diff options
Diffstat (limited to 'tests')
29 files changed, 259 insertions, 259 deletions
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index f62adff1c..4621ed923 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -164,12 +164,12 @@ JA3 Host Stats: 117 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: joanna-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (Joanna)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 118 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: kevin-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (MSFT 5.07)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 119 TCP 192.168.2.126:35666 -> 18.66.2.90:80 [proto: 7.291/HTTP.MpegDash][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Media/1][1 pkts/299 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: cdn.liftoff.io][URL: cdn.liftoff.io/customers/45d4b09eba/videos/mobile/fd5692dd53042b199e03.mp4][StatusCode: 0][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 120 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][cat: Streaming/17][2 pkts/146 bytes <-> 1 pkts/137 bytes][Goodput ratio: 42/69][0.05 sec][Hostname/SNI: pic.1kxun.com][106.187.35.246][Plen Bins: 66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 120 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][2 pkts/146 bytes <-> 1 pkts/137 bytes][Goodput ratio: 42/69][0.05 sec][Hostname/SNI: pic.1kxun.com][106.187.35.246][Plen Bins: 66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 121 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.54 sec][Hostname/SNI: sc.arrancar.org][PLAIN TEXT ( FDEDCOEBFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 122 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][cat: Streaming/17][2 pkts/160 bytes <-> 1 pkts/112 bytes][Goodput ratio: 47/62][0.02 sec][Hostname/SNI: jp.kankan.1kxun.mobi][106.185.35.110][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 123 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][IP: 126/Google][ClearText][Confidence: DPI][cat: Chat/9][2 pkts/150 bytes <-> 1 pkts/116 bytes][Goodput ratio: 44/63][0.04 sec][Hostname/SNI: vv.video.qq.com][203.205.151.234][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 124 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][1.05 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.113][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 125 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.295/DNS.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][0.00 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.167][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 122 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][2 pkts/160 bytes <-> 1 pkts/112 bytes][Goodput ratio: 47/62][0.02 sec][Hostname/SNI: jp.kankan.1kxun.mobi][106.185.35.110][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 123 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][2 pkts/150 bytes <-> 1 pkts/116 bytes][Goodput ratio: 44/63][0.04 sec][Hostname/SNI: vv.video.qq.com][203.205.151.234][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 124 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][1.05 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.113][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 125 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.295/DNS.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][0.00 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.167][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 126 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/256 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][0.10 sec][Hostname/SNI: wpad][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 127 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][3 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][36.19 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 128 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index bbe3bdfdb..326bc761f 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -37,8 +37,8 @@ JA3 Host Stats: 3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][Goodput ratio: 41/41][22.14 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1001/1001 1001/1012 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138/138 138/138 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Goodput ratio: 18/57][0.82 sec][Hostname/SNI: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 164/56 495/110 171/54][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131/252 248/680 52/247][URL: mail.tomasu.net/][StatusCode: 301][Content-Type: text/html][User-Agent: Wget/1.16.3 (linux-gnu)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (ds 0/u6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 6 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/273 bytes][Goodput ratio: 38/70][0.09 sec][Hostname/SNI: star.c10r.facebook.com][2a03:2880:1010:6f03:face:b00c::2][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/261 bytes][Goodput ratio: 38/68][0.09 sec][Hostname/SNI: star.c10r.facebook.com][173.252.120.6][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/133 bytes <-> 1 pkts/273 bytes][Goodput ratio: 38/70][0.09 sec][Hostname/SNI: star.c10r.facebook.com][2a03:2880:1010:6f03:face:b00c::2][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/133 bytes <-> 1 pkts/261 bytes][Goodput ratio: 38/68][0.09 sec][Hostname/SNI: star.c10r.facebook.com][173.252.120.6][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.01 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.07 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 62a2f9ca4..575e21bb3 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -50,25 +50,25 @@ JA3 Host Stats: 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][Goodput ratio: 0/0][25.75 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 136/98 3845/3844 13075/13111 4719/4735][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56/56 56/56 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes][Goodput ratio: 0/0][13.28 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/139 bytes <-> 2 pkts/112 bytes][Goodput ratio: 19/0][0.03 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/166 bytes][Goodput ratio: 43/73][0.04 sec][Hostname/SNI: katalk.kakao.com][110.76.142.34][PLAIN TEXT (katalk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/85 bytes <-> 1 pkts/144 bytes][Goodput ratio: 48/69][0.05 sec][Hostname/SNI: developers.facebook.com][31.13.68.84][PLAIN TEXT (developers)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/80 bytes <-> 1 pkts/138 bytes][Goodput ratio: 44/68][0.04 sec][Hostname/SNI: graph.facebook.com][31.13.68.70][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/166 bytes][Goodput ratio: 43/73][0.04 sec][Hostname/SNI: katalk.kakao.com][110.76.142.34][PLAIN TEXT (katalk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/144 bytes][Goodput ratio: 48/69][0.05 sec][Hostname/SNI: developers.facebook.com][31.13.68.84][PLAIN TEXT (developers)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/138 bytes][Goodput ratio: 44/68][0.04 sec][Hostname/SNI: graph.facebook.com][31.13.68.70][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/130 bytes][Goodput ratio: 49/66][0.05 sec][Hostname/SNI: 2.97.252.173.in-addr.arpa][::][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/136 bytes][Goodput ratio: 44/67][0.04 sec][Hostname/SNI: ac-talk.kakao.com][110.76.141.112][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/84 bytes <-> 1 pkts/130 bytes][Goodput ratio: 47/66][0.04 sec][Hostname/SNI: booking.loco.kakao.com][110.76.142.125][PLAIN TEXT (booking)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/82 bytes <-> 1 pkts/126 bytes][Goodput ratio: 46/65][0.04 sec][Hostname/SNI: up-gp.talk.kakao.com][110.76.141.26][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.13 sec][Hostname/SNI: up-p.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.13 sec][Hostname/SNI: up-v.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.04 sec][Hostname/SNI: up-m.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.03 sec][Hostname/SNI: up-a.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.13 sec][Hostname/SNI: up-c.talk.kakao.com][110.76.141.85][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45/62][0.03 sec][Hostname/SNI: plus-talk.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45/62][0.04 sec][Hostname/SNI: plus-talk.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/118 bytes][Goodput ratio: 43/62][0.05 sec][Hostname/SNI: api.facebook.com][31.13.68.84][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 42/61][0.08 sec][Hostname/SNI: auth.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 42/61][0.03 sec][Hostname/SNI: item.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/136 bytes][Goodput ratio: 44/67][0.04 sec][Hostname/SNI: ac-talk.kakao.com][110.76.141.112][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/130 bytes][Goodput ratio: 47/66][0.04 sec][Hostname/SNI: booking.loco.kakao.com][110.76.142.125][PLAIN TEXT (booking)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/126 bytes][Goodput ratio: 46/65][0.04 sec][Hostname/SNI: up-gp.talk.kakao.com][110.76.141.26][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.13 sec][Hostname/SNI: up-p.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.13 sec][Hostname/SNI: up-v.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.04 sec][Hostname/SNI: up-m.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.03 sec][Hostname/SNI: up-a.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.13 sec][Hostname/SNI: up-c.talk.kakao.com][110.76.141.85][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45/62][0.03 sec][Hostname/SNI: plus-talk.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45/62][0.04 sec][Hostname/SNI: plus-talk.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/118 bytes][Goodput ratio: 43/62][0.05 sec][Hostname/SNI: api.facebook.com][31.13.68.84][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 42/61][0.08 sec][Hostname/SNI: auth.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 42/61][0.03 sec][Hostname/SNI: item.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 25/0][41.33 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 45/54][0.04 sec][Hostname/SNI: dn-l.talk.kakao.com][110.76.141.86][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 45/54][0.04 sec][Hostname/SNI: dn-l.talk.kakao.com][110.76.141.86][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/147 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 8a2b667d9..97a1bf91d 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -49,7 +49,7 @@ JA3 Host Stats: 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes][Goodput ratio: 84/27][51.90 sec][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][5 pkts/350 bytes -> 0 pkts/0 bytes][Goodput ratio: 3/0][11.12 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][3 pkts/168 bytes <-> 2 pkts/112 bytes][Goodput ratio: 0/0][0.48 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/79 bytes <-> 1 pkts/118 bytes][Goodput ratio: 44/62][0.20 sec][Hostname/SNI: mqtt.facebook.com][173.252.97.2][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/118 bytes][Goodput ratio: 44/62][0.20 sec][Hostname/SNI: mqtt.facebook.com][173.252.97.2][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/124 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out index 58001f3eb..f13b98767 100644 --- a/tests/result/alexa-app.pcapng.out +++ b/tests/result/alexa-app.pcapng.out @@ -163,40 +163,40 @@ JA3 Host Stats: 120 TCP 172.16.42.216:54413 <-> 52.85.209.216:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0/0][0.34 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 47/0 114/0 244/0 92/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 121 TCP 172.16.42.216:45707 <-> 52.94.232.134:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][cat: Web/5][4 pkts/236 bytes <-> 2 pkts/122 bytes][Goodput ratio: 0/0][2.59 sec][bytes ratio: 0.318 (Upload)][IAT c2s/s2c min/avg/max/stddev: 148/0 864/0 2109/0 884/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 59/61 74/62 9/1][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 122 UDP 172.16.42.1:67 -> 172.16.42.216:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 123 UDP 172.16.42.216:4920 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/81 bytes <-> 1 pkts/252 bytes][Goodput ratio: 48/83][0.20 sec][Hostname/SNI: ecx.images-amazon.com][52.84.63.56][PLAIN TEXT (images)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 124 UDP 172.16.42.216:23559 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/100 bytes <-> 1 pkts/196 bytes][Goodput ratio: 57/78][0.05 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][34.199.52.240][PLAIN TEXT (cognito)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 125 UDP 172.16.42.216:4612 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/91 bytes <-> 1 pkts/197 bytes][Goodput ratio: 53/78][0.06 sec][Hostname/SNI: images-na.ssl-images-amazon.com][52.84.62.115][PLAIN TEXT (images)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 126 UDP 172.16.42.216:14934 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.04 sec][Hostname/SNI: www.amazon.com][52.85.209.143][PLAIN TEXT (amazon)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 127 UDP 172.16.42.216:44475 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.12 sec][Hostname/SNI: www.amazon.com][52.85.209.216][PLAIN TEXT (amazon)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 128 UDP 172.16.42.216:48155 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.06 sec][Hostname/SNI: www.amazon.com][52.85.209.197][PLAIN TEXT (amazon)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 129 UDP 172.16.42.216:52077 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.13 sec][Hostname/SNI: www.amazon.com][52.85.209.216][PLAIN TEXT (amazon)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 130 UDP 172.16.42.216:35726 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/87 bytes <-> 1 pkts/131 bytes][Goodput ratio: 51/67][0.19 sec][Hostname/SNI: s3-external-2.amazonaws.com][54.231.72.88][PLAIN TEXT (external)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 131 UDP 172.16.42.216:8669 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/99 bytes <-> 1 pkts/115 bytes][Goodput ratio: 57/63][0.06 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][54.239.23.94][PLAIN TEXT (mobileanalytics)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 132 UDP 172.16.42.216:21391 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/99 bytes <-> 1 pkts/115 bytes][Goodput ratio: 57/63][0.10 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][54.239.24.186][PLAIN TEXT (mobileanalytics)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 133 UDP 172.16.42.216:28614 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/99 bytes <-> 1 pkts/115 bytes][Goodput ratio: 57/63][0.07 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][54.239.24.180][PLAIN TEXT (mobileanalytics)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 134 UDP 172.16.42.216:40425 <-> 172.16.42.1:53 [proto: 5.228/DNS.PlayStore][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/86 bytes <-> 1 pkts/126 bytes][Goodput ratio: 51/66][0.08 sec][Hostname/SNI: android.clients.google.com][216.58.194.78][PLAIN TEXT (android)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 135 UDP 172.16.42.216:19967 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/84 bytes <-> 1 pkts/126 bytes][Goodput ratio: 49/66][0.08 sec][Hostname/SNI: mads.amazon-adsystem.com][52.94.232.0][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 136 UDP 172.16.42.216:3440 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: ConnCheck/30][1 pkts/89 bytes <-> 1 pkts/117 bytes][Goodput ratio: 52/64][0.05 sec][Hostname/SNI: connectivitycheck.android.com][2607:f8b0:4000:813::200e][PLAIN TEXT (connectivitycheck)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 137 UDP 172.16.42.216:41639 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/121 bytes][Goodput ratio: 48/65][0.12 sec][Hostname/SNI: dp-gw-na-js.amazon.com][176.32.101.52][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 138 UDP 172.16.42.216:53188 <-> 172.16.42.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/76 bytes <-> 1 pkts/121 bytes][Goodput ratio: 44/65][0.05 sec][Hostname/SNI: mtalk.google.com][173.194.223.188][PLAIN TEXT (google)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 139 UDP 172.16.42.216:55619 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: ConnCheck/30][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.00 sec][Hostname/SNI: connectivitycheck.android.com][172.217.9.142][PLAIN TEXT (connectivitycheck)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 140 UDP 172.16.42.216:25081 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VirtAssistant/32][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.08 sec][Hostname/SNI: alexa.amazon.com][52.94.232.134][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 141 UDP 172.16.42.216:41030 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VirtAssistant/32][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.11 sec][Hostname/SNI: alexa.amazon.com][52.94.232.134][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 142 UDP 172.16.42.216:59908 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VirtAssistant/32][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.27 sec][Hostname/SNI: alexa.amazon.com][54.239.28.178][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 143 UDP 172.16.42.216:64073 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VirtAssistant/32][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.06 sec][Hostname/SNI: alexa.amazon.com][52.94.232.134][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 123 UDP 172.16.42.216:4920 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/252 bytes][Goodput ratio: 48/83][0.20 sec][Hostname/SNI: ecx.images-amazon.com][52.84.63.56][PLAIN TEXT (images)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 124 UDP 172.16.42.216:23559 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/196 bytes][Goodput ratio: 57/78][0.05 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][34.199.52.240][PLAIN TEXT (cognito)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 125 UDP 172.16.42.216:4612 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/197 bytes][Goodput ratio: 53/78][0.06 sec][Hostname/SNI: images-na.ssl-images-amazon.com][52.84.62.115][PLAIN TEXT (images)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 126 UDP 172.16.42.216:14934 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.04 sec][Hostname/SNI: www.amazon.com][52.85.209.143][PLAIN TEXT (amazon)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 127 UDP 172.16.42.216:44475 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.12 sec][Hostname/SNI: www.amazon.com][52.85.209.216][PLAIN TEXT (amazon)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 128 UDP 172.16.42.216:48155 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.06 sec][Hostname/SNI: www.amazon.com][52.85.209.197][PLAIN TEXT (amazon)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 129 UDP 172.16.42.216:52077 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.13 sec][Hostname/SNI: www.amazon.com][52.85.209.216][PLAIN TEXT (amazon)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 130 UDP 172.16.42.216:35726 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/131 bytes][Goodput ratio: 51/67][0.19 sec][Hostname/SNI: s3-external-2.amazonaws.com][54.231.72.88][PLAIN TEXT (external)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 131 UDP 172.16.42.216:8669 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/99 bytes <-> 1 pkts/115 bytes][Goodput ratio: 57/63][0.06 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][54.239.23.94][PLAIN TEXT (mobileanalytics)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 132 UDP 172.16.42.216:21391 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/99 bytes <-> 1 pkts/115 bytes][Goodput ratio: 57/63][0.10 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][54.239.24.186][PLAIN TEXT (mobileanalytics)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 133 UDP 172.16.42.216:28614 <-> 172.16.42.1:53 [proto: 5.265/DNS.AmazonAWS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/99 bytes <-> 1 pkts/115 bytes][Goodput ratio: 57/63][0.07 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][54.239.24.180][PLAIN TEXT (mobileanalytics)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 134 UDP 172.16.42.216:40425 <-> 172.16.42.1:53 [proto: 5.228/DNS.PlayStore][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/126 bytes][Goodput ratio: 51/66][0.08 sec][Hostname/SNI: android.clients.google.com][216.58.194.78][PLAIN TEXT (android)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 135 UDP 172.16.42.216:19967 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/126 bytes][Goodput ratio: 49/66][0.08 sec][Hostname/SNI: mads.amazon-adsystem.com][52.94.232.0][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 136 UDP 172.16.42.216:3440 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/117 bytes][Goodput ratio: 52/64][0.05 sec][Hostname/SNI: connectivitycheck.android.com][2607:f8b0:4000:813::200e][PLAIN TEXT (connectivitycheck)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 137 UDP 172.16.42.216:41639 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/121 bytes][Goodput ratio: 48/65][0.12 sec][Hostname/SNI: dp-gw-na-js.amazon.com][176.32.101.52][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 138 UDP 172.16.42.216:53188 <-> 172.16.42.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/121 bytes][Goodput ratio: 44/65][0.05 sec][Hostname/SNI: mtalk.google.com][173.194.223.188][PLAIN TEXT (google)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 139 UDP 172.16.42.216:55619 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.00 sec][Hostname/SNI: connectivitycheck.android.com][172.217.9.142][PLAIN TEXT (connectivitycheck)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 140 UDP 172.16.42.216:25081 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.08 sec][Hostname/SNI: alexa.amazon.com][52.94.232.134][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 141 UDP 172.16.42.216:41030 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.11 sec][Hostname/SNI: alexa.amazon.com][52.94.232.134][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 142 UDP 172.16.42.216:59908 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.27 sec][Hostname/SNI: alexa.amazon.com][54.239.28.178][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 143 UDP 172.16.42.216:64073 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.06 sec][Hostname/SNI: alexa.amazon.com][52.94.232.134][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 144 ICMP 172.16.42.1:0 -> 172.16.42.216:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/188 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][2.80 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 145 UDP 172.16.42.216:14476 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/83 bytes <-> 1 pkts/99 bytes][Goodput ratio: 49/57][0.14 sec][Hostname/SNI: skills-store.amazon.com][54.239.29.253][PLAIN TEXT (skills)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 146 UDP 172.16.42.216:7358 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.21 sec][Hostname/SNI: firs-ta-g7g.amazon.com][54.239.22.185][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 145 UDP 172.16.42.216:14476 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/99 bytes][Goodput ratio: 49/57][0.14 sec][Hostname/SNI: skills-store.amazon.com][54.239.29.253][PLAIN TEXT (skills)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 146 UDP 172.16.42.216:7358 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.21 sec][Hostname/SNI: firs-ta-g7g.amazon.com][54.239.22.185][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 147 ICMPV6 [::]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 148 ICMPV6 [fe80::7af8:82ff:fed3:fbc2]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 149 UDP 172.16.42.216:4312 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.08 sec][Hostname/SNI: pitangui.amazon.com][54.239.28.178][PLAIN TEXT (pitangui)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 150 UDP 172.16.42.216:20922 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: pitangui.amazon.com][52.94.232.134][PLAIN TEXT (pitangui)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 151 UDP 172.16.42.216:54886 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: pitangui.amazon.com][52.94.232.134][PLAIN TEXT (pitangui)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 152 UDP 172.16.42.216:2707 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/77 bytes <-> 1 pkts/93 bytes][Goodput ratio: 45/54][0.10 sec][Hostname/SNI: fls-na.amazon.com][72.21.206.121][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 153 UDP 172.16.42.216:43350 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/77 bytes <-> 1 pkts/93 bytes][Goodput ratio: 45/54][0.20 sec][Hostname/SNI: fls-na.amazon.com][72.21.206.135][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 154 UDP 172.16.42.216:10462 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.58.218.196][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 155 UDP 172.16.42.216:52603 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.58.218.196][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 156 UDP 172.16.42.216:60804 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.05 sec][Hostname/SNI: api.amazon.com][54.239.29.146][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 149 UDP 172.16.42.216:4312 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.08 sec][Hostname/SNI: pitangui.amazon.com][54.239.28.178][PLAIN TEXT (pitangui)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 150 UDP 172.16.42.216:20922 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: pitangui.amazon.com][52.94.232.134][PLAIN TEXT (pitangui)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 151 UDP 172.16.42.216:54886 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: pitangui.amazon.com][52.94.232.134][PLAIN TEXT (pitangui)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 152 UDP 172.16.42.216:2707 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/93 bytes][Goodput ratio: 45/54][0.10 sec][Hostname/SNI: fls-na.amazon.com][72.21.206.121][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 153 UDP 172.16.42.216:43350 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/93 bytes][Goodput ratio: 45/54][0.20 sec][Hostname/SNI: fls-na.amazon.com][72.21.206.135][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 154 UDP 172.16.42.216:10462 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.58.218.196][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 155 UDP 172.16.42.216:52603 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.58.218.196][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 156 UDP 172.16.42.216:60804 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.05 sec][Hostname/SNI: api.amazon.com][54.239.29.146][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 157 ICMPV6 [::]:0 -> [ff02::1:ffd3:fbc2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/156 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 158 TCP 172.16.42.216:38391 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 159 TCP 172.16.42.216:38434 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.09 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/android.pcap.out b/tests/result/android.pcap.out index d959c50e9..3a1a6b19c 100644 --- a/tests/result/android.pcap.out +++ b/tests/result/android.pcap.out @@ -73,35 +73,35 @@ JA3 Host Stats: 25 TCP 192.168.2.16:52514 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.27 sec][Hostname/SNI: semanticlocation-pa.googleapis.com][ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.2][JA3C: 33490b1d5377580b19f7f9b5849d7991][Safari][PLAIN TEXT (semanticlocation)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.2.1:67 -> 192.168.2.16:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][0.13 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 17.248.185.10:443 -> 192.168.2.17:50702 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][13.42 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 427/0 2236/0 6975/0 2385/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 93/0 97/0 11/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 UDP 192.168.2.16:52953 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: ConnCheck/30][1 pkts/77 bytes <-> 1 pkts/221 bytes][Goodput ratio: 45/81][0.04 sec][Hostname/SNI: captive.apple.com][17.253.53.201][PLAIN TEXT (captive)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 UDP 192.168.2.16:52953 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/221 bytes][Goodput ratio: 45/81][0.04 sec][Hostname/SNI: captive.apple.com][17.253.53.201][PLAIN TEXT (captive)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Music/25][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][60.02 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 UDP [fe80::4e6a:f6ff:fe9f:f627]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/228 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][2.16 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 UDP 192.168.2.16:35825 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/140 bytes][Goodput ratio: 44/70][0.04 sec][Hostname/SNI: time.android.com][216.239.35.8][PLAIN TEXT (android)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 192.168.2.16:36850 <-> 173.194.79.114:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 UDP 192.168.2.16:35689 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/94 bytes <-> 1 pkts/110 bytes][Goodput ratio: 55/61][0.04 sec][Hostname/SNI: semanticlocation-pa.googleapis.com][172.217.20.74][PLAIN TEXT (semanticlocation)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 UDP 192.168.2.16:47081 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: ConnCheck/30][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.04 sec][Hostname/SNI: connectivitycheck.gstatic.com][172.217.18.3][PLAIN TEXT (connectivitycheck)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 UDP 192.168.2.16:36613 <-> 192.168.2.1:53 [proto: 5.228/DNS.PlayStore][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/86 bytes <-> 1 pkts/102 bytes][Goodput ratio: 51/58][0.00 sec][Hostname/SNI: android.clients.google.com][216.239.38.120][PLAIN TEXT (android)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 UDP 192.168.2.16:7660 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/84 bytes <-> 1 pkts/100 bytes][Goodput ratio: 49/57][0.04 sec][Hostname/SNI: datasaver.googleapis.com][172.217.21.202][PLAIN TEXT (datasaver)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 192.168.2.16:18379 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/84 bytes <-> 1 pkts/100 bytes][Goodput ratio: 49/57][0.00 sec][Hostname/SNI: datasaver.googleapis.com][172.217.21.202][PLAIN TEXT (datasaver)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 UDP 192.168.2.16:39760 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.04 sec][Hostname/SNI: android.googleapis.com][172.217.22.10][PLAIN TEXT (android)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 UDP 192.168.2.16:35689 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/94 bytes <-> 1 pkts/110 bytes][Goodput ratio: 55/61][0.04 sec][Hostname/SNI: semanticlocation-pa.googleapis.com][172.217.20.74][PLAIN TEXT (semanticlocation)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 UDP 192.168.2.16:47081 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.04 sec][Hostname/SNI: connectivitycheck.gstatic.com][172.217.18.3][PLAIN TEXT (connectivitycheck)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 UDP 192.168.2.16:36613 <-> 192.168.2.1:53 [proto: 5.228/DNS.PlayStore][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/102 bytes][Goodput ratio: 51/58][0.00 sec][Hostname/SNI: android.clients.google.com][216.239.38.120][PLAIN TEXT (android)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 UDP 192.168.2.16:7660 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/100 bytes][Goodput ratio: 49/57][0.04 sec][Hostname/SNI: datasaver.googleapis.com][172.217.21.202][PLAIN TEXT (datasaver)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 192.168.2.16:18379 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/100 bytes][Goodput ratio: 49/57][0.00 sec][Hostname/SNI: datasaver.googleapis.com][172.217.21.202][PLAIN TEXT (datasaver)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 UDP 192.168.2.16:39760 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.04 sec][Hostname/SNI: android.googleapis.com][172.217.22.10][PLAIN TEXT (android)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 UDP 192.168.2.16:45863 <-> 216.239.35.8:123 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 53/53][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 ICMPV6 [::]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][0.22 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 ICMPV6 [fe80::4e6a:f6ff:fe9f:f627]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][0.09 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 UDP 192.168.2.16:10677 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: proxy.googlezip.net][172.217.20.76][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 UDP 192.168.2.16:22850 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.04 sec][Hostname/SNI: proxy.googlezip.net][172.217.20.76][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 UDP 192.168.2.16:32412 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.04 sec][Hostname/SNI: check.googlezip.net][173.194.79.114][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 UDP 192.168.2.16:33240 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: check.googlezip.net][173.194.79.114][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 UDP 192.168.2.16:34540 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: clients1.google.com][216.239.38.120][PLAIN TEXT (clients)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 UDP 192.168.2.16:46359 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: accounts.google.com][216.239.38.120][PLAIN TEXT (accounts)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 UDP 192.168.2.16:51430 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][< 1 sec][Hostname/SNI: app-measurement.com][172.217.168.206][PLAIN TEXT (measurement)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 UDP 192.168.2.16:54837 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.04 sec][Hostname/SNI: play.googleapis.com][172.217.20.74][PLAIN TEXT (googleapis)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 UDP 192.168.2.16:56312 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: proxy.googlezip.net][172.217.20.76][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 UDP 192.168.2.16:58892 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: accounts.google.com][216.239.38.120][PLAIN TEXT (accounts)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 UDP 192.168.2.16:10677 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: proxy.googlezip.net][172.217.20.76][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 UDP 192.168.2.16:22850 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.04 sec][Hostname/SNI: proxy.googlezip.net][172.217.20.76][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 UDP 192.168.2.16:32412 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.04 sec][Hostname/SNI: check.googlezip.net][173.194.79.114][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 192.168.2.16:33240 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: check.googlezip.net][173.194.79.114][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 UDP 192.168.2.16:34540 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: clients1.google.com][216.239.38.120][PLAIN TEXT (clients)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 UDP 192.168.2.16:46359 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: accounts.google.com][216.239.38.120][PLAIN TEXT (accounts)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 UDP 192.168.2.16:51430 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][< 1 sec][Hostname/SNI: app-measurement.com][172.217.168.206][PLAIN TEXT (measurement)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 UDP 192.168.2.16:54837 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.04 sec][Hostname/SNI: play.googleapis.com][172.217.20.74][PLAIN TEXT (googleapis)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 UDP 192.168.2.16:56312 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: proxy.googlezip.net][172.217.20.76][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 UDP 192.168.2.16:58892 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Hostname/SNI: accounts.google.com][216.239.38.120][PLAIN TEXT (accounts)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 UDP 169.254.225.216:60538 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 UDP 192.168.2.1:51411 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 UDP 192.168.2.16:39008 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/76 bytes <-> 1 pkts/92 bytes][Goodput ratio: 44/54][0.00 sec][Hostname/SNI: mtalk.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 UDP 192.168.2.16:32832 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][< 1 sec][Hostname/SNI: www.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 UDP 192.168.2.16:40580 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 UDP 192.168.2.16:39008 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/92 bytes][Goodput ratio: 44/54][0.00 sec][Hostname/SNI: mtalk.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 UDP 192.168.2.16:32832 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][< 1 sec][Hostname/SNI: www.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 UDP 192.168.2.16:40580 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 ICMPV6 [fe80::4e6a:f6ff:fe9f:f627]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][4.26 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 TCP 95.101.24.53:443 -> 192.168.2.17:50677 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index ebfc2f2a1..00e63667a 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -74,17 +74,17 @@ JA3 Host Stats: 26 UDP 10.0.0.149:51382 -> 10.0.0.227:57547 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][12.10 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 TCP 10.0.0.227:56879 <-> 52.10.115.210:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/342 bytes <-> 2 pkts/202 bytes][Goodput ratio: 23/34][0.61 sec][bytes ratio: 0.257 (Upload)][IAT c2s/s2c min/avg/max/stddev: 33/574 203/574 541/574 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/101 86/101 105/101 20/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Hostname/SNI: 1-courier.sandbox.push.apple.com][17.188.138.71][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Hostname/SNI: 1-courier.sandbox.push.apple.com][17.188.138.71][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 10.0.0.227:56916 -> 10.0.0.151:8009 [proto: 139/AJP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][5 pkts/390 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0/28][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 10.0.0.151:1900 -> 10.0.0.227:61328 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 TCP 10.0.0.227:56910 <-> 35.201.124.9:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/170 bytes <-> 2 pkts/164 bytes][Goodput ratio: 22/19][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP 10.0.0.227:62427 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: ConnCheck/30][1 pkts/84 bytes <-> 1 pkts/242 bytes][Goodput ratio: 49/82][0.02 sec][Hostname/SNI: detectportal.firefox.com][184.25.56.82][PLAIN TEXT (detectportal)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 UDP 10.0.0.227:58074 <-> 75.75.75.75:53 [proto: 5.21/DNS.Outlook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Email/3][1 pkts/75 bytes <-> 1 pkts/230 bytes][Goodput ratio: 43/81][0.01 sec][Hostname/SNI: www.outlook.com][40.97.222.34][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 10.0.0.227:60341 <-> 75.75.75.75:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/224 bytes][Goodput ratio: 42/81][0.01 sec][Hostname/SNI: www.apple.com][184.27.115.161][PLAIN TEXT (edgekey)][Plen Bins: 50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 UDP 10.0.0.227:64193 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/85 bytes <-> 1 pkts/192 bytes][Goodput ratio: 50/78][0.02 sec][Hostname/SNI: 24-courier.push.apple.com][17.57.144.20][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 UDP 10.0.0.227:51060 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/84 bytes <-> 1 pkts/190 bytes][Goodput ratio: 49/77][0.02 sec][Hostname/SNI: 1-courier.push.apple.com][17.57.144.116][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 UDP 10.0.0.227:58074 <-> 75.75.75.75:53 [proto: 5.21/DNS.Outlook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/230 bytes][Goodput ratio: 43/81][0.01 sec][Hostname/SNI: www.outlook.com][40.97.222.34][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 10.0.0.227:60341 <-> 75.75.75.75:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/224 bytes][Goodput ratio: 42/81][0.01 sec][Hostname/SNI: www.apple.com][184.27.115.161][PLAIN TEXT (edgekey)][Plen Bins: 50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 UDP 10.0.0.227:64193 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/192 bytes][Goodput ratio: 50/78][0.02 sec][Hostname/SNI: 24-courier.push.apple.com][17.57.144.20][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 UDP 10.0.0.227:51060 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/190 bytes][Goodput ratio: 49/77][0.02 sec][Hostname/SNI: 1-courier.push.apple.com][17.57.144.116][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 UDP 10.0.0.227:52879 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54/75][0.02 sec][Hostname/SNI: vcacrashplan01.hq.corp.viasat.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code 3][PLAIN TEXT (cacrashplan)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 UDP 10.0.0.227:57261 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/174 bytes][Goodput ratio: 54/75][0.02 sec][Hostname/SNI: vcacrashplan01.hq.corp.viasat.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code 3][PLAIN TEXT (cacrashplan)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 UDP 10.0.0.227:61387 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/163 bytes][Goodput ratio: 48/74][0.03 sec][Hostname/SNI: vco.pandion.viasat.com][::][PLAIN TEXT (pandion)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -103,7 +103,7 @@ JA3 Host Stats: 55 ICMPV6 [fe80::408:3e45:3abc:1552]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][1.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 UDP 10.0.0.227:51990 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/91 bytes][Goodput ratio: 43/53][0.04 sec][Hostname/SNI: mail.viasat.com][8.37.103.196][PLAIN TEXT (viasat)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 UDP 10.0.0.227:57253 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.02 sec][Hostname/SNI: mozilla.org][63.245.208.195][PLAIN TEXT (mozilla)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 58 UDP 10.0.0.227:58155 <-> 75.75.76.76:53 [proto: 5.118/DNS.Slack][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 39/50][0.03 sec][Hostname/SNI: slack.com][99.86.34.156][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 58 UDP 10.0.0.227:58155 <-> 75.75.76.76:53 [proto: 5.118/DNS.Slack][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 39/50][0.03 sec][Hostname/SNI: slack.com][99.86.34.156][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 TCP 10.0.0.227:56874 <-> 74.125.197.188:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 IGMP 10.0.0.213:0 -> 224.0.0.2:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][13.31 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 61 IGMP 10.0.0.213:0 -> 224.0.0.251:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][13.31 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/anydesk.pcapng.out b/tests/result/anydesk.pcapng.out index f230ecf19..3a5922cf3 100644 --- a/tests/result/anydesk.pcapng.out +++ b/tests/result/anydesk.pcapng.out @@ -36,5 +36,5 @@ JA3 Host Stats: 3 TCP 192.168.1.128:48260 <-> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][27 pkts/7693 bytes <-> 27 pkts/4853 bytes][Goodput ratio: 77/63][58.81 sec][ALPN: anydesk/6.2.0/linux][bytes ratio: 0.226 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2284/1898 10210/10228 4074/3857][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 285/180 1514/1514 460/331][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,35,20,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,15,0,0] 4 TCP 192.168.1.178:52039 <-> 192.168.1.187:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][8 pkts/2035 bytes <-> 7 pkts/2157 bytes][Goodput ratio: 76/82][0.56 sec][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/40 406/85 150/33][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 254/308 1340/968 419/387][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 220][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384 / Found AnyDesk][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA3S: 4b505adfb4a921c5a3a39d293b0811e1 (WEAK)][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: 86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E][Firefox][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,20,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0] 5 TCP 192.168.149.129:36351 <-> 51.83.239.144:80 [proto: 91/TLS][IP: 252/AnyDesk][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/792 bytes <-> 10 pkts/925 bytes][Goodput ratio: 32/38][45.83 sec][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 32/31 5700/5700 15000/15001 7162/7162][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/92 105/213 25/45][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,90,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.1.187:55376 <-> 192.168.1.1:53 [proto: 5.252/DNS.AnyDesk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: RemoteAccess/12][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-9b6827f2.net.anydesk.com][138.199.36.115][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 192.168.1.187:59511 <-> 192.168.1.1:53 [proto: 5.252/DNS.AnyDesk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: RemoteAccess/12][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-3185a847.net.anydesk.com][37.61.223.15][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.1.187:55376 <-> 192.168.1.1:53 [proto: 5.252/DNS.AnyDesk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-9b6827f2.net.anydesk.com][138.199.36.115][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.1.187:59511 <-> 192.168.1.1:53 [proto: 5.252/DNS.AnyDesk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-3185a847.net.anydesk.com][37.61.223.15][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dns_ambiguous_names.pcap.out b/tests/result/dns_ambiguous_names.pcap.out index 87bba5a52..29a10c89a 100644 --- a/tests/result/dns_ambiguous_names.pcap.out +++ b/tests/result/dns_ambiguous_names.pcap.out @@ -28,13 +28,13 @@ GoogleServices 2 235 1 Teams 6 790 3 AppleSiri 2 234 1 - 1 UDP 10.200.2.11:57632 <-> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/97 bytes <-> 1 pkts/377 bytes][Goodput ratio: 56/89][0.03 sec][Hostname/SNI: android.clients.google.com][108.177.14.101][PLAIN TEXT (android)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 10.200.2.11:48375 <-> 8.8.8.8:53 [proto: 5.238/DNS.ApplePush][IP: 126/Google][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/96 bytes <-> 1 pkts/318 bytes][Goodput ratio: 56/87][0.04 sec][Hostname/SNI: 41-courier.push.apple.com][17.57.146.139][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 10.200.2.11:57051 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/90 bytes <-> 1 pkts/221 bytes][Goodput ratio: 53/81][0.03 sec][Hostname/SNI: api.teams.skype.com][52.113.194.131][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 10.200.2.11:42790 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/92 bytes <-> 1 pkts/166 bytes][Goodput ratio: 54/74][0.08 sec][Hostname/SNI: _.teams.microsoft.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code 3][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP 10.200.2.11:46134 <-> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][cat: Web/5][1 pkts/92 bytes <-> 1 pkts/143 bytes][Goodput ratio: 54/70][0.03 sec][Hostname/SNI: alt2-mtalk.google.com][173.194.202.188][PLAIN TEXT (google)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 10.200.2.11:52541 <-> 8.8.8.8:53 [proto: 5.254/DNS.AppleSiri][IP: 126/Google][ClearText][Confidence: DPI][cat: VirtAssistant/32][1 pkts/88 bytes <-> 1 pkts/146 bytes][Goodput ratio: 52/71][0.06 sec][Hostname/SNI: guzzoni.apple.com][17.130.21.5][PLAIN TEXT (guzzoni)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 10.200.2.11:57290 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/86 bytes <-> 1 pkts/135 bytes][Goodput ratio: 51/68][0.03 sec][Hostname/SNI: teams.skype.com][13.107.3.128][PLAIN TEXT (msedge)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 10.200.2.11:44883 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/102 bytes <-> 1 pkts/118 bytes][Goodput ratio: 58/64][0.04 sec][Hostname/SNI: instagram.faae1-1.fna.fbcdn.net][41.220.158.96][PLAIN TEXT (instagram)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 10.200.2.11:53951 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][IP: 126/Google][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/90 bytes <-> 1 pkts/122 bytes][Goodput ratio: 53/65][0.34 sec][Hostname/SNI: short.weixin.qq.com][203.205.254.77][PLAIN TEXT (weixin)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 UDP 10.200.2.11:44198 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][IP: 126/Google][ClearText][Confidence: DPI][cat: Web/5][1 pkts/96 bytes <-> 1 pkts/112 bytes][Goodput ratio: 56/62][0.03 sec][Hostname/SNI: wide-youtube.l.google.com][64.233.164.198][PLAIN TEXT (youtube)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 10.200.2.11:57632 <-> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/377 bytes][Goodput ratio: 56/89][0.03 sec][Hostname/SNI: android.clients.google.com][108.177.14.101][PLAIN TEXT (android)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 10.200.2.11:48375 <-> 8.8.8.8:53 [proto: 5.238/DNS.ApplePush][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/318 bytes][Goodput ratio: 56/87][0.04 sec][Hostname/SNI: 41-courier.push.apple.com][17.57.146.139][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 10.200.2.11:57051 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/221 bytes][Goodput ratio: 53/81][0.03 sec][Hostname/SNI: api.teams.skype.com][52.113.194.131][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 10.200.2.11:42790 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/166 bytes][Goodput ratio: 54/74][0.08 sec][Hostname/SNI: _.teams.microsoft.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code 3][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 10.200.2.11:46134 <-> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/143 bytes][Goodput ratio: 54/70][0.03 sec][Hostname/SNI: alt2-mtalk.google.com][173.194.202.188][PLAIN TEXT (google)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 10.200.2.11:52541 <-> 8.8.8.8:53 [proto: 5.254/DNS.AppleSiri][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/88 bytes <-> 1 pkts/146 bytes][Goodput ratio: 52/71][0.06 sec][Hostname/SNI: guzzoni.apple.com][17.130.21.5][PLAIN TEXT (guzzoni)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 10.200.2.11:57290 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/135 bytes][Goodput ratio: 51/68][0.03 sec][Hostname/SNI: teams.skype.com][13.107.3.128][PLAIN TEXT (msedge)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 10.200.2.11:44883 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/102 bytes <-> 1 pkts/118 bytes][Goodput ratio: 58/64][0.04 sec][Hostname/SNI: instagram.faae1-1.fna.fbcdn.net][41.220.158.96][PLAIN TEXT (instagram)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 10.200.2.11:53951 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/122 bytes][Goodput ratio: 53/65][0.34 sec][Hostname/SNI: short.weixin.qq.com][203.205.254.77][PLAIN TEXT (weixin)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 10.200.2.11:44198 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/112 bytes][Goodput ratio: 56/62][0.03 sec][Hostname/SNI: wide-youtube.l.google.com][64.233.164.198][PLAIN TEXT (youtube)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index fa6ab532e..967e01e03 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -27,11 +27,11 @@ Dropbox 848 90532 15 4 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes][Goodput ratio: 70/32][11.20 sec][bytes ratio: 0.383 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 112/113 151/147 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][13.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2621/0 13107/0 5243/0][Pkt Len c2s/s2c min/avg/max/stddev: 237/0 237/0 237/0 0/0][PLAIN TEXT ( 274363570036934823360341409051)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][13.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2621/0 13107/0 5243/0][Pkt Len c2s/s2c min/avg/max/stddev: 237/0 237/0 237/0 0/0][PLAIN TEXT ( 274363570036934823360341409051)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Goodput ratio: 46/84][0.04 sec][Hostname/SNI: log.getdropbox.com][::][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/194 78/270 78/345 0/76][PLAIN TEXT (getdropbox)][Plen Bins: 0,50,0,0,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/666 bytes][Goodput ratio: 46/87][0.12 sec][Hostname/SNI: client.dropbox.com][108.160.172.204][PLAIN TEXT (client)][Plen Bins: 0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][2 pkts/146 bytes <-> 2 pkts/646 bytes][Goodput ratio: 42/87][0.17 sec][Hostname/SNI: d.dropbox.com][108.160.172.225][PLAIN TEXT (dropbox)][Plen Bins: 50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][2 pkts/162 bytes <-> 2 pkts/612 bytes][Goodput ratio: 48/86][0.18 sec][Hostname/SNI: client-cf.dropbox.com][54.240.174.31][PLAIN TEXT (client)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/588 bytes][Goodput ratio: 46/86][0.03 sec][Hostname/SNI: notify.dropbox.com][162.125.17.131][PLAIN TEXT (notify)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Goodput ratio: 46/84][0.04 sec][Hostname/SNI: log.getdropbox.com][::][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/194 78/270 78/345 0/76][PLAIN TEXT (getdropbox)][Plen Bins: 0,50,0,0,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/156 bytes <-> 2 pkts/666 bytes][Goodput ratio: 46/87][0.12 sec][Hostname/SNI: client.dropbox.com][108.160.172.204][PLAIN TEXT (client)][Plen Bins: 0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/146 bytes <-> 2 pkts/646 bytes][Goodput ratio: 42/87][0.17 sec][Hostname/SNI: d.dropbox.com][108.160.172.225][PLAIN TEXT (dropbox)][Plen Bins: 50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/162 bytes <-> 2 pkts/612 bytes][Goodput ratio: 48/86][0.18 sec][Hostname/SNI: client-cf.dropbox.com][54.240.174.31][PLAIN TEXT (client)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/156 bytes <-> 2 pkts/588 bytes][Goodput ratio: 46/86][0.03 sec][Hostname/SNI: notify.dropbox.com][162.125.17.131][PLAIN TEXT (notify)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][3 pkts/630 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][60.01 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 192.168.1.6:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][3 pkts/630 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][60.01 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.1.64:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][3 pkts/615 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][31.34 sec][PLAIN TEXT (namespaces)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index 4bca89262..c18d8445a 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -62,17 +62,17 @@ JA3 Host Stats: 24 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][Goodput ratio: 62/50][0.80 sec][Hostname/SNI: telegraph-ash.instagram.com][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 94/80 183/182 82/81][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 176/133 530/231 155/70][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA3S: acb741bcdffb787c5a52654c78645bdf][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,12,0,25,12,12,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][4 pkts/580 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][0.01 sec][PLAIN TEXT ( 413767116)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][5 pkts/510 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][2.67 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/305 bytes][Goodput ratio: 52/86][0.05 sec][Hostname/SNI: igcdn-photos-h-a.akamaihd.net][46.33.70.174][PLAIN TEXT (photos)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/305 bytes][Goodput ratio: 52/86][0.05 sec][Hostname/SNI: igcdn-photos-h-a.akamaihd.net][46.33.70.174][PLAIN TEXT (photos)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/324 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: photos-a.ak.instagram.com][URL: photos-a.