diff options
Diffstat (limited to 'tests')
43 files changed, 106 insertions, 106 deletions
diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index cd542bc93..8a12ec67d 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -185,9 +185,9 @@ JA3 Host Stats: 128 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 129 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 130 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.02 sec][Hostname/SNI: nasfile][PLAIN TEXT ( EOEBFDEGEJEMEFCACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 131 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 132 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 133 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 131 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 132 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 133 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 134 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/182 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 135 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 136 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -201,9 +201,9 @@ JA3 Host Stats: 144 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 145 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 146 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 147 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 148 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 149 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 147 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 148 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 149 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 150 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 151 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 152 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.41 sec][Hostname/SNI: kasper-mac][PLAIN TEXT (Kasper)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out index 5d445bc01..708299398 100644 --- a/tests/cfgs/default/result/alexa-app.pcapng.out +++ b/tests/cfgs/default/result/alexa-app.pcapng.out @@ -55,7 +55,7 @@ JA3 Host Stats: 5 TCP 172.16.42.216:51995 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][22 pkts/2590 bytes <-> 25 pkts/31047 bytes][Goodput ratio: 42/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/42 536/536 126/120][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/1242 613/1514 157/474][URL: ecx.images-amazon.com/images/I/5100jxqrQhL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/5100j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,8,0,0,0,4,0,0,0,0,67,0,0] 6 TCP 172.16.42.216:51992 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][27 pkts/3443 bytes <-> 24 pkts/29237 bytes][Goodput ratio: 48/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.789 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/6 368/110 98/25][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/1218 613/1514 172/546][URL: ecx.images-amazon.com/images/I/71nqwmwmRlL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/71nqwmwmRlL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,74,0,0] 7 TCP 172.16.42.216:41691 <-> 54.239.29.146:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 9][cat: Web/5][28 pkts/5292 bytes <-> 28 pkts/24601 bytes][Goodput ratio: 71/94][100.86 sec][Hostname/SNI: api.amazon.com][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/78 293/443 72/134][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/879 1514/1514 381/687][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: bdf21e38e1f69776df407235625e75e2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: api.amazon.com,wsync.us-east-1.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com][Certificate SHA-1: 1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D][Firefox][Validity: 2016-09-05 00:00:00 - 2017-09-23 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,15,3,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,68,0,0] - 8 TCP 172.16.42.216:38483 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][32 pkts/3796 bytes <-> 30 pkts/25146 bytes][Goodput ratio: 44/92][0.66 sec][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/19 227/241 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/838 732/1514 163/608][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA4: t12d220300_5fd681855ab9_1ea9011b3dfa][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,3,6,0,0,6,0,0,0,0,3,3,0,0,3,0,3,0,0,6,3,0,3,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 8 TCP 172.16.42.216:38483 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][32 pkts/3796 bytes <-> 30 pkts/25146 bytes][Goodput ratio: 44/92][0.66 sec][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/19 227/241 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/838 732/1514 163/608][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA4: t12d220300_5fd681855ab9_1ea9011b3dfa][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,3,6,0,0,6,0,0,0,0,3,3,0,0,3,0,3,0,0,6,3,0,3,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] 9 TCP 172.16.42.216:34034 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Cloud/13][24 pkts/22786 bytes <-> 19 pkts/2185 bytes][Goodput ratio: 94/49][1.87 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 511/512 132/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 949/115 1514/564 678/140][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,4,0,0,4,0,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,65,0,0] 10 TCP 172.16.42.216:45703 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][32 pkts/18086 bytes <-> 24 pkts/6391 bytes][Goodput ratio: 90/78][13.18 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.478 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 478/297 3544/1485 870/399][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 565/266 1514/731 644/259][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,3,0,6,9,6,3,3,0,0,0,0,0,0,12,6,3,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] 11 TCP 172.16.42.216:45710 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][26 pkts/13063 bytes <-> 23 pkts/8561 bytes][Goodput ratio: 89/85][10.20 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/535 3346/6303 892/1474][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 502/372 1514/1514 619/511][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 3,7,3,3,7,3,3,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,41,0,0] @@ -107,7 +107,7 @@ JA3 Host Stats: 57 TCP 172.16.42.216:45674 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][12 pkts/4436 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 85/79][2.20 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.141 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/36 1612/118 492/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 370/278 1248/891 490/354][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,0,10,0,0,0,0,0,0,0,0,0,0] 58 TCP 172.16.42.216:50796 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][10 pkts/2719 bytes <-> 8 pkts/4869 bytes][Goodput ratio: 79/91][0.73 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 91/73 260/241 97/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/609 1514/1514 428/624][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,11,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,33,0,0] 59 TCP 172.16.42.216:38363 <-> 34.199.52.240:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][14 pkts/2676 bytes <-> 10 pkts/4624 bytes][Goodput ratio: 66/85][0.81 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/88 265/375 77/136][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 191/462 773/1514 246/556][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,10,0,10,0,0,0,10,0,0,0,0,0,0,10,10,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 60 TCP 172.16.42.216:59698 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][13 pkts/2372 bytes <-> 10 pkts/4572 bytes][Goodput ratio: 70/88][105.04 sec][bytes ratio: -0.317 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10450/383 99710/1530 29779/579][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 182/457 1184/1514 305/547][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA4: t12d220300_5fd681855ab9_1ea9011b3dfa][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Firefox][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,22,0,0] + 60 TCP 172.16.42.216:59698 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][13 pkts/2372 bytes <-> 10 pkts/4572 bytes][Goodput ratio: 70/88][105.04 sec][bytes ratio: -0.317 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10450/383 99710/1530 29779/579][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 182/457 1184/1514 305/547][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / SNI should always be present / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA4: t12d220300_5fd681855ab9_1ea9011b3dfa][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Firefox][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,22,0,0] 61 TCP 172.16.42.216:41825 <-> 54.231.72.88:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][15 pkts/1901 bytes <-> 14 pkts/5033 bytes][Goodput ratio: 56/84][6.82 sec][Hostname/SNI: s3-external-2.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 533/614 5996/5956 1648/1782][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 127/360 752/1486 180/458][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 24,7,7,7,0,0,0,7,0,0,7,0,0,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0] 62 TCP 172.16.42.216:42143 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][12 pkts/5873 bytes <-> 10 pkts/1049 bytes][Goodput ratio: 89/44][1.37 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.697 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/88 483/524 177/179][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 489/105 1514/357 610/95][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,0,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0] 63 TCP 172.16.42.216:42148 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][13 pkts/5805 bytes <-> 8 pkts/1017 bytes][Goodput ratio: 88/54][0.57 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/13 245/65 75/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 447/127 1514/445 591/130][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,22,0,0,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index e16b6ef24..456dedc61 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -54,10 +54,10 @@ JA3 Host Stats: 1 10.0.0.227 5 - 1 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][Goodput ratio: 65/84][21.89 sec][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/11 97/138 21/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189/425 1514/1514 246/579][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][JA4: t12d220300_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,4,2,21,31,0,2,6,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,21,0,0] - 2 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][JA4: t12d2204ht_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] - 3 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 160][Risk Info: No ALPN / 29/Aug/2019 00:12:40 - 08/Oct/2019 00:12:40][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA4: t12d070500_c20ebc0cf62a_824431ce7cfe][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0] - 4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][JA4: t12d2204ht_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] + 1 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][Goodput ratio: 65/84][21.89 sec][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/11 97/138 21/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189/425 1514/1514 246/579][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / SNI should always be present / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][JA4: t12d220300_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,4,2,21,31,0,2,6,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,21,0,0] + 2 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: SNI should always be present / http/1.1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][JA4: t12d2204ht_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] + 3 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 160][Risk Info: No ALPN / SNI should always be present / 29/Aug/2019 00:12:40 - 08/Oct/2019 00:12:40][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA4: t12d070500_c20ebc0cf62a_824431ce7cfe][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0] + 4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: SNI should always be present / http/1.1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][JA4: t12d2204ht_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] 5 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][14 pkts/2322 bytes <-> 15 pkts/3787 bytes][Goodput ratio: 75/83][0.24 sec][bytes ratio: -0.240 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 47/46 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 166/252 199/407 17/74][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLS (0100)][TLS (0100)][JA3C: ee2a8029d94a1e0f64493aac044a9a9e][JA4: ts3d010000_2cfe23c976cf_e3b0c44298fc][JA3S: cee68a158056f16c2d1b274dde4e2ec3][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,3,3,39,13,18,3,6,6,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TLSv1.2][JA3C: d8dc5f8940df366b3a58b935569143e8][JA4: t12d1313h2_8b80da21ef18_e48c60694ef0][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: ConnCheck/30][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/anydesk.pcapng.out b/tests/cfgs/default/result/anydesk.pcapng.out index 2eb5a04a9..968599a14 100644 --- a/tests/cfgs/default/result/anydesk.pcapng.out +++ b/tests/cfgs/default/result/anydesk.pcapng.out @@ -36,10 +36,10 @@ JA3 Host Stats: 4 192.168.149.129 1 - 1 TCP 192.168.149.129:43535 <-> 51.83.238.219:80 [proto: 91.252/TLS.AnyDesk][IP: 252/AnyDesk][Encrypted][Confidence: DPI][DPI packets: 8][cat: RemoteAccess/12][19 pkts/6843 bytes <-> 22 pkts/9152 bytes][Goodput ratio: 85/86][10.60 sec][bytes ratio: -0.144 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 624/488 7028/7028 1803/1610][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 360/416 1514/1514 525/549][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 120][Risk Info: No ALPN / Expected on port 443 / Found AnyDesk][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 107030a763c7224285717ff1569a17f3][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,13,13,9,9,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,4,0,4,0,0,9,0,0,0,0,18,0,0] - 2 TCP 192.168.1.128:48260 <-> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: RemoteAccess/12][27 pkts/7693 bytes <-> 27 pkts/4853 bytes][Goodput ratio: 77/63][58.81 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: 0.226 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2284/1898 10210/10228 4074/3857][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 285/180 1514/1514 460/331][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **][Risk Score: 110][Risk Info: anydesk/6.2.0/linu / Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA4: t12d6406an_9197985d2161_a1e935682795][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,35,20,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,15,0,0] - 3 TCP 192.168.1.187:54164 <-> 192.168.1.178:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: RemoteAccess/12][19 pkts/7324 bytes <-> 21 pkts/3951 bytes][Goodput ratio: 86/69][7.29 sec][bytes ratio: 0.299 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 481/137 2966/1753 831/422][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 385/188 3980/1514 894/354][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 120][Risk Info: No ALPN / Found AnyDesk][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA4: t12d550500_168bb377f8c8_a1e935682795][JA3S: ee644a8a34c434abca4b737ec1d9efad][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0][Firefox][Cipher: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,45,15,5,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,5] - 4 TCP 192.168.1.178:52039 <-> 192.168.1.187:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: RemoteAccess/12][8 pkts/2035 bytes <-> 7 pkts/2157 bytes][Goodput ratio: 76/82][0.56 sec][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/40 406/85 150/33][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 254/308 1340/968 419/387][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 220][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384 / Found AnyDesk][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 4b505adfb4a921c5a3a39d293b0811e1 (WEAK)][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: 86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E][Firefox][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,20,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0] + 1 TCP 192.168.149.129:43535 <-> 51.83.238.219:80 [proto: 91.252/TLS.AnyDesk][IP: 252/AnyDesk][Encrypted][Confidence: DPI][DPI packets: 8][cat: RemoteAccess/12][19 pkts/6843 bytes <-> 22 pkts/9152 bytes][Goodput ratio: 85/86][10.60 sec][bytes ratio: -0.144 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 624/488 7028/7028 1803/1610][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 360/416 1514/1514 525/549][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 120][Risk Info: No ALPN / SNI should always be present / Expected on port 443 / Found AnyDesk][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 107030a763c7224285717ff1569a17f3][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,13,13,9,9,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,4,0,4,0,0,9,0,0,0,0,18,0,0] + 2 TCP 192.168.1.128:48260 <-> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: RemoteAccess/12][27 pkts/7693 bytes <-> 27 pkts/4853 bytes][Goodput ratio: 77/63][58.81 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: 0.226 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2284/1898 10210/10228 4074/3857][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 285/180 1514/1514 460/331][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **][Risk Score: 110][Risk Info: anydesk/6.2.0/linu / Found AnyDesk / SNI should always be present][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA4: t12d6406an_9197985d2161_a1e935682795][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,35,20,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,15,0,0] + 3 TCP 192.168.1.187:54164 <-> 192.168.1.178:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: RemoteAccess/12][19 pkts/7324 bytes <-> 21 pkts/3951 bytes][Goodput ratio: 86/69][7.29 sec][bytes ratio: 0.299 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 481/137 2966/1753 831/422][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 385/188 3980/1514 894/354][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 120][Risk Info: No ALPN / SNI should always be present / Found AnyDesk][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA4: t12d550500_168bb377f8c8_a1e935682795][JA3S: ee644a8a34c434abca4b737ec1d9efad][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0][Firefox][Cipher: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,45,15,5,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,5] + 4 TCP 192.168.1.178:52039 <-> 192.168.1.187:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: RemoteAccess/12][8 pkts/2035 bytes <-> 7 pkts/2157 bytes][Goodput ratio: 76/82][0.56 sec][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/40 406/85 150/33][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 254/308 1340/968 419/387][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 220][Risk Info: No ALPN / SNI should always be present / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384 / Found AnyDesk][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 4b505adfb4a921c5a3a39d293b0811e1 (WEAK)][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: 86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E][Firefox][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,20,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0] 5 TCP 192.168.149.129:36351 <-> 51.83.239.144:80 [proto: 91/TLS][IP: 252/AnyDesk][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][10 pkts/792 bytes <-> 10 pkts/925 bytes][Goodput ratio: 32/38][45.83 sec][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 32/31 5700/5700 15000/15001 7162/7162][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/92 105/213 25/45][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,90,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.1.187:55376 <-> 192.168.1.1:53 [proto: 5.252/DNS.AnyDesk][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-9b6827f2.net.anydesk.com][138.199.36.115][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.1.187:59511 <-> 192.168.1.1:53 [proto: 5.252/DNS.AnyDesk][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-3185a847.net.anydesk.com][37.61.223.15][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-exf.pcap.out b/tests/cfgs/default/result/dns-exf.pcap.out index 97101800e..6f61c1194 100644 --- a/tests/cfgs/default/result/dns-exf.pcap.out +++ b/tests/cfgs/default/result/dns-exf.pcap.out @@ -25,4 +25,4 @@ DNS 2 342 1 Acceptable 2 342 1 - 1 UDP 192.168.2.225:45290 <-> 192.168.2.134:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/163 bytes <-> 1 pkts/179 bytes][Goodput ratio: 74/76][0.00 sec][Hostname/SNI: 4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt][::][Risk: ** Susp DNS Traffic **** Non-Printable/Invalid Chars Detected **** Minor Issues **][Risk Score: 160][Risk Info: Long DNS host name / DNS Record with zero TTL][PLAIN TEXT (sICN03)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.2.225:45290 <-> 192.168.2.134:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/163 bytes <-> 1 pkts/179 bytes][Goodput ratio: 74/76][0.00 sec][Hostname/SNI: 4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt][::][Risk: ** Susp DNS Traffic **** Non-Printable/Invalid Chars Detected **** Minor Issues **][Risk Score: 160][Risk Info: Invalid chars detected in domain name / Long DNS host name / DNS Record with zero TTL][PLAIN TEXT (sICN03)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-invalid-chars.pcap.out b/tests/cfgs/default/result/dns-invalid-chars.pcap.out index 296fb68f6..f84bb0b40 100644 --- a/tests/cfgs/default/result/dns-invalid-chars.pcap.out +++ b/tests/cfgs/default/result/dns-invalid-chars.pcap.out @@ -25,4 +25,4 @@ DNS 2 196 1 Acceptable 2 196 1 - 1 UDP 127.0.0.1:35980 <-> 127.0.0.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.00 sec][Hostname/SNI: www.allyourbasesare???ongto.cn][19.185.141.241][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][PLAIN TEXT (allyourba)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 127.0.0.1:35980 <-> 127.0.0.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.00 sec][Hostname/SNI: www.allyourbasesare???ongto.cn][19.185.141.241][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][PLAIN TEXT (allyourba)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out index 5cb17d4cf..7dc2f1c4e 100644 --- a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out +++ b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.20.211 1 - 1 TCP 192.168.20.211:44404 <-> 1.1.1.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][22 pkts/2595 bytes <-> 28 pkts/6365 bytes][Goodput ratio: 52/74][8.11 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/346 3093/3078 792/900][Pkt Len c2s/s2c min/avg/max/stddev: 56/62 118/227 317/1644 68/386][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][TLSv1.3][JA3C: 547df21d727c7b3a5dcb59aa0fd97c2c][JA4: t13d1910h2_9dc949149365_d811adc85aab][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 26,0,11,26,0,3,14,0,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3] + 1 TCP 192.168.20.211:44404 <-> 1.1.1.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][22 pkts/2595 bytes <-> 28 pkts/6365 bytes][Goodput ratio: 52/74][8.11 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/346 3093/3078 792/900][Pkt Len c2s/s2c min/avg/max/stddev: 56/62 118/227 317/1644 68/386][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][Risk Info: SNI should always be present / h2][TLSv1.3][JA3C: 547df21d727c7b3a5dcb59aa0fd97c2c][JA4: t13d1910h2_9dc949149365_d811adc85aab][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 26,0,11,26,0,3,14,0,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3] diff --git a/tests/cfgs/default/result/dns_ambiguous_names.pcap.out b/tests/cfgs/default/result/dns_ambiguous_names.pcap.out index 4fbfdd460..532a18758 100644 --- a/tests/cfgs/default/result/dns_ambiguous_names.pcap.out +++ b/tests/cfgs/default/result/dns_ambiguous_names.pcap.out @@ -37,7 +37,7 @@ Fun 4 432 2 1 UDP 10.200.2.11:57632 <-> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/377 bytes][Goodput ratio: 56/89][0.03 sec][Hostname/SNI: android.clients.google.com][108.177.14.101][PLAIN TEXT (android)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.200.2.11:48375 <-> 8.8.8.8:53 [proto: 5.238/DNS.ApplePush][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/318 bytes][Goodput ratio: 56/87][0.04 sec][Hostname/SNI: 41-courier.push.apple.com][17.57.146.139][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.200.2.11:57051 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/221 bytes][Goodput ratio: 53/81][0.03 sec][Hostname/SNI: api.teams.skype.com][52.113.194.131][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 10.200.2.11:42790 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/166 bytes][Goodput ratio: 54/74][0.08 sec][Hostname/SNI: _.teams.microsoft.com][::][Risk: ** Non-Printable/Invalid Chars Detected **** Error Code **][Risk Score: 110][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 10.200.2.11:42790 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/166 bytes][Goodput ratio: 54/74][0.08 sec][Hostname/SNI: _.teams.microsoft.com][::][Risk: ** Non-Printable/Invalid Chars Detected **** Error Code **][Risk Score: 110][Risk Info: Invalid chars detected in domain name / DNS Error Code NXDOMAIN][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 10.200.2.11:46134 <-> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/143 bytes][Goodput ratio: 54/70][0.03 sec][Hostname/SNI: alt2-mtalk.google.com][173.194.202.188][PLAIN TEXT (google)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 10.200.2.11:52541 <-> 8.8.8.8:53 [proto: 5.254/DNS.AppleSiri][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/88 bytes <-> 1 pkts/146 bytes][Goodput ratio: 52/71][0.06 sec][Hostname/SNI: guzzoni.apple.com][17.130.21.5][PLAIN TEXT (guzzoni)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 10.200.2.11:57290 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/135 bytes][Goodput ratio: 51/68][0.03 sec][Hostname/SNI: teams.skype.com][13.107.3.128][PLAIN TEXT (msedge)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns_dot.pcap.out b/tests/cfgs/default/result/dns_dot.pcap.out index 14d0b6e08..3557242cd 100644 --- a/tests/cfgs/default/result/dns_dot.pcap.out +++ b/tests/cfgs/default/result/dns_dot.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.1.185 1 - 1 TCP 192.168.1.185:58290 <-> 8.8.8.8:853 [proto: 91.196/TLS.DoH_DoT][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][14 pkts/1480 bytes <-> 10 pkts/4389 bytes][Goodput ratio: 37/85][3.01 sec][bytes ratio: -0.496 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 270/182 1596/1192 531/413][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/439 264/3135 53/903][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / Expected on port 443][TLSv1.2][JA3C: 4fa5e77b91a47e7cdcf5a5e6d25f8449][JA4: t12d250900_7415a186c913_cdf51c020b42][ServerNames: dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8][JA3S: 2b341b88c742e940cfb485ce7d93dde7][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google][Certificate SHA-1: BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53][Firefox][Validity: 2019-10-10 20:58:42 - 2020-01-02 20:58:42][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 23,7,23,15,0,7,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] + 1 TCP 192.168.1.185:58290 <-> 8.8.8.8:853 [proto: 91.196/TLS.DoH_DoT][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][14 pkts/1480 bytes <-> 10 pkts/4389 bytes][Goodput ratio: 37/85][3.01 sec][bytes ratio: -0.496 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 270/182 1596/1192 531/413][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/439 264/3135 53/903][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / SNI should always be present / Expected on port 443][TLSv1.2][JA3C: 4fa5e77b91a47e7cdcf5a5e6d25f8449][JA4: t12d250900_7415a186c913_cdf51c020b42][ServerNames: dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8][JA3S: 2b341b88c742e940cfb485ce7d93dde7][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google][Certificate SHA-1: BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53][Firefox][Validity: 2019-10-10 20:58:42 - 2020-01-02 20:58:42][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 23,7,23,15,0,7,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] diff --git a/tests/cfgs/default/result/doh.pcapng.out b/tests/cfgs/default/result/doh.pcapng.out index 2e4f74efe..b9ecc107b 100644 --- a/tests/cfgs/default/result/doh.pcapng.out +++ b/tests/cfgs/default/result/doh.pcapng.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.1.253 1 - 1 TCP 192.168.1.253:35996 <-> 1.1.1.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][61 pkts/5381 bytes <-> 59 pkts/9211 bytes][Goodput ratio: 35/63][122.79 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.262 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1965/1934 15360/15360 4993/4853][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 88/156 315/1514 41/267][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][TLSv1.3][JA3C: 7c1e207beb00684bbbe144f1b0abe1d5][JA4: t13d1909h2_9dc949149365_97f8aa674fd9][JA3S: d75f9129bb5d05492a65ff78e081bcb2][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 22,26,24,1,1,7,5,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + 1 TCP 192.168.1.253:35996 <-> 1.1.1.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][61 pkts/5381 bytes <-> 59 pkts/9211 bytes][Goodput ratio: 35/63][122.79 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.262 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1965/1934 15360/15360 4993/4853][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 88/156 315/1514 41/267][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][Risk Info: SNI should always be present / h2][TLSv1.3][JA3C: 7c1e207beb00684bbbe144f1b0abe1d5][JA4: t13d1909h2_9dc949149365_97f8aa674fd9][JA3S: d75f9129bb5d05492a65ff78e081bcb2][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 22,26,24,1,1,7,5,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] diff --git a/tests/cfgs/default/result/doq.pcapng.out b/tests/cfgs/default/result/doq.pcapng.out index e5fe6f49d..dcae85c50 100644 --- a/tests/cfgs/default/result/doq.pcapng.out +++ b/tests/cfgs/default/result/doq.pcapng.out @@ -32,5 +32,5 @@ JA3 Host Stats: 1 ::1 1 - 1 UDP [::1]:47826 <-> [::1]:784 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/1690 bytes <-> 11 pkts/3098 bytes][Goodput ratio: 89/78][3.16 sec][(Advertised) ALPNs: doq-i00][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.294 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 1/329 2/1601 1/517][Pkt Len c2s/s2c min/avg/max/stddev: 117/117 563/282 1294/1294 521/340][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-32][JA3C: c0ce40fbb78cbf86a14e6a38b26d6ede][JA4: q00d0307do_55b375c5d22e_23ed935430f2][Plen Bins: 0,21,50,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 1 UDP [::1]:47826 <-> [::1]:784 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/1690 bytes <-> 11 pkts/3098 bytes][Goodput ratio: 89/78][3.16 sec][(Advertised) ALPNs: doq-i00][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.294 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 1/329 2/1601 1/517][Pkt Len c2s/s2c min/avg/max/stddev: 117/117 563/282 1294/1294 521/340][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][Risk Info: No server to client traffic / SNI should always be present][TLSv1.3][QUIC ver: Draft-32][JA3C: c0ce40fbb78cbf86a14e6a38b26d6ede][JA4: q00d0307do_55b375c5d22e_23ed935430f2][Plen Bins: 0,21,50,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] 2 ICMPV6 [::1]:0 -> [::1]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1170 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][3.10 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 100/0 620/0 1601/0 546/0][Pkt Len c2s/s2c min/avg/max/stddev: 195/0 195/0 195/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls.pcap.out b/tests/cfgs/default/result/dtls.pcap.out index 86afcd6f3..0b0e33e32 100644 --- a/tests/cfgs/default/result/dtls.pcap.out +++ b/tests/cfgs/default/result/dtls.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.13.203 1 - 1 UDP 192.168.13.203:40739 -> 192.168.13.57:56515 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/394 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / No ALPN][DTLSv1.2][JA3C: bd743610892cec1efed851b2b5efd4f5][JA4: t00d120700_7c0e62f61317_d9dd6182da81][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.13.203:40739 -> 192.168.13.57:56515 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/394 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / No ALPN / SNI should always be present][DTLSv1.2][JA3C: bd743610892cec1efed851b2b5efd4f5][JA4: t00d120700_7c0e62f61317_d9dd6182da81][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls2.pcap.out b/tests/cfgs/default/result/dtls2.pcap.out index 72d4db96f..16656d3ab 100644 --- a/tests/cfgs/default/result/dtls2.pcap.out +++ b/tests/cfgs/default/result/dtls2.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 61.68.110.153 1 - 1 UDP 61.68.110.153:53045 <-> 212.32.214.39:61457 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][14 pkts/2246 bytes <-> 16 pkts/2745 bytes][Goodput ratio: 74/75][382.15 sec][bytes ratio: -0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/241 27857/28359 60550/60551 26256/25033][Pkt Len c2s/s2c min/avg/max/stddev: 123/102 160/172 325/867 46/180][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][DTLSv1.0][JA3C: 1b45c913a0c0fde5f263502e65999485][JA4: t00d080000_f3b6e48d6e2b_e3b0c44298fc][JA3S: 749bd1edea60396ffaa65213b7971718 (WEAK)][Issuer: C=US][Subject: C=US, CN=*.relay.ros.rockstargames.com][Certificate SHA-1: AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C][Validity: 2014-09-12 21:31:19 - 2037-02-15 21:31:19][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (140912213119Z)][Plen Bins: 0,3,43,46,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 61.68.110.153:53045 <-> 212.32.214.39:61457 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][14 pkts/2246 bytes <-> 16 pkts/2745 bytes][Goodput ratio: 74/75][382.15 sec][bytes ratio: -0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/241 27857/28359 60550/60551 26256/25033][Pkt Len c2s/s2c min/avg/max/stddev: 123/102 160/172 325/867 46/180][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / SNI should always be present / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][DTLSv1.0][JA3C: 1b45c913a0c0fde5f263502e65999485][JA4: t00d080000_f3b6e48d6e2b_e3b0c44298fc][JA3S: 749bd1edea60396ffaa65213b7971718 (WEAK)][Issuer: C=US][Subject: C=US, CN=*.relay.ros.rockstargames.com][Certificate SHA-1: AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C][Validity: 2014-09-12 21:31:19 - 2037-02-15 21:31:19][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (140912213119Z)][Plen Bins: 0,3,43,46,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out index df1441695..bc22e665b 100644 --- a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out +++ b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out @@ -33,5 +33,5 @@ JA3 Host Stats: 2 10.186.198.149 1 - 1 UDP 10.186.198.149:39347 <-> 35.210.59.134:44443 [proto: 30/DTLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][11 pkts/2624 bytes <-> 9 pkts/3354 bytes][Goodput ratio: 82/89][2.92 sec][bytes ratio: -0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/76 2179/186 659/75][Pkt Len c2s/s2c min/avg/max/stddev: 167/90 239/373 416/1454 97/388][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 210][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA / 25/Apr/2019 09:58:06 - 25/May/2019 09:58:06][DTLSv1.2][JA3C: 3c3d129780d0066cd8936a6291a8d44f][JA4: t00d800500_9cedc1f1428b_a1e935682795][ServerNames: *.samsungmax.com,*.opera-mini.net][JA3S: d45798bc098cd930de7eb2f5f866e994 (WEAK)][Issuer: C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA][Subject: C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA][Certificate SHA-1: 2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0][Firefox][Validity: 2019-04-25 09:58:06 - 2019-05-25 09:58:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (Opera Software ASA1)][Plen Bins: 0,5,0,35,5,10,10,0,10,10,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0] - 2 UDP 192.168.1.26:43594 <-> 104.153.87.149:50001 [proto: 30.58/DTLS.Discord][IP: 58/Discord][Encrypted][Confidence: DPI][DPI packets: 4][cat: Collaborative/15][3 pkts/1015 bytes <-> 3 pkts/3200 bytes][Goodput ratio: 88/96][0.13 sec][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 29/44 44/22 59/44 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 197/621 338/1067 621/1322 200/316][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][DTLSv1.2][JA3C: 681eb4fb79ccb6d60d35fa502c279d42][JA4: t00d120700_7c0e62f61317_d9dd6182da81][ServerNames: *.discord.gg,discord.gg][JA3S: 201fdaa63db9a086f36651aa4cfd0819][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.discord.gg][Certificate SHA-1: 0C:A2:45:E6:4A:06:B0:31:C6:BF:B6:C5:1B:AE:A0:A3:8E:41:B2:3C][Validity: 2020-03-26 00:00:00 - 2022-06-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (Greater Manchester1)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0] + 1 UDP 10.186.198.149:39347 <-> 35.210.59.134:44443 [proto: 30/DTLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][11 pkts/2624 bytes <-> 9 pkts/3354 bytes][Goodput ratio: 82/89][2.92 sec][bytes ratio: -0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/76 2179/186 659/75][Pkt Len c2s/s2c min/avg/max/stddev: 167/90 239/373 416/1454 97/388][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 210][Risk Info: No ALPN / SNI should always be present / Cipher TLS_RSA_WITH_AES_256_CBC_SHA / 25/Apr/2019 09:58:06 - 25/May/2019 09:58:06][DTLSv1.2][JA3C: 3c3d129780d0066cd8936a6291a8d44f][JA4: t00d800500_9cedc1f1428b_a1e935682795][ServerNames: *.samsungmax.com,*.opera-mini.net][JA3S: d45798bc098cd930de7eb2f5f866e994 (WEAK)][Issuer: C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA][Subject: C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA][Certificate SHA-1: 2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0][Firefox][Validity: 2019-04-25 09:58:06 - 2019-05-25 09:58:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (Opera Software ASA1)][Plen Bins: 0,5,0,35,5,10,10,0,10,10,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0] + 2 UDP 192.168.1.26:43594 <-> 104.153.87.149:50001 [proto: 30.58/DTLS.Discord][IP: 58/Discord][Encrypted][Confidence: DPI][DPI packets: 4][cat: Collaborative/15][3 pkts/1015 bytes <-> 3 pkts/3200 bytes][Goodput ratio: 88/96][0.13 sec][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 29/44 44/22 59/44 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 197/621 338/1067 621/1322 200/316][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][DTLSv1.2][JA3C: 681eb4fb79ccb6d60d35fa502c279d42][JA4: t00d120700_7c0e62f61317_d9dd6182da81][ServerNames: *.discord.gg,discord.gg][JA3S: 201fdaa63db9a086f36651aa4cfd0819][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.discord.gg][Certificate SHA-1: 0C:A2:45:E6:4A:06:B0:31:C6:BF:B6:C5:1B:AE:A0:A3:8E:41:B2:3C][Validity: 2020-03-26 00:00:00 - 2022-06-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (Greater Manchester1)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out index b5e08e925..25ef0c973 100644 --- a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out +++ b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 185.196.113.239 1 - 1 UDP 185.196.113.239:50257 <-> 223.116.105.247:44443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/302 bytes <-> 2 pkts/302 bytes][Goodput ratio: 72/72][0.06 sec][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][DTLSv1.2][JA3C: e15c510766789ed8f49de0e37951c1da][JA4: t00d010000_653ffb6f323e_e3b0c44298fc][JA3S: a1d48eca741e476d8ee735578a26bdbd][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,25,0,50,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 185.196.113.239:50257 <-> 223.116.105.247:44443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/302 bytes <-> 2 pkts/302 bytes][Goodput ratio: 72/72][0.06 sec][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][DTLSv1.2][JA3C: e15c510766789ed8f49de0e37951c1da][JA4: t00d010000_653ffb6f323e_e3b0c44298fc][JA3S: a1d48eca741e476d8ee735578a26bdbd][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,25,0,50,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/emotet.pcap.out b/tests/cfgs/default/result/emotet.pcap.out index 59dca1897..251550e1e 100644 --- a/tests/cfgs/default/result/emotet.pcap.out +++ b/tests/cfgs/default/result/emotet.pcap.out @@ -37,5 +37,5 @@ JA3 Host Stats: 2 TCP 10.2.25.102:57309 <-> 193.252.22.84:587 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 19][cat: Email/3][23 pkts/16752 bytes <-> 27 pkts/1853 bytes][Goodput ratio: 93/21][8.35 sec][Hostname/SNI: opmta1mto02nd1][bytes ratio: 0.801 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 276/345 1205/3054 406/694][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 728/69 1514/214 702/33][PLAIN TEXT (220 opmta)][Plen Bins: 31,27,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 3 TCP 10.4.25.101:49797 <-> 77.105.36.156:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][5 pkts/452 bytes <-> 10 pkts/10518 bytes][Goodput ratio: 34/95][0.48 sec][Hostname/SNI: filmmogzivota.rs][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 159/37 292/171 121/64][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 90/1052 206/1442 58/553][URL: filmmogzivota.rs/SpryAssets/gDR/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: vBKbaQgjyvRRbcgfvlsc][Filename: TfBXbg6gEAqeHioMEKOtCAAn73.dll][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** Binary file/data transfer (attempt) **][Risk Score: 300][Risk Info: UA vBKbaQgjyvRRbcgfvlsc / Found mime exe x-msdownload / File download TfBXbg6gEAqeHioMEKOtCAAn73.dll][PLAIN TEXT (GET /SpryAssets/gDR/ HTTP/1.1)][Plen Bins: 0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,66,0,0,0,0] 4 TCP 10.4.20.102:54319 <-> 107.161.178.210:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][7 pkts/645 bytes <-> 7 pkts/8714 bytes][Goodput ratio: 35/96][0.38 sec][Hostname/SNI: gandhitoday.org][bytes ratio: -0.862 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/54 260/260 100/103][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 92/1245 279/1442 76/483][URL: gandhitoday.org/video/6JvA8/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko][Filename: EGh7x6aKN3ILP.dll][Risk: ** Binary App Transfer **** Binary file/data transfer (attempt) **][Risk Score: 200][Risk Info: Found mime exe x-msdownload / File download EGh7x6aKN3ILP.dll][PLAIN TEXT (GET /video/6J)][Plen Bins: 0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,85,0,0,0,0] - 5 TCP 10.4.25.101:49803 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/1130 bytes <-> 8 pkts/6240 bytes][Goodput ratio: 64/93][1.65 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 14/0 75/231 122/1117 39/400][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 161/780 534/1442 161/663][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Malicious JA3 Fingerp. **][Risk Score: 210][Risk Info: 51c64c77e60f3980eea90869b68c58a8 / No ALPN / C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][TLSv1.2][JA3C: 51c64c77e60f3980eea90869b68c58a8][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: ec74a5c51106f0419184d0dd08fb05bc][Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Certificate SHA-1: 43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93][Firefox][Validity: 2022-04-21 10:08:46 - 2023-04-21 10:08:46][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,12,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0] - 6 TCP 10.4.25.101:49804 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1517 bytes <-> 7 pkts/1208 bytes][Goodput ratio: 61/66][48.61 sec][bytes ratio: 0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5997/806 44782/3012 14692/1274][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 152/173 607/714 179/224][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Malicious JA3 Fingerp. **][Risk Score: 110][Risk Info: 51c64c77e60f3980eea90869b68c58a8 / No ALPN][TLSv1.2][JA3C: 51c64c77e60f3980eea90869b68c58a8][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,16,0,0,0,0,0,0,16,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 10.4.25.101:49803 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/1130 bytes <-> 8 pkts/6240 bytes][Goodput ratio: 64/93][1.65 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 14/0 75/231 122/1117 39/400][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 161/780 534/1442 161/663][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Malicious JA3 Fingerp. **][Risk Score: 210][Risk Info: 51c64c77e60f3980eea90869b68c58a8 / No ALPN / SNI should always be present / C=GB, ST=London, L=London, O=Global Security, OU=I][TLSv1.2][JA3C: 51c64c77e60f3980eea90869b68c58a8][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: ec74a5c51106f0419184d0dd08fb05bc][Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Certificate SHA-1: 43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93][Firefox][Validity: 2022-04-21 10:08:46 - 2023-04-21 10:08:46][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,12,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0] + 6 TCP 10.4.25.101:49804 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1517 bytes <-> 7 pkts/1208 bytes][Goodput ratio: 61/66][48.61 sec][bytes ratio: 0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5997/806 44782/3012 14692/1274][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 152/173 607/714 179/224][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Malicious JA3 Fingerp. **][Risk Score: 110][Risk Info: 51c64c77e60f3980eea90869b68c58a8 / No ALPN / SNI should always be present][TLSv1.2][JA3C: 51c64c77e60f3980eea90869b68c58a8][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,16,0,0,0,0,0,0,16,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ftp-start-tls.pcap.out b/tests/cfgs/default/result/ftp-start-tls.pcap.out index f28e22cd1..229a6c499 100644 --- a/tests/cfgs/default/result/ftp-start-tls.pcap.out +++ b/tests/cfgs/default/result/ftp-start-tls.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 10.238.26.36 1 - 1 TCP 10.238.26.36:62092 <-> 10.220.50.76:21 [proto: 311.398/FTPS.Huawei][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 17][cat: Web/5][16 pkts/1744 bytes <-> 35 pkts/5766 bytes][Goodput ratio: 49/66][0.33 sec][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 13/4 34/34 13/8][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 109/165 384/566 80/152][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Unsafe Protocol **** Missing SNI TLS Extn **][Risk Score: 170][Risk Info: No ALPN / Cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA][TLSv1.2][JA3C: 398076b7fcad56308a762b3c79fe1f44][JA4: t12d410100_d572b635dddf_5f8d9ea464d3][ServerNames: oss.huawei.com][JA3S: 5cd6efb8d804faf03e1462073b729151 (WEAK)][Issuer: C=CN, O=Huawei, OU=Wireless Network Product Line, CN=Huawei Wireless Network Product CA][Subject: C=CN, O=Huawei, OU=Huawei Network Product Line, CN=OSS Certificate][Certificate SHA-1: 0A:14:3A:AB:E1:3A:5B:1C:A7:BD:C7:82:45:8C:FA:37:D7:87:29:D2][Validity: 2012-03-12 08:54:33 - 2027-03-09 08:54:33][Cipher: TLS_RSA_WITH_3DES_EDE_CBC_SHA][PLAIN TEXT (Authorized users only. All acti)][Plen Bins: 22,25,32,0,2,0,5,0,0,0,2,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 10.238.26.36:62092 <-> 10.220.50.76:21 [proto: 311.398/FTPS.Huawei][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 17][cat: Web/5][16 pkts/1744 bytes <-> 35 pkts/5766 bytes][Goodput ratio: 49/66][0.33 sec][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 13/4 34/34 13/8][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 109/165 384/566 80/152][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Unsafe Protocol **** Missing SNI TLS Extn **][Risk Score: 170][Risk Info: No ALPN / SNI should always be present / Cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA][TLSv1.2][JA3C: 398076b7fcad56308a762b3c79fe1f44][JA4: t12d410100_d572b635dddf_5f8d9ea464d3][ServerNames: oss.huawei.com][JA3S: 5cd6efb8d804faf03e1462073b729151 (WEAK)][Issuer: C=CN, O=Huawei, OU=Wireless Network Product Line, CN=Huawei Wireless Network Product CA][Subject: C=CN, O=Huawei, OU=Huawei Network Product Line, CN=OSS Certificate][Certificate SHA-1: 0A:14:3A:AB:E1:3A:5B:1C:A7:BD:C7:82:45:8C:FA:37:D7:87:29:D2][Validity: 2012-03-12 08:54:33 - 2027-03-09 08:54:33][Cipher: TLS_RSA_WITH_3DES_EDE_CBC_SHA][PLAIN TEXT (Authorized users only. All acti)][Plen Bins: 22,25,32,0,2,0,5,0,0,0,2,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index f5c0134af..d33e6153e 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -59,13 +59,13 @@ Unrated 34 4212 34 13 UDP 192.168.1.52:5060 -> 212.242.33.35:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.1.2:5060 -> 212.234.33.35:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/506 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.1.2:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/486 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][718.24 sec][Hostname/SNI: d002465][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EEDADADCDEDGDFC)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 192.168.1.2:2740 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Header][PLAIN TEXT (cyberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 192.168.1.2:2740 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Header][PLAIN TEXT (cyberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.1.2:2744 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 192.168.1.2:2748 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.1.2:2756 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.1.2:2748 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.1.2:2756 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP 192.168.1.2:2789 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 192.168.1.2:2806 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.qk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (bercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 UDP 192.168.1.2:2825 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.1.2:2806 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.qk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (bercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 192.168.1.2:2825 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 UDP 192.86.1.2:5060 -> 200.68.120.99:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL qip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.1.2:4292 -> 200.68.37.115:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.169.1.2:5060 -> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -76,22 +76,22 @@ Unrated 34 4212 34 30 UDP 208.242.33.35:5060 -> 192.168.1.2:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (SIP/2.0 100 Trying)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 UDP 192.168.1.2:2734 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 UDP 192.168.1.2:2742 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 UDP 192.168.1.2:2750 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.vo_s][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Header][PLAIN TEXT (brujula)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 UDP 192.168.1.2:2764 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Error Code **** Unidirectional Traffic **][Risk Score: 130][Risk Info: No server to client traffic / DNS Error Code 10 / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 UDP 192.168.1.2:2772 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 UDP 192.168.1.2:2774 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (sipicybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 192.168.1.2:2776 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 UDP 192.168.1.2:2787 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 UDP 192.168.1.2:2798 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 UDP 192.168.1.2:2804 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][5.00 sec][Hostname/SNI: _sip.oudp.sip.cybercity.?k][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 UDP 192.168.1.2:2750 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.vo_s][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Header / Invalid chars detected in domain name][PLAIN TEXT (brujula)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 UDP 192.168.1.2:2764 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Error Code **** Unidirectional Traffic **][Risk Score: 130][Risk Info: No server to client traffic / Invalid chars detected in domain name / DNS Error Code 10 / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 UDP 192.168.1.2:2772 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 UDP 192.168.1.2:2774 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (sipicybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 192.168.1.2:2776 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 UDP 192.168.1.2:2787 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 UDP 192.168.1.2:2798 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 UDP 192.168.1.2:2804 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][5.00 sec][Hostname/SNI: _sip.oudp.sip.cybercity.?k][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 UDP 192.168.1.2:2812 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cyaercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 UDP 192.168.1.2:2816 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.24 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 UDP 192.168.1.2:2823 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.00 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 UDP 192.168.1.2:2816 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.24 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 UDP 192.168.1.2:2823 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.00 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.2:2722 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/340 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][16.01 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 UDP 192.168.1.2:2793 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/169 bytes][Goodput ratio: 44/75][3.35 sec][Hostname/SNI: reg.sippstar.com][82.98.209.39][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][PLAIN TEXT (sippstar)][Plen Bins: 0,66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 192.168.1.2:2793 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/169 bytes][Goodput ratio: 44/75][3.35 sec][Hostname/SNI: reg.sippstar.com][82.98.209.39][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][PLAIN TEXT (sippstar)][Plen Bins: 0,66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 UDP 192.168.1.2:2794 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/128 bytes][Goodput ratio: 44/67][4.28 sec][Hostname/SNI: sip.cybercity.dk][212.242.33.35][PLAIN TEXT (cybercity)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 UDP 192.168.1.2:2715 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][5.00 sec][Hostname/SNI: _sip._udp.sip.cyber?ity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 UDP 192.168.1.2:2724 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 UDP 192.168.1.2:2715 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][5.00 sec][Hostname/SNI: _sip._udp.sip.cyber?ity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 UDP 192.168.1.2:2724 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 UDP 192.168.1.2:2736 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Header][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 UDP 192.168.1.2:2738 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 UDP 192.168.1.2:2746 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.voip.brujula.net][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (brujula)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -100,8 +100,8 @@ Unrated 34 4212 34 54 UDP 192.168.1.2:2760 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][6.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 UDP 192.168.1.2:2762 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.00 sec][Hostname/SNI: _sip._udp.sip.cybercity.sk][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Header][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 UDP 192.168.1.2:2783 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Header][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 UDP 192.168.1.2:2796 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.20 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 58 UDP 192.168.1.2:2800 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.06 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 UDP 192.168.1.2:2796 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.20 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 58 UDP 192.168.1.2:2800 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.06 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 UDP 192.168.1.2:2802 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 UDP 192.168.1.2:2810 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][4.01 sec][Hostname/SNI: _sip._udp.sip.nybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Mybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 61 UDP 192.168.1.2:2814 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sib._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -116,17 +116,17 @@ Unrated 34 4212 34 70 UDP 192.168.1.2:2743 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 71 UDP 192.168.1.2:2753 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.527.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 UDP 192.168.1.2:2755 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 73 UDP 192.168.1.2:2757 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 UDP 192.168.1.2:2757 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 74 UDP 192.168.1.2:2761 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 11/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 75 UDP 192.168.1.2:2763 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 UDP 192.168.1.2:2767 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 UDP 192.168.1.2:2775 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 78 UDP 192.168.1.2:2797 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 79 UDP 192.168.1.2:2801 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 UDP 192.168.1.2:2775 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 78 UDP 192.168.1.2:2797 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 79 UDP 192.168.1.2:2801 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 UDP 192.168.1.2:2803 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 UDP 192.168.1.2:2809 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 82 UDP 192.168.1.2:2824 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 83 UDP 192.168.1.2:2826 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 83 UDP 192.168.1.2:2826 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 84 UDP 192.168.1.2:2831 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 85 TCP 192.168.1.2:2717 -> 147.137.21.94:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 3][cat: System/18][3 pkts/186 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][8.93 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 86 UDP 192.168.1.2:2713 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -137,7 +137,7 @@ Unrated 34 4212 34 91 UDP 192.168.1.2:2770 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][4.01 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 92 UDP 192.168.1.2:2785 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][276.51 sec][Hostname/SNI: _sip._udp.sip.cybevcity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 93 UDP 192.168.1.2:2808 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][2.00 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 94 UDP 192.168.1.2:2827 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][2.00 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cyberciMy)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 94 UDP 192.168.1.2:2827 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][2.00 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cyberciMy)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 95 UDP 192.168.1.2:2829 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][1.00 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 96 UDP 192.168.1.2:2716 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][353.97 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 97 UDP 192.168.1.3:53 -> 192.168.1.2:2712 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -148,15 +148,15 @@ Unrated 34 4212 34 102 UDP 192.168.1.1:53 -> 192.168.1.2:2723 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-adds.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 103 UDP 192.168.1.1:53 -> 192.168.1.2:2745 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 104 UDP 192.168.1.1:53 -> 192.168.1.2:2747 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 105 UDP 192.168.1.1:53 -> 192.168.1.2:2751 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 105 UDP 192.168.1.1:53 -> 192.168.1.2:2751 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 106 UDP 192.168.1.1:53 -> 192.168.1.2:2765 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 107 UDP 192.168.1.1:53 -> 192.168.1.2:2771 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 108 UDP 192.168.1.1:53 -> 192.168.1.2:2782 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 109 UDP 192.168.1.1:53 -> 192.168.1.2:2805 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 110 UDP 192.168.1.1:53 -> 192.168.1.2:2807 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 110 UDP 192.168.1.1:53 -> 192.168.1.2:2807 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 111 UDP 192.168.1.1:53 -> 192.168.5.2:2784 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.aspa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 UDP 192.168.1.1:53 -> 192.168.119.2:2799 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 113 UDP 192.168.1.1:53 -> 240.168.1.2:2792 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-a?dr.arpa][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 113 UDP 192.168.1.1:53 -> 240.168.1.2:2792 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-a?dr.arpa][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 114 UDP 192.168.130.1:53 -> 192.168.1.2:2741 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 115 UDP 192.168.233.1:53 -> 192.168.1.2:2811 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 116 UDP 253.168.1.1:53 -> 192.168.1.2:2735 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -191,7 +191,7 @@ Unrated 34 4212 34 145 UDP 192.98.1.2:2752 -> 25.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 146 UDP 192.168.1.2:202 -> 192.168.37.115:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 147 UDP 192.168.1.2:2568 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 148 UDP 192.168.1.2:2640 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 148 UDP 192.168.1.2:2640 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 149 UDP 192.168.1.2:2684 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.dybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Dybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 150 UDP 192.168.1.2:2722 -> 192.136.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 151 UDP 192.168.1.2:2724 -> 192.168.17.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _zip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -201,10 +201,10 @@ Unrated 34 4212 34 155 UDP 192.168.1.2:2772 -> 192.184.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 156 UDP 192.168.1.2:2787 -> 192.168.3.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 157 UDP 192.168.1.2:2791 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 158 UDP 192.168.1.2:2791 -> 192.168.67.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (yberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 158 UDP 192.168.1.2:2791 -> 192.168.67.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (yberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 159 UDP 192.168.1.2:2796 -> 192.168.1.129:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 160 UDP 192.168.1.2:2827 -> 192.168.1.114:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 161 UDP 192.168.1.2:2827 -> 192.170.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cyberc?ty.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (cyberc)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 161 UDP 192.168.1.2:2827 -> 192.170.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cyberc?ty.dk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (cyberc)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 162 UDP 192.168.1.2:2832 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 163 UDP 192.168.1.2:10942 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.voip.brujula.net][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (brujula)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 164 UDP 192.168.1.2:14798 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -212,7 +212,7 @@ Unrated 34 4212 34 166 UDP 192.168.1.2:19192 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 167 UDP 192.168.1.2:29688 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cyberciby.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cyberciby)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 168 UDP 192.168.1.2:35536 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 169 UDP 192.168.1.34:2746 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp._s?p.brvjula.net][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 169 UDP 192.168.1.34:2746 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp._s?p.brvjula.net][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 170 UDP 192.168.1.53:2791 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 171 UDP 192.168.1.110:2713 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 172 UDP 192.168.1.172:2766 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -222,7 +222,7 @@ Unrated 34 4212 34 176 UDP 192.168.79.2:2791 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 177 UDP 192.170.1.2:2810 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 178 UDP 200.168.1.2:2785 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 179 UDP 208.168.1.2:2713 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 179 UDP 208.168.1.2:2713 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 180 UDP 192.168.1.2:2733 -> 192.168.115.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arqa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 181 UDP 192.168.1.2:2741 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 182 UDP 192.168.1.2:2747 -> 67.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -231,15 +231,15 @@ Unrated 34 4212 34 185 UDP 192.168.1.2:2769 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 186 UDP 192.168.1.2:2773 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.il-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 187 UDP 192.168.1.2:2784 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 188 UDP 192.168.1.2:2786 -> 192.168.1.3:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-ad?r.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 188 UDP 192.168.1.2:2786 -> 192.168.1.3:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-ad?r.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 189 UDP 192.168.1.2:2788 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 190 UDP 192.168.1.2:2790 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 191 UDP 192.168.1.2:2792 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 192 UDP 192.168.1.2:2799 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 193 UDP 192.168.1.2:2811 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 194 UDP 192.168.1.2:2813 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127?in-ad_r?arpa???][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 194 UDP 192.168.1.2:2813 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127?in-ad_r?arpa???][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 195 UDP 192.168.1.2:2815 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed Packet **** Error Code **** Unidirectional Traffic **][Risk Score: 30][Risk Info: No server to client traffic / DNS Error Code 10 / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 196 UDP 192.168.1.2:2822 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.1?7.in-addr.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 196 UDP 192.168.1.2:2822 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.1?7.in-addr.arpa][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 197 UDP 192.168.1.2:2828 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 198 UDP 192.168.1.18:2751 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 199 UDP 192.168.1.57:2771 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -251,7 +251,7 @@ Unrated 34 4212 34 205 UDP 192.168.1.2:2712 -> 192.37.115.0:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/76 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Hostname/SNI: sip.cybercrty.dk][::][PLAIN TEXT (cybercrty)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 206 UDP 192.168.1.2:2712 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/76 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Hostname/SNI: sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 207 UDP 192.168.1.2:2794 -> 192.168.108.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/76 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Hostname/SNI: sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 208 UDP 192.114.1.2:2719 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/75 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][Hostname/SNI: ftp.ecite?e.com][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 208 UDP 192.114.1.2:2719 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/75 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][Hostname/SNI: ftp.ecite?e.com][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 209 TCP 147.234.1.253:21 -> 84.168.1.2:2720 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Download/7][1 pkts/73 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic][PLAIN TEXT (200 Type set to I)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 210 TCP 192.168.1.2:2720 -> 147.117.1.253:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Download/7][1 pkts/73 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][PLAIN TEXT (RETR Site)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 211 TCP 192.168.1.2:2679 -> 147.234.1.253:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Download/7][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 18/0][< 1 sec][Risk: ** Unsafe Protocol **** Clear-Text Credentials **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found password][PLAIN TEXT (PASS d0)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index dc8ae3fde..291e883e7 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -81,7 +81,7 @@ JA3 Host Stats: 24 UDP 10.0.2.15:28681 <-> 89.75.52.19:46010 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][7 pkts/939 bytes <-> 7 pkts/3639 bytes][Goodput ratio: 69/92][197.35 sec][bytes ratio: -0.590 (Download)][IAT c2s/s2c min/avg/max/stddev: 98/59 16969/16961 46205/46196 16968/16973][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 134/520 274/769 60/291][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (.LGTKG)][Plen Bins: 7,7,35,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 10.0.2.15:28681 <-> 203.220.198.244:1194 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][7 pkts/939 bytes <-> 7 pkts/3509 bytes][Goodput ratio: 69/92][197.83 sec][bytes ratio: -0.578 (Download)][IAT c2s/s2c min/avg/max/stddev: 313/315 17988/17988 51261/51260 18094/18093][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 134/501 274/769 60/309][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 7,7,35,14,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 10.0.2.15:28681 <-> 46.128.114.107:6578 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][7 pkts/939 bytes <-> 7 pkts/3501 bytes][Goodput ratio: 69/92][197.45 sec][bytes ratio: -0.577 (Download)][IAT c2s/s2c min/avg/max/stddev: 60/40 16942/16932 46247/46248 16994/16998][Pkt Len c2s/s2c min/avg/max/stddev: 70/128 134/500 274/769 60/311][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 7,7,35,14,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP 10.0.2.15:50314 <-> 80.7.252.192:6888 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1582 bytes <-> 11 pkts/2813 bytes][Goodput ratio: 65/79][0.20 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/17 69/69 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 158/256 663/1514 187/429][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert Validity Too Long **][Risk Score: 360][Risk Info: No ALPN / TLS Cert lasts 5870 days / 05/Dec/2021 22:34:00 - 31/Dec/2037 23:00:00 / CN=gtk-gnutella/1.2.1][TLSv1.2][JA3C: 6992dc627532d4fbccd43fb03d3bdeb4][JA4: t12d700800_738c12401e81_7448b1316cd7][JA3S: 1249fb68f48c0444718e4d3b48b27188][Issuer: CN=gtk-gnutella/1.2.1][Subject: CN=gtk-gnutella/1.2.1][Certificate SHA-1: E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93][Firefox][Validity: 2021-12-05 22:34:00 - 2037-12-31 23:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,12,12,0,0,0,12,0,0,0,0,0,0,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] + 27 TCP 10.0.2.15:50314 <-> 80.7.252.192:6888 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1582 bytes <-> 11 pkts/2813 bytes][Goodput ratio: 65/79][0.20 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/17 69/69 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 158/256 663/1514 187/429][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert Validity Too Long **][Risk Score: 360][Risk Info: No ALPN / SNI should always be present / TLS Cert lasts 5870 days / 05/Dec/2021 22:34:00 - 31/Dec/2037 23:00:00 / CN=gtk-gnute][TLSv1.2][JA3C: 6992dc627532d4fbccd43fb03d3bdeb4][JA4: t12d700800_738c12401e81_7448b1316cd7][JA3S: 1249fb68f48c0444718e4d3b48b27188][Issuer: CN=gtk-gnutella/1.2.1][Subject: CN=gtk-gnutella/1.2.1][Certificate SHA-1: E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93][Firefox][Validity: 2021-12-05 22:34:00 - 2037-12-31 23:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,12,12,0,0,0,12,0,0,0,0,0,0,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] 28 UDP 10.0.2.15:28681 <-> 45.31.152.112:26851 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][186.46 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 7100/7142 19000/19000 44374/44331 14989/14962][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 UDP 10.0.2.15:28681 <-> 96.65.68.194:35481 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][197.61 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 5017/5014 21044/21044 46304/46310 15712/15715][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 UDP 10.0.2.15:28681 <-> 181.84.178.16:60262 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/766 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 72/93][84.70 sec][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 5114/5194 21079/21064 46304/46263 15704/15629][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 153/645 274/769 60/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 0,0,40,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/imap-starttls.pcap.out b/tests/cfgs/default/result/imap-starttls.pcap.out index ea615b4c5..9090418cf 100644 --- a/tests/cfgs/default/result/imap-starttls.pcap.out +++ b/tests/cfgs/default/result/imap-starttls.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.17.53 1 - 1 TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] + 1 TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN / SNI should always be present][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] diff --git a/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out b/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out index 2cd3457b3..5ba23484a 100644 --- a/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out +++ b/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out @@ -29,4 +29,4 @@ JA3 Host Stats: IP Address # JA3C - 1 TCP 10.206.131.18:58657 <-> 10.206.65.249:443 [VLAN: 258][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][5 pkts/1144 bytes <-> 6 pkts/3988 bytes][Goodput ratio: 70/90][0.22 sec][bytes ratio: -0.554 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/39 164/136 72/50][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 229/665 866/1522 319/650][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3S: 9d456958a9e86bb0d503543beaf1a65b][Issuer: C=US, ST=New York, L=Rochester, O=Xerox Corporation, OU=Generic Root Certificate Authority, CN=Xerox Generic Root Certificate Authority][Subject: C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF, C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF][Certificate SHA-1: 3B:2B:5E:58:6E:3E:30:1F:52:BF:9B:81:20:47:DE:10:A0:67:8E:FA][Firefox][Validity: 2018-11-29 18:57:22 - 2023-11-29 18:57:22][Cipher: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 1 TCP 10.206.131.18:58657 <-> 10.206.65.249:443 [VLAN: 258][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][5 pkts/1144 bytes <-> 6 pkts/3988 bytes][Goodput ratio: 70/90][0.22 sec][bytes ratio: -0.554 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/39 164/136 72/50][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 229/665 866/1522 319/650][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][TLSv1.2][JA3S: 9d456958a9e86bb0d503543beaf1a65b][Issuer: C=US, ST=New York, L=Rochester, O=Xerox Corporation, OU=Generic Root Certificate Authority, CN=Xerox Generic Root Certificate Authority][Subject: C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF, C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF][Certificate SHA-1: 3B:2B:5E:58:6E:3E:30:1F:52:BF:9B:81:20:47:DE:10:A0:67:8E:FA][Firefox][Validity: 2018-11-29 18:57:22 - 2023-11-29 18:57:22][Cipher: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] diff --git a/tests/cfgs/default/result/os_detected.pcapng.out b/tests/cfgs/default/result/os_detected.pcapng.out index 04b731c08..25b1853ba 100644 --- a/tests/cfgs/default/result/os_detected.pcapng.out +++ b/tests/cfgs/default/result/os_detected.pcapng.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.1.128 1 - 1 UDP 192.168.1.128:39821 -> 8.8.8.8:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: Mozilla/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko)][Risk: ** Missing SNI TLS Extn **** Unidirectional Traffic **** ALPN/SNI Mismatch **][Risk Score: 110][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA3C: 9addef84847d700f759746b237c405c8][JA4: q13d0307h3_55b375c5d22e_23ed935430f2][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.128:39821 -> 8.8.8.8:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: Mozilla/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko)][Risk: ** Missing SNI TLS Extn **** Unidirectional Traffic **** ALPN/SNI Mismatch **][Risk Score: 110][Risk Info: No server to client traffic / SNI should always be present / h3-29][TLSv1.3][QUIC ver: Draft-29][JA3C: 9addef84847d700f759746b237c405c8][JA4: q13d0307h3_55b375c5d22e_23ed935430f2][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pia.pcap.out b/tests/cfgs/default/result/pia.pcap.out index 395d4de12..045be448f 100644 --- a/tests/cfgs/default/result/pia.pcap.out +++ b/tests/cfgs/default/result/pia.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.88.3 1 - 1 TCP 192.168.88.3:56854 <-> 143.244.45.60:443 [proto: 91.384/TLS.PrivateInternetAccess][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: VPN/2][5 pkts/948 bytes <-> 4 pkts/2894 bytes][Goodput ratio: 64/91][0.04 sec][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/6 19/15 8/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/724 583/1514 200/661][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: ee798410f39b7911fa5306cf3f3e6adc][JA4: t13d571000_131602cb7446_6c96259584c4][ServerNames: newjersey402][JA3S: ec74a5c51106f0419184d0dd08fb05bc][Issuer: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access][Subject: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=newjersey402, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access][Certificate SHA-1: 15:93:3C:30:66:5E:3D:9D:AF:2D:89:56:75:07:DF:06:BB:D2:61:3F][Firefox][Validity: 2020-11-17 14:30:51 - 2021-05-16 14:30:51][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0] + 1 TCP 192.168.88.3:56854 <-> 143.244.45.60:443 [proto: 91.384/TLS.PrivateInternetAccess][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: VPN/2][5 pkts/948 bytes <-> 4 pkts/2894 bytes][Goodput ratio: 64/91][0.04 sec][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/6 19/15 8/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/724 583/1514 200/661][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][TLSv1.2][JA3C: ee798410f39b7911fa5306cf3f3e6adc][JA4: t13d571000_131602cb7446_6c96259584c4][ServerNames: newjersey402][JA3S: ec74a5c51106f0419184d0dd08fb05bc][Issuer: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access][Subject: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=newjersey402, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access][Certificate SHA-1: 15:93:3C:30:66:5E:3D:9D:AF:2D:89:56:75:07:DF:06:BB:D2:61:3F][Firefox][Validity: 2020-11-17 14:30:51 - 2021-05-16 14:30:51][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0] diff --git a/tests/cfgs/default/result/psiphon3.pcap.out b/tests/cfgs/default/result/psiphon3.pcap.out index 251aafc43..290fef3bf 100644 --- a/tests/cfgs/default/result/psiphon3.pcap.out +++ b/tests/cfgs/default/result/psiphon3.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.0.103 1 - 1 TCP 192.168.0.103:40557 <-> 104.18.151.190:443 [proto: 91.303/TLS.Psiphon][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 12][cat: VPN/2][32 pkts/5020 bytes <-> 30 pkts/6798 bytes][Goodput ratio: 74/82][0.72 sec][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.150 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/4 501/41 98/9][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 157/227 1048/1500 249/417][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][TLSv1.2][JA3C: 2d703033628575a99d44820c43b84876][JA4: t12d1508h2_073e58a039a6_e70312a1ce2c][ServerNames: sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: 49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C][Firefox][Validity: 2020-08-09 00:00:00 - 2021-08-09 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,24,24,0,0,7,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 1 TCP 192.168.0.103:40557 <-> 104.18.151.190:443 [proto: 91.303/TLS.Psiphon][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 12][cat: VPN/2][32 pkts/5020 bytes <-> 30 pkts/6798 bytes][Goodput ratio: 74/82][0.72 sec][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.150 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/4 501/41 98/9][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 157/227 1048/1500 249/417][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][Risk Info: SNI should always be present / h2][TLSv1.2][JA3C: 2d703033628575a99d44820c43b84876][JA4: t12d1508h2_073e58a039a6_e70312a1ce2c][ServerNames: sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: 49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C][Firefox][Validity: 2020-08-09 00:00:00 - 2021-08-09 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,24,24,0,0,7,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] diff --git a/tests/cfgs/default/result/quic-33.pcapng.out b/tests/cfgs/default/result/quic-33.pcapng.out index 3a0067211..d33572e22 100644 --- a/tests/cfgs/default/result/quic-33.pcapng.out +++ b/tests/cfgs/default/result/quic-33.pcapng.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 ::1 1 - 1 UDP [::1]:51430 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/1618 bytes <-> 4 pkts/3718 bytes][Goodput ratio: 88/93][0.00 sec][(Advertised) ALPNs: h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/0 3/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 115/117 539/930 1294/1502 535/533][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: V-1][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][PLAIN TEXT (NLZzZw)][Plen Bins: 0,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,14,0,0] + 1 UDP [::1]:51430 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/1618 bytes <-> 4 pkts/3718 bytes][Goodput ratio: 88/93][0.00 sec][(Advertised) ALPNs: h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/0 3/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 115/117 539/930 1294/1502 535/533][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic / SNI should always be present / h3-33][TLSv1.3][QUIC ver: V-1][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][PLAIN TEXT (NLZzZw)][Plen Bins: 0,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,14,0,0] diff --git a/tests/cfgs/default/result/quic-34.pcap.out b/tests/cfgs/default/result/quic-34.pcap.out index 3f02a683d..1258a09a4 100644 --- a/tests/cfgs/default/result/quic-34.pcap.out +++ b/tests/cfgs/default/result/quic-34.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.56.1 1 - 1 UDP 192.168.56.1:55880 <-> 192.168.56.198:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes <-> 3 pkts/3542 bytes][Goodput ratio: 97/96][0.00 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-34][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,25,0,0] + 1 UDP 192.168.56.1:55880 <-> 192.168.56.198:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes <-> 3 pkts/3542 bytes][Goodput ratio: 97/96][0.00 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic / SNI should always be present / h3-34][TLSv1.3][QUIC ver: Draft-34][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,25,0,0] diff --git a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out index a020b5770..6057e3e9b 100644 --- a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out +++ b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 192.168.56.103 1 - 1 UDP 192.168.56.103:55523 <-> 192.168.56.104:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][13 pkts/6012 bytes <-> 8 pkts/3027 bytes][Goodput ratio: 91/89][0.01 sec][(Advertised) ALPNs: h3;h3-29;h3-28;h3-27;hq-interop;hq-29;hq-28;hq-27;http/0.9][TLS Supported Versions: TLSv1.3][bytes ratio: 0.330 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 85/86 462/378 1242/1242 522/371][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][TLSv1.3][QUIC ver: V-1][JA3C: 86871fd0d48de0c82beec154cd3f1744][JA4: q13d0307h3_55b375c5d22e_f0736a66fa6b][PLAIN TEXT (quiche)][Plen Bins: 0,44,4,9,0,0,4,0,4,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.56.103:55523 <-> 192.168.56.104:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][13 pkts/6012 bytes <-> 8 pkts/3027 bytes][Goodput ratio: 91/89][0.01 sec][(Advertised) ALPNs: h3;h3-29;h3-28;h3-27;hq-interop;hq-29;hq-28;hq-27;http/0.9][TLS Supported Versions: TLSv1.3][bytes ratio: 0.330 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 85/86 462/378 1242/1242 522/371][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h3][TLSv1.3][QUIC ver: V-1][JA3C: 86871fd0d48de0c82beec154cd3f1744][JA4: q13d0307h3_55b375c5d22e_f0736a66fa6b][PLAIN TEXT (quiche)][Plen Bins: 0,44,4,9,0,0,4,0,4,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out b/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out index 3ea4d455d..7c6b8ad36 100644 --- a/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out +++ b/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out @@ -25,4 +25,4 @@ QUIC 1 1280 1 Acceptable 1 1280 1 - 1 UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][QUIC ver: Q024][PLAIN TEXT ( )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 1 UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: SNI should be present all time: attack ?][QUIC ver: Q024][PLAIN TEXT ( )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index 47296e046..682c25c8e 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -34,7 +34,7 @@ Fun 85 76193 5 1 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Email/3][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Goodput ratio: 72/95][37.93 sec][Hostname/SNI: mail.google.com][bytes ratio: -0.812 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 303/161 21144/21225 1960/1485][Pkt Len c2s/s2c min/avg/max/stddev: 67/61 149/916 1392/1392 207/581][User-Agent: beta Chrome/43.0.2357.45][QUIC ver: Q024][PLAIN TEXT (mail.google.com)][Plen Bins: 4,37,1,5,3,0,3,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0] 2 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Goodput ratio: 80/97][1.00 sec][Hostname/SNI: www.youtube.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 52/26 803/828 183/134][Pkt Len c2s/s2c min/avg/max/stddev: 79/61 211/1208 1392/1392 358/430][User-Agent: Chrome/50.0.2661.102 Linux x86_64][QUIC ver: Q030][PLAIN TEXT (www.youtube.com)][Plen Bins: 1,35,1,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,57,0,0,0,0,0] - 3 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][6 pkts/7072 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][4.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 800/0 1749/0 595/0][Pkt Len c2s/s2c min/avg/max/stddev: 112/0 1179/0 1392/0 477/0][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][QUIC ver: Q033][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0] + 3 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][6 pkts/7072 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][4.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 800/0 1749/0 595/0][Pkt Len c2s/s2c min/avg/max/stddev: 112/0 1179/0 1392/0 477/0][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / SNI should be present all time: attack ?][QUIC ver: Q033][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0] 4 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][4 pkts/3682 bytes <-> 3 pkts/2863 bytes][Goodput ratio: 95/96][0.10 sec][Hostname/SNI: www.youtube.com][bytes ratio: 0.125 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 22/20 33/10 52/20 13/10][Pkt Len c2s/s2c min/avg/max/stddev: 82/79 920/954 1392/1392 538/619][User-Agent: Chrome/49.0.2623.87 Linux x86_64][QUIC ver: Q025][PLAIN TEXT (www.youtube.com)][Plen Bins: 0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0] 5 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/2866 bytes <-> 3 pkts/2863 bytes][Goodput ratio: 96/96][0.10 sec][Hostname/SNI: fonts.gstatic.com][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/21 50/10 74/21 24/10][Pkt Len c2s/s2c min/avg/max/stddev: 82/79 955/954 1392/1392 618/619][User-Agent: Chrome/49.0.2623.87 Linux x86_64][QUIC ver: Q025][PLAIN TEXT (fonts.gstatic.com)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0] 6 UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][2 pkts/2784 bytes <-> 2 pkts/2784 bytes][Goodput ratio: 97/97][0.09 sec][Hostname/SNI: s.ytimg.com][User-Agent: Chrome/49.0.2623.87 Linux x86_64][QUIC ver: Q025][PLAIN TEXT (s.ytimg.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out index 829b5933e..be0ff0c5c 100644 --- a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 ::1 1 - 1 UDP [::1]:58822 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/1410 bytes][Goodput ratio: 95/91][0.01 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: V-1][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0] + 1 UDP [::1]:58822 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/1410 bytes][Goodput ratio: 95/91][0.01 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic / SNI should always be present / h3-34][TLSv1.3][QUIC ver: V-1][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smtps.pcapng.out b/tests/cfgs/default/result/smtps.pcapng.out index 26adaaa4b..72d4fe91e 100644 --- a/tests/cfgs/default/result/smtps.pcapng.out +++ b/tests/cfgs/default/result/smtps.pcapng.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 62.43.36.99 1 - 1 TCP 62.43.36.99:37682 <-> 21.65.95.132:465 [proto: 29/SMTPS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Email/3][2 pkts/637 bytes <-> 2 pkts/299 bytes][Goodput ratio: 81/60][0.47 sec][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: f17ca639ecdcaa65b4521c49e3515ef9][JA4: t12d860600_e18388e7f3a3_4446390ac224][Firefox][PLAIN TEXT (4223.hostgator.com ESMTP Exim 4)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 62.43.36.99:37682 <-> 21.65.95.132:465 [proto: 29/SMTPS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Email/3][2 pkts/637 bytes <-> 2 pkts/299 bytes][Goodput ratio: 81/60][0.47 sec][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][TLSv1.2][JA3C: f17ca639ecdcaa65b4521c49e3515ef9][JA4: t12d860600_e18388e7f3a3_4446390ac224][Firefox][PLAIN TEXT (4223.hostgator.com ESMTP Exim 4)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/snapchat.pcap.out b/tests/cfgs/default/result/snapchat.pcap.out index bccec9a8f..50fe43e4b 100644 --- a/tests/cfgs/default/result/snapchat.pcap.out +++ b/tests/cfgs/default/result/snapchat.pcap.out @@ -34,4 +34,4 @@ JA3 Host Stats: 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][Goodput ratio: 78/74][0.72 sec][Hostname/SNI: feelinsonice-hrd.appspot.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/102 503/453 172/166][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 254/207 590/1123 237/350][TLSv1.2][JA3C: fded31ac9b978e56ce306f8056092f2a][JA4: t12d1407ht_efec8f3cafed_1b2d6ce873a4][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,28,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][Goodput ratio: 78/58][0.57 sec][Hostname/SNI: feelinsonice-hrd.appspot.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.389 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/86 403/353 142/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 261/129 590/502 236/150][TLSv1.2][JA3C: fded31ac9b978e56ce306f8056092f2a][JA4: t12d1407ht_efec8f3cafed_1b2d6ce873a4][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,14,0,14,0,0,0,0,0,0,0,14,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1910 bytes <-> 11 pkts/969 bytes][Goodput ratio: 68/39][2.27 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 283/283 2052/2000 670/650][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 174/88 590/292 163/75][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA4: t12d220300_5fd681855ab9_1ea9011b3dfa][JA3S: fbe78c619e7ea20046131294ad087f05][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,12,0,25,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1910 bytes <-> 11 pkts/969 bytes][Goodput ratio: 68/39][2.27 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 283/283 2052/2000 670/650][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 174/88 590/292 163/75][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA4: t12d220300_5fd681855ab9_1ea9011b3dfa][JA3S: fbe78c619e7ea20046131294ad087f05][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,12,0,25,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/snapchat_call.pcapng.out b/tests/cfgs/default/result/snapchat_call.pcapng.out index 14c5d8a59..0519e350d 100644 --- a/tests/cfgs/default/result/snapchat_call.pcapng.out +++ b/tests/cfgs/default/result/snapchat_call.pcapng.out @@ -25,4 +25,4 @@ SnapchatCall 50 12772 1 Acceptable 50 12772 1 - 1 UDP 192.168.12.169:42083 <-> 18.184.138.142:443 [proto: 188.255/QUIC.SnapchatCall][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 20][cat: VoIP/10][25 pkts/5295 bytes <-> 25 pkts/7477 bytes][Goodput ratio: 80/86][8.29 sec][bytes ratio: -0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/246 1313/1315 376/342][Pkt Len c2s/s2c min/avg/max/stddev: 65/62 212/299 1392/1392 365/419][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][QUIC ver: Q046][PLAIN TEXT (AESGCC20)][Plen Bins: 28,44,0,2,2,0,0,2,4,4,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] + 1 UDP 192.168.12.169:42083 <-> 18.184.138.142:443 [proto: 188.255/QUIC.SnapchatCall][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 20][cat: VoIP/10][25 pkts/5295 bytes <-> 25 pkts/7477 bytes][Goodput ratio: 80/86][8.29 sec][bytes ratio: -0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/246 1313/1315 376/342][Pkt Len c2s/s2c min/avg/max/stddev: 65/62 212/299 1392/1392 365/419][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][Risk Info: SNI should be present all time: attack ?][QUIC ver: Q046][PLAIN TEXT (AESGCC20)][Plen Bins: 28,44,0,2,2,0,0,2,4,4,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out b/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out index 015321708..0467220d9 100644 --- a/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out +++ b/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out @@ -32,4 +32,4 @@ JA3 Host Stats: 1 TCP 192.168.1.12:49886 -> 104.27.129.77:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][JA4: t13d1813h2_29a2cd9e9f10_0d6ff543c596][ESNI: 9624CB3C4E230827F78CF5BF640D22DEA33FCC598EA6A32D939905586FBE997B9E68661F8956D4893072E19DE24CD1FB88A9F71FC4CC01BAB5C914FDF96A647D671B5E89859BAEEAB122218688496DF4DF0C328C3D5F940B109CEB2A2743D5CBE3594288A229B8C7E2F88303E3FE1A26A89E5001F2BD936890FEF78F06E05ECC063A68BDB8C18DFAC114CF1FECDB8BE1FC2FEECB2315D27998D682B129FD1E3EB5D7985DCBDC452A1082CCC038E0BF69570FEFAC6BC6FB951F89B6792CADA76403C02CEB5DCE1CE6EDDD16D5F7FB6B85D2B92485448DE0088E421E83F1E28B267FBE3B59AE0496FB845213C271D4C5AC5E9E7E5F6A3072445307FCCEB7306710459991C40CC4DC1FC325154C7974DD780371397805456A19AE23EE88475C1DF07697B666][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.12:49887 -> 104.16.125.175:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][JA4: t13d1813h2_29a2cd9e9f10_0d6ff543c596][ESNI: B900004E39E84B98F5AE87B0A020EC49FED86F2B488B6AB28BDE9F957621F2774366DE90E65C4CA808668911624685EC4C6DC6C161A97CBE82281BC08427697AA3BE6A40E5F00ACF8B63E329317B0E4E85642D50AB8790E6197DA62D9F5B3239DCC59437797FE768A520C9D471FEABA1375DF61E4A39B09363CB109E7B24A793844896DDD16B6EE7DBE576D767161D782D7BF6FEC453A05A923D8D8E9BEFFC97E8E56C4F1AAB70FE99BC97819E1D908A5F3B3094F4BF25EB7A24A94FDBC3E107A423B8BB341F22900F7BBD87780E30B6ECF393FEB8FBFFEB54C79FA0673FE1AAD17B221D4BFF6450AA0CD4AF513066B66080B602147F3ACB7145A436C5689DA20BACB8BF9BABD851012556EC8F7BB9D74BFAAF25DCF4362A5775607C3CE5C2C29F183969][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.12:49897 -> 104.22.71.197:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Missing SNI TLS Extn **** Unidirectional Traffic **** ALPN/SNI Mismatch **][Risk Score: 110][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][JA4: t13d1813h2_29a2cd9e9f10_0d6ff543c596][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.12:49897 -> 104.22.71.197:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Missing SNI TLS Extn **** Unidirectional Traffic **** ALPN/SNI Mismatch **][Risk Score: 110][Risk Info: No server to client traffic / SNI should always be present / h2][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][JA4: t13d1813h2_29a2cd9e9f10_0d6ff543c596][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls_alert.pcap.out b/tests/cfgs/default/result/tls_alert.pcap.out index dbf88e002..2a2d69b9f 100644 --- a/tests/cfgs/default/result/tls_alert.pcap.out +++ b/tests/cfgs/default/result/tls_alert.pcap.out @@ -32,5 +32,5 @@ JA3 Host Stats: 1 192.168.1.192 1 - 1 TCP 192.168.1.192:63158 <-> 192.168.1.20:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 11][cat: Advertisement/101][6 pkts/607 bytes <-> 5 pkts/345 bytes][Goodput ratio: 33/2][0.00 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/69 265/74 73/4][Risk: ** Obsolete TLS (v1.1 or older) **** TLS Fatal Alert **][Risk Score: 110][Risk Info: TLSv1][TLSv1][JA3C: d78489b860c8bf7838a6ff0b4d131541][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.192:63158 <-> 192.168.1.20:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 11][cat: Advertisement/101][6 pkts/607 bytes <-> 5 pkts/345 bytes][Goodput ratio: 33/2][0.00 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/69 265/74 73/4][Risk: ** Obsolete TLS (v1.1 or older) **** TLS Fatal Alert **][Risk Score: 110][Risk Info: TLSv1 / Found fatal TLS alert][TLSv1][JA3C: d78489b860c8bf7838a6ff0b4d131541][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:37780 -> 160.44.202.202:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][7 pkts/533 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][3.67 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 612/0 1878/0 656/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 76/0 85/0 14/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out index be50172b9..1df9c60ae 100644 --- a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out @@ -33,5 +33,5 @@ JA3 Host Stats: 2 195.181.174.176 1 - 1 TCP 195.181.174.176:443 <-> 192.168.1.128:48260 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: RemoteAccess/12][3 pkts/1654 bytes <-> 6 pkts/1779 bytes][Goodput ratio: 87/78][0.04 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: -0.036 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 10/8 17/20 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 551/296 1514/1160 681/400][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **][Risk Score: 110][Risk Info: anydesk/6.2.0/linu / Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA4: t12d6406an_9197985d2161_a1e935682795][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] - 2 TCP 192.168.1.128:59754 <-> 192.168.1.181:7070 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][6 pkts/1953 bytes <-> 2 pkts/140 bytes][Goodput ratio: 79/0][0.08 sec][bytes ratio: 0.866 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 15/6 54/6 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/70 1352/74 469/4][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] + 1 TCP 195.181.174.176:443 <-> 192.168.1.128:48260 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: RemoteAccess/12][3 pkts/1654 bytes <-> 6 pkts/1779 bytes][Goodput ratio: 87/78][0.04 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: -0.036 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 10/8 17/20 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 551/296 1514/1160 681/400][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **][Risk Score: 110][Risk Info: anydesk/6.2.0/linu / Found AnyDesk / SNI should always be present][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA4: t12d6406an_9197985d2161_a1e935682795][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] + 2 TCP 192.168.1.128:59754 <-> 192.168.1.181:7070 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][6 pkts/1953 bytes <-> 2 pkts/140 bytes][Goodput ratio: 79/0][0.08 sec][bytes ratio: 0.866 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 15/6 54/6 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/70 1352/74 469/4][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / SNI should always be present][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls_port_80.pcapng.out b/tests/cfgs/default/result/tls_port_80.pcapng.out index 4666359e1..5d7d5cdec 100644 --- a/tests/cfgs/default/result/tls_port_80.pcapng.out +++ b/tests/cfgs/default/result/tls_port_80.pcapng.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 57.91.202.194 1 - 1 TCP 57.91.202.194:50541 <-> 132.49.141.56:80 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 13][cat: Web/5][5 pkts/563 bytes <-> 8 pkts/1876 bytes][Goodput ratio: 43/72][14.65 sec][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 1011/3433 2355/3433 3621/3433 1067/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/234 299/1414 93/446][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / Expected on port 443][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA4: t12d550500_168bb377f8c8_a1e935682795][JA3S: 107030a763c7224285717ff1569a17f3][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (AnyNet Root CA1 0)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] + 1 TCP 57.91.202.194:50541 <-> 132.49.141.56:80 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 13][cat: Web/5][5 pkts/563 bytes <-> 8 pkts/1876 bytes][Goodput ratio: 43/72][14.65 sec][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 1011/3433 2355/3433 3621/3433 1067/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/234 299/1414 93/446][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / SNI should always be present / Expected on port 443][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA4: t12d550500_168bb377f8c8_a1e935682795][JA3S: 107030a763c7224285717ff1569a17f3][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (AnyNet Root CA1 0)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls_unidirectional.pcap.out b/tests/cfgs/default/result/tls_unidirectional.pcap.out index 2031a1186..c71979604 100644 --- a/tests/cfgs/default/result/tls_unidirectional.pcap.out +++ b/tests/cfgs/default/result/tls_unidirectional.pcap.out @@ -31,5 +31,5 @@ JA3 Host Stats: 1 192.168.1.128 1 - 1 TCP 192.168.1.128:48260 -> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: RemoteAccess/12][27 pkts/7693 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][58.79 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2023/0 10210/0 3873/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 285/0 1514/0 460/0][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / anydesk/6.2.0/linu / Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA4: t12d6406an_9197985d2161_a1e935682795][Firefox][Plen Bins: 0,20,20,0,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,20,0,0] + 1 TCP 192.168.1.128:48260 -> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: RemoteAccess/12][27 pkts/7693 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][58.79 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2023/0 10210/0 3873/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 285/0 1514/0 460/0][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / anydesk/6.2.0/linu / Found AnyDesk / SNI should always be present][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA4: t12d6406an_9197985d2161_a1e935682795][Firefox][Plen Bins: 0,20,20,0,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,20,0,0] 2 TCP 142.250.27.188:5228 -> 10.140.72.24:12654 [VLAN: 308][proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/6972 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][0.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/0 160/0 64/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 1162/0 1418/0 490/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.google.com,*.appengine.google.com,*.bdn.dev,*.cloud.google.com,*.crowdsource.google.com,*.datacompute.google.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlevideo.com,*.gstatic.cn,*.gstatic-cn.com,googlecnapps.cn,*.googlecnapps.cn,googleapps-cn.com,*.googleapps-cn.com,gkecnapps.cn,*.gkecnapps.cn,googledownloads.cn,*.googledownloads.cn,recaptcha.net.cn,*.recaptcha.net.cn,widevine.cn,*.widevine.cn,ampproject.org.cn,*.ampproject.org.cn,ampproject.net.cn,*.ampproject.net.cn,google-analytics-cn.com,*.google-analytics-cn.com,googleadservices-cn.com,*.googleadservices-cn.com,googlevads-cn.com,*.googlevads-cn.com,googleapis-cn.com,*.googleapis-cn.com,googleoptimize-cn.com,*.googleoptimize-cn.com,doubleclick-cn.net,*.doubleclick-cn.net,*.fls.doubleclick-cn.net,*.g.doubleclick-cn.net,doubleclick.cn,*.doubleclick.cn,*.fls.doubleclick.cn,*.g.doubleclick.cn,dartsearch-cn.net,*.dartsearch-cn.net,googletraveladservices-cn.com,*.googletraveladservices-cn.com,googletagservices-cn.com,*.googletagservices-cn.com,googletagmanager-cn.com,*.googletagmanager-cn.com,googlesyndication-cn.com,*.googlesyndication-cn.com,*.safeframe.googlesyndication-cn.com,app-measurement-cn.com,*.app-measurement-cn.com,gvt1-cn.com,*.gvt1-cn.com,gvt2-cn.com,*.gvt2-cn.com,2mdn-cn.net,*.2mdn-cn.net,googleflights-cn.net,*.googleflights-cn.net,admob-cn.com,*.admob-cn.com,*.gstatic.com,*.metric.gstatic.com,*.gvt1.com,*.gcpcdn.gvt1.com,*.gvt2.com,*.gcp.gvt2.com,*.url.google.com,*.youtube-nocookie.com,*.ytimg.com,android.com,*.android.com,*.flash.android.com,g.cn,*.g.cn,g.co,*.g.co,goo.gl,www.goo.gl,google-analytics.com,*.google-analytics.com,google.com,googlecommerce.com,*.googlecommerce.com,ggpht.cn,*.ggpht.cn,urchin.com,*.urchin.com,youtu.be,youtube.com,*.youtube.com,youtubeeducation.com,*.youtubeeducation.com,youtubekids.com,*.youtubekids.com,yt.be,*.yt.be,android.clients.google.com,developer.android.google.cn,developers.android.google.cn,source.android.google.cn][JA3S: 84aaf6d03fc8c5bfb56d1d188735b268][Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1C3][Subject: CN=*.google.com][Certificate SHA-1: 02:64:CA:2E:8A:2F:BB:C4:97:9D:A7:AC:2B:47:FF:DE:28:0E:71:B1][Validity: 2021-11-01 02:19:52 - 2022-01-24 02:19:51][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,80,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ultrasurf.pcap.out b/tests/cfgs/default/result/ultrasurf.pcap.out index 24df6cdeb..3a9fa5d49 100644 --- a/tests/cfgs/default/result/ultrasurf.pcap.out +++ b/tests/cfgs/default/result/ultrasurf.pcap.out @@ -33,5 +33,5 @@ JA3 Host Stats: 1 TCP 65.49.68.25:50053 <-> 10.132.0.23:37898 [VLAN: 200][proto: 304/UltraSurf][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][60 pkts/116248 bytes <-> 40 pkts/4295 bytes][Goodput ratio: 96/11][2.50 sec][bytes ratio: 0.929 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 39/18 438/250 82/50][Pkt Len c2s/s2c min/avg/max/stddev: 1350/90 1937/107 2646/160 641/19][PLAIN TEXT (OFdfbY)][Plen Bins: 0,10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0,0,0,38] - 2 TCP 10.132.0.23:38120 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][53 pkts/17749 bytes <-> 76 pkts/35849 bytes][Goodput ratio: 79/85][1.90 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/18 260/269 67/46][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 335/472 1494/2646 417/739][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA4: t00d1514h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,32,9,5,7,6,3,1,2,0,1,0,0,0,0,0,1,1,4,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,2,0,0,5,0,3,0,1,0,0,7] - 3 TCP 10.132.0.23:38152 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][51 pkts/17295 bytes <-> 53 pkts/35335 bytes][Goodput ratio: 79/89][1.44 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/11 260/251 65/38][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 339/667 1418/2646 438/736][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA4: t00d1514h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,27,4,2,5,4,4,1,1,1,1,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,23,0,8,0,0,0,0,4] + 2 TCP 10.132.0.23:38120 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][53 pkts/17749 bytes <-> 76 pkts/35849 bytes][Goodput ratio: 79/85][1.90 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/18 260/269 67/46][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 335/472 1494/2646 417/739][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h2][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA4: t00d1514h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,32,9,5,7,6,3,1,2,0,1,0,0,0,0,0,1,1,4,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,2,0,0,5,0,3,0,1,0,0,7] + 3 TCP 10.132.0.23:38152 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][51 pkts/17295 bytes <-> 53 pkts/35335 bytes][Goodput ratio: 79/89][1.44 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/11 260/251 65/38][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 339/667 1418/2646 438/736][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h2][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA4: t00d1514h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,27,4,2,5,4,4,1,1,1,1,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,23,0,8,0,0,0,0,4] diff --git a/tests/cfgs/default/result/whois.pcapng.out b/tests/cfgs/default/result/whois.pcapng.out index 01e6d9571..ed64f761d 100644 --- a/tests/cfgs/default/result/whois.pcapng.out +++ b/tests/cfgs/default/result/whois.pcapng.out @@ -36,5 +36,5 @@ JA3 Host Stats: 1 TCP 192.30.45.30:43 -> 10.160.63.128:53217 [VLAN: 1908][proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Network/14][5 pkts/3410 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.33 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT ( Domain Name)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0] - 2 TCP 10.17.34.139:64016 <-> 10.17.51.8:4343 [VLAN: 1603][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][4 pkts/628 bytes <-> 3 pkts/1418 bytes][Goodput ratio: 54/86][0.24 sec][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.386 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/229 74/229 222/229 105/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/70 157/473 228/1278 71/569][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: Expected on port 443][TLSv1.2][JA3C: 5f48063f9f3a827056ccdabadcc3886a][JA4: t12d1908h2_d83cc789557e_16bbda4055b2][JA3S: 649d6810e8392f63dc311eecb6b7098b][Issuer: CN=10.17.51.7][Subject: CN=10.17.51.7, CN=10.17.51.7][Certificate SHA-1: DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5][Firefox][Validity: 2017-11-14 08:00:00 - 2022-11-13 08:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] + 2 TCP 10.17.34.139:64016 <-> 10.17.51.8:4343 [VLAN: 1603][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][4 pkts/628 bytes <-> 3 pkts/1418 bytes][Goodput ratio: 54/86][0.24 sec][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.386 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/229 74/229 222/229 105/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/70 157/473 228/1278 71/569][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h2 / Expected on port 443][TLSv1.2][JA3C: 5f48063f9f3a827056ccdabadcc3886a][JA4: t12d1908h2_d83cc789557e_16bbda4055b2][JA3S: 649d6810e8392f63dc311eecb6b7098b][Issuer: CN=10.17.51.7][Subject: CN=10.17.51.7, CN=10.17.51.7][Certificate SHA-1: DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5][Firefox][Validity: 2017-11-14 08:00:00 - 2022-11-13 08:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] 3 TCP 10.0.2.15:44188 <-> 192.0.47.59:43 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][6 pkts/357 bytes <-> 5 pkts/527 bytes][Goodput ratio: 4/44][0.30 sec][Hostname/SNI: example.com][bytes ratio: -0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/119 60/60 120/119 50/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 60/105 74/287 8/91][PLAIN TEXT (example.com)][Plen Bins: 50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out b/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out index cadb0b147..35e437321 100644 --- a/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out +++ b/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out @@ -30,7 +30,7 @@ JA3 Host Stats: 1 192.168.1.253 1 - 1 TCP 192.168.1.253:35996 <-> 1.1.1.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 24][cat: Web/5][61 pkts/5381 bytes <-> 59 pkts/9211 bytes][Goodput ratio: 35/63][122.79 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.262 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1965/1934 15360/15360 4993/4853][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 88/156 315/1514 41/267][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][TLSv1.3][JA3C: 7c1e207beb00684bbbe144f1b0abe1d5][JA4: t13d1909h2_9dc949149365_97f8aa674fd9][JA3S: d75f9129bb5d05492a65ff78e081bcb2][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 24,32,24,0,1,7,3,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.253:35996 <-> 1.1.1.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 24][cat: Web/5][61 pkts/5381 bytes <-> 59 pkts/9211 bytes][Goodput ratio: 35/63][122.79 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.262 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1965/1934 15360/15360 4993/4853][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 88/156 315/1514 41/267][Risk: ** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 100][Risk Info: SNI should always be present / h2][TLSv1.3][JA3C: 7c1e207beb00684bbbe144f1b0abe1d5][JA4: t13d1909h2_9dc949149365_97f8aa674fd9][JA3S: d75f9129bb5d05492a65ff78e081bcb2][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 24,32,24,0,1,7,3,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Bin clusters ------------ diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out index ad38d093b..8ffd29900 100644 --- a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out +++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out @@ -214,9 +214,9 @@ JA3 Host Stats: 128 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [flowId: 51][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 129 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [flowId: 102][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 130 UDP 192.168.5.45:137 -> 192.168.255.255:137 [flowId: 68][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.02 sec][Hostname/SNI: nasfile][PLAIN TEXT ( EOEBFDEGEJEMEFCACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 131 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [flowId: 96][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 132 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [flowId: 32][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 133 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [flowId: 18][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 131 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [flowId: 96][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 132 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [flowId: 32][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 133 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [flowId: 18][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 134 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [flowId: 124][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/182 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 135 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [flowId: 89][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 136 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [flowId: 127][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -230,9 +230,9 @@ JA3 Host Stats: 144 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [flowId: 9][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 145 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [flowId: 52][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 146 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [flowId: 103][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 147 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [flowId: 97][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 148 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [flowId: 33][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 149 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [flowId: 19][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 147 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [flowId: 97][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 148 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [flowId: 33][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 149 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [flowId: 19][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 150 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [flowId: 123][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 151 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [flowId: 81][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 152 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [flowId: 77][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.41 sec][Hostname/SNI: kasper-mac][PLAIN TEXT (Kasper)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out index afd577976..fff3aeb9a 100644 --- a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out +++ b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out @@ -185,9 +185,9 @@ JA3 Host Stats: 128 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 129 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 130 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.02 sec][Hostname/SNI: nasfile][PLAIN TEXT ( EOEBFDEGEJEMEFCACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 131 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 132 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 133 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 131 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 132 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 133 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 134 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/182 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 135 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 136 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -201,9 +201,9 @@ JA3 Host Stats: 144 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 145 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 146 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 147 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 148 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 149 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 147 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 148 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 149 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 150 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 151 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 152 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.41 sec][Hostname/SNI: kasper-mac][PLAIN TEXT (Kasper)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |