GET /service/s2/regions)] 12 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.697 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 43.5/19.3 58/58 25.1/27.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91.5/614.2 267/1514 78.6/680.1][PLAIN TEXT (GET /service/s2/regions)] - 13 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 21.7/25.0 33/33 15.3/8.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 126.4/166.8 404/481 138.9/181.4][PLAIN TEXT (POST /collect HTTP/1.1)] + 13 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 21.7/25.0 33/33 15.3/8.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 126.4/166.8 404/481 138.9/181.4][URL: www.google-analytics.com/collect][StatusCode: 200][PLAIN TEXT (POST /collect HTTP/1.1)] 14 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 49.8/33.0 77/66 24.5/33.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 78.8/188.2 191/573 50.4/222.1][PLAIN TEXT (GET /S2/enGB/client/alert)] 15 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 51.2/34.0 79/68 25.8/34.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79.2/187.2 193/569 51.1/220.4][PLAIN TEXT (GET /S2/enGB/client/regions)] 16 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 49.2/29.5 79/59 29.6/29.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79.2/187.2 193/569 51.1/220.4][PLAIN TEXT (GET /S2/enGB/client/regions)] @@ -28,15 +28,15 @@ Starcraft 236 51494 6 18 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net][bytes ratio: -0.200 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 48.5/32.5 75/65 24.2/32.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 80.5/181.2 201/545 54.1/210.0][PLAIN TEXT (GET /S2/enGB/client/feed/live)] 19 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 38.0/29.0 57/58 26.9/29.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96.4/124.2 254/317 78.9/111.3][PLAIN TEXT (GET /service/s2/alert/en)] 20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 89/0 3498.7/2091.2 6381/6342 2595.6/2656.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 62.7/75.1 74/155 8.8/32.8] - 21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 133.0/101.5 198/203 87.7/101.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73.4/128.2 139/327 33.1/114.8][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)] + 21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 133.0/101.5 198/203 87.7/101.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73.4/128.2 139/327 33.1/114.8][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)] 22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net][PLAIN TEXT (bnetcmsus)] 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457.0/14457.0 15059/14974 602.0/517.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81.0/77.3 83/83 2.8/8.0] 24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 22.40.194.173.in-addr.arpa] 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com][PLAIN TEXT (blizzard)] 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa][PLAIN TEXT (dynect)] 27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 254.1.168.192.in-addr.arpa][PLAIN TEXT (signup)] - 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7.7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][PLAIN TEXT (GET /cms/bnet)] - 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7.7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][PLAIN TEXT (GET /cms/bnet)] + 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7.7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][StatusCode: 0][PLAIN TEXT (GET /cms/bnet)] + 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7.7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][StatusCode: 0][PLAIN TEXT (GET /cms/bnet)] 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net][PLAIN TEXT (battle)] 31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] 32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 61b53e31a..baf34802e 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -24,15 +24,15 @@ JA3 Host Stats: 11 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 147.0/261.0 590/935 207.7/294.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126.8/383.6 380/2189 106.9/639.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA] 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 220.1/242.5 684/645 245.1/226.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 114.5/490.3 347/2533 94.6/785.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 310.6/301.0 1397/1346 459.1/407.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131.6/485.4 379/2165 107.7/725.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] - 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/3 78.8/104.8 261/274 95.1/91.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.7/428.0 137/1678 26.0/650.9][PLAIN TEXT (GET /images/HD/CH)] + 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/3 78.8/104.8 261/274 95.1/91.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.7/428.0 137/1678 26.0/650.9][URL: roadshields.waze.com/images/HD/CH2.png][StatusCode: 200][PLAIN TEXT (GET /images/HD/CH)] 15 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 91.126/TLS.Google][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 66.8/69.8 240/188 80.6/62.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162.4/167.5 572/602 176.8/200.3][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 23f1f6e2f0015c166df49fdab4280370 (INSECURE)][Cipher: TLS_ECDHE_RSA_WITH_RC4_128_SHA] - 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.7/21.5 134/84 49.8/36.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74.2/110.1 194/447 45.7/137.5][PLAIN TEXT (GET /lang)] + 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.7/21.5 134/84 49.8/36.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74.2/110.1 194/447 45.7/137.5][URL: cres.waze.com/lang_asr/lang.portuguese_br_asr][StatusCode: 304][PLAIN TEXT (GET /lang)] 17 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][cat: Chat/9][8 pkts/673 bytes <-> 7 pkts/668 bytes][bytes ratio: 0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 78.1/81.8 289/238 98.2/83.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 84.1/95.4 222/245 53.4/66.5][PLAIN TEXT (Android)] - 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 131.5/132.5 394/397 160.1/160.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.6/110.1 211/447 54.1/137.5][PLAIN TEXT (GET /newV)] - 19 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 52.5/71.2 177/177 73.0/66.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.3/110.1 209/447 53.4/137.5][PLAIN TEXT (GET /lang)] - 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42.8/55.8 169/168 72.9/68.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.9/110.1 206/447 52.3/137.5][PLAIN TEXT (GET /langs/1.0/lang.portuguese)] - 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32.2/32.8 126/125 54.1/53.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.6/109.9 204/445 51.7/136.8][PLAIN TEXT (GET /newV)] - 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 51.8/70.0 176/174 72.7/65.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.0/104.7 207/409 52.7/124.2][PLAIN TEXT (GET /shields)] + 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 131.5/132.5 394/397 160.1/160.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.6/110.1 211/447 54.1/137.5][URL: cres.waze.com/newVconfig/1.0/3/prompts_conf.buf?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /newV)] + 19 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 52.5/71.2 177/177 73.0/66.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.3/110.1 209/447 53.4/137.5][URL: cres.waze.com/lang_tts/lang.portuguese_br_tts?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /lang)] + 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42.8/55.8 169/168 72.9/68.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.9/110.1 206/447 52.3/137.5][URL: cres.waze.com/langs/1.0/lang.portuguese_br?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /langs/1.0/lang.portuguese)] + 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32.2/32.8 126/125 54.1/53.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.6/109.9 204/445 51.7/136.8][URL: cres.waze.com/newVconfig/1.0/3/lang.conf?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /newV)] + 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 51.8/70.0 176/174 72.7/65.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.0/104.7 207/409 52.7/124.2][URL: roadshields.waze.com/shields_conf_new_latam?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /shields)] 23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] 24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 3af10e316..91c8384b0 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -10,18 +10,18 @@ JA3 Host Stats: 1 192.168.1.105 1 - 1 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.860 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.7/26.2 400/372 62.2/58.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/1324.7 533/4374 116.5/822.8][PLAIN TEXT (GET /t6/style/css/module/base/f)] - 2 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.866 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42.4/32.8 314/338 79.5/75.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113.2/1266.4 549/2938 132.2/620.2][PLAIN TEXT (GET /t6/style/css/module/combin)] - 3 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][40 pkts/3462 bytes <-> 39 pkts/34030 bytes][Host: www.weibo.com][bytes ratio: -0.815 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20.9/20.7 482/454 76.4/73.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86.6/872.6 516/2938 69.2/915.2][PLAIN TEXT (GET /login.php)] - 4 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][27 pkts/2298 bytes <-> 26 pkts/34170 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.874 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 20.0/18.3 183/162 45.7/42.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.1/1314.2 550/1502 91.2/448.1][PLAIN TEXT (GET /t6/style/images/growth/log)] - 5 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.800 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 68.2/70.4 375/438 107.0/116.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110.6/1046.1 525/1502 126.8/556.9][PLAIN TEXT (GET /t6/skin/default/skin.css)] - 6 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.850 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 32.5/31.3 252/181 60.6/47.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93.4/1216.5 539/1502 108.1/525.5][PLAIN TEXT (GET /t6/style/images/common/fon)] - 7 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 38.2/33.4 163/160 60.1/63.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 135.1/625.8 530/1502 161.3/505.1][PLAIN TEXT (GET /t6/style/images/global)] + 1 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.860 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.7/26.2 400/372 62.2/58.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/1324.7 533/4374 116.5/822.8][URL: img.t.sinajs.cn/t6/style/css/module/base/frame.css?version=201605130537][StatusCode: 200][PLAIN TEXT (GET /t6/style/css/module/base/f)] + 2 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.866 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42.4/32.8 314/338 79.5/75.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113.2/1266.4 549/2938 132.2/620.2][URL: img.t.sinajs.cn/t6/style/css/module/combination/comb_login.css?version=201605130537][StatusCode: 200][PLAIN TEXT (GET /t6/style/css/module/combin)] + 3 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][40 pkts/3462 bytes <-> 39 pkts/34030 bytes][Host: www.weibo.com][bytes ratio: -0.815 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20.9/20.7 482/454 76.4/73.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86.6/872.6 516/2938 69.2/915.2][URL: www.weibo.com/login.php?lang=en-us][StatusCode: 0][PLAIN TEXT (GET /login.php)] + 4 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][27 pkts/2298 bytes <-> 26 pkts/34170 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.874 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 20.0/18.3 183/162 45.7/42.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.1/1314.2 550/1502 91.2/448.1][URL: img.t.sinajs.cn/t6/style/images/growth/login/sprite_login.png?13434210384389][StatusCode: 200][PLAIN TEXT (GET /t6/style/images/growth/log)] + 5 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.800 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 68.2/70.4 375/438 107.0/116.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110.6/1046.1 525/1502 126.8/556.9][URL: img.t.sinajs.cn/t6/skin/default/skin.css?version=201605130537][StatusCode: 200][PLAIN TEXT (GET /t6/skin/default/skin.css)] + 6 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.850 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 32.5/31.3 252/181 60.6/47.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93.4/1216.5 539/1502 108.1/525.5][URL: img.t.sinajs.cn/t6/style/images/common/font/wbficon.woff?id=201605111746][StatusCode: 200][PLAIN TEXT (GET /t6/style/images/common/fon)] + 7 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 38.2/33.4 163/160 60.1/63.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 135.1/625.8 530/1502 161.3/505.1][URL: img.t.sinajs.cn/t6/style/images/global_nav/WB_logo_b.png][StatusCode: 200][PLAIN TEXT (GET /t6/style/images/global)] 8 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188.126/QUIC.Google][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes][bytes ratio: 0.197 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 228.4/305.8 1385/1472 474.8/583.2][Pkt Len c2s/s2c min/avg/max/stddev: 67/74 162.6/145.5 406/433 122.4/129.3] 9 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes][bytes ratio: -0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171.2/228.0 626/662 263.7/307.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/85 192.6/245.2 353/660 93.4/241.0] 10 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/347 233.3/347.5 353/348 165.0/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147.2/215.8 500/689 176.6/273.3][PLAIN TEXT (GET /login.php)] - 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn][PLAIN TEXT (KGET /t)] - 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn][PLAIN TEXT (GET /public/files/image/620)] + 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn][URL: js.t.sinajs.cn/t5/register/js/v6/pl/base.js?version=201605130537][StatusCode: 0][PLAIN TEXT (KGET /t)] + 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn][URL: u1.img.mobile.sina.cn/public/files/image/620x300_img5653d57c6dab2.png][StatusCode: 0][PLAIN TEXT (GET /public/files/image/620)] 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/TLS][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][TLSv1][Client: g.alicdn.com][JA3C: 58e7f64db6e4fe4941dd9691d421196c][PLAIN TEXT (g.alicdn.com)] 14 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/75 bytes <-> 1 pkts/191 bytes][Host: img.t.sinajs.cn] 15 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/190 bytes][Host: js.t.sinajs.cn] |