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11248829_853782121373976_909936934_n.jpg?se=7][StatusCode: 0][User-Agent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /hphotos)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/321 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: photos-g.ak.instagram.com][URL: photos-g.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11379284_1651416798408214_1525641466_n.jpg][StatusCode: 0][User-Agent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /hphotos)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Goodput ratio: 52/80][0.05 sec][Hostname/SNI: igcdn-photos-g-a.akamaihd.net][46.33.70.136][PLAIN TEXT (photos)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Goodput ratio: 52/80][0.05 sec][Hostname/SNI: igcdn-photos-a-a.akamaihd.net][82.85.26.154][PLAIN TEXT (photos)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/209 bytes][Goodput ratio: 52/80][0.05 sec][Hostname/SNI: igcdn-photos-g-a.akamaihd.net][46.33.70.136][PLAIN TEXT (photos)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/209 bytes][Goodput ratio: 52/80][0.05 sec][Hostname/SNI: igcdn-photos-a-a.akamaihd.net][82.85.26.154][PLAIN TEXT (photos)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/169 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/145 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][PLAIN TEXT ( 413767116)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/85 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Hostname/SNI: photos-b.ak.instagram.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (photos)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/85 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Hostname/SNI: photos-b.ak.instagram.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (photos)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/iphone.pcap.out b/tests/result/iphone.pcap.out index a019747e4..bedb261ed 100644 --- a/tests/result/iphone.pcap.out +++ b/tests/result/iphone.pcap.out @@ -62,28 +62,28 @@ JA3 Host Stats: 20 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][2 pkts/1104 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 UDP 192.168.2.1:67 -> 192.168.2.17:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP [fe80::823:3f17:8298:a29c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/512 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.56 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.168.2.17:63381 <-> 192.168.2.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/90 bytes <-> 1 pkts/264 bytes][Goodput ratio: 53/84][0.04 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][17.248.185.87][PLAIN TEXT (valueservice)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.2.17:63381 <-> 192.168.2.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/264 bytes][Goodput ratio: 53/84][0.04 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][17.248.185.87][PLAIN TEXT (valueservice)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 ICMP 192.168.2.17:0 -> 192.168.2.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][5 pkts/350 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.34 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 UDP 192.168.2.17:63143 <-> 192.168.2.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/84 bytes <-> 1 pkts/252 bytes][Goodput ratio: 49/83][0.04 sec][Hostname/SNI: p26-fmfmobile.icloud.com][17.248.185.140][PLAIN TEXT (fmfmobile)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 UDP 192.168.2.17:52852 <-> 192.168.2.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/78 bytes <-> 1 pkts/244 bytes][Goodput ratio: 46/82][0.04 sec][Hostname/SNI: gateway.icloud.com][17.248.176.75][PLAIN TEXT (gateway)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 UDP 192.168.2.17:53272 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/81 bytes <-> 1 pkts/241 bytes][Goodput ratio: 48/82][0.05 sec][Hostname/SNI: play.itunes.apple.com][92.123.77.26][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 UDP 192.168.2.17:65079 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/81 bytes <-> 1 pkts/241 bytes][Goodput ratio: 48/82][0.00 sec][Hostname/SNI: play.itunes.apple.com][92.123.77.26][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 UDP 192.168.2.17:61862 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/83 bytes <-> 1 pkts/227 bytes][Goodput ratio: 49/81][0.04 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][95.101.25.53][PLAIN TEXT (gspe35)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 UDP 192.168.2.17:49880 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/81 bytes <-> 1 pkts/222 bytes][Goodput ratio: 48/81][0.05 sec][Hostname/SNI: init.itunes.apple.com][95.101.24.53][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 UDP 192.168.2.17:53317 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/224 bytes][Goodput ratio: 46/81][0.04 sec][Hostname/SNI: iphone-ld.apple.com][92.122.252.82][PLAIN TEXT (iphone)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 UDP 192.168.2.17:63677 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/81 bytes <-> 1 pkts/222 bytes][Goodput ratio: 48/81][0.04 sec][Hostname/SNI: sync.itunes.apple.com][95.101.24.53][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 UDP 192.168.2.17:53983 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/80 bytes <-> 1 pkts/221 bytes][Goodput ratio: 47/81][0.05 sec][Hostname/SNI: bag.itunes.apple.com][95.101.24.53][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 UDP 192.168.2.17:63377 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/80 bytes <-> 1 pkts/221 bytes][Goodput ratio: 47/81][0.05 sec][Hostname/SNI: bag.itunes.apple.com][95.101.24.53][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 UDP 192.168.2.17:51007 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: ConnCheck/30][1 pkts/77 bytes <-> 1 pkts/221 bytes][Goodput ratio: 45/81][0.04 sec][Hostname/SNI: captive.apple.com][17.253.105.202][PLAIN TEXT (captive)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 UDP 192.168.2.17:55457 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/214 bytes][Goodput ratio: 43/80][0.04 sec][Hostname/SNI: mesu.apple.com][17.253.105.202][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 192.168.2.17:62526 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/212 bytes][Goodput ratio: 42/80][0.05 sec][Hostname/SNI: cl4.apple.com][104.73.61.30][PLAIN TEXT (origin)][Plen Bins: 50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 UDP 192.168.2.17:52682 <-> 192.168.2.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.04 sec][Hostname/SNI: www.icloud.com][23.45.74.46][PLAIN TEXT (icloud)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 192.168.2.17:63143 <-> 192.168.2.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/252 bytes][Goodput ratio: 49/83][0.04 sec][Hostname/SNI: p26-fmfmobile.icloud.com][17.248.185.140][PLAIN TEXT (fmfmobile)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 192.168.2.17:52852 <-> 192.168.2.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/244 bytes][Goodput ratio: 46/82][0.04 sec][Hostname/SNI: gateway.icloud.com][17.248.176.75][PLAIN TEXT (gateway)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 192.168.2.17:53272 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/241 bytes][Goodput ratio: 48/82][0.05 sec][Hostname/SNI: play.itunes.apple.com][92.123.77.26][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 UDP 192.168.2.17:65079 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/241 bytes][Goodput ratio: 48/82][0.00 sec][Hostname/SNI: play.itunes.apple.com][92.123.77.26][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 UDP 192.168.2.17:61862 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/227 bytes][Goodput ratio: 49/81][0.04 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][95.101.25.53][PLAIN TEXT (gspe35)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 UDP 192.168.2.17:49880 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/222 bytes][Goodput ratio: 48/81][0.05 sec][Hostname/SNI: init.itunes.apple.com][95.101.24.53][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 UDP 192.168.2.17:53317 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/224 bytes][Goodput ratio: 46/81][0.04 sec][Hostname/SNI: iphone-ld.apple.com][92.122.252.82][PLAIN TEXT (iphone)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 UDP 192.168.2.17:63677 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/222 bytes][Goodput ratio: 48/81][0.04 sec][Hostname/SNI: sync.itunes.apple.com][95.101.24.53][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 UDP 192.168.2.17:53983 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/221 bytes][Goodput ratio: 47/81][0.05 sec][Hostname/SNI: bag.itunes.apple.com][95.101.24.53][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 UDP 192.168.2.17:63377 <-> 192.168.2.1:53 [proto: 5.145/DNS.AppleiTunes][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/221 bytes][Goodput ratio: 47/81][0.05 sec][Hostname/SNI: bag.itunes.apple.com][95.101.24.53][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 UDP 192.168.2.17:51007 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/221 bytes][Goodput ratio: 45/81][0.04 sec][Hostname/SNI: captive.apple.com][17.253.105.202][PLAIN TEXT (captive)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 UDP 192.168.2.17:55457 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/214 bytes][Goodput ratio: 43/80][0.04 sec][Hostname/SNI: mesu.apple.com][17.253.105.202][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 192.168.2.17:62526 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/212 bytes][Goodput ratio: 42/80][0.05 sec][Hostname/SNI: cl4.apple.com][104.73.61.30][PLAIN TEXT (origin)][Plen Bins: 50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 UDP 192.168.2.17:52682 <-> 192.168.2.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.04 sec][Hostname/SNI: www.icloud.com][23.45.74.46][PLAIN TEXT (icloud)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 ICMPV6 [fe80::823:3f17:8298:a29c]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/260 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][1.00 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 UDP 192.168.2.17:55914 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/146 bytes][Goodput ratio: 48/71][0.04 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][17.130.2.46][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 UDP 192.168.2.17:55914 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/146 bytes][Goodput ratio: 48/71][0.04 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][17.130.2.46][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 UDP 192.168.2.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][1.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 UDP 192.168.2.17:64203 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/80 bytes <-> 1 pkts/135 bytes][Goodput ratio: 47/68][0.04 sec][Hostname/SNI: basejumper.apple.com][::][PLAIN TEXT (basejumper)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 UDP 192.168.2.17:52031 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/127 bytes][Goodput ratio: 42/66][0.03 sec][Hostname/SNI: gsa.apple.com][17.137.166.35][PLAIN TEXT (akadns)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 UDP 192.168.2.17:62160 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/127 bytes][Goodput ratio: 42/66][0.04 sec][Hostname/SNI: gsa.apple.com][17.137.166.35][PLAIN TEXT (akadns)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 UDP 192.168.2.17:64203 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/135 bytes][Goodput ratio: 47/68][0.04 sec][Hostname/SNI: basejumper.apple.com][::][PLAIN TEXT (basejumper)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 UDP 192.168.2.17:52031 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/127 bytes][Goodput ratio: 42/66][0.03 sec][Hostname/SNI: gsa.apple.com][17.137.166.35][PLAIN TEXT (akadns)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 UDP 192.168.2.17:62160 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/127 bytes][Goodput ratio: 42/66][0.04 sec][Hostname/SNI: gsa.apple.com][17.137.166.35][PLAIN TEXT (akadns)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Music/25][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][30.01 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 UDP 169.254.225.216:60538 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP 192.168.2.1:51411 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index b3023e61f..86f0484d7 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -81,16 +81,16 @@ JA3 Host Stats: 45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][Goodput ratio: 76/81][0.21 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/20 92/54 34/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283/355 1450/1066 419/413][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0] 46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][Goodput ratio: 39/69][30.71 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3064/6120 30486/30536 9141/12208][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 108/215 309/989 83/296][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,12,12,0,12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][16 pkts/2648 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][79.13 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 105/0 4588/0 14907/0 6547/0][Pkt Len c2s/s2c min/avg/max/stddev: 164/0 166/0 167/0 2/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Goodput ratio: 47/87][0.02 sec][Hostname/SNI: ios.nccp.netflix.com][54.191.17.51][PLAIN TEXT (netflix)][Plen Bins: 0,50,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][2 pkts/160 bytes <-> 2 pkts/646 bytes][Goodput ratio: 47/87][0.04 sec][Hostname/SNI: ios.nccp.netflix.com][52.32.22.214][PLAIN TEXT (netflix)][Plen Bins: 0,50,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/80 bytes <-> 1 pkts/371 bytes][Goodput ratio: 47/88][0.04 sec][Hostname/SNI: ios.nccp.netflix.com][2620:108:700f::3428:72a3][PLAIN TEXT (netflix)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/83 bytes <-> 1 pkts/248 bytes][Goodput ratio: 49/83][0.02 sec][Hostname/SNI: ichnaea.geo.netflix.com][52.37.36.252][PLAIN TEXT (ichnaea)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/97 bytes <-> 1 pkts/225 bytes][Goodput ratio: 56/81][0.02 sec][Hostname/SNI: api-global.latency.prodaa.netflix.com][52.89.39.139][PLAIN TEXT (global)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/97 bytes <-> 1 pkts/225 bytes][Goodput ratio: 56/81][0.03 sec][Hostname/SNI: api-global.latency.prodaa.netflix.com][52.41.30.5][PLAIN TEXT (global)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/96 bytes <-> 1 pkts/224 bytes][Goodput ratio: 56/81][0.00 sec][Hostname/SNI: ichnaea.us-west-2.prodaa.netflix.com][54.69.204.241][PLAIN TEXT (ichnaea)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/79 bytes <-> 1 pkts/192 bytes][Goodput ratio: 46/78][0.02 sec][Hostname/SNI: appboot.netflix.com][54.201.191.132][PLAIN TEXT (appboot)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/84 bytes <-> 1 pkts/148 bytes][Goodput ratio: 49/71][0.01 sec][Hostname/SNI: artwork.akam.nflximg.net][184.25.204.25][PLAIN TEXT (artwork)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/85 bytes <-> 1 pkts/137 bytes][Goodput ratio: 50/69][0.02 sec][Hostname/SNI: sha2.san.akam.nflximg.net][104.86.97.179][PLAIN TEXT (akamaiedge)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/160 bytes <-> 2 pkts/646 bytes][Goodput ratio: 47/87][0.02 sec][Hostname/SNI: ios.nccp.netflix.com][54.191.17.51][PLAIN TEXT (netflix)][Plen Bins: 0,50,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/160 bytes <-> 2 pkts/646 bytes][Goodput ratio: 47/87][0.04 sec][Hostname/SNI: ios.nccp.netflix.com][52.32.22.214][PLAIN TEXT (netflix)][Plen Bins: 0,50,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/371 bytes][Goodput ratio: 47/88][0.04 sec][Hostname/SNI: ios.nccp.netflix.com][2620:108:700f::3428:72a3][PLAIN TEXT (netflix)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/248 bytes][Goodput ratio: 49/83][0.02 sec][Hostname/SNI: ichnaea.geo.netflix.com][52.37.36.252][PLAIN TEXT (ichnaea)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/225 bytes][Goodput ratio: 56/81][0.02 sec][Hostname/SNI: api-global.latency.prodaa.netflix.com][52.89.39.139][PLAIN TEXT (global)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/225 bytes][Goodput ratio: 56/81][0.03 sec][Hostname/SNI: api-global.latency.prodaa.netflix.com][52.41.30.5][PLAIN TEXT (global)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/224 bytes][Goodput ratio: 56/81][0.00 sec][Hostname/SNI: ichnaea.us-west-2.prodaa.netflix.com][54.69.204.241][PLAIN TEXT (ichnaea)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/192 bytes][Goodput ratio: 46/78][0.02 sec][Hostname/SNI: appboot.netflix.com][54.201.191.132][PLAIN TEXT (appboot)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/148 bytes][Goodput ratio: 49/71][0.01 sec][Hostname/SNI: artwork.akam.nflximg.net][184.25.204.25][PLAIN TEXT (artwork)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/137 bytes][Goodput ratio: 50/69][0.02 sec][Hostname/SNI: sha2.san.akam.nflximg.net][104.86.97.179][PLAIN TEXT (akamaiedge)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/113 bytes][Goodput ratio: 48/62][0.02 sec][Hostname/SNI: a1907.dscg.akamai.net][184.25.204.10][PLAIN TEXT (akamai)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/112 bytes][Goodput ratio: 47/62][0.02 sec][Hostname/SNI: a803.dscg.akamai.net][184.25.204.24][PLAIN TEXT (akamai)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][14.20 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 24d22100f..e38b081f0 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -43,10 +43,10 @@ JA3 Host Stats: 8 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][8 pkts/1024 bytes <-> 8 pkts/1024 bytes][Goodput ratio: 67/67][1.28 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/58 119/111 274/242 89/65][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 128/128 198/198 41/41][Plen Bins: 0,62,12,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes][Goodput ratio: 68/68][1.15 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/17 108/127 288/286 109/90][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 130/132 198/198 40/42][Plen Bins: 0,53,20,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][21 pkts/1470 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.73 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/0 315/0 92/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70/0 70/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][4 pkts/368 bytes <-> 4 pkts/400 bytes][Goodput ratio: 54/58][0.01 sec][Hostname/SNI: g2df33d01-lp1.p.srv.nintendo.net][52.10.205.177][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 4/4 5/5 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/92 92/100 92/108 0/8][PLAIN TEXT (nintendo)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/368 bytes <-> 4 pkts/400 bytes][Goodput ratio: 54/58][0.01 sec][Hostname/SNI: g2df33d01-lp1.p.srv.nintendo.net][52.10.205.177][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 4/4 5/5 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/92 92/100 92/108 0/8][PLAIN TEXT (nintendo)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][9 pkts/630 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.60 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/0 316/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70/0 70/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61/85][0.03 sec][Hostname/SNI: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.217][PLAIN TEXT (fb203858ebc)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61/85][< 1 sec][Hostname/SNI: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.8][PLAIN TEXT (fb203858ebc)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61/85][0.03 sec][Hostname/SNI: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.217][PLAIN TEXT (fb203858ebc)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61/85][< 1 sec][Hostname/SNI: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.8][PLAIN TEXT (fb203858ebc)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 1bd205d9a..1e63e8021 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -46,13 +46,13 @@ JA3 Host Stats: 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][1.18 sec][Hostname/SNI: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 197/0 503/0 209/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77/0 136/0 37/0][URL: api.eu01.capptain.com/ip-to-country][StatusCode: 0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /ip)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Goodput ratio: 33/0][0.23 sec][Hostname/SNI: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 46/0 101/0 39/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 80/0 211/0 59/0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][StatusCode: 0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /xmpp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][< 1 sec][Hostname/SNI: xmpp.device06.eu01.capptain.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (device06)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][< 1 sec][Hostname/SNI: android.clients.google.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (android)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5.275/DNS.Crashlytics][IP: 126/Google][ClearText][Confidence: DPI][cat: DataTransfer/4][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: settings.crashlytics.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (settings)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/72 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][< 1 sec][Hostname/SNI: android.clients.google.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (android)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5.275/DNS.Crashlytics][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: settings.crashlytics.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (settings)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Hostname/SNI: api.eu01.capptain.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (capptain)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][cat: Web/5][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Hostname/SNI: play.googleapis.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (googleapis)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][IP: 126/Google][ClearText][Confidence: DPI][cat: Media/1][1 pkts/63 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Hostname/SNI: ocu03.labgency.ws][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (labgency)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][IP: 126/Google][ClearText][Confidence: DPI][cat: Media/1][1 pkts/61 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Hostname/SNI: ocs.labgency.ws][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (labgency)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][IP: 126/Google][ClearText][Confidence: DPI][cat: Media/1][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][< 1 sec][Hostname/SNI: www.ocs.fr][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Hostname/SNI: play.googleapis.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (googleapis)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/63 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Hostname/SNI: ocu03.labgency.ws][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (labgency)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/61 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Hostname/SNI: ocs.labgency.ws][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (labgency)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][< 1 sec][Hostname/SNI: www.ocs.fr][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/punycode-idn.pcap.out b/tests/result/punycode-idn.pcap.out index 32bb709d6..45f223db4 100644 --- a/tests/result/punycode-idn.pcap.out +++ b/tests/result/punycode-idn.pcap.out @@ -25,5 +25,5 @@ HTTP 12 1597 1 Spotify 2 197 1 1 TCP 192.168.2.140:56011 <-> 170.33.9.230:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][cat: Web/5][7 pkts/568 bytes <-> 5 pkts/1029 bytes][Goodput ratio: 29/69][0.57 sec][Hostname/SNI: www.love.xn--55qx5d][bytes ratio: -0.289 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/122 222/352 90/163][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/206 137/765 36/280][URL: www.love.xn--55qx5d/][StatusCode: 403][Content-Type: text/html][User-Agent: curl/7.77.0][Risk: ** IDN Domain Name **** Error Code **][Risk Score: 20][Risk Info: www.love.xn--55qx5d / HTTP Error Code 403][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.2.140:45520 <-> 192.168.2.1:53 [proto: 5.156/DNS.Spotify][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Music/25][1 pkts/69 bytes <-> 1 pkts/128 bytes][Goodput ratio: 39/67][0.02 sec][Hostname/SNI: i.scdn.co][146.75.62.248][PLAIN TEXT (scdnco)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.2.140:45520 <-> 192.168.2.1:53 [proto: 5.156/DNS.Spotify][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/128 bytes][Goodput ratio: 39/67][0.02 sec][Hostname/SNI: i.scdn.co][146.75.62.248][PLAIN TEXT (scdnco)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.140:60156 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/81 bytes][Goodput ratio: 48/48][0.00 sec][Hostname/SNI: www.xn--mnich-kva.com][::][Risk: ** IDN Domain Name **** Error Code **][Risk Score: 20][Risk Info: www.xn--mnich-kva.com / DNS Error Code 3][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/signal.pcap.out b/tests/result/signal.pcap.out index 6aad1b3ba..571403cef 100644 --- a/tests/result/signal.pcap.out +++ b/tests/result/signal.pcap.out @@ -49,6 +49,6 @@ JA3 Host Stats: 14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 12/13][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158/4 347/16 157/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68/78 90/105 16/15][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 192.168.2.17:56996 <-> 17.248.146.144:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/341 bytes <-> 4 pkts/264 bytes][Goodput ratio: 23/0][0.03 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/0 8/0 25/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/66 112/66 20/0][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][5 pkts/317 bytes <-> 3 pkts/221 bytes][Goodput ratio: 7/10][0.03 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 24/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63/74 89/89 14/11][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 UDP 192.168.2.17:56263 <-> 192.168.2.1:53 [proto: 5.39/DNS.Signal][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/97 bytes <-> 1 pkts/193 bytes][Goodput ratio: 56/78][0.03 sec][Hostname/SNI: textsecure-service.whispersystems.org][54.175.47.110][PLAIN TEXT (textsecure)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 192.168.2.17:56263 <-> 192.168.2.1:53 [proto: 5.39/DNS.Signal][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/193 bytes][Goodput ratio: 56/78][0.03 sec][Hostname/SNI: textsecure-service.whispersystems.org][54.175.47.110][PLAIN TEXT (textsecure)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 192.168.2.17:60793 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.04 sec][Hostname/SNI: e673.dsce9.akamaiedge.net][23.57.24.16][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 ICMP 192.168.2.17:0 -> 192.168.2.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index f93130799..641fed455 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -89,34 +89,34 @@ JA3 Host Stats: 43 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/908 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][13.03 sec][Hostname/SNI: _afpovertcp._tcp.local][_afpovertcp._tcp.local][PLAIN TEXT (afpovertc)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/828 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][13.03 sec][Hostname/SNI: _afpovertcp._tcp.local][_afpovertcp._tcp.local][PLAIN TEXT (afpovertc)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][8 pkts/656 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][34.64 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 253/0 4948/0 31039/0 10656/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][26.45 sec][Hostname/SNI: a.config.skype.trafficmanager.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4409/0 9094/0 3390/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93/0 93/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][26.45 sec][Hostname/SNI: a.config.skype.trafficmanager.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4409/0 9094/0 3391/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93/0 93/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][9 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][80.52 sec][Hostname/SNI: ui.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1001/0 10065/0 27100/0 10269/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 72/0 72/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Hostname/SNI: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1098/0 7643/0 27099/0 8538/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Hostname/SNI: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1098/0 7643/0 27099/0 8538/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.39 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1051/0 4398/0 9075/0 3396/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.33 sec][Hostname/SNI: 335.0.7.7.3.rst13.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1040/0 4388/0 9099/0 3403/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.44 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1083/0 4406/0 9093/0 3395/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.33 sec][Hostname/SNI: 335.0.7.7.3.rst13.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1040/0 4388/0 9099/0 3403/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.39 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1051/0 4398/0 9075/0 3396/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.44 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1083/0 4406/0 9093/0 3395/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.34 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1055/0 4389/0 9029/0 3378/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 58 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.34 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1055/0 4389/0 9029/0 3378/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.40 sec][Hostname/SNI: 335.0.7.7.3.rst6.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4399/0 9084/0 3383/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.25 sec][Hostname/SNI: 335.0.7.7.3.rst5.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4374/0 9080/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.25 sec][Hostname/SNI: 335.0.7.7.3.rst5.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4374/0 9080/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 62 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.40 sec][Hostname/SNI: 335.0.7.7.3.rst6.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4399/0 9084/0 3383/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][26.45 sec][Hostname/SNI: a.config.skype.trafficmanager.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4409/0 9094/0 3390/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93/0 93/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][26.45 sec][Hostname/SNI: a.config.skype.trafficmanager.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4409/0 9094/0 3391/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93/0 93/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][9 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][80.52 sec][Hostname/SNI: ui.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1001/0 10065/0 27100/0 10269/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 72/0 72/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Hostname/SNI: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1098/0 7643/0 27099/0 8538/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Hostname/SNI: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1098/0 7643/0 27099/0 8538/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.39 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1051/0 4398/0 9075/0 3396/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.33 sec][Hostname/SNI: 335.0.7.7.3.rst13.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1040/0 4388/0 9099/0 3403/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.44 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1083/0 4406/0 9093/0 3395/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.33 sec][Hostname/SNI: 335.0.7.7.3.rst13.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1040/0 4388/0 9099/0 3403/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.39 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1051/0 4398/0 9075/0 3396/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.44 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1083/0 4406/0 9093/0 3395/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.34 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1055/0 4389/0 9029/0 3378/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 58 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.34 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1055/0 4389/0 9029/0 3378/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.40 sec][Hostname/SNI: 335.0.7.7.3.rst6.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4399/0 9084/0 3383/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.25 sec][Hostname/SNI: 335.0.7.7.3.rst5.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4374/0 9080/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.25 sec][Hostname/SNI: 335.0.7.7.3.rst5.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4374/0 9080/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.40 sec][Hostname/SNI: 335.0.7.7.3.rst6.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4399/0 9084/0 3383/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 63 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][8 pkts/608 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][11.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1001/0 1574/0 4002/0 1050/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 76/0 78/0 5/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 64 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.42 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4403/0 9097/0 3414/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 65 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.31 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384/0 9098/0 3397/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 66 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.31 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384/0 9098/0 3397/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 67 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.42 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4403/0 9097/0 3414/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 68 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.46 sec][Hostname/SNI: dsn4.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1006/0 4409/0 9093/0 3413/0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 76/0 76/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.46 sec][Hostname/SNI: dsn4.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1006/0 4409/0 9093/0 3413/0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 76/0 76/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 70 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.55 sec][Hostname/SNI: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4424/0 9093/0 3397/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 71 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.55 sec][Hostname/SNI: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1087/0 4424/0 9094/0 3398/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.42 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4403/0 9097/0 3414/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.31 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384/0 9098/0 3397/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 66 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.31 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384/0 9098/0 3397/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.42 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4403/0 9097/0 3414/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/532 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.46 sec][Hostname/SNI: dsn4.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1006/0 4409/0 9093/0 3413/0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 76/0 76/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/532 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.46 sec][Hostname/SNI: dsn4.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1006/0 4409/0 9093/0 3413/0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 76/0 76/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.55 sec][Hostname/SNI: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4424/0 9093/0 3397/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.55 sec][Hostname/SNI: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1087/0 4424/0 9094/0 3398/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Music/25][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][120.02 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 73 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][5 pkts/360 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][8.15 sec][Hostname/SNI: ui.skype.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][5 pkts/360 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][8.15 sec][Hostname/SNI: ui.skype.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 74 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 75 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -124,13 +124,13 @@ JA3 Host Stats: 78 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125.38/Skype_Teams.Skype_TeamsCall][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][20.13 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.38/Skype_Teams.Skype_TeamsCall][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][20.13 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Goodput ratio: 58/74][0.07 sec][Hostname/SNI: db3msgr5011709.gateway.messenger.live.com][::][PLAIN TEXT (MSGR5011709)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 81 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Goodput ratio: 58/68][0.05 sec][Hostname/SNI: p05-keyvalueservice.icloud.com.akadns.net][17.172.100.36][PLAIN TEXT (valueservice)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 81 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/133 bytes][Goodput ratio: 58/68][0.05 sec][Hostname/SNI: p05-keyvalueservice.icloud.com.akadns.net][17.172.100.36][PLAIN TEXT (valueservice)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 82 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][1.78 sec][Result: 0][Internal Port: 13021][External Port: 13021][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 83 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][1.83 sec][Result: 0][Internal Port: 13021][External Port: 13021][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 84 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 53/53][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 85 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.05 sec][Hostname/SNI: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 86 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.05 sec][Hostname/SNI: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 87 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.06 sec][Hostname/SNI: e7768.b.akamaiedge.net][23.223.73.34][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 85 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.05 sec][Hostname/SNI: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.05 sec][Hostname/SNI: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 87 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.06 sec][Hostname/SNI: e7768.b.akamaiedge.net][23.223.73.34][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 88 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.15 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 89 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][125.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 90 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.38/Skype_Teams.Skype_TeamsCall][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 211483cc2..0bd3b5317 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -77,26 +77,26 @@ JA3 Host Stats: 33 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT ( 3375359593)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT ( 3375359593)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][7 pkts/680 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][1.26 sec][Hostname/SNI: __msbrowse__][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 210/0 1261/0 470/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 97/0 110/0 8/0][PLAIN TEXT (FPFPENFDECFCEPFHFDEFFPFPACAB)][Plen Bins: 0,71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Hostname/SNI: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642/0 27046/0 8520/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Hostname/SNI: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642/0 27046/0 8520/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.41 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1071/0 4400/0 9094/0 3403/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.40 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1071/0 4400/0 9094/0 3403/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.56 sec][Hostname/SNI: 335.0.7.7.3.rst11.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426/0 9099/0 3400/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.50 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1049/0 4416/0 9099/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.56 sec][Hostname/SNI: 335.0.7.7.3.rst11.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426/0 9099/0 3400/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.50 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1049/0 4416/0 9099/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.33 sec][Hostname/SNI: 335.0.7.7.3.rst0.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4388/0 9077/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.33 sec][Hostname/SNI: 335.0.7.7.3.rst0.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4388/0 9077/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Hostname/SNI: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642/0 27046/0 8520/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Hostname/SNI: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642/0 27046/0 8520/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.41 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1071/0 4400/0 9094/0 3403/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.40 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1071/0 4400/0 9094/0 3403/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.56 sec][Hostname/SNI: 335.0.7.7.3.rst11.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426/0 9099/0 3400/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.50 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1049/0 4416/0 9099/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.56 sec][Hostname/SNI: 335.0.7.7.3.rst11.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426/0 9099/0 3400/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.50 sec][Hostname/SNI: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1049/0 4416/0 9099/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.33 sec][Hostname/SNI: 335.0.7.7.3.rst0.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4388/0 9077/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.33 sec][Hostname/SNI: 335.0.7.7.3.rst0.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4388/0 9077/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][6 pkts/353 bytes <-> 4 pkts/246 bytes][Goodput ratio: 1/2][13.03 sec][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/42 2605/4328 8814/8854 3478/3602][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 59/62 78/66 9/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][8 pkts/576 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][53.51 sec][Hostname/SNI: ui.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1023/0 7644/0 27037/0 8525/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 72/0 72/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.50 sec][Hostname/SNI: a.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1045/0 4417/0 9098/0 3408/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.46 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4409/0 9088/0 3399/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.46 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4409/0 9088/0 3399/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.50 sec][Hostname/SNI: a.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1044/0 4417/0 9098/0 3408/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.56 sec][Hostname/SNI: dsn13.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426/0 9099/0 3400/0][Pkt Len c2s/s2c min/avg/max/stddev: 77/0 77/0 77/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.56 sec][Hostname/SNI: dsn13.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426/0 9099/0 3400/0][Pkt Len c2s/s2c min/avg/max/stddev: 77/0 77/0 77/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.50 sec][Hostname/SNI: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1089/0 4416/0 9098/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.50 sec][Hostname/SNI: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4416/0 9098/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][8 pkts/576 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][53.51 sec][Hostname/SNI: ui.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1023/0 7644/0 27037/0 8525/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 72/0 72/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.50 sec][Hostname/SNI: a.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1045/0 4417/0 9098/0 3408/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.46 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4409/0 9088/0 3399/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.46 sec][Hostname/SNI: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4409/0 9088/0 3399/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.50 sec][Hostname/SNI: a.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1044/0 4417/0 9098/0 3408/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/539 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.56 sec][Hostname/SNI: dsn13.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426/0 9099/0 3400/0][Pkt Len c2s/s2c min/avg/max/stddev: 77/0 77/0 77/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/539 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.56 sec][Hostname/SNI: dsn13.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426/0 9099/0 3400/0][Pkt Len c2s/s2c min/avg/max/stddev: 77/0 77/0 77/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.50 sec][Hostname/SNI: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1089/0 4416/0 9098/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.50 sec][Hostname/SNI: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4416/0 9098/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][6 pkts/468 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1005/0 1010/0 1015/0 4/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][2 pkts/452 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][1.26 sec][Hostname/SNI: alicegate][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][PLAIN TEXT ( EBEMEJEDEFEHEBFEEFCACACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][2 pkts/432 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][1.26 sec][Hostname/SNI: lucasmacbookpro][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EMFFEDEBFDENEBEDECEPEPELFAFCEP)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -111,12 +111,12 @@ JA3 Host Stats: 67 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][1.83 sec][Result: 0][Internal Port: 13021][External Port: 13021][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 68 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: lucas-imac][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EMFFEDEBFDCNEJENEBEDCACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 69 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 70 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.06 sec][Hostname/SNI: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 71 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.06 sec][Hostname/SNI: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.06 sec][Hostname/SNI: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.06 sec][Hostname/SNI: e4593.g.akamaiedge.net][23.206.33.166][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: lucas-imac.local][lucas-imac.local][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 73 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 74 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: lucas-imac][PLAIN TEXT ( EMFFEDEBFDCNEJENEBEDCACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 75 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Goodput ratio: 47/0][< 1 sec][Hostname/SNI: apps.skypeassets.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypeassets)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 75 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes -> 0 pkts/0 bytes][Goodput ratio: 47/0][< 1 sec][Hostname/SNI: apps.skypeassets.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (skypeassets)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.38/Skype_Teams.Skype_TeamsCall][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 77 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.38/Skype_Teams.Skype_TeamsCall][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 78 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.38/Skype_Teams.Skype_TeamsCall][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index f5028e550..586fb43e7 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -101,29 +101,29 @@ JA3 Host Stats: 53 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 UDP 192.168.1.6:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/397 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (6.10.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 UDP 192.168.1.6:63930 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/96 bytes <-> 1 pkts/301 bytes][Goodput ratio: 56/86][0.04 sec][Hostname/SNI: dc.applicationinsights.microsoft.com][40.79.138.41][PLAIN TEXT (applicationinsights)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 UDP 192.168.1.6:63930 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/301 bytes][Goodput ratio: 56/86][0.04 sec][Hostname/SNI: dc.applicationinsights.microsoft.com][40.79.138.41][PLAIN TEXT (applicationinsights)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 UDP 192.168.1.6:54069 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/264 bytes][Goodput ratio: 49/84][0.06 sec][Hostname/SNI: api.microsoftstream.com][104.40.187.151][PLAIN TEXT (microsoftstream)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 UDP 192.168.1.6:62735 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/225 bytes][Goodput ratio: 53/81][0.01 sec][Hostname/SNI: euno-1.api.microsoftstream.com][52.169.186.119][PLAIN TEXT (microsoftstream)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code 3][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Suspicious DNS Traffic **][Risk Score: 100][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 67 UDP 192.168.1.6:55765 <-> 192.168.1.1:53 [proto: 5.276/DNS.Azure][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/109 bytes <-> 1 pkts/185 bytes][Goodput ratio: 61/77][0.01 sec][Hostname/SNI: b-tr-teams-euno-05.northeurope.cloudapp.azure.com][::][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 68 UDP 192.168.1.6:59403 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/80 bytes <-> 1 pkts/214 bytes][Goodput ratio: 47/80][0.01 sec][Hostname/SNI: substrate.office.com][13.107.18.11][PLAIN TEXT (substrate)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 UDP 192.168.1.6:49514 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/86 bytes <-> 1 pkts/204 bytes][Goodput ratio: 51/79][0.01 sec][Hostname/SNI: config.teams.microsoft.com][52.113.194.132][PLAIN TEXT (config)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 70 UDP 192.168.1.6:57530 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/100 bytes <-> 1 pkts/181 bytes][Goodput ratio: 57/76][0.03 sec][Hostname/SNI: presence.services.sfb.trafficmanager.net][52.114.77.58][PLAIN TEXT (presence)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 71 UDP 192.168.1.6:53678 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/103 bytes <-> 1 pkts/173 bytes][Goodput ratio: 59/75][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][2a01:111:f100:7000::6fdd:54a1][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 72 UDP 192.168.1.6:60837 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/100 bytes <-> 1 pkts/176 bytes][Goodput ratio: 57/76][0.01 sec][Hostname/SNI: c-flightproxy-euno-01-teams.cloudapp.net][::][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 73 UDP 192.168.1.6:65230 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/103 bytes <-> 1 pkts/161 bytes][Goodput ratio: 59/73][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][52.114.15.45][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 74 UDP 192.168.1.6:65387 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/93 bytes <-> 1 pkts/171 bytes][Goodput ratio: 54/75][0.01 sec][Hostname/SNI: northeuropecns.trafficmanager.net][52.114.76.48][PLAIN TEXT (northeuropecns)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 75 UDP 192.168.1.6:51033 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/80 bytes <-> 1 pkts/182 bytes][Goodput ratio: 47/77][0.04 sec][Hostname/SNI: eu-api.asm.skype.com][52.114.75.69][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Suspicious DNS Traffic **][Risk Score: 100][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 UDP 192.168.1.6:55765 <-> 192.168.1.1:53 [proto: 5.276/DNS.Azure][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/109 bytes <-> 1 pkts/185 bytes][Goodput ratio: 61/77][0.01 sec][Hostname/SNI: b-tr-teams-euno-05.northeurope.cloudapp.azure.com][::][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 UDP 192.168.1.6:59403 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/214 bytes][Goodput ratio: 47/80][0.01 sec][Hostname/SNI: substrate.office.com][13.107.18.11][PLAIN TEXT (substrate)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 UDP 192.168.1.6:49514 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/204 bytes][Goodput ratio: 51/79][0.01 sec][Hostname/SNI: config.teams.microsoft.com][52.113.194.132][PLAIN TEXT (config)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 UDP 192.168.1.6:57530 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/181 bytes][Goodput ratio: 57/76][0.03 sec][Hostname/SNI: presence.services.sfb.trafficmanager.net][52.114.77.58][PLAIN TEXT (presence)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 UDP 192.168.1.6:53678 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/173 bytes][Goodput ratio: 59/75][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][2a01:111:f100:7000::6fdd:54a1][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 UDP 192.168.1.6:60837 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/176 bytes][Goodput ratio: 57/76][0.01 sec][Hostname/SNI: c-flightproxy-euno-01-teams.cloudapp.net][::][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 UDP 192.168.1.6:65230 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/161 bytes][Goodput ratio: 59/73][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][52.114.15.45][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 UDP 192.168.1.6:65387 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/171 bytes][Goodput ratio: 54/75][0.01 sec][Hostname/SNI: northeuropecns.trafficmanager.net][52.114.76.48][PLAIN TEXT (northeuropecns)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 75 UDP 192.168.1.6:51033 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/182 bytes][Goodput ratio: 47/77][0.04 sec][Hostname/SNI: eu-api.asm.skype.com][52.114.75.69][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 UDP 192.168.1.6:51309 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/169 bytes][Goodput ratio: 54/75][0.01 sec][Hostname/SNI: skypedataprdcolneu04.cloudapp.net][::][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 UDP 192.168.1.6:62863 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/103 bytes <-> 1 pkts/158 bytes][Goodput ratio: 59/73][0.07 sec][Hostname/SNI: emea.ng.msg.teams-msgapi.trafficmanager.net][52.114.108.8][PLAIN TEXT (msgapi)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 78 UDP 192.168.1.6:56634 <-> 192.168.1.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: ConnCheck/30][1 pkts/89 bytes <-> 1 pkts/142 bytes][Goodput ratio: 52/70][0.03 sec][Hostname/SNI: captive.apple.com.edgekey.net][23.50.158.88][PLAIN TEXT (captive)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 UDP 192.168.1.6:62863 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/158 bytes][Goodput ratio: 59/73][0.07 sec][Hostname/SNI: emea.ng.msg.teams-msgapi.trafficmanager.net][52.114.108.8][PLAIN TEXT (msgapi)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 78 UDP 192.168.1.6:56634 <-> 192.168.1.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/142 bytes][Goodput ratio: 52/70][0.03 sec][Hostname/SNI: captive.apple.com.edgekey.net][23.50.158.88][PLAIN TEXT (captive)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 UDP 192.168.1.6:60813 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/109 bytes][Goodput ratio: 54/61][0.01 sec][Hostname/SNI: skypedataprdcolneu04.cloudapp.net][52.114.77.33][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 TCP 192.168.1.6:58533 -> 149.154.167.91:443 [proto: 91/TLS][IP: 185/Telegram][Encrypted][Confidence: Match by port][cat: Web/5][3 pkts/186 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][4.29 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 ICMP 93.71.110.205:0 -> 192.168.1.6:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/telegram.pcap.out b/tests/result/telegram.pcap.out index ca7d0f754..5adccd823 100644 --- a/tests/result/telegram.pcap.out +++ b/tests/result/telegram.pcap.out @@ -68,13 +68,13 @@ GoogleServices 2 186 1 30 UDP 192.168.1.53:54306 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][2 pkts/336 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][2.00 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 UDP 192.168.1.77:5353 -> 192.168.1.53:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 UDP 192.168.1.77:54595 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][8.49 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code 3][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 UDP 192.168.1.77:52118 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/75 bytes <-> 1 pkts/209 bytes][Goodput ratio: 43/80][0.01 sec][Hostname/SNI: in.appcenter.ms][20.44.78.251][PLAIN TEXT (appcenter)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 UDP 192.168.1.77:52118 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/209 bytes][Goodput ratio: 43/80][0.01 sec][Hostname/SNI: in.appcenter.ms][20.44.78.251][PLAIN TEXT (appcenter)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 UDP 192.168.1.77:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP 192.168.1.43:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: desktop-rb5t12g][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EEEFFDELFEEPFACNFCECDFFEDBDCEH)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 UDP 192.168.1.77:23174 -> 87.11.205.195:60723 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][2 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][1.50 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 192.168.1.77:58615 <-> 192.168.1.1:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/81 bytes <-> 1 pkts/123 bytes][Goodput ratio: 48/65][0.03 sec][Hostname/SNI: telemetry.dropbox.com][162.125.19.9][PLAIN TEXT (telemetry)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 192.168.1.77:58615 <-> 192.168.1.1:53 [proto: 5.121/DNS.Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/123 bytes][Goodput ratio: 48/65][0.03 sec][Hostname/SNI: telemetry.dropbox.com][162.125.19.9][PLAIN TEXT (telemetry)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 UDP 192.168.1.77:49764 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/121 bytes][Goodput ratio: 42/65][0.05 sec][Hostname/SNI: dati.ntop.org][167.99.215.164][PLAIN TEXT (digitalocean)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 UDP 192.168.1.77:47127 <-> 192.168.1.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.00 sec][Hostname/SNI: www.googletagservices.com][192.168.1.157][Risk: ** Suspicious DNS Traffic **][Risk Score: 100][Risk Info: DNS Record with zero TTL][PLAIN TEXT (googletagservices)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 UDP 192.168.1.77:47127 <-> 192.168.1.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.00 sec][Hostname/SNI: www.googletagservices.com][192.168.1.157][Risk: ** Suspicious DNS Traffic **][Risk Score: 100][Risk Info: DNS Record with zero TTL][PLAIN TEXT (googletagservices)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 UDP 192.168.1.77:49533 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.01 sec][Hostname/SNI: e4518.dscx.akamaiedge.net][92.122.246.223][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 UDP 192.168.1.77:61120 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.01 sec][Hostname/SNI: e4518.dscx.akamaiedge.net][92.122.246.223][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.77:61631 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/100 bytes][Goodput ratio: 49/57][0.01 sec][Hostname/SNI: e7047.e12.akamaiedge.net][92.122.247.92][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tls_certificate_too_long.pcap.out b/tests/result/tls_certificate_too_long.pcap.out index 1643b0728..e7400b2ec 100644 --- a/tests/result/tls_certificate_too_long.pcap.out +++ b/tests/result/tls_certificate_too_long.pcap.out @@ -53,16 +53,16 @@ JA3 Host Stats: 13 UDP 192.168.1.121:52251 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][8 pkts/767 bytes <-> 8 pkts/1085 bytes][Goodput ratio: 56/69][1.01 sec][Hostname/SNI: 60.21.149.52.in-addr.arpa][::][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 165/2 988/5 368/2][Pkt Len c2s/s2c min/avg/max/stddev: 80/86 96/136 132/196 21/42][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code 3][PLAIN TEXT (msnhst)][Plen Bins: 0,57,18,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.1.121:51998 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][3 pkts/255 bytes <-> 3 pkts/449 bytes][Goodput ratio: 50/72][1.02 sec][Hostname/SNI: 235.33.22.2.in-addr.arpa][::][bytes ratio: -0.276 (Download)][IAT c2s/s2c min/avg/max/stddev: 999/996 500/498 999/996 500/498][Pkt Len c2s/s2c min/avg/max/stddev: 84/131 85/150 86/171 1/16][PLAIN TEXT (deploy)][Plen Bins: 0,51,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.1.121:5353 -> 192.168.1.139:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 192.168.1.121:51364 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][IP: 126/Google][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/77 bytes <-> 1 pkts/289 bytes][Goodput ratio: 45/85][0.01 sec][Hostname/SNI: www.microsoft.com][::][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 192.168.1.121:51364 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/289 bytes][Goodput ratio: 45/85][0.01 sec][Hostname/SNI: www.microsoft.com][::][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 130.211.33.145:443 <-> 192.168.1.121:53432 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/163 bytes <-> 2 pkts/167 bytes][Goodput ratio: 19/21][0.01 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 192.168.1.121:55567 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][IP: 126/Google][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/78 bytes <-> 1 pkts/250 bytes][Goodput ratio: 46/83][0.07 sec][Hostname/SNI: wdcp.microsoft.com][::][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.1.121:58161 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][IP: 126/Google][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/77 bytes <-> 1 pkts/244 bytes][Goodput ratio: 45/82][0.03 sec][Hostname/SNI: www.microsoft.com][2.22.33.235][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.1.121:55567 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/250 bytes][Goodput ratio: 46/83][0.07 sec][Hostname/SNI: wdcp.microsoft.com][::][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.1.121:58161 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/244 bytes][Goodput ratio: 45/82][0.03 sec][Hostname/SNI: www.microsoft.com][2.22.33.235][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP [fe80::1059:a858:f9e7:cf94]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 192.168.1.121:65492 <-> 8.8.8.8:53 [proto: 5.276/DNS.Azure][IP: 126/Google][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/115 bytes <-> 1 pkts/191 bytes][Goodput ratio: 63/78][0.07 sec][Hostname/SNI: wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com][::][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.1.121:65492 <-> 8.8.8.8:53 [proto: 5.276/DNS.Azure][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/115 bytes <-> 1 pkts/191 bytes][Goodput ratio: 63/78][0.07 sec][Hostname/SNI: wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com][::][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 192.168.1.121:53905 <-> 140.82.113.26:443 [proto: 91/TLS][IP: 203/Github][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/163 bytes][Goodput ratio: 0/19][0.11 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.168.1.121:53884 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][IP: 126/Google][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 46/79][0.02 sec][Hostname/SNI: wdcp.microsoft.com][40.113.10.47][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.1.121:53884 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 46/79][0.02 sec][Hostname/SNI: wdcp.microsoft.com][40.113.10.47][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.1.139:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 UDP 192.168.1.121:65213 <-> 8.8.8.8:53 [proto: 5.140/DNS.Apple][IP: 126/Google][ClearText][Confidence: DPI][cat: Web/5][1 pkts/80 bytes <-> 1 pkts/193 bytes][Goodput ratio: 47/78][0.01 sec][Hostname/SNI: time-macos.apple.com][17.253.54.251][PLAIN TEXT (aaplimg)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 192.168.1.121:65213 <-> 8.8.8.8:53 [proto: 5.140/DNS.Apple][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/193 bytes][Goodput ratio: 47/78][0.01 sec][Hostname/SNI: time-macos.apple.com][17.253.54.251][PLAIN TEXT (aaplimg)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.1.121:55578 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/150 bytes][Goodput ratio: 51/72][0.01 sec][Hostname/SNI: e13678.dscb.akamaiedge.net][::][PLAIN TEXT (akamaiedge)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 UDP 192.168.1.121:54561 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/102 bytes][Goodput ratio: 51/58][0.03 sec][Hostname/SNI: e13678.dscb.akamaiedge.net][2.22.33.235][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 UDP 192.168.1.121:49216 <-> 17.253.54.251:123 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 53/53][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index b32333961..ebb800589 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -56,12 +56,12 @@ JA3 Host Stats: 16 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0/0][7.27 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 2422/0 7191/0 3372/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][20.01 sec][Hostname/SNI: _805741c9._sub._googlecast._tcp.local][_805741c9._sub._googlecast._tcp.local][PLAIN TEXT (805741C)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Advertisement/101][1 pkts/74 bytes <-> 1 pkts/303 bytes][Goodput ratio: 43/86][0.00 sec][Hostname/SNI: app.adjust.com][178.162.219.58][PLAIN TEXT (adjust)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 46/79][0.00 sec][Hostname/SNI: graph.facebook.com][31.13.86.8][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 46/79][0.00 sec][Hostname/SNI: graph.facebook.com][31.13.86.8][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Goodput ratio: 48/77][0.03 sec][Hostname/SNI: venetia.iad.appboy.com][151.101.1.130][PLAIN TEXT (venetia)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Goodput ratio: 46/77][0.12 sec][Hostname/SNI: media.cdn.viber.com][54.230.93.96][PLAIN TEXT (cloudfront)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Goodput ratio: 46/77][0.03 sec][Hostname/SNI: dl-media.viber.com][54.230.93.53][PLAIN TEXT (cloudfront)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.02 sec][Hostname/SNI: app-measurement.com][172.217.23.78][PLAIN TEXT (measurement)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.58.205.100][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/185 bytes][Goodput ratio: 46/77][0.12 sec][Hostname/SNI: media.cdn.viber.com][54.230.93.96][PLAIN TEXT (cloudfront)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/185 bytes][Goodput ratio: 46/77][0.03 sec][Hostname/SNI: dl-media.viber.com][54.230.93.53][PLAIN TEXT (cloudfront)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.02 sec][Hostname/SNI: app-measurement.com][172.217.23.78][PLAIN TEXT (measurement)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.58.205.100][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 192.168.2.100:42900 -> 44.192.202.74:4244 [proto: 144/Viber][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][1 pkts/162 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/62 bytes][Goodput ratio: 44/32][0.03 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/wa_voice.pcap.out b/tests/result/wa_voice.pcap.out index 30b298cda..bf529abfb 100644 --- a/tests/result/wa_voice.pcap.out +++ b/tests/result/wa_voice.pcap.out @@ -59,15 +59,15 @@ JA3 Host Stats: 16 UDP 192.168.2.12:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][5 pkts/544 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 17.171.47.85:443 <-> 192.168.2.12:50502 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/271 bytes <-> 4 pkts/271 bytes][Goodput ratio: 11/11][0.28 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 94/0 278/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/68 97/97 18/18][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 ICMP 192.168.2.12:0 -> 91.252.56.51:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.92 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.2.12:55296 <-> 192.168.2.1:53 [proto: 5.242/DNS.WhatsAppFiles][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.03 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][31.13.86.51][PLAIN TEXT (whatsapp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 UDP 192.168.2.12:60549 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/117 bytes][Goodput ratio: 44/64][0.04 sec][Hostname/SNI: pps.whatsapp.net][157.240.20.52][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 192.168.2.12:60765 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/74 bytes <-> 1 pkts/113 bytes][Goodput ratio: 43/62][0.03 sec][Hostname/SNI: g.whatsapp.net][157.240.20.53][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.2.12:55296 <-> 192.168.2.1:53 [proto: 5.242/DNS.WhatsAppFiles][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.03 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][31.13.86.51][PLAIN TEXT (whatsapp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 192.168.2.12:60549 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/117 bytes][Goodput ratio: 44/64][0.04 sec][Hostname/SNI: pps.whatsapp.net][157.240.20.52][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.2.12:60765 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/113 bytes][Goodput ratio: 43/62][0.03 sec][Hostname/SNI: g.whatsapp.net][157.240.20.53][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP 192.168.2.12:50191 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 UDP 192.168.2.12:57546 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Music/25][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.00 sec][PLAIN TEXT (KTSpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 169.254.162.244:50384 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.2.1:50384 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 UDP 192.168.2.12:51431 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 192.168.2.12:51431 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index c45110c65..77e4ed1ad 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -90,7 +90,7 @@ JA3 Host Stats: 43 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][3 pkts/751 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][3600.00 sec][Hostname/SNI: giovanni-pc][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EHEJEPFGEBEOEOEJ)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][22.72 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 351/910 5597/910 20327/910 8509/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][55.41 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 312/33511 13774/33511 33196/33511 13762/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/73 bytes <-> 1 pkts/537 bytes][Goodput ratio: 42/92][0.03 sec][Hostname/SNI: res.wx.qq.com][203.205.158.34][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/537 bytes][Goodput ratio: 42/92][0.03 sec][Hostname/SNI: res.wx.qq.com][203.205.158.34][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 259/0 12546/0 83360/0 26898/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 252/0 12622/0 82310/0 26534/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][104.85 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 13106/0 85920/0 27703/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -105,15 +105,15 @@ JA3 Host Stats: 58 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][cat: Web/5][5 pkts/290 bytes <-> 4 pkts/234 bytes][Goodput ratio: 0/0][47.04 sec][bytes ratio: 0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 301/1307 11760/23331 45054/45355 19226/22024][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58/58 74/66 8/5][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/198 bytes <-> 4 pkts/319 bytes][Goodput ratio: 0/17][14.77 sec][bytes ratio: -0.234 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/40 7363/7364 14726/14687 7363/7324][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/80 66/121 0/24][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/216 bytes <-> 4 pkts/253 bytes][Goodput ratio: 0/12][20.65 sec][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/652 6763/10145 19992/19638 9355/9493][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 54/63 54/85 0/13][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/74 bytes <-> 1 pkts/391 bytes][Goodput ratio: 43/89][0.28 sec][Hostname/SNI: web.wechat.com][203.205.147.171][PLAIN TEXT (wechat)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/391 bytes][Goodput ratio: 43/89][0.28 sec][Hostname/SNI: web.wechat.com][203.205.147.171][PLAIN TEXT (wechat)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][3 pkts/198 bytes <-> 3 pkts/198 bytes][Goodput ratio: 0/0][90.15 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 45055/45054 45056/45055 45056/45056 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 63 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91/TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][cat: Web/5][6 pkts/396 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][92.42 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 607/0 18483/0 85584/0 33566/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 64 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/94 bytes <-> 1 pkts/272 bytes][Goodput ratio: 55/84][0.04 sec][Hostname/SNI: safebrowsing.googleusercontent.com][172.217.22.14][PLAIN TEXT (safebrowsing)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/94 bytes <-> 1 pkts/272 bytes][Goodput ratio: 55/84][0.04 sec][Hostname/SNI: safebrowsing.googleusercontent.com][172.217.22.14][PLAIN TEXT (safebrowsing)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 65 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91/TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][cat: Web/5][3 pkts/206 bytes <-> 2 pkts/148 bytes][Goodput ratio: 0/0][1.65 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 66 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: iphonedimonica][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (iPhonediMonica)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 67 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43/82][0.04 sec][Hostname/SNI: ssl.gstatic.com][172.217.23.67][PLAIN TEXT (gstatic)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 68 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43/82][0.03 sec][Hostname/SNI: ssl.gstatic.com][172.217.23.67][PLAIN TEXT (gstatic)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Collaborative/15][1 pkts/75 bytes <-> 1 pkts/227 bytes][Goodput ratio: 43/81][0.04 sec][Hostname/SNI: docs.google.com][216.58.198.46][PLAIN TEXT (google)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43/82][0.04 sec][Hostname/SNI: ssl.gstatic.com][172.217.23.67][PLAIN TEXT (gstatic)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43/82][0.03 sec][Hostname/SNI: ssl.gstatic.com][172.217.23.67][PLAIN TEXT (gstatic)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/227 bytes][Goodput ratio: 43/81][0.04 sec][Hostname/SNI: docs.google.com][216.58.198.46][PLAIN TEXT (google)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 70 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3756.16 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 71 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.36 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3763.44 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -123,8 +123,8 @@ JA3 Host Stats: 76 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.01 sec][Hostname/SNI: mcztmpkc][PLAIN TEXT (mcztmpkc)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 77 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][5.01 sec][Hostname/SNI: webpush.web.wechat.com.lan][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 78 UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Hostname/SNI: 1.debian.pool.ntp.org.lan][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (debian)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 79 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][2.46 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 80 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][5.01 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 79 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][2.46 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 80 UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][5.01 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 2.debian.pool.ntp.org][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (debian)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 82 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.debian.pool.ntp.org][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (debian)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 83 UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/158 bytes -> 0 pkts/0 bytes][Goodput ratio: 47/0][5.01 sec][Hostname/SNI: ssl.gstatic.com.lan][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (gstatic)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -141,11 +141,11 @@ JA3 Host Stats: 94 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: webpush.web.wechat.com.lan][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 95 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: webpush.web.wechat.com.lan][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 96 ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 97 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 98 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 99 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 98 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 99 UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: webpush.web.wechat.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 100 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Hostname/SNI: ssl.gstatic.com.lan][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (gstatic)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 101 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/75 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][Hostname/SNI: ssl.gstatic.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (gstatic)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][Hostname/SNI: ssl.gstatic.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (gstatic)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 102 IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index c7b2fc025..bc1d16d77 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -45,18 +45,18 @@ JA3 Host Stats: 9 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Goodput ratio: 66/0][0.46 sec][Hostname/SNI: js.t.sinajs.cn][URL: js.t.sinajs.cn/t5/register/js/v6/pl/base.js?version=201605130537][StatusCode: 0][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (KGET /t)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Goodput ratio: 70/0][0.38 sec][Hostname/SNI: u1.img.mobile.sina.cn][URL: u1.img.mobile.sina.cn/public/files/image/620x300_img5653d57c6dab2.png][StatusCode: 0][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /public/files/image/620)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91.274/TLS.Alibaba][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][Goodput ratio: 52/0][0.16 sec][Hostname/SNI: g.alicdn.com][ALPN: h2;spdy/3.1;http/1.1][TLSv1.2][JA3C: 58e7f64db6e4fe4941dd9691d421196c][Firefox][PLAIN TEXT (g.alicdn.com)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/75 bytes <-> 1 pkts/191 bytes][Goodput ratio: 43/78][0.11 sec][Hostname/SNI: img.t.sinajs.cn][93.188.134.246][Risk: ** Suspicious DNS Traffic **][Risk Score: 100][Risk Info: DNS Record with zero TTL][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/190 bytes][Goodput ratio: 43/77][0.54 sec][Hostname/SNI: js.t.sinajs.cn][93.188.134.246][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5.274/DNS.Alibaba][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/72 bytes <-> 1 pkts/171 bytes][Goodput ratio: 41/75][0.19 sec][Hostname/SNI: g.alicdn.com][47.89.65.229][PLAIN TEXT (alicdn)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/191 bytes][Goodput ratio: 43/78][0.11 sec][Hostname/SNI: img.t.sinajs.cn][93.188.134.246][Risk: ** Suspicious DNS Traffic **][Risk Score: 100][Risk Info: DNS Record with zero TTL][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/190 bytes][Goodput ratio: 43/77][0.54 sec][Hostname/SNI: js.t.sinajs.cn][93.188.134.246][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5.274/DNS.Alibaba][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/171 bytes][Goodput ratio: 41/75][0.19 sec][Hostname/SNI: g.alicdn.com][47.89.65.229][PLAIN TEXT (alicdn)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/166 bytes][Goodput ratio: 44/74][0.47 sec][Hostname/SNI: login.taobao.com][140.205.170.63][PLAIN TEXT (taobao)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/81 bytes <-> 1 pkts/159 bytes][Goodput ratio: 48/73][0.11 sec][Hostname/SNI: u1.img.mobile.sina.cn][222.73.28.96][PLAIN TEXT (mobile)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/159 bytes][Goodput ratio: 48/73][0.11 sec][Hostname/SNI: u1.img.mobile.sina.cn][222.73.28.96][PLAIN TEXT (mobile)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/157 bytes][Goodput ratio: 45/73][0.47 sec][Hostname/SNI: acjstb.aliyun.com][42.156.184.19][Risk: ** Suspicious DGA Domain name **** Risky Domain Name **][Risk Score: 150][Risk Info: acjstb.aliyun.com / DGA Name Query with no Error Code][PLAIN TEXT (alibabadns)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/73 bytes <-> 1 pkts/142 bytes][Goodput ratio: 42/70][0.06 sec][Hostname/SNI: www.weibo.com][93.188.134.137][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/142 bytes][Goodput ratio: 42/70][0.06 sec][Hostname/SNI: www.weibo.com][93.188.134.137][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.22 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.36 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.34 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5.274/DNS.Alibaba][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/112 bytes][Goodput ratio: 43/62][0.20 sec][Hostname/SNI: log.mmstat.com][140.205.174.1][PLAIN TEXT (mmstat)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5.274/DNS.Alibaba][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/112 bytes][Goodput ratio: 43/62][0.20 sec][Hostname/SNI: log.mmstat.com][140.205.174.1][PLAIN TEXT (mmstat)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 39/50][0.08 sec][Hostname/SNI: weibo.com][114.134.80.162][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -64,7 +64,7 @@ JA3 Host Stats: 28 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.14 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][< 1 sec][Hostname/SNI: account.weibo.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (account)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][< 1 sec][Hostname/SNI: account.weibo.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (account)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -74,8 +74,8 @@ JA3 Host Stats: 38 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][Hostname/SNI: data.weibo.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Hostname/SNI: c.weibo.cn][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][Hostname/SNI: data.weibo.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Hostname/SNI: c.weibo.cn][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 7063635e0..db58ff309 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -72,8 +72,8 @@ JA3 Host Stats: 29 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][14.33 sec][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/217 bytes][Goodput ratio: 0/39][0.03 sec][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][3 pkts/198 bytes <-> 2 pkts/132 bytes][Goodput ratio: 0/0][0.20 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/251 bytes][Goodput ratio: 46/83][0.07 sec][Hostname/SNI: query.ess.apple.com][17.178.104.12][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44/79][0.03 sec][Hostname/SNI: e13.whatsapp.net][158.85.233.52][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/251 bytes][Goodput ratio: 46/83][0.07 sec][Hostname/SNI: query.ess.apple.com][17.178.104.12][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44/79][0.03 sec][Hostname/SNI: e13.whatsapp.net][158.85.233.52][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Music/25][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][77.07 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][0.24 sec][Hostname/SNI: lucas-imac.local][lucas-imac.local][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][0.24 sec][Hostname/SNI: lucas-imac.local][lucas-imac.local][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 21c4b7e64..7141b1f9f 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -32,7 +32,7 @@ Spotify 1 86 1 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/2095 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][20.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 659/0 4000/0 10199/0 3476/0][Pkt Len c2s/s2c min/avg/max/stddev: 220/0 349/0 375/0 58/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,16,0,0,0,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][25.29 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1983/0 5058/0 8569/0 2765/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.04 sec][PLAIN TEXT ( 3375359593)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44/79][0.03 sec][Hostname/SNI: e12.whatsapp.net][184.173.179.47][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44/79][0.03 sec][Hostname/SNI: e12.whatsapp.net][184.173.179.47][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/111 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index 35ce7a3e9..c40372935 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -64,12 +64,12 @@ JA3 Host Stats: 20 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/321 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: tl-sg116e][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.1.117:54341 -> 62.149.152.153:993 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Email/3][2 pkts/226 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][3.59 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP 192.168.1.117:65394 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 35/70][0.04 sec][Hostname/SNI: local][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code 3][PLAIN TEXT (servers)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.168.1.117:51185 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/80 bytes <-> 1 pkts/96 bytes][Goodput ratio: 47/56][0.04 sec][Hostname/SNI: zoomfrn99mmr.zoom.us][109.94.160.99][PLAIN TEXT (zoomfrn)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 UDP 192.168.1.117:58063 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/78 bytes <-> 1 pkts/94 bytes][Goodput ratio: 46/55][0.03 sec][Hostname/SNI: zoomfr84zc.zoom.us][213.244.140.84][PLAIN TEXT (zoomfr84z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 UDP 192.168.1.117:62563 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/78 bytes <-> 1 pkts/94 bytes][Goodput ratio: 46/55][0.03 sec][Hostname/SNI: zoomfr85zc.zoom.us][213.244.140.85][PLAIN TEXT (zoomfr85z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.1.117:51185 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/96 bytes][Goodput ratio: 47/56][0.04 sec][Hostname/SNI: zoomfrn99mmr.zoom.us][109.94.160.99][PLAIN TEXT (zoomfrn)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 UDP 192.168.1.117:58063 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/94 bytes][Goodput ratio: 46/55][0.03 sec][Hostname/SNI: zoomfr84zc.zoom.us][213.244.140.84][PLAIN TEXT (zoomfr84z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 192.168.1.117:62563 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/94 bytes][Goodput ratio: 46/55][0.03 sec][Hostname/SNI: zoomfr85zc.zoom.us][213.244.140.85][PLAIN TEXT (zoomfr85z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.1.117:57025 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.04 sec][Hostname/SNI: www3.zoom.us][52.202.62.236][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.04 sec][Hostname/SNI: log.zoom.us][52.202.62.238][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.04 sec][Hostname/SNI: www3.zoom.us][52.202.62.236][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.04 sec][Hostname/SNI: log.zoom.us][52.202.62.238][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 ICMP 192.168.1.117:0 -> 162.255.38.14:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 UDP 192.168.1.117:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |