diff options
Diffstat (limited to 'tests')
76 files changed, 838 insertions, 838 deletions
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index f64022ddb..dc2f48fcd 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -37,15 +37,15 @@ JA3 Host Stats: 11 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][ClearText][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Host: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 12 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][ClearText][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][8.40 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 558/0 590/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,12,56,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][8.40 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 482/0 530/0 562/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,12,18,51,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][ClearText][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] + 14 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][Encrypted][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] 15 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][ClearText][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Goodput ratio: 71/72][1.09 sec][Host: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/191 476/506 136/201][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/200 499/372 176/149][URL: vv.video.qq.com/getvinfo][StatusCode: 100][User-Agent: Mozilla/5.0][PLAIN TEXT (POST /getvinfo HTTP/1.1)][Plen Bins: 15,0,0,0,0,15,15,0,0,23,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][ClearText][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3106/0 12289/0 3176/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/TLS.Facebook][Encrypted][cat: SocialNetwork/6][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][Goodput ratio: 87/86][0.18 sec][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60/44 176/133 82/54][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512/459 1159/1464 468/536][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0] - 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][ClearText][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][20.95 sec][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 2323/4176 15252/15254 4895/5951][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 288/323][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 192.168.115.75][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][ClearText][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][6.76 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 746/1336 5987/5987 1865/2341][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 287/323][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 192.168.115.75][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][ClearText][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][Goodput ratio: 69/75][6.08 sec][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753/1500 5998/5998 1982/2597][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 190/232 1067/1055 299/340][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 192.168.115.75][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][Encrypted][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][20.95 sec][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 2323/4176 15252/15254 4895/5951][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 288/323][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 192.168.115.75][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][Encrypted][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][6.76 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 746/1336 5987/5987 1865/2341][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 287/323][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 192.168.115.75][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][Encrypted][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][Goodput ratio: 69/75][6.08 sec][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753/1500 5998/5998 1982/2597][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 190/232 1067/1055 299/340][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 192.168.115.75][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7/HTTP][ClearText][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 60/87][0.09 sec][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/16 36/43 13/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/456 390/1314 144/512][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][Content-Type: application/json][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 20,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0] - 22 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][ClearText][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 192.168.115.75][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][Encrypted][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 192.168.115.75][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7/HTTP][ClearText][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0] 24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/TLS.Facebook][Encrypted][cat: SocialNetwork/6][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -72,7 +72,7 @@ JA3 Host Stats: 46 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][ClearText][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][15.56 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][ClearText][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][14.54 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Goodput ratio: 52/85][0.01 sec][Host: dl-obs.official.line.naver.jp][203.69.81.73][PLAIN TEXT (official)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/TLS][ClearText][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes][Goodput ratio: 2/0][45.01 sec][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/45002 14999/45002 44996/45002 21211/0][Pkt Len c2s/s2c min/avg/max/stddev: 55/66 55/66 55/66 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/TLS][Encrypted][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes][Goodput ratio: 2/0][45.01 sec][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/45002 14999/45002 44996/45002 21211/0][Pkt Len c2s/s2c min/avg/max/stddev: 55/66 55/66 55/66 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][ClearText][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Host: joanna-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][PLAIN TEXT (Joanna)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][ClearText][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Host: kevin-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][PLAIN TEXT (MSFT 5.07)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][ClearText][cat: Streaming/17][2 pkts/146 bytes <-> 1 pkts/137 bytes][Goodput ratio: 42/69][0.05 sec][Host: pic.1kxun.com][106.187.35.246][Plen Bins: 66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -126,7 +126,7 @@ JA3 Host Stats: 100 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][ClearText][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.41 sec][Host: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 101 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 154/LLMNR][ClearText][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.41 sec][Host: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 102 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][22.90 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 103 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/60 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 103 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/60 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 104 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][ClearText][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 105 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Host: gfile][PLAIN TEXT ( EHEGEJEMEFCACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 106 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Host: sanji-lifebook-][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/443-chrome.pcap.out b/tests/result/443-chrome.pcap.out index a38dd53f0..0e63359c7 100644 --- a/tests/result/443-chrome.pcap.out +++ b/tests/result/443-chrome.pcap.out @@ -4,4 +4,4 @@ DPI Packets (TCP): 1 (1.00 pkts/flow) TLS 1 1506 1 - 1 TCP 178.62.197.130:443 -> 192.168.1.13:53059 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] + 1 TCP 178.62.197.130:443 -> 192.168.1.13:53059 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/result/443-opvn.pcap.out b/tests/result/443-opvn.pcap.out index e927bd1d9..c1c4cdb2c 100644 --- a/tests/result/443-opvn.pcap.out +++ b/tests/result/443-opvn.pcap.out @@ -4,4 +4,4 @@ DPI Packets (TCP): 6 (6.00 pkts/flow) OpenVPN 46 11573 1 - 1 TCP 192.168.1.84:52973 <-> 192.12.192.103:1194 [proto: 159/OpenVPN][ClearText][cat: VPN/2][25 pkts/5636 bytes <-> 21 pkts/5937 bytes][Goodput ratio: 70/77][8.96 sec][bytes ratio: -0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 443/427 3959/4015 926/1024][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 225/283 1506/1506 330/399][PLAIN TEXT (Registro.it)][Plen Bins: 4,41,4,8,0,0,0,0,0,4,4,0,0,0,4,0,0,4,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,8,0,0] + 1 TCP 192.168.1.84:52973 <-> 192.12.192.103:1194 [proto: 159/OpenVPN][Encrypted][cat: VPN/2][25 pkts/5636 bytes <-> 21 pkts/5937 bytes][Goodput ratio: 70/77][8.96 sec][bytes ratio: -0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 443/427 3959/4015 926/1024][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 225/283 1506/1506 330/399][PLAIN TEXT (Registro.it)][Plen Bins: 4,41,4,8,0,0,0,0,0,4,4,0,0,0,4,0,0,4,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,8,0,0] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index f2c451926..943e8513b 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -15,13 +15,13 @@ JA3 Host Stats: 1 2001:470:1f17:13f:3e97:eff:fe73:4dec 2 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][ClearText][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][Goodput ratio: 35/89][0.60 sec][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/36 142/142 57/55][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165/935 629/1847 139/680][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mail.tomasu.net][JA3C: 812d8bce0f85487ba7834d36568ed586][ServerNames: mail.tomasu.net,www.mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=mail.tomasu.net][Certificate SHA-1: 9C:00:A2:31:8F:66:C6:E2:D8:E8:1E:6F:52:49:AD:15:0A:8B:7C:68][Firefox][Validity: 2014-01-29 00:00:00 - 2019-01-28 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,7,0,7,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,35,0,0,7] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][Encrypted][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][Goodput ratio: 35/89][0.60 sec][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/36 142/142 57/55][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165/935 629/1847 139/680][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mail.tomasu.net][JA3C: 812d8bce0f85487ba7834d36568ed586][ServerNames: mail.tomasu.net,www.mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=mail.tomasu.net][Certificate SHA-1: 9C:00:A2:31:8F:66:C6:E2:D8:E8:1E:6F:52:49:AD:15:0A:8B:7C:68][Firefox][Validity: 2014-01-29 00:00:00 - 2019-01-28 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,7,0,7,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,35,0,0,7] 2 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/TLS.Facebook][Encrypted][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][Goodput ratio: 72/77][0.53 sec][ALPN: spdy/3.1;h2-14;h2;http/1.1][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/23 98/97 33/36][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 383/469 1504/1911 467/576][TLSv1.2][Client: www.facebook.com][JA3C: eb7cdd4e7dea7a11b3016c3c9acbd2a3][ServerNames: *.facebook.com,facebook.com,*.xz.fbcdn.net,messenger.com,fb.com,*.m.facebook.com,*.fbsbx.com,*.xy.fbcdn.net,*.messenger.com,*.fb.com,*.fbcdn.net,*.xx.fbcdn.net,*.facebook.net][JA3S: 6806b8fe92d7d465715d771eb102ff04][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: 93:C6:FD:1A:84:90:BB:F1:B2:3B:49:A0:9B:1F:6F:0B:46:7A:31:41][Validity: 2014-08-28 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,32,5,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,15,0,0,0,5] 3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][Goodput ratio: 41/41][22.14 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1001/1001 1001/1012 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138/138 138/138 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][ClearText][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Goodput ratio: 18/57][0.82 sec][Host: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 164/56 495/110 171/54][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131/252 248/680 52/247][URL: mail.tomasu.net/][StatusCode: 301][Content-Type: text/html][User-Agent: Wget/1.16.3 (linux-gnu)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][PLAIN TEXT (ds 0/u6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 6 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][ClearText][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/273 bytes][Goodput ratio: 38/70][0.09 sec][Host: star.c10r.facebook.com][2a03:2880:1010:6f03:face:b00c::2][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][ClearText][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/261 bytes][Goodput ratio: 38/68][0.09 sec][Host: star.c10r.facebook.com][173.252.120.6][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][ClearText][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.01 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][ClearText][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.07 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][Encrypted][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.01 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][Encrypted][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.07 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 3b9e807d1..900eacd6d 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -27,12 +27,12 @@ JA3 Host Stats: 6 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][Encrypted][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][Goodput ratio: 57/79][28.98 sec][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2050/118 26937/448 6904/127][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 133/265 578/1336 134/439][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 31,12,6,6,6,6,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0] 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/TLS.KakaoTalk][Encrypted][cat: Chat/9][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][Goodput ratio: 63/84][11.34 sec][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/74 10357/172 3082/62][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 157/364 429/1336 152/451][Risk: ** Obsolete TLS version (older than 1.2) **** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 250][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][ServerNames: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Issuer: C=US, O=Thawte, Inc., CN=Thawte SSL CA][Subject: C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com][Certificate SHA-1: 0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4][Validity: 2014-04-18 00:00:00 - 2016-04-17 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,16,0,0,0,8,8,0,0,0,16,25,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0] 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][ClearText][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][Goodput ratio: 48/63][46.77 sec][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2833/4340 12590/13131 4126/4407][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131/188 657/274 136/75][Plen Bins: 13,13,27,0,27,6,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][ClearText][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][Goodput ratio: 71/25][24.52 sec][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3456/3426 12765/12806 4427/4480][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193/75 303/98 123/21][Plen Bins: 0,44,0,0,0,0,0,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][Encrypted][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][Goodput ratio: 71/25][24.52 sec][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3456/3426 12765/12806 4427/4480][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193/75 303/98 123/21][Plen Bins: 0,44,0,0,0,0,0,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][Goodput ratio: 27/87][0.31 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107/56 199/108 92/52][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 97/533 146/1456 35/652][Risk: ** Known protocol on non standard port **** Obsolete TLS version (older than 1.2) **][Risk Score: 150][TLSv1][JA3C: d9ce50c62ab1fd5932da3c6b6d406c65][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][ClearText][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Goodput ratio: 38/45][21.97 sec][Host: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 115/102 264/210 106/77][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/104 243/339 73/105][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][ClearText][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Goodput ratio: 38/49][21.81 sec][Host: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5452/101 21457/215 9241/81][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/114 243/339 73/112][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][ClearText][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][Goodput ratio: 0/0][25.75 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 136/98 3845/3844 13075/13111 4719/4735][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56/56 56/56 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes][Goodput ratio: 0/0][13.28 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes][Goodput ratio: 0/0][13.28 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/TLS.Facebook][Encrypted][cat: SocialNetwork/6][2 pkts/139 bytes <-> 2 pkts/112 bytes][Goodput ratio: 19/0][0.03 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][ClearText][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/166 bytes][Goodput ratio: 43/73][0.04 sec][Host: katalk.kakao.com][110.76.142.34][PLAIN TEXT (katalk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][ClearText][cat: SocialNetwork/6][1 pkts/85 bytes <-> 1 pkts/144 bytes][Goodput ratio: 48/69][0.05 sec][Host: developers.facebook.com][31.13.68.84][PLAIN TEXT (developers)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index c6c64b55a..fafdf454b 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -28,8 +28,8 @@ JA3 Host Stats: 7 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][ClearText][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes][Goodput ratio: 69/69][43.84 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1105/1052 4266/3766 4903/4991 1245/1144][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 140/140 142/142 6/6][Plen Bins: 0,0,9,90,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][ClearText][cat: Download/7][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Goodput ratio: 54/34][3.79 sec][Host: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 406/439 2019/1166 732/515][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 140/87 665/262 199/71][URL: hkminorshort.weixin.qq.comhttp://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Risk: ** Binary application transfer **][Risk Score: 250][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][ClearText][cat: Web/5][6 pkts/543 bytes <-> 5 pkts/945 bytes][Goodput ratio: 25/64][24.77 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 77/47 4920/8061 17431/17434 6679/7163][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 90/189 130/504 24/164][Plen Bins: 16,51,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][ClearText][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes][Goodput ratio: 84/27][51.90 sec][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][ClearText][cat: Web/5][2 pkts/225 bytes <-> 2 pkts/171 bytes][Goodput ratio: 39/20][0.46 sec][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][Encrypted][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes][Goodput ratio: 84/27][51.90 sec][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][Encrypted][cat: Web/5][2 pkts/225 bytes <-> 2 pkts/171 bytes][Goodput ratio: 39/20][0.46 sec][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][ClearText][cat: Web/5][5 pkts/350 bytes -> 0 pkts/0 bytes][Goodput ratio: 3/0][11.12 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][ClearText][cat: Web/5][3 pkts/168 bytes <-> 2 pkts/112 bytes][Goodput ratio: 0/0][0.48 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][ClearText][cat: SocialNetwork/6][1 pkts/79 bytes <-> 1 pkts/118 bytes][Goodput ratio: 44/62][0.20 sec][Host: mqtt.facebook.com][173.252.97.2][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out index 38fd68751..d1766938c 100644 --- a/tests/result/Oscar.pcap.out +++ b/tests/result/Oscar.pcap.out @@ -4,4 +4,4 @@ DPI Packets (TCP): 71 (71.00 pkts/flow) TLS 71 9386 1 - 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/TLS][ClearText][cat: Web/5][38 pkts/3580 bytes <-> 33 pkts/5806 bytes][Goodput ratio: 42/68][72.45 sec][bytes ratio: -0.237 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2392/2607 58175/58215 10382/11142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/176 369/1414 75/257][PLAIN TEXT (Adium/1.5.10)][Plen Bins: 7,58,5,5,0,0,5,2,2,7,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] + 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/TLS][Encrypted][cat: Web/5][38 pkts/3580 bytes <-> 33 pkts/5806 bytes][Goodput ratio: 42/68][72.45 sec][bytes ratio: -0.237 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2392/2607 58175/58215 10382/11142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/176 369/1414 75/257][PLAIN TEXT (Adium/1.5.10)][Plen Bins: 7,58,5,5,0,0,5,2,2,7,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] diff --git a/tests/result/android.pcap.out b/tests/result/android.pcap.out index faf0238c2..ec6199138 100644 --- a/tests/result/android.pcap.out +++ b/tests/result/android.pcap.out @@ -52,7 +52,7 @@ JA3 Host Stats: 26 UDP 192.168.2.1:67 -> 192.168.2.16:68 [proto: 18/DHCP][ClearText][cat: Network/14][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][0.13 sec][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 17.248.185.10:443 -> 192.168.2.17:50702 [proto: 91.140/TLS.Apple][Encrypted][cat: Web/5][7 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][13.42 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 427/0 2236/0 6975/0 2385/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 93/0 97/0 11/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 UDP 192.168.2.16:52953 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][ClearText][cat: ConnCheck/30][1 pkts/77 bytes <-> 1 pkts/221 bytes][Goodput ratio: 45/81][0.04 sec][Host: captive.apple.com][17.253.53.201][PLAIN TEXT (captive)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][60.02 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][60.02 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 UDP [fe80::4e6a:f6ff:fe9f:f627]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][ClearText][cat: Network/14][2 pkts/228 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][2.16 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 UDP 192.168.2.16:35825 <-> 192.168.2.1:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/140 bytes][Goodput ratio: 44/70][0.04 sec][Host: time.android.com][216.239.35.8][PLAIN TEXT (android)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 192.168.2.16:36850 <-> 173.194.79.114:80 [proto: 7.126/HTTP.Google][ClearText][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -80,9 +80,9 @@ JA3 Host Stats: 54 UDP 192.168.2.16:39008 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][ClearText][cat: Web/5][1 pkts/76 bytes <-> 1 pkts/92 bytes][Goodput ratio: 44/54][0.00 sec][Host: mtalk.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 UDP 192.168.2.16:32832 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][ClearText][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][< 1 sec][Host: www.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 UDP 192.168.2.16:40580 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][ClearText][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Host: www.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 TCP 192.168.2.16:49510 -> 216.239.38.120:5228 [proto: 126/Google][ClearText][cat: Web/5][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 TCP 192.168.2.16:49510 -> 216.239.38.120:5228 [proto: 126/Google][Encrypted][cat: Web/5][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 ICMPV6 [fe80::4e6a:f6ff:fe9f:f627]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][4.26 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 TCP 95.101.24.53:443 -> 192.168.2.17:50677 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 TCP 95.101.24.53:443 -> 192.168.2.17:50677 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 61 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 ICMPV6 [::]:0 -> [ff02::1:ff9f:f627]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 7c983ae7b..5ce3dca0a 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -27,14 +27,14 @@ JA3 Host Stats: 1 10.0.0.227 4 - 1 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 161/CiscoVPN][ClearText][cat: VPN/2][1413 pkts/395331 bytes <-> 1028 pkts/497166 bytes][Goodput ratio: 85/91][20.52 sec][bytes ratio: -0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/13 669/953 35/48][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 280/484 1511/1511 283/514][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (m@GOC.)][Plen Bins: 0,0,10,45,17,5,7,1,1,2,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] - 2 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][ClearText][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][Goodput ratio: 65/84][21.89 sec][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/11 97/138 21/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189/425 1514/1514 246/579][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 160][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,4,2,21,31,0,2,6,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,21,0,0] - 3 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][ClearText][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][ALPN: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS cipher **** SNI TLS extension was missing **][Risk Score: 150][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] - 4 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][ClearText][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known protocol on non standard port **** Self-signed Certificate **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 210][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0] - 5 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][ClearText][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][ALPN: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS cipher **** SNI TLS extension was missing **][Risk Score: 150][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] + 1 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 161/CiscoVPN][Encrypted][cat: VPN/2][1413 pkts/395331 bytes <-> 1028 pkts/497166 bytes][Goodput ratio: 85/91][20.52 sec][bytes ratio: -0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/13 669/953 35/48][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 280/484 1511/1511 283/514][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (m@GOC.)][Plen Bins: 0,0,10,45,17,5,7,1,1,2,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + 2 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][Encrypted][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][Goodput ratio: 65/84][21.89 sec][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/11 97/138 21/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189/425 1514/1514 246/579][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 160][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,4,2,21,31,0,2,6,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,21,0,0] + 3 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][Encrypted][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][ALPN: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS cipher **** SNI TLS extension was missing **][Risk Score: 150][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] + 4 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][Encrypted][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known protocol on non standard port **** Self-signed Certificate **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 210][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0] + 5 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][Encrypted][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][ALPN: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS cipher **** SNI TLS extension was missing **][Risk Score: 150][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] 6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][Encrypted][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][ALPN: h2;http/1.1][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TLSv1.2][Client: slack.com][JA3C: d8dc5f8940df366b3a58b935569143e8][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][ClearText][cat: ConnCheck/30][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Host: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 161/CiscoVPN][ClearText][cat: VPN/2][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 161/CiscoVPN][Encrypted][cat: VPN/2][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][ClearText][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Host: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][Risk Score: 60][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][ClearText][cat: ConnCheck/30][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Host: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -45,7 +45,7 @@ JA3 Host Stats: 16 TCP 10.0.0.227:56915 <-> 52.37.243.173:443 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][22.76 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 3340/3011 10636/10673 4210/3967][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Host: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 10.0.0.151:1900 -> 10.0.0.227:57547 [proto: 12/SSDP][ClearText][cat: System/18][4 pkts/1412 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][2.86 sec][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 10.0.0.227:56881 <-> 162.222.43.153:443 [proto: 91/TLS][ClearText][cat: Web/5][6 pkts/762 bytes <-> 6 pkts/396 bytes][Goodput ratio: 48/0][0.05 sec][bytes ratio: 0.316 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 82/66 127/66 292/66 75/0][Plen Bins: 50,33,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 10.0.0.227:56881 <-> 162.222.43.153:443 [proto: 91/TLS][Encrypted][cat: Web/5][6 pkts/762 bytes <-> 6 pkts/396 bytes][Goodput ratio: 48/0][0.05 sec][bytes ratio: 0.316 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 82/66 127/66 292/66 75/0][Plen Bins: 50,33,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP 10.0.0.227:57547 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 UDP 10.0.0.149:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][4 pkts/655 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.00 sec][Host: _googlezone._tcp.local][_googlezone._tcp.local][PLAIN TEXT (googlezone)][Plen Bins: 0,25,25,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP 10.0.0.149:38616 -> 10.0.0.227:61328 [proto: 12/SSDP][ClearText][cat: System/18][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -56,11 +56,11 @@ JA3 Host Stats: 27 UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][ClearText][cat: Network/14][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][12.10 sec][Host: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 TCP 10.0.0.227:56879 <-> 52.10.115.210:443 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][4 pkts/342 bytes <-> 2 pkts/202 bytes][Goodput ratio: 23/34][0.61 sec][bytes ratio: 0.257 (Upload)][IAT c2s/s2c min/avg/max/stddev: 33/574 203/574 541/574 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/101 86/101 105/101 20/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][ClearText][cat: Cloud/13][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Host: 1-courier.sandbox.push.apple.com][17.188.138.71][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 10.0.0.227:56916 -> 10.0.0.151:8009 [proto: 139/AJP][ClearText][cat: Web/5][5 pkts/390 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 238.140/ApplePush.Apple][Encrypted][cat: Cloud/13][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0/28][0.02 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 10.0.0.151:1900 -> 10.0.0.227:61328 [proto: 12/SSDP][ClearText][cat: System/18][1 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 10.0.0.227:56910 <-> 35.201.124.9:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/170 bytes <-> 2 pkts/164 bytes][Goodput ratio: 22/19][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 10.0.0.227:56910 <-> 35.201.124.9:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/170 bytes <-> 2 pkts/164 bytes][Goodput ratio: 22/19][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP 10.0.0.227:62427 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][cat: ConnCheck/30][1 pkts/84 bytes <-> 1 pkts/242 bytes][Goodput ratio: 49/82][0.02 sec][Host: detectportal.firefox.com][184.25.56.82][PLAIN TEXT (detectportal)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 UDP 10.0.0.227:58074 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/230 bytes][Goodput ratio: 43/81][0.01 sec][Host: www.outlook.com][40.97.222.34][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 UDP 10.0.0.227:60341 <-> 75.75.75.75:53 [proto: 5.140/DNS.Apple][ClearText][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/224 bytes][Goodput ratio: 42/81][0.01 sec][Host: www.apple.com][184.27.115.161][PLAIN TEXT (edgekey)][Plen Bins: 50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -76,7 +76,7 @@ JA3 Host Stats: 47 UDP 10.0.0.227:61328 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 UDP 10.0.0.227:63107 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 35/70][0.03 sec][Host: local][::][PLAIN TEXT (servers)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 UDP 10.0.0.227:64972 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/101 bytes][Goodput ratio: 58/58][0.02 sec][Host: lb._dns-sd._udp.0.128.28.172.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 10.0.0.227:56865 <-> 10.0.0.149:8008 [proto: 161/CiscoVPN][ClearText][cat: VPN/2][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 10.0.0.227:56865 <-> 10.0.0.149:8008 [proto: 161/CiscoVPN][Encrypted][cat: VPN/2][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 TCP 10.0.0.227:56885 <-> 184.25.56.53:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 UDP 10.0.0.227:61613 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/97 bytes][Goodput ratio: 56/56][0.02 sec][Host: lb._dns-sd._udp.0.0.0.10.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 UDP 10.0.0.227:49781 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/117 bytes][Goodput ratio: 39/64][0.02 sec][Host: apple.com][17.178.96.59][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/avast_securedns.pcapng.out b/tests/result/avast_securedns.pcapng.out index 1a90571d6..7a7795bc9 100644 --- a/tests/result/avast_securedns.pcapng.out +++ b/tests/result/avast_securedns.pcapng.out @@ -4,42 +4,42 @@ DPI Packets (UDP): 39 (1.00 pkts/flow) AVAST SecureDNS 77 11443 39 - 1 UDP 192.168.2.100:49152 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUREdNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.2.100:49704 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECurEdnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.2.100:49737 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 192.168.2.100:50008 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SEcUREDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP 192.168.2.100:50581 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCurEDNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.2.100:51383 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sECUreDNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 192.168.2.100:51415 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCureDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.2.100:51887 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECUreDns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.2.100:51929 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SEcUreDns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 UDP 192.168.2.100:52417 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCUredNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 UDP 192.168.2.100:52485 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.13 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCuREdNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.2.100:53839 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCUREDNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 192.168.2.100:54546 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCUrednS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 192.168.2.100:54549 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SEcUreDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 UDP 192.168.2.100:54760 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECuredNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 192.168.2.100:54938 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (secUReDNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 UDP 192.168.2.100:55311 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (securEdNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 192.168.2.100:56111 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUreDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.2.100:56581 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (secURednS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 UDP 192.168.2.100:56765 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SecuREDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 192.168.2.100:56839 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECuredNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 UDP 192.168.2.100:57970 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCURednS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.168.2.100:58155 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 UDP 192.168.2.100:59474 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCUREdns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 UDP 192.168.2.100:59613 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sECUrEDns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 UDP 192.168.2.100:59621 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUreDNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 UDP 192.168.2.100:60127 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUredNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 UDP 192.168.2.100:60835 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECUrEdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 UDP 192.168.2.100:61107 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECuREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 UDP 192.168.2.100:61201 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SEcuReDNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 UDP 192.168.2.100:62775 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SecURedns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 UDP 192.168.2.100:63776 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sECuRednS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 UDP 192.168.2.100:64432 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcuRedNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 UDP 192.168.2.100:64487 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUrEDNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 UDP 192.168.2.100:64494 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCUREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 UDP 192.168.2.100:64700 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SecureDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 192.168.2.100:64954 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcuRedNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 UDP 192.168.2.100:65063 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sECUrEDns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 UDP 192.168.2.100:55948 -> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][ClearText][cat: Network/14][1 pkts/81 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCUreDns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.2.100:49152 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUREdNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.2.100:49704 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECurEdnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.2.100:49737 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.2.100:50008 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SEcUREDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.2.100:50581 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCurEDNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.2.100:51383 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sECUreDNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.2.100:51415 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCureDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.2.100:51887 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECUreDns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.2.100:51929 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SEcUreDns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.2.100:52417 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCUredNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.2.100:52485 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.13 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCuREdNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.2.100:53839 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCUREDNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.2.100:54546 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (seCUrednS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.2.100:54549 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SEcUreDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 192.168.2.100:54760 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECuredNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 192.168.2.100:54938 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (secUReDNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 192.168.2.100:55311 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (securEdNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.2.100:56111 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUreDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.2.100:56581 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (secURednS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 192.168.2.100:56765 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SecuREDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.2.100:56839 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECuredNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 192.168.2.100:57970 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCURednS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.2.100:58155 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 UDP 192.168.2.100:59474 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCUREdns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 192.168.2.100:59613 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sECUrEDns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 192.168.2.100:59621 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUreDNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 192.168.2.100:60127 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUredNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 UDP 192.168.2.100:60835 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECUrEdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 UDP 192.168.2.100:61107 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SECuREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 UDP 192.168.2.100:61201 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SEcuReDNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 UDP 192.168.2.100:62775 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SecURedns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 UDP 192.168.2.100:63776 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sECuRednS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 UDP 192.168.2.100:64432 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcuRedNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 UDP 192.168.2.100:64487 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcUrEDNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 UDP 192.168.2.100:64494 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCUREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 UDP 192.168.2.100:64700 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SecureDnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 192.168.2.100:64954 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sEcuRedNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 UDP 192.168.2.100:65063 <-> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (sECUrEDns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 UDP 192.168.2.100:55948 -> 181.214.35.149:443 [proto: 263/AVAST SecureDNS][Encrypted][cat: Network/14][1 pkts/81 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (SeCUreDns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/chrome.pcap.out b/tests/result/chrome.pcap.out index 802fb1464..041ca04a3 100644 --- a/tests/result/chrome.pcap.out +++ b/tests/result/chrome.pcap.out @@ -9,9 +9,9 @@ JA3 Host Stats: 1 192.168.1.178 2 - 1 TCP 192.168.1.178:64411 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][472 pkts/36714 bytes <-> 727 pkts/1052310 bytes][Goodput ratio: 15/95][5.77 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/9 4993/4997 266/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/1447 820/1506 89/249][TLSv1.3][Client: www.iit.cnr.it][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] - 2 TCP 192.168.1.178:64394 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][472 pkts/37585 bytes <-> 662 pkts/967394 bytes][Goodput ratio: 17/95][6.30 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 441/54 24/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 80/1461 792/1506 96/216][TLSv1.3][Client: www.iit.cnr.it][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,92,0,0] - 3 TCP 192.168.1.178:64410 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][456 pkts/34246 bytes <-> 650 pkts/953061 bytes][Goodput ratio: 12/95][5.77 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/1 4982/65 268/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1466 777/1506 78/210][TLSv1.3][Client: www.iit.cnr.it][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] - 4 TCP 192.168.1.178:64409 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][409 pkts/32019 bytes <-> 547 pkts/804381 bytes][Goodput ratio: 16/96][5.75 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.923 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/12 5000/5000 282/235][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/1471 804/1506 92/209][TLSv1.3][Client: www.iit.cnr.it][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] - 5 TCP 192.168.1.178:64393 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][374 pkts/31581 bytes <-> 488 pkts/713304 bytes][Goodput ratio: 22/95][6.76 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/15 4594/4748 271/239][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1462 816/1506 110/230][TLSv1.3][Client: www.iit.cnr.it][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,91,0,0] - 6 TCP 192.168.1.178:64408 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][161 pkts/16303 bytes <-> 215 pkts/306259 bytes][Goodput ratio: 35/95][5.78 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/2 4995/60 448/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1424 777/1506 152/300][TLSv1.3][Client: www.iit.cnr.it][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] + 1 TCP 192.168.1.178:64411 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][472 pkts/36714 bytes <-> 727 pkts/1052310 bytes][Goodput ratio: 15/95][5.77 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/9 4993/4997 266/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/1447 820/1506 89/249][TLSv1.3][Client: www.iit.cnr.it][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] + 2 TCP 192.168.1.178:64394 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][472 pkts/37585 bytes <-> 662 pkts/967394 bytes][Goodput ratio: 17/95][6.30 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 441/54 24/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 80/1461 792/1506 96/216][TLSv1.3][Client: www.iit.cnr.it][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,92,0,0] + 3 TCP 192.168.1.178:64410 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][456 pkts/34246 bytes <-> 650 pkts/953061 bytes][Goodput ratio: 12/95][5.77 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/1 4982/65 268/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1466 777/1506 78/210][TLSv1.3][Client: www.iit.cnr.it][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] + 4 TCP 192.168.1.178:64409 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][409 pkts/32019 bytes <-> 547 pkts/804381 bytes][Goodput ratio: 16/96][5.75 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.923 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/12 5000/5000 282/235][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/1471 804/1506 92/209][TLSv1.3][Client: www.iit.cnr.it][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] + 5 TCP 192.168.1.178:64393 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][374 pkts/31581 bytes <-> 488 pkts/713304 bytes][Goodput ratio: 22/95][6.76 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/15 4594/4748 271/239][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1462 816/1506 110/230][TLSv1.3][Client: www.iit.cnr.it][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,91,0,0] + 6 TCP 192.168.1.178:64408 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][161 pkts/16303 bytes <-> 215 pkts/306259 bytes][Goodput ratio: 35/95][5.78 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/2 4995/60 448/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1424 777/1506 152/300][TLSv1.3][Client: www.iit.cnr.it][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] diff --git a/tests/result/dlt_ppp.pcap.out b/tests/result/dlt_ppp.pcap.out index 68286990f..c9f6bcaef 100644 --- a/tests/result/dlt_ppp.pcap.out +++ b/tests/result/dlt_ppp.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 193.167.0.252 1 - 1 UDP 193.167.0.252:44083 -> 193.167.100.100:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1230 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][TLSv1.3][Client: server4][JA3C: fe94e313a5d76fb687c85443cdfa8170][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] + 1 UDP 193.167.0.252:44083 -> 193.167.100.100:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1230 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][TLSv1.3][Client: server4][JA3C: fe94e313a5d76fb687c85443cdfa8170][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out index 4b659abc3..6c760148f 100644 --- a/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -5,248 +5,248 @@ DPI Packets (UDP): 256 (1.04 pkts/flow) Amazon 12 7560 6 DNScrypt 476 302002 239 - 1 UDP 10.0.0.1:35228 <-> 149.56.228.45:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 2 UDP 10.0.0.1:35495 <-> 149.56.228.45:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 3 UDP 10.0.0.1:45722 <-> 149.56.228.45:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 4 UDP 10.0.0.1:41800 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/361 bytes][Goodput ratio: 97/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 5 UDP 10.0.0.1:50913 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/361 bytes][Goodput ratio: 97/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 6 UDP 10.0.0.1:56902 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/361 bytes][Goodput ratio: 97/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 7 UDP 10.0.0.1:33143 <-> 107.170.57.34:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 8 UDP 10.0.0.1:36676 <-> 176.56.237.171:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 9 UDP 10.0.0.1:40209 <-> 77.66.84.233:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 10 UDP 10.0.0.1:42141 <-> 107.170.57.34:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 11 UDP 10.0.0.1:50757 <-> 77.66.84.233:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 12 UDP 10.0.0.1:55046 <-> 176.56.237.171:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 13 UDP 10.0.0.1:55185 <-> 107.170.57.34:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 14 UDP 10.0.0.1:57109 <-> 77.66.84.233:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 15 UDP 10.0.0.1:33521 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/231 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 16 UDP 10.0.0.1:38812 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/231 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 17 UDP 10.0.0.1:56688 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/231 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 18 UDP 10.0.0.1:45497 <-> 151.80.222.79:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 19 UDP 10.0.0.1:46066 <-> 51.158.166.97:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 20 UDP 10.0.0.1:47257 <-> 51.158.166.97:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 21 UDP 10.0.0.1:47729 <-> 151.80.222.79:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 22 UDP 10.0.0.1:48065 <-> 51.158.166.97:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 23 UDP 10.0.0.1:57636 <-> 151.80.222.79:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 24 UDP 10.0.0.1:33071 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 25 UDP 10.0.0.1:33246 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 26 UDP 10.0.0.1:34228 <-> 212.47.228.136:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 27 UDP 10.0.0.1:35005 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 28 UDP 10.0.0.1:37890 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 29 UDP 10.0.0.1:38242 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 30 UDP 10.0.0.1:38310 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 31 UDP 10.0.0.1:39910 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 32 UDP 10.0.0.1:40451 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 33 UDP 10.0.0.1:44161 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 34 UDP 10.0.0.1:45987 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 35 UDP 10.0.0.1:46856 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 36 UDP 10.0.0.1:47621 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 37 UDP 10.0.0.1:49975 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 38 UDP 10.0.0.1:50387 <-> 142.4.205.47:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 39 UDP 10.0.0.1:51935 <-> 142.4.205.47:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 40 UDP 10.0.0.1:53697 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 41 UDP 10.0.0.1:54096 <-> 142.4.205.47:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 42 UDP 10.0.0.1:55123 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 43 UDP 10.0.0.1:56335 <-> 212.47.228.136:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 44 UDP 10.0.0.1:57180 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 45 UDP 10.0.0.1:59224 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 46 UDP 10.0.0.1:60885 <-> 212.47.228.136:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 47 UDP 10.0.0.1:60962 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 48 UDP 10.0.0.1:34024 <-> 23.111.74.205:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 49 UDP 10.0.0.1:35634 <-> 66.85.30.115:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 50 UDP 10.0.0.1:38508 <-> 167.114.220.125:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 51 UDP 10.0.0.1:38594 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 52 UDP 10.0.0.1:44491 <-> 104.238.186.192:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 53 UDP 10.0.0.1:45613 <-> 167.114.220.125:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 1 UDP 10.0.0.1:35228 <-> 149.56.228.45:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 2 UDP 10.0.0.1:35495 <-> 149.56.228.45:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 3 UDP 10.0.0.1:45722 <-> 149.56.228.45:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 4 UDP 10.0.0.1:41800 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/361 bytes][Goodput ratio: 97/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 5 UDP 10.0.0.1:50913 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/361 bytes][Goodput ratio: 97/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 6 UDP 10.0.0.1:56902 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/361 bytes][Goodput ratio: 97/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 7 UDP 10.0.0.1:33143 <-> 107.170.57.34:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 8 UDP 10.0.0.1:36676 <-> 176.56.237.171:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 9 UDP 10.0.0.1:40209 <-> 77.66.84.233:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 10 UDP 10.0.0.1:42141 <-> 107.170.57.34:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 11 UDP 10.0.0.1:50757 <-> 77.66.84.233:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 12 UDP 10.0.0.1:55046 <-> 176.56.237.171:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 13 UDP 10.0.0.1:55185 <-> 107.170.57.34:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 14 UDP 10.0.0.1:57109 <-> 77.66.84.233:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 15 UDP 10.0.0.1:33521 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/231 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 16 UDP 10.0.0.1:38812 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/231 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 17 UDP 10.0.0.1:56688 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/231 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 18 UDP 10.0.0.1:45497 <-> 151.80.222.79:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 19 UDP 10.0.0.1:46066 <-> 51.158.166.97:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 20 UDP 10.0.0.1:47257 <-> 51.158.166.97:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 21 UDP 10.0.0.1:47729 <-> 151.80.222.79:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 22 UDP 10.0.0.1:48065 <-> 51.158.166.97:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 23 UDP 10.0.0.1:57636 <-> 151.80.222.79:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/229 bytes][Goodput ratio: 97/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 24 UDP 10.0.0.1:33071 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 25 UDP 10.0.0.1:33246 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 26 UDP 10.0.0.1:34228 <-> 212.47.228.136:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 27 UDP 10.0.0.1:35005 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 28 UDP 10.0.0.1:37890 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 29 UDP 10.0.0.1:38242 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 30 UDP 10.0.0.1:38310 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 31 UDP 10.0.0.1:39910 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 32 UDP 10.0.0.1:40451 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 33 UDP 10.0.0.1:44161 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 34 UDP 10.0.0.1:45987 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 35 UDP 10.0.0.1:46856 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 36 UDP 10.0.0.1:47621 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 37 UDP 10.0.0.1:49975 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 38 UDP 10.0.0.1:50387 <-> 142.4.205.47:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 39 UDP 10.0.0.1:51935 <-> 142.4.205.47:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 40 UDP 10.0.0.1:53697 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 41 UDP 10.0.0.1:54096 <-> 142.4.205.47:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 42 UDP 10.0.0.1:55123 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 43 UDP 10.0.0.1:56335 <-> 212.47.228.136:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 44 UDP 10.0.0.1:57180 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 45 UDP 10.0.0.1:59224 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 46 UDP 10.0.0.1:60885 <-> 212.47.228.136:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 47 UDP 10.0.0.1:60962 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/228 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 48 UDP 10.0.0.1:34024 <-> 23.111.74.205:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 49 UDP 10.0.0.1:35634 <-> 66.85.30.115:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 50 UDP 10.0.0.1:38508 <-> 167.114.220.125:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 51 UDP 10.0.0.1:38594 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 52 UDP 10.0.0.1:44491 <-> 104.238.186.192:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 53 UDP 10.0.0.1:45613 <-> 167.114.220.125:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 54 UDP 10.0.0.1:46313 <-> 52.65.235.129:443 [proto: 208.178/DNScrypt.Amazon][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.30 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 55 UDP 10.0.0.1:47432 <-> 66.85.30.115:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 55 UDP 10.0.0.1:47432 <-> 66.85.30.115:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 56 UDP 10.0.0.1:47685 <-> 52.65.235.129:443 [proto: 208.178/DNScrypt.Amazon][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.30 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 57 UDP 10.0.0.1:48448 <-> 66.85.30.115:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 58 UDP 10.0.0.1:52221 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 59 UDP 10.0.0.1:52356 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 60 UDP 10.0.0.1:53045 <-> 23.111.74.205:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 57 UDP 10.0.0.1:48448 <-> 66.85.30.115:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 58 UDP 10.0.0.1:52221 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 59 UDP 10.0.0.1:52356 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 60 UDP 10.0.0.1:53045 <-> 23.111.74.205:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 61 UDP 10.0.0.1:55409 <-> 52.65.235.129:443 [proto: 208.178/DNScrypt.Amazon][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.30 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 62 UDP 10.0.0.1:56997 <-> 104.238.186.192:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 63 UDP 10.0.0.1:59589 <-> 167.114.220.125:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 64 UDP 10.0.0.1:59641 <-> 104.238.186.192:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 65 UDP 10.0.0.1:60113 <-> 23.111.74.205:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 66 UDP 10.0.0.1:38482 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 67 UDP 10.0.0.1:38867 <-> 51.15.122.250:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 68 UDP 10.0.0.1:39007 <-> 51.15.122.250:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 69 UDP 10.0.0.1:41108 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 70 UDP 10.0.0.1:44469 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 71 UDP 10.0.0.1:48159 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 72 UDP 10.0.0.1:48237 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 73 UDP 10.0.0.1:54204 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 74 UDP 10.0.0.1:59709 <-> 51.15.122.250:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 75 UDP 10.0.0.1:33279 <-> 193.191.187.107:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 76 UDP 10.0.0.1:37595 <-> 139.59.200.116:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 77 UDP 10.0.0.1:38278 <-> 205.185.116.116:553 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 78 UDP 10.0.0.1:43609 <-> 41.79.69.13:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 79 UDP 10.0.0.1:43633 <-> 139.59.200.116:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 80 UDP 10.0.0.1:46229 <-> 41.79.69.13:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.18 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 81 UDP 10.0.0.1:49040 <-> 193.191.187.107:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 82 UDP 10.0.0.1:51770 <-> 205.185.116.116:553 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 83 UDP 10.0.0.1:52069 <-> 45.76.113.31:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.33 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 84 UDP 10.0.0.1:54215 <-> 193.191.187.107:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 85 UDP 10.0.0.1:55267 <-> 45.76.113.31:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.33 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 86 UDP 10.0.0.1:55822 <-> 205.185.116.116:553 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 87 UDP 10.0.0.1:56043 <-> 41.79.69.13:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 88 UDP 10.0.0.1:59194 <-> 139.59.200.116:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 89 UDP 10.0.0.1:59707 <-> 45.76.113.31:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.32 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 90 UDP 10.0.0.1:33369 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 91 UDP 10.0.0.1:44282 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 92 UDP 10.0.0.1:46314 <-> 185.193.127.244:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 93 UDP 10.0.0.1:47971 <-> 185.193.127.244:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 94 UDP 10.0.0.1:53811 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 95 UDP 10.0.0.1:54920 <-> 185.193.127.244:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 96 UDP 10.0.0.1:37123 <-> 209.250.241.25:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 97 UDP 10.0.0.1:39259 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 98 UDP 10.0.0.1:51826 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 99 UDP 10.0.0.1:56035 <-> 209.250.241.25:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 100 UDP 10.0.0.1:57090 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 101 UDP 10.0.0.1:59367 <-> 209.250.241.25:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 102 UDP 10.0.0.1:40009 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/85 bytes][Goodput ratio: 97/50][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 103 UDP 10.0.0.1:42570 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/85 bytes][Goodput ratio: 97/50][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 104 UDP 10.0.0.1:56022 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/85 bytes][Goodput ratio: 97/50][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 105 UDP 10.0.0.1:33565 <-> 149.56.228.45:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][2 pkts/1108 bytes <-> 2 pkts/452 bytes][Goodput ratio: 92/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 106 UDP 10.0.0.1:38388 <-> 149.56.228.45:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][2 pkts/1108 bytes <-> 2 pkts/452 bytes][Goodput ratio: 92/81][3600.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 107 UDP 10.0.0.1:60301 <-> 149.56.228.45:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][2 pkts/1108 bytes <-> 2 pkts/452 bytes][Goodput ratio: 92/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 108 UDP 10.0.0.1:40374 -> 139.99.222.72:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 109 UDP 10.0.0.1:40595 -> 93.95.226.165:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 110 UDP 10.0.0.1:43748 -> 62.210.180.71:1053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 111 UDP 10.0.0.1:48325 -> 176.56.237.171:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 112 UDP 10.0.0.1:49186 -> 93.95.226.165:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 113 UDP 10.0.0.1:49796 -> 139.99.222.72:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 114 UDP 10.0.0.1:51509 -> 139.99.222.72:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 115 UDP 10.0.0.1:53299 -> 62.210.180.71:1053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 116 UDP 10.0.0.1:57395 -> 62.210.180.71:1053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 117 UDP 10.0.0.1:58104 -> 5.189.170.196:465 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 118 UDP 10.0.0.1:58113 -> 93.95.226.165:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 119 UDP 10.0.0.1:58650 -> 5.189.170.196:465 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 120 UDP 10.0.0.1:59749 -> 5.189.170.196:465 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] - 121 UDP 10.0.0.1:59812 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/460 bytes][Goodput ratio: 93/91][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 122 UDP 10.0.0.1:40958 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/426 bytes][Goodput ratio: 93/90][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 123 UDP 10.0.0.1:47545 <-> 151.80.222.79:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/410 bytes][Goodput ratio: 93/90][0.07 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 124 UDP 10.0.0.1:60393 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/346 bytes][Goodput ratio: 93/88][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 125 UDP 10.0.0.1:38283 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/361 bytes][Goodput ratio: 92/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 126 UDP 10.0.0.1:49512 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/361 bytes][Goodput ratio: 92/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 127 UDP 10.0.0.1:59489 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/361 bytes][Goodput ratio: 92/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 128 UDP 10.0.0.1:36746 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/282 bytes][Goodput ratio: 93/85][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 129 UDP 10.0.0.1:38660 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/282 bytes][Goodput ratio: 93/85][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 130 UDP 10.0.0.1:45234 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/282 bytes][Goodput ratio: 93/85][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 131 UDP 10.0.0.1:50443 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/282 bytes][Goodput ratio: 93/85][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 132 UDP 10.0.0.1:33089 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/218 bytes][Goodput ratio: 93/80][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 133 UDP 10.0.0.1:37711 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/218 bytes][Goodput ratio: 93/80][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 134 UDP 10.0.0.1:40675 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/218 bytes][Goodput ratio: 93/80][0.21 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 135 UDP 10.0.0.1:35734 <-> 5.189.170.196:465 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/237 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 136 UDP 10.0.0.1:40748 <-> 5.189.170.196:465 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/237 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 137 UDP 10.0.0.1:44496 <-> 5.189.170.196:465 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/237 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 138 UDP 10.0.0.1:36335 <-> 107.170.57.34:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 139 UDP 10.0.0.1:37287 <-> 107.170.57.34:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 140 UDP 10.0.0.1:41717 <-> 176.56.237.171:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 141 UDP 10.0.0.1:46140 <-> 77.66.84.233:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 142 UDP 10.0.0.1:49008 <-> 176.56.237.171:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 143 UDP 10.0.0.1:49568 <-> 77.66.84.233:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 144 UDP 10.0.0.1:49732 <-> 77.66.84.233:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 145 UDP 10.0.0.1:51363 <-> 176.56.237.171:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 146 UDP 10.0.0.1:54375 <-> 107.170.57.34:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 147 UDP 10.0.0.1:43714 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/231 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 148 UDP 10.0.0.1:45993 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/231 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 149 UDP 10.0.0.1:60735 <-> 51.15.62.65:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/231 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 150 UDP 10.0.0.1:37035 <-> 51.158.166.97:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 151 UDP 10.0.0.1:38511 <-> 151.80.222.79:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 152 UDP 10.0.0.1:52040 <-> 151.80.222.79:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 153 UDP 10.0.0.1:53876 <-> 151.80.222.79:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 154 UDP 10.0.0.1:56494 <-> 51.158.166.97:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 155 UDP 10.0.0.1:60334 <-> 51.158.166.97:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 156 UDP 10.0.0.1:32970 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 157 UDP 10.0.0.1:33293 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 158 UDP 10.0.0.1:35903 <-> 142.4.205.47:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 159 UDP 10.0.0.1:37413 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 160 UDP 10.0.0.1:38371 <-> 212.47.228.136:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 161 UDP 10.0.0.1:40138 <-> 142.4.205.47:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 162 UDP 10.0.0.1:40775 <-> 212.47.228.136:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 163 UDP 10.0.0.1:41895 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 164 UDP 10.0.0.1:41913 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 165 UDP 10.0.0.1:43129 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 166 UDP 10.0.0.1:43505 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 167 UDP 10.0.0.1:45375 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 168 UDP 10.0.0.1:46063 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 169 UDP 10.0.0.1:46363 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 170 UDP 10.0.0.1:49177 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 171 UDP 10.0.0.1:50277 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 172 UDP 10.0.0.1:50435 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 173 UDP 10.0.0.1:51004 <-> 62.210.180.71:1053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 174 UDP 10.0.0.1:51647 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 175 UDP 10.0.0.1:52056 <-> 212.47.228.136:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 176 UDP 10.0.0.1:52284 <-> 142.4.204.111:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 177 UDP 10.0.0.1:52636 <-> 62.210.180.71:1053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 178 UDP 10.0.0.1:53887 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 179 UDP 10.0.0.1:55768 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 180 UDP 10.0.0.1:59011 <-> 142.4.205.47:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 181 UDP 10.0.0.1:59405 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 182 UDP 10.0.0.1:36930 <-> 167.114.220.125:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 183 UDP 10.0.0.1:39655 <-> 104.238.186.192:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 184 UDP 10.0.0.1:39816 <-> 167.114.220.125:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 185 UDP 10.0.0.1:40099 <-> 66.85.30.115:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 186 UDP 10.0.0.1:44712 <-> 104.238.186.192:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 187 UDP 10.0.0.1:44793 <-> 23.111.74.205:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 188 UDP 10.0.0.1:45747 <-> 167.114.220.125:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 UDP 10.0.0.1:56997 <-> 104.238.186.192:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 63 UDP 10.0.0.1:59589 <-> 167.114.220.125:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 64 UDP 10.0.0.1:59641 <-> 104.238.186.192:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 65 UDP 10.0.0.1:60113 <-> 23.111.74.205:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/226 bytes][Goodput ratio: 97/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 66 UDP 10.0.0.1:38482 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 67 UDP 10.0.0.1:38867 <-> 51.15.122.250:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 68 UDP 10.0.0.1:39007 <-> 51.15.122.250:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 69 UDP 10.0.0.1:41108 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 70 UDP 10.0.0.1:44469 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 71 UDP 10.0.0.1:48159 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 72 UDP 10.0.0.1:48237 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 73 UDP 10.0.0.1:54204 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 74 UDP 10.0.0.1:59709 <-> 51.15.122.250:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 75 UDP 10.0.0.1:33279 <-> 193.191.187.107:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 76 UDP 10.0.0.1:37595 <-> 139.59.200.116:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 77 UDP 10.0.0.1:38278 <-> 205.185.116.116:553 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 78 UDP 10.0.0.1:43609 <-> 41.79.69.13:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 79 UDP 10.0.0.1:43633 <-> 139.59.200.116:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 80 UDP 10.0.0.1:46229 <-> 41.79.69.13:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.18 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 81 UDP 10.0.0.1:49040 <-> 193.191.187.107:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 82 UDP 10.0.0.1:51770 <-> 205.185.116.116:553 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 83 UDP 10.0.0.1:52069 <-> 45.76.113.31:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.33 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 84 UDP 10.0.0.1:54215 <-> 193.191.187.107:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 85 UDP 10.0.0.1:55267 <-> 45.76.113.31:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.33 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 86 UDP 10.0.0.1:55822 <-> 205.185.116.116:553 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 87 UDP 10.0.0.1:56043 <-> 41.79.69.13:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 88 UDP 10.0.0.1:59194 <-> 139.59.200.116:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 89 UDP 10.0.0.1:59707 <-> 45.76.113.31:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.32 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 90 UDP 10.0.0.1:33369 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 91 UDP 10.0.0.1:44282 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 92 UDP 10.0.0.1:46314 <-> 185.193.127.244:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 93 UDP 10.0.0.1:47971 <-> 185.193.127.244:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 94 UDP 10.0.0.1:53811 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 95 UDP 10.0.0.1:54920 <-> 185.193.127.244:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 96 UDP 10.0.0.1:37123 <-> 209.250.241.25:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 97 UDP 10.0.0.1:39259 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 98 UDP 10.0.0.1:51826 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 99 UDP 10.0.0.1:56035 <-> 209.250.241.25:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 100 UDP 10.0.0.1:57090 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 101 UDP 10.0.0.1:59367 <-> 209.250.241.25:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/221 bytes][Goodput ratio: 97/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 102 UDP 10.0.0.1:40009 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/85 bytes][Goodput ratio: 97/50][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 103 UDP 10.0.0.1:42570 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/85 bytes][Goodput ratio: 97/50][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 104 UDP 10.0.0.1:56022 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/85 bytes][Goodput ratio: 97/50][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 105 UDP 10.0.0.1:33565 <-> 149.56.228.45:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][2 pkts/1108 bytes <-> 2 pkts/452 bytes][Goodput ratio: 92/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 106 UDP 10.0.0.1:38388 <-> 149.56.228.45:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][2 pkts/1108 bytes <-> 2 pkts/452 bytes][Goodput ratio: 92/81][3600.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 107 UDP 10.0.0.1:60301 <-> 149.56.228.45:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][2 pkts/1108 bytes <-> 2 pkts/452 bytes][Goodput ratio: 92/81][3600.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 108 UDP 10.0.0.1:40374 -> 139.99.222.72:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 109 UDP 10.0.0.1:40595 -> 93.95.226.165:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 110 UDP 10.0.0.1:43748 -> 62.210.180.71:1053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 111 UDP 10.0.0.1:48325 -> 176.56.237.171:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 112 UDP 10.0.0.1:49186 -> 93.95.226.165:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 113 UDP 10.0.0.1:49796 -> 139.99.222.72:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 114 UDP 10.0.0.1:51509 -> 139.99.222.72:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 115 UDP 10.0.0.1:53299 -> 62.210.180.71:1053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 116 UDP 10.0.0.1:57395 -> 62.210.180.71:1053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 117 UDP 10.0.0.1:58104 -> 5.189.170.196:465 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 118 UDP 10.0.0.1:58113 -> 93.95.226.165:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 119 UDP 10.0.0.1:58650 -> 5.189.170.196:465 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 120 UDP 10.0.0.1:59749 -> 5.189.170.196:465 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 121 UDP 10.0.0.1:59812 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/460 bytes][Goodput ratio: 93/91][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 122 UDP 10.0.0.1:40958 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/426 bytes][Goodput ratio: 93/90][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 123 UDP 10.0.0.1:47545 <-> 151.80.222.79:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/410 bytes][Goodput ratio: 93/90][0.07 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 124 UDP 10.0.0.1:60393 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/346 bytes][Goodput ratio: 93/88][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 125 UDP 10.0.0.1:38283 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/361 bytes][Goodput ratio: 92/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 126 UDP 10.0.0.1:49512 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/361 bytes][Goodput ratio: 92/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 127 UDP 10.0.0.1:59489 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/361 bytes][Goodput ratio: 92/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 128 UDP 10.0.0.1:36746 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/282 bytes][Goodput ratio: 93/85][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 129 UDP 10.0.0.1:38660 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/282 bytes][Goodput ratio: 93/85][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 130 UDP 10.0.0.1:45234 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/282 bytes][Goodput ratio: 93/85][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 131 UDP 10.0.0.1:50443 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/282 bytes][Goodput ratio: 93/85][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 132 UDP 10.0.0.1:33089 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/218 bytes][Goodput ratio: 93/80][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 133 UDP 10.0.0.1:37711 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/218 bytes][Goodput ratio: 93/80][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 134 UDP 10.0.0.1:40675 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/618 bytes <-> 1 pkts/218 bytes][Goodput ratio: 93/80][0.21 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 135 UDP 10.0.0.1:35734 <-> 5.189.170.196:465 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/237 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 136 UDP 10.0.0.1:40748 <-> 5.189.170.196:465 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/237 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 137 UDP 10.0.0.1:44496 <-> 5.189.170.196:465 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/237 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 138 UDP 10.0.0.1:36335 <-> 107.170.57.34:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 139 UDP 10.0.0.1:37287 <-> 107.170.57.34:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 140 UDP 10.0.0.1:41717 <-> 176.56.237.171:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 141 UDP 10.0.0.1:46140 <-> 77.66.84.233:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 142 UDP 10.0.0.1:49008 <-> 176.56.237.171:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 143 UDP 10.0.0.1:49568 <-> 77.66.84.233:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 144 UDP 10.0.0.1:49732 <-> 77.66.84.233:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 145 UDP 10.0.0.1:51363 <-> 176.56.237.171:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 146 UDP 10.0.0.1:54375 <-> 107.170.57.34:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 147 UDP 10.0.0.1:43714 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/231 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 148 UDP 10.0.0.1:45993 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/231 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 149 UDP 10.0.0.1:60735 <-> 51.15.62.65:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/231 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 150 UDP 10.0.0.1:37035 <-> 51.158.166.97:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 151 UDP 10.0.0.1:38511 <-> 151.80.222.79:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 152 UDP 10.0.0.1:52040 <-> 151.80.222.79:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 153 UDP 10.0.0.1:53876 <-> 151.80.222.79:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 154 UDP 10.0.0.1:56494 <-> 51.158.166.97:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 155 UDP 10.0.0.1:60334 <-> 51.158.166.97:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/229 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 156 UDP 10.0.0.1:32970 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 157 UDP 10.0.0.1:33293 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 158 UDP 10.0.0.1:35903 <-> 142.4.205.47:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 159 UDP 10.0.0.1:37413 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 160 UDP 10.0.0.1:38371 <-> 212.47.228.136:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 161 UDP 10.0.0.1:40138 <-> 142.4.205.47:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 162 UDP 10.0.0.1:40775 <-> 212.47.228.136:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 163 UDP 10.0.0.1:41895 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 164 UDP 10.0.0.1:41913 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 165 UDP 10.0.0.1:43129 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 166 UDP 10.0.0.1:43505 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 167 UDP 10.0.0.1:45375 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 168 UDP 10.0.0.1:46063 <-> 45.153.187.96:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 169 UDP 10.0.0.1:46363 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 170 UDP 10.0.0.1:49177 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 171 UDP 10.0.0.1:50277 <-> 46.227.200.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 172 UDP 10.0.0.1:50435 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 173 UDP 10.0.0.1:51004 <-> 62.210.180.71:1053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 174 UDP 10.0.0.1:51647 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 175 UDP 10.0.0.1:52056 <-> 212.47.228.136:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 176 UDP 10.0.0.1:52284 <-> 142.4.204.111:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 177 UDP 10.0.0.1:52636 <-> 62.210.180.71:1053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 178 UDP 10.0.0.1:53887 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 179 UDP 10.0.0.1:55768 <-> 51.15.124.208:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 180 UDP 10.0.0.1:59011 <-> 142.4.205.47:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.10 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 181 UDP 10.0.0.1:59405 <-> 185.134.196.55:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/228 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 182 UDP 10.0.0.1:36930 <-> 167.114.220.125:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 183 UDP 10.0.0.1:39655 <-> 104.238.186.192:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 184 UDP 10.0.0.1:39816 <-> 167.114.220.125:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 185 UDP 10.0.0.1:40099 <-> 66.85.30.115:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.12 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 186 UDP 10.0.0.1:44712 <-> 104.238.186.192:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 187 UDP 10.0.0.1:44793 <-> 23.111.74.205:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 188 UDP 10.0.0.1:45747 <-> 167.114.220.125:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 189 UDP 10.0.0.1:52911 <-> 52.65.235.129:443 [proto: 208.178/DNScrypt.Amazon][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.30 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 190 UDP 10.0.0.1:53117 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 191 UDP 10.0.0.1:54112 <-> 66.85.30.115:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 190 UDP 10.0.0.1:53117 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 191 UDP 10.0.0.1:54112 <-> 66.85.30.115:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 192 UDP 10.0.0.1:55834 <-> 52.65.235.129:443 [proto: 208.178/DNScrypt.Amazon][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.30 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 193 UDP 10.0.0.1:55896 <-> 66.85.30.115:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 193 UDP 10.0.0.1:55896 <-> 66.85.30.115:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.11 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 194 UDP 10.0.0.1:55979 <-> 52.65.235.129:443 [proto: 208.178/DNScrypt.Amazon][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.30 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 195 UDP 10.0.0.1:58740 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 196 UDP 10.0.0.1:59261 <-> 104.238.186.192:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 197 UDP 10.0.0.1:59587 <-> 23.111.74.205:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 198 UDP 10.0.0.1:60091 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 199 UDP 10.0.0.1:60852 <-> 23.111.74.205:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 200 UDP 10.0.0.1:36668 <-> 51.15.122.250:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 201 UDP 10.0.0.1:38362 <-> 51.15.122.250:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 202 UDP 10.0.0.1:38709 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 203 UDP 10.0.0.1:42156 <-> 93.95.226.165:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 204 UDP 10.0.0.1:43540 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 205 UDP 10.0.0.1:45767 <-> 51.15.122.250:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 206 UDP 10.0.0.1:45815 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 207 UDP 10.0.0.1:46255 <-> 93.95.226.165:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 208 UDP 10.0.0.1:48300 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 209 UDP 10.0.0.1:54305 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 210 UDP 10.0.0.1:55469 <-> 144.91.106.227:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 211 UDP 10.0.0.1:58936 <-> 93.95.226.165:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 212 UDP 10.0.0.1:35885 <-> 193.191.187.107:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 213 UDP 10.0.0.1:37328 <-> 193.191.187.107:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 214 UDP 10.0.0.1:38136 <-> 41.79.69.13:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.18 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 215 UDP 10.0.0.1:38349 <-> 205.185.116.116:553 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 216 UDP 10.0.0.1:38879 <-> 205.185.116.116:553 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 217 UDP 10.0.0.1:43224 <-> 45.76.113.31:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.33 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 218 UDP 10.0.0.1:43365 <-> 41.79.69.13:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.18 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 219 UDP 10.0.0.1:43528 <-> 205.185.116.116:553 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.15 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 220 UDP 10.0.0.1:43776 <-> 45.76.113.31:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.31 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 221 UDP 10.0.0.1:45682 <-> 139.99.222.72:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.26 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 222 UDP 10.0.0.1:47341 <-> 139.59.200.116:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 223 UDP 10.0.0.1:49115 <-> 193.191.187.107:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 224 UDP 10.0.0.1:50335 <-> 139.59.200.116:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 225 UDP 10.0.0.1:50601 <-> 139.99.222.72:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.26 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 226 UDP 10.0.0.1:51589 <-> 45.76.113.31:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.32 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 227 UDP 10.0.0.1:56177 <-> 41.79.69.13:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.16 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 228 UDP 10.0.0.1:59400 <-> 139.99.222.72:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.26 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 229 UDP 10.0.0.1:59476 <-> 139.59.200.116:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 230 UDP 10.0.0.1:34885 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 231 UDP 10.0.0.1:44093 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 232 UDP 10.0.0.1:47865 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 233 UDP 10.0.0.1:50062 <-> 185.193.127.244:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 234 UDP 10.0.0.1:56988 <-> 185.193.127.244:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 235 UDP 10.0.0.1:59354 <-> 185.193.127.244:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 236 UDP 10.0.0.1:32793 <-> 209.250.241.25:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 237 UDP 10.0.0.1:34324 <-> 209.250.241.25:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 238 UDP 10.0.0.1:37950 <-> 209.250.241.25:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 239 UDP 10.0.0.1:46646 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 240 UDP 10.0.0.1:50403 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 241 UDP 10.0.0.1:58948 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 242 UDP 10.0.0.1:50035 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/85 bytes][Goodput ratio: 92/50][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 243 UDP 10.0.0.1:55482 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/85 bytes][Goodput ratio: 92/50][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 244 UDP 10.0.0.1:57465 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/85 bytes][Goodput ratio: 92/50][0.06 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 245 UDP 10.0.0.1:49518 -> 62.210.180.71:1053 [proto: 208/DNScrypt][ClearText][cat: Network/14][1 pkts/554 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 195 UDP 10.0.0.1:58740 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 196 UDP 10.0.0.1:59261 <-> 104.238.186.192:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 197 UDP 10.0.0.1:59587 <-> 23.111.74.205:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 198 UDP 10.0.0.1:60091 <-> 178.216.201.222:2053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 199 UDP 10.0.0.1:60852 <-> 23.111.74.205:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/226 bytes][Goodput ratio: 92/81][0.17 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 200 UDP 10.0.0.1:36668 <-> 51.15.122.250:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 201 UDP 10.0.0.1:38362 <-> 51.15.122.250:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 202 UDP 10.0.0.1:38709 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 203 UDP 10.0.0.1:42156 <-> 93.95.226.165:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 204 UDP 10.0.0.1:43540 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.05 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 205 UDP 10.0.0.1:45767 <-> 51.15.122.250:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 206 UDP 10.0.0.1:45815 <-> 185.253.154.66:4343 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 207 UDP 10.0.0.1:46255 <-> 93.95.226.165:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 208 UDP 10.0.0.1:48300 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 209 UDP 10.0.0.1:54305 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.02 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 210 UDP 10.0.0.1:55469 <-> 144.91.106.227:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 211 UDP 10.0.0.1:58936 <-> 93.95.226.165:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/225 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 212 UDP 10.0.0.1:35885 <-> 193.191.187.107:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 213 UDP 10.0.0.1:37328 <-> 193.191.187.107:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 214 UDP 10.0.0.1:38136 <-> 41.79.69.13:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.18 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 215 UDP 10.0.0.1:38349 <-> 205.185.116.116:553 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 216 UDP 10.0.0.1:38879 <-> 205.185.116.116:553 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 217 UDP 10.0.0.1:43224 <-> 45.76.113.31:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.33 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 218 UDP 10.0.0.1:43365 <-> 41.79.69.13:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.18 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 219 UDP 10.0.0.1:43528 <-> 205.185.116.116:553 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.15 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 220 UDP 10.0.0.1:43776 <-> 45.76.113.31:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.31 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 221 UDP 10.0.0.1:45682 <-> 139.99.222.72:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.26 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 222 UDP 10.0.0.1:47341 <-> 139.59.200.116:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 223 UDP 10.0.0.1:49115 <-> 193.191.187.107:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 224 UDP 10.0.0.1:50335 <-> 139.59.200.116:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 225 UDP 10.0.0.1:50601 <-> 139.99.222.72:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.26 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 226 UDP 10.0.0.1:51589 <-> 45.76.113.31:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.32 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 227 UDP 10.0.0.1:56177 <-> 41.79.69.13:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.16 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 228 UDP 10.0.0.1:59400 <-> 139.99.222.72:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.26 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 229 UDP 10.0.0.1:59476 <-> 139.59.200.116:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 230 UDP 10.0.0.1:34885 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 231 UDP 10.0.0.1:44093 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 232 UDP 10.0.0.1:47865 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 233 UDP 10.0.0.1:50062 <-> 185.193.127.244:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 234 UDP 10.0.0.1:56988 <-> 185.193.127.244:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 235 UDP 10.0.0.1:59354 <-> 185.193.127.244:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.06 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 236 UDP 10.0.0.1:32793 <-> 209.250.241.25:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 237 UDP 10.0.0.1:34324 <-> 209.250.241.25:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 238 UDP 10.0.0.1:37950 <-> 209.250.241.25:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 239 UDP 10.0.0.1:46646 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 240 UDP 10.0.0.1:50403 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 241 UDP 10.0.0.1:58948 <-> 85.5.93.230:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/221 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 242 UDP 10.0.0.1:50035 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/85 bytes][Goodput ratio: 92/50][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 243 UDP 10.0.0.1:55482 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/85 bytes][Goodput ratio: 92/50][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 244 UDP 10.0.0.1:57465 <-> 149.112.112.10:8443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/85 bytes][Goodput ratio: 92/50][0.06 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 245 UDP 10.0.0.1:49518 -> 62.210.180.71:1053 [proto: 208/DNScrypt][Encrypted][cat: Network/14][1 pkts/554 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dnscrypt_skype_false_positive.pcapng.out b/tests/result/dnscrypt_skype_false_positive.pcapng.out index a5e6a7612..8a27c21da 100644 --- a/tests/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/result/dnscrypt_skype_false_positive.pcapng.out @@ -4,4 +4,4 @@ DPI Packets (UDP): 4 (4.00 pkts/flow) DNScrypt 6 2380 1 - 1 UDP 192.168.2.100:46858 <-> 212.47.228.136:443 [proto: 208/DNScrypt][ClearText][cat: Network/14][3 pkts/1662 bytes <-> 3 pkts/718 bytes][Goodput ratio: 92/82][5137.13 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 300005/300005 2568548/2568547 4837091/4837089 2268543/2268542][Pkt Len c2s/s2c min/avg/max/stddev: 554/154 554/239 554/282 0/60][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (OYy Tp)][Plen Bins: 0,0,0,16,0,0,0,33,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.2.100:46858 <-> 212.47.228.136:443 [proto: 208/DNScrypt][Encrypted][cat: Network/14][3 pkts/1662 bytes <-> 3 pkts/718 bytes][Goodput ratio: 92/82][5137.13 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 300005/300005 2568548/2568547 4837091/4837089 2268543/2268542][Pkt Len c2s/s2c min/avg/max/stddev: 554/154 554/239 554/282 0/60][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (OYy Tp)][Plen Bins: 0,0,0,16,0,0,0,33,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dtls.pcap.out b/tests/result/dtls.pcap.out index a35c4b8c7..011df0d25 100644 --- a/tests/result/dtls.pcap.out +++ b/tests/result/dtls.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 192.168.13.203 1 - 1 UDP 192.168.13.203:40739 -> 192.168.13.57:56515 [proto: 30/DTLS][ClearText][cat: Web/5][2 pkts/394 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Risk: ** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 60][DTLSv1.2][JA3C: bd743610892cec1efed851b2b5efd4f5][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.13.203:40739 -> 192.168.13.57:56515 [proto: 30/DTLS][Encrypted][cat: Web/5][2 pkts/394 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Risk: ** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 60][DTLSv1.2][JA3C: bd743610892cec1efed851b2b5efd4f5][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dtls2.pcap.out b/tests/result/dtls2.pcap.out index 9c7218683..565ffb151 100644 --- a/tests/result/dtls2.pcap.out +++ b/tests/result/dtls2.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 61.68.110.153 1 - 1 UDP 61.68.110.153:53045 <-> 212.32.214.39:61457 [proto: 30/DTLS][ClearText][cat: Web/5][14 pkts/2246 bytes <-> 16 pkts/2745 bytes][Goodput ratio: 74/75][382.15 sec][bytes ratio: -0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/241 27857/28359 60550/60551 26256/25033][Pkt Len c2s/s2c min/avg/max/stddev: 123/102 160/172 325/867 46/180][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 160][DTLSv1.0][JA3C: 1b45c913a0c0fde5f263502e65999485][JA3S: 749bd1edea60396ffaa65213b7971718 (WEAK)][Issuer: C=US][Subject: C=US, CN=*.relay.ros.rockstargames.com][Validity: 2014-09-12 21:31:19 - 2037-02-15 21:31:19][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (140912213119Z)][Plen Bins: 0,3,43,46,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 61.68.110.153:53045 <-> 212.32.214.39:61457 [proto: 30/DTLS][Encrypted][cat: Web/5][14 pkts/2246 bytes <-> 16 pkts/2745 bytes][Goodput ratio: 74/75][382.15 sec][bytes ratio: -0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/241 27857/28359 60550/60551 26256/25033][Pkt Len c2s/s2c min/avg/max/stddev: 123/102 160/172 325/867 46/180][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 160][DTLSv1.0][JA3C: 1b45c913a0c0fde5f263502e65999485][JA3S: 749bd1edea60396ffaa65213b7971718 (WEAK)][Issuer: C=US][Subject: C=US, CN=*.relay.ros.rockstargames.com][Validity: 2014-09-12 21:31:19 - 2037-02-15 21:31:19][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (140912213119Z)][Plen Bins: 0,3,43,46,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dtls_certificate_fragments.pcap.out b/tests/result/dtls_certificate_fragments.pcap.out index a38bb2dd1..27f74b975 100644 --- a/tests/result/dtls_certificate_fragments.pcap.out +++ b/tests/result/dtls_certificate_fragments.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 10.186.198.149 1 - 1 UDP 10.186.198.149:39347 <-> 35.210.59.134:44443 [proto: 30/DTLS][ClearText][cat: Web/5][11 pkts/2624 bytes <-> 9 pkts/3354 bytes][Goodput ratio: 82/89][2.92 sec][bytes ratio: -0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/76 2179/186 659/75][Pkt Len c2s/s2c min/avg/max/stddev: 167/90 239/373 416/1454 97/388][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 160][DTLSv1.2][JA3C: 3c3d129780d0066cd8936a6291a8d44f][JA3S: d45798bc098cd930de7eb2f5f866e994 (WEAK)][Firefox][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (Opera Software ASA1)][Plen Bins: 0,5,0,35,5,10,10,0,10,10,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0] + 1 UDP 10.186.198.149:39347 <-> 35.210.59.134:44443 [proto: 30/DTLS][Encrypted][cat: Web/5][11 pkts/2624 bytes <-> 9 pkts/3354 bytes][Goodput ratio: 82/89][2.92 sec][bytes ratio: -0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/76 2179/186 659/75][Pkt Len c2s/s2c min/avg/max/stddev: 167/90 239/373 416/1454 97/388][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 160][DTLSv1.2][JA3C: 3c3d129780d0066cd8936a6291a8d44f][JA3S: d45798bc098cd930de7eb2f5f866e994 (WEAK)][Firefox][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (Opera Software ASA1)][Plen Bins: 0,5,0,35,5,10,10,0,10,10,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0] diff --git a/tests/result/dtls_session_id_and_coockie_both.pcap.out b/tests/result/dtls_session_id_and_coockie_both.pcap.out index bc0454625..23007ed02 100644 --- a/tests/result/dtls_session_id_and_coockie_both.pcap.out +++ b/tests/result/dtls_session_id_and_coockie_both.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 185.196.113.239 1 - 1 UDP 185.196.113.239:50257 <-> 223.116.105.247:44443 [proto: 30/DTLS][ClearText][cat: Web/5][2 pkts/302 bytes <-> 2 pkts/302 bytes][Goodput ratio: 72/72][0.06 sec][Risk: ** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 60][DTLSv1.2][JA3C: e15c510766789ed8f49de0e37951c1da][JA3S: a1d48eca741e476d8ee735578a26bdbd][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,25,0,50,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 185.196.113.239:50257 <-> 223.116.105.247:44443 [proto: 30/DTLS][Encrypted][cat: Web/5][2 pkts/302 bytes <-> 2 pkts/302 bytes][Goodput ratio: 72/72][0.06 sec][Risk: ** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 60][DTLSv1.2][JA3C: e15c510766789ed8f49de0e37951c1da][JA3S: a1d48eca741e476d8ee735578a26bdbd][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,25,0,50,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/firefox.pcap.out b/tests/result/firefox.pcap.out index 8d1351329..c8da8ecde 100644 --- a/tests/result/firefox.pcap.out +++ b/tests/result/firefox.pcap.out @@ -9,9 +9,9 @@ JA3 Host Stats: 1 192.168.1.178 2 - 1 TCP 192.168.1.178:51588 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][544 pkts/39296 bytes <-> 843 pkts/1241907 bytes][Goodput ratio: 9/96][1.11 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 195/42 11/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/1473 746/1506 51/178][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] - 2 TCP 192.168.1.178:51577 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][436 pkts/33554 bytes <-> 629 pkts/927958 bytes][Goodput ratio: 14/96][2.10 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 270/575 19/27][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 77/1475 583/1506 64/189][TLSv1.3][Client: www.iit.cnr.it][JA3C: 1fd36067223570569bbf156fece40978][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,1,0,0,0,0,0,0,1,0,4,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0] - 3 TCP 192.168.1.178:51583 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][408 pkts/30627 bytes <-> 623 pkts/906942 bytes][Goodput ratio: 12/95][1.17 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 203/231 16/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1456 746/1506 61/223][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] - 4 TCP 192.168.1.178:51601 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][350 pkts/24993 bytes <-> 528 pkts/777348 bytes][Goodput ratio: 8/96][0.79 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.938 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 58/58 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/1472 746/1506 50/192][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] - 5 TCP 192.168.1.178:51600 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][255 pkts/20235 bytes <-> 391 pkts/567512 bytes][Goodput ratio: 17/95][0.77 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 77/79 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/1451 746/1506 74/238][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] - 6 TCP 192.168.1.178:51599 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][180 pkts/14936 bytes <-> 254 pkts/367424 bytes][Goodput ratio: 20/95][0.72 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.922 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/2 104/88 14/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1447 746/1506 85/253][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] + 1 TCP 192.168.1.178:51588 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][544 pkts/39296 bytes <-> 843 pkts/1241907 bytes][Goodput ratio: 9/96][1.11 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 195/42 11/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/1473 746/1506 51/178][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] + 2 TCP 192.168.1.178:51577 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][436 pkts/33554 bytes <-> 629 pkts/927958 bytes][Goodput ratio: 14/96][2.10 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 270/575 19/27][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 77/1475 583/1506 64/189][TLSv1.3][Client: www.iit.cnr.it][JA3C: 1fd36067223570569bbf156fece40978][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,1,0,0,0,0,0,0,1,0,4,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0] + 3 TCP 192.168.1.178:51583 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][408 pkts/30627 bytes <-> 623 pkts/906942 bytes][Goodput ratio: 12/95][1.17 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 203/231 16/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1456 746/1506 61/223][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] + 4 TCP 192.168.1.178:51601 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][350 pkts/24993 bytes <-> 528 pkts/777348 bytes][Goodput ratio: 8/96][0.79 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.938 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 58/58 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/1472 746/1506 50/192][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] + 5 TCP 192.168.1.178:51600 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][255 pkts/20235 bytes <-> 391 pkts/567512 bytes][Goodput ratio: 17/95][0.77 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 77/79 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/1451 746/1506 74/238][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] + 6 TCP 192.168.1.178:51599 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][180 pkts/14936 bytes <-> 254 pkts/367424 bytes][Goodput ratio: 20/95][0.72 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.922 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/2 104/88 14/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1447 746/1506 85/253][TLSv1.3][Client: www.iit.cnr.it][JA3C: ab78a7ef7106e8144808f22ab4a26dc8][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] diff --git a/tests/result/fuzz-2021-10-13.pcap.out b/tests/result/fuzz-2021-10-13.pcap.out index d9ad37b83..b874bd2c2 100644 --- a/tests/result/fuzz-2021-10-13.pcap.out +++ b/tests/result/fuzz-2021-10-13.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 3400:3a30:3035:2f75:706c:6f32:643f:6c3d 1 - 1 TCP [3400:3a30:3035:2f75:706c:6f32:643f:6c3d]:44288 -> [302e::3d00::8001]:0 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Risk: ** Known protocol on non standard port **** Obsolete TLS version (older than 1.2) **** TLS suspicious extension **][Risk Score: 250][TLS (0030)][JA3C: 7fd749763364ca3fe45ec98917f981f6][PLAIN TEXT (005/uplo2)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP [3400:3a30:3035:2f75:706c:6f32:643f:6c3d]:44288 -> [302e::3d00::8001]:0 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Risk: ** Known protocol on non standard port **** Obsolete TLS version (older than 1.2) **** TLS suspicious extension **][Risk Score: 250][TLS (0030)][JA3C: 7fd749763364ca3fe45ec98917f981f6][PLAIN TEXT (005/uplo2)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index bebc54f10..9f5323ab9 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -21,13 +21,13 @@ JA3 Host Stats: 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][Encrypted][cat: Network/14][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][Goodput ratio: 28/89][0.17 sec][ALPN: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/9 63/25 20/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/805 298/2754 70/929][Risk: ** TLS Certificate Mismatch **][Risk Score: 100][TLSv1.2][Client: www.ntop.org][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,16] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][Encrypted][cat: SocialNetwork/6][7 pkts/960 bytes <-> 5 pkts/4227 bytes][Goodput ratio: 36/90][0.06 sec][ALPN: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 8/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/845 310/2942 83/1078][TLSv1.2][Client: s-static.ak.facebook.com][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,20,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][Encrypted][cat: SocialNetwork/6][6 pkts/874 bytes <-> 4 pkts/4141 bytes][Goodput ratio: 40/91][0.06 sec][ALPN: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/5 43/8 16/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/1035 310/3633 86/1503][TLSv1.2][Client: s-static.ak.facebook.com][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,25,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] - 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/TLS][ClearText][cat: Web/5][7 pkts/860 bytes <-> 7 pkts/1353 bytes][Goodput ratio: 30/55][0.12 sec][bytes ratio: -0.223 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 30/30 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 123/193 268/592 62/172][Plen Bins: 0,57,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.13 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/TLS][Encrypted][cat: Web/5][7 pkts/860 bytes <-> 7 pkts/1353 bytes][Goodput ratio: 30/55][0.12 sec][bytes ratio: -0.223 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 30/30 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 123/193 268/592 62/172][Plen Bins: 0,57,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.13 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index af1f1d222..933f611f4 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -51,7 +51,7 @@ JA3 Host Stats: 31 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][ClearText][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Goodput ratio: 52/80][0.05 sec][Host: igcdn-photos-a-a.akamaihd.net][82.85.26.154][PLAIN TEXT (photos)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/169 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/169 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][ClearText][cat: Cloud/13][1 pkts/145 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][PLAIN TEXT ( 413767116)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][ClearText][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][ClearText][cat: SocialNetwork/6][1 pkts/85 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Host: photos-b.ak.instagram.com][::][PLAIN TEXT (photos)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/iphone.pcap.out b/tests/result/iphone.pcap.out index 82572ff4d..fc2439ce5 100644 --- a/tests/result/iphone.pcap.out +++ b/tests/result/iphone.pcap.out @@ -66,7 +66,7 @@ JA3 Host Stats: 42 UDP 192.168.2.17:64203 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][ClearText][cat: Web/5][1 pkts/80 bytes <-> 1 pkts/135 bytes][Goodput ratio: 47/68][0.04 sec][Host: basejumper.apple.com][::][PLAIN TEXT (basejumper)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.2.17:52031 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][ClearText][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/127 bytes][Goodput ratio: 42/66][0.03 sec][Host: gsa.apple.com][17.137.166.35][PLAIN TEXT (akadns)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.2.17:62160 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][ClearText][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/127 bytes][Goodput ratio: 42/66][0.04 sec][Host: gsa.apple.com][17.137.166.35][PLAIN TEXT (akadns)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][30.01 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][30.01 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 UDP 169.254.225.216:60538 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP 192.168.2.1:51411 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 ICMPV6 [fe80::823:3f17:8298:a29c]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 6/0][4.21 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ipv6_in_gtp.pcap.out b/tests/result/ipv6_in_gtp.pcap.out index 9437cd439..7f80c01d8 100644 --- a/tests/result/ipv6_in_gtp.pcap.out +++ b/tests/result/ipv6_in_gtp.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Unknown 1 150 1 IPsec 1 166 1 - 1 50 [2a01:4c8:c014:144e:1:2:945b:6761]:0 -> [2a01:4c8:f000:f49::4]:0 [VLAN: 2][proto: GTP:79/IPsec][ClearText][cat: VPN/2][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 50 [2a01:4c8:c014:144e:1:2:945b:6761]:0 -> [2a01:4c8:f000:f49::4]:0 [VLAN: 2][proto: GTP:79/IPsec][Encrypted][cat: VPN/2][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/ja3_lots_of_cipher_suites.pcap.out b/tests/result/ja3_lots_of_cipher_suites.pcap.out index 9c086d8fd..97b317a83 100644 --- a/tests/result/ja3_lots_of_cipher_suites.pcap.out +++ b/tests/result/ja3_lots_of_cipher_suites.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 10.206.131.18 1 - 1 TCP 10.206.131.18:58657 <-> 10.206.65.249:443 [VLAN: 258][proto: 91/TLS][ClearText][cat: Web/5][5 pkts/1144 bytes <-> 6 pkts/3988 bytes][Goodput ratio: 70/90][0.22 sec][bytes ratio: -0.554 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/39 164/136 72/50][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 229/665 866/1522 319/650][Risk: ** TLS Certificate Mismatch **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 160][TLSv1.2][JA3C: 0463681bfef175d3d61ec414c65e482c][JA3S: 9d456958a9e86bb0d503543beaf1a65b][Issuer: C=US, ST=New York, L=Rochester, O=Xerox Corporation, OU=Generic Root Certificate Authority, CN=Xerox Generic Root Certificate Authority][Subject: C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF, C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF][Certificate SHA-1: 3B:2B:5E:58:6E:3E:30:1F:52:BF:9B:81:20:47:DE:10:A0:67:8E:FA][Firefox][Validity: 2018-11-29 18:57:22 - 2023-11-29 18:57:22][Cipher: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 1 TCP 10.206.131.18:58657 <-> 10.206.65.249:443 [VLAN: 258][proto: 91/TLS][Encrypted][cat: Web/5][5 pkts/1144 bytes <-> 6 pkts/3988 bytes][Goodput ratio: 70/90][0.22 sec][bytes ratio: -0.554 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/39 164/136 72/50][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 229/665 866/1522 319/650][Risk: ** TLS Certificate Mismatch **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 160][TLSv1.2][JA3C: 0463681bfef175d3d61ec414c65e482c][JA3S: 9d456958a9e86bb0d503543beaf1a65b][Issuer: C=US, ST=New York, L=Rochester, O=Xerox Corporation, OU=Generic Root Certificate Authority, CN=Xerox Generic Root Certificate Authority][Subject: C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF, C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF][Certificate SHA-1: 3B:2B:5E:58:6E:3E:30:1F:52:BF:9B:81:20:47:DE:10:A0:67:8E:FA][Firefox][Validity: 2018-11-29 18:57:22 - 2023-11-29 18:57:22][Cipher: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] diff --git a/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out b/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out index e3eb06c7b..ad67bcaf3 100644 --- a/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 192.168.147.177 1 - 1 TCP 192.168.147.177:58496 <-> 151.121.193.160:443 [proto: GTP:91/TLS][ClearText][cat: Web/5][13 pkts/3520 bytes <-> 14 pkts/3446 bytes][Goodput ratio: 60/59][5.96 sec][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 479/256 1619/1072 582/419][Pkt Len c2s/s2c min/avg/max/stddev: 106/90 271/246 1202/1490 315/354][Risk: ** Self-signed Certificate **** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 210][TLSv1.2][Client: 192.69.136.179][JA3C: 50221ef5bde0fcee8864bbcea5211d51][JA3S: 7c02dbae662670040c7af9bd15fb7e2f (WEAK)][Issuer: C=DE, ST=Munich, L=Grenoble, O=Munniccan Establishment GmBH, OU=Munnican Workforce, CN=munniccan.de][Subject: C=DE, ST=Munich, L=Grenoble, O=Munniccan Establishment GmBH, OU=Munnican Workforce, CN=munniccan.de][Certificate SHA-1: 91:0C:1D:82:6B:28:01:8F:55:03:28:5B:90:A9:18:B9:ED:72:01:37][Firefox][Validity: 2016-12-21 19:19:24 - 2019-09-16 19:19:24][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 9,27,0,0,0,9,18,0,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0] + 1 TCP 192.168.147.177:58496 <-> 151.121.193.160:443 [proto: GTP:91/TLS][Encrypted][cat: Web/5][13 pkts/3520 bytes <-> 14 pkts/3446 bytes][Goodput ratio: 60/59][5.96 sec][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 479/256 1619/1072 582/419][Pkt Len c2s/s2c min/avg/max/stddev: 106/90 271/246 1202/1490 315/354][Risk: ** Self-signed Certificate **** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][Risk Score: 210][TLSv1.2][Client: 192.69.136.179][JA3C: 50221ef5bde0fcee8864bbcea5211d51][JA3S: 7c02dbae662670040c7af9bd15fb7e2f (WEAK)][Issuer: C=DE, ST=Munich, L=Grenoble, O=Munniccan Establishment GmBH, OU=Munnican Workforce, CN=munniccan.de][Subject: C=DE, ST=Munich, L=Grenoble, O=Munniccan Establishment GmBH, OU=Munnican Workforce, CN=munniccan.de][Certificate SHA-1: 91:0C:1D:82:6B:28:01:8F:55:03:28:5B:90:A9:18:B9:ED:72:01:37][Firefox][Validity: 2016-12-21 19:19:24 - 2019-09-16 19:19:24][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 9,27,0,0,0,9,18,0,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0] diff --git a/tests/result/long_tls_certificate.pcap.out b/tests/result/long_tls_certificate.pcap.out index eeb4eb046..a9565f357 100644 --- a/tests/result/long_tls_certificate.pcap.out +++ b/tests/result/long_tls_certificate.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 192.168.1.60 1 - 1 TCP 192.168.1.60:55333 <-> 106.15.100.123:443 [proto: 91/TLS][ClearText][cat: Web/5][24 pkts/2429 bytes <-> 23 pkts/12383 bytes][Goodput ratio: 44/89][1.86 sec][ALPN: h2;http/1.1][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/62 370/360 133/111][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/538 571/1506 104/641][TLSv1.2][Client: beacon-api.aliyuncs.com][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: *.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com][JA3S: eee3d2bf5f17d17548ac36ba1872951f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2][Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com][Certificate SHA-1: 2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA][Firefox][Validity: 2020-11-25 10:12:07 - 2021-12-27 10:06:06][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,31,13,9,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] + 1 TCP 192.168.1.60:55333 <-> 106.15.100.123:443 [proto: 91/TLS][Encrypted][cat: Web/5][24 pkts/2429 bytes <-> 23 pkts/12383 bytes][Goodput ratio: 44/89][1.86 sec][ALPN: h2;http/1.1][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/62 370/360 133/111][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/538 571/1506 104/641][TLSv1.2][Client: beacon-api.aliyuncs.com][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: *.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com][JA3S: eee3d2bf5f17d17548ac36ba1872951f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2][Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com][Certificate SHA-1: 2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA][Firefox][Validity: 2020-11-25 10:12:07 - 2021-12-27 10:06:06][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,31,13,9,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] diff --git a/tests/result/nats.pcap.out b/tests/result/nats.pcap.out index 02f69863e..fff18713e 100644 --- a/tests/result/nats.pcap.out +++ b/tests/result/nats.pcap.out @@ -4,5 +4,5 @@ DPI Packets (TCP): 10 (5.00 pkts/flow) Nats 27 2460 2 - 1 TCP 127.0.0.1:54821 <-> 127.0.0.1:4222 [proto: 68/Nats][ClearText][cat: RPC/16][7 pkts/545 bytes <-> 7 pkts/725 bytes][Goodput ratio: 26/44][2.20 sec][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 78/104 191/365 46/107][PLAIN TEXT (rINFO )][Plen Bins: 60,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 127.0.0.1:54820 <-> 127.0.0.1:4222 [proto: 68/Nats][ClearText][cat: RPC/16][7 pkts/527 bytes <-> 6 pkts/663 bytes][Goodput ratio: 26/47][0.01 sec][bytes ratio: -0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 7/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 44/56 75/110 191/365 48/114][PLAIN TEXT (bINFO )][Plen Bins: 33,0,0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 127.0.0.1:54821 <-> 127.0.0.1:4222 [proto: 68/Nats][Encrypted][cat: RPC/16][7 pkts/545 bytes <-> 7 pkts/725 bytes][Goodput ratio: 26/44][2.20 sec][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 78/104 191/365 46/107][PLAIN TEXT (rINFO )][Plen Bins: 60,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 127.0.0.1:54820 <-> 127.0.0.1:4222 [proto: 68/Nats][Encrypted][cat: RPC/16][7 pkts/527 bytes <-> 6 pkts/663 bytes][Goodput ratio: 26/47][0.01 sec][bytes ratio: -0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 7/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 44/56 75/110 191/365 48/114][PLAIN TEXT (bINFO )][Plen Bins: 33,0,0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index cadbfb4ee..f1f5e2dd0 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -24,13 +24,13 @@ JA3 Host Stats: 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][ClearText][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes][Goodput ratio: 68/68][1.15 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/17 108/127 288/286 109/90][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 130/132 198/198 40/42][Plen Bins: 0,53,20,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][ClearText][cat: Network/14][21 pkts/1470 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.73 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/0 315/0 92/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70/0 70/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][ClearText][cat: Game/8][4 pkts/368 bytes <-> 4 pkts/400 bytes][Goodput ratio: 54/58][0.01 sec][Host: g2df33d01-lp1.p.srv.nintendo.net][52.10.205.177][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 4/4 5/5 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/92 92/100 92/108 0/8][PLAIN TEXT (nintendo)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][ClearText][cat: Web/5][1 pkts/730 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][Encrypted][cat: Web/5][1 pkts/730 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][ClearText][cat: Network/14][9 pkts/630 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.60 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/0 316/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70/0 70/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][ClearText][cat: Web/5][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][0.06 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][Encrypted][cat: Web/5][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][0.06 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][ClearText][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61/85][0.03 sec][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.217][PLAIN TEXT (fb203858ebc)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][ClearText][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61/85][< 1 sec][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.8][PLAIN TEXT (fb203858ebc)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173.178/Nintendo.Amazon][ClearText][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][0.00 sec][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][ClearText][cat: Web/5][3 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][0.00 sec][PLAIN TEXT (NATTestId)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][ClearText][cat: Web/5][1 pkts/298 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][ClearText][cat: Web/5][5 pkts/290 bytes -> 0 pkts/0 bytes][Goodput ratio: 27/0][0.00 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][Encrypted][cat: Web/5][3 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][0.00 sec][PLAIN TEXT (NATTestId)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][Encrypted][cat: Web/5][1 pkts/298 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][Encrypted][cat: Web/5][5 pkts/290 bytes -> 0 pkts/0 bytes][Goodput ratio: 27/0][0.00 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 36cb3017b..14e4bb756 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -26,7 +26,7 @@ JA3 Host Stats: 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][ClearText][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][1.36 sec][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 272/0 1043/0 395/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182/0 824/0 287/0][URL: ocu03.labgency.ws/catalog/vod?v=3][StatusCode: 0][User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/5][PLAIN TEXT (POST /catalog/vod)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][ClearText][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][1.18 sec][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 197/0 503/0 209/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77/0 136/0 37/0][URL: api.eu01.capptain.com/ip-to-country][StatusCode: 0][PLAIN TEXT (GET /ip)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][ClearText][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Goodput ratio: 33/0][0.23 sec][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 46/0 101/0 39/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 80/0 211/0 59/0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][StatusCode: 0][PLAIN TEXT (GET /xmpp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][ClearText][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][8.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][Encrypted][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][8.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][ClearText][cat: Web/5][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][< 1 sec][Host: xmpp.device06.eu01.capptain.com][::][PLAIN TEXT (device06)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][ClearText][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][< 1 sec][Host: android.clients.google.com][::][PLAIN TEXT (android)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][ClearText][cat: Web/5][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Host: settings.crashlytics.com][::][PLAIN TEXT (settings)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index e00332e90..683a3af0e 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -5,6 +5,6 @@ DPI Packets (UDP): 5 (2.50 pkts/flow) OpenVPN 298 57111 3 - 1 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][ClearText][cat: VPN/2][62 pkts/11508 bytes <-> 58 pkts/16664 bytes][Goodput ratio: 77/85][19.24 sec][bytes ratio: -0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/106 3994/2456 764/365][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 186/287 1214/1287 193/325][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (160727093158Z)][Plen Bins: 0,33,19,9,29,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][ClearText][cat: VPN/2][44 pkts/7514 bytes <-> 51 pkts/7866 bytes][Goodput ratio: 61/57][64.13 sec][bytes ratio: -0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1298/1400 11356/11265 2924/3289][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/154 1514/222 236/63][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (160630002150Z)][Plen Bins: 0,39,0,4,51,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] - 3 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][ClearText][cat: VPN/2][49 pkts/7860 bytes <-> 34 pkts/5699 bytes][Goodput ratio: 74/75][9.11 sec][bytes ratio: 0.159 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/137 3857/2389 691/464][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 160/168 1214/196 192/31][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (160727093158Z)][Plen Bins: 0,40,14,8,30,2,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][Encrypted][cat: VPN/2][62 pkts/11508 bytes <-> 58 pkts/16664 bytes][Goodput ratio: 77/85][19.24 sec][bytes ratio: -0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/106 3994/2456 764/365][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 186/287 1214/1287 193/325][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (160727093158Z)][Plen Bins: 0,33,19,9,29,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][Encrypted][cat: VPN/2][44 pkts/7514 bytes <-> 51 pkts/7866 bytes][Goodput ratio: 61/57][64.13 sec][bytes ratio: -0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1298/1400 11356/11265 2924/3289][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/154 1514/222 236/63][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (160630002150Z)][Plen Bins: 0,39,0,4,51,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + 3 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][Encrypted][cat: VPN/2][49 pkts/7860 bytes <-> 34 pkts/5699 bytes][Goodput ratio: 74/75][9.11 sec][bytes ratio: 0.159 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/137 3857/2389 691/464][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 160/168 1214/196 192/31][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (160727093158Z)][Plen Bins: 0,40,14,8,30,2,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/pinterest.pcap.out b/tests/result/pinterest.pcap.out index ab56f8339..d36f781d0 100644 --- a/tests/result/pinterest.pcap.out +++ b/tests/result/pinterest.pcap.out @@ -15,18 +15,18 @@ JA3 Host Stats: 1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38512 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][Encrypted][cat: SocialNetwork/6][2091 pkts/199209 bytes <-> 10687 pkts/21038106 bytes][Goodput ratio: 10/96][3.16 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 415/450 15/6][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 95/1969 1474/65322 60/2735][TLSv1.2][Client: s.pinimg.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,1,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0,0,50] 2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33262 <-> [64:ff9b::9765:7854]:443 [proto: 91.183/TLS.Pinterest][Encrypted][cat: SocialNetwork/6][914 pkts/144518 bytes <-> 1890 pkts/3768357 bytes][Goodput ratio: 46/96][21.20 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/6 5627/5836 310/150][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/1994 1474/13710 286/1748][TLSv1.2][Client: www.pinterest.fr][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,2,4,0,0,0,1,1,0,0,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,56,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0] - 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57050 <-> [2a04:4e42:1d::720]:443 [proto: 91/TLS][ClearText][cat: Media/1][372 pkts/33115 bytes <-> 436 pkts/1818025 bytes][Goodput ratio: 3/98][0.52 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 54/53 6/5][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 89/4170 603/16742 34/2692][TLSv1.2][Client: images.unsplash.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net][Certificate SHA-1: 1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6][Chrome][Validity: 2020-11-12 16:39:14 - 2021-07-07 17:15:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,60] + 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57050 <-> [2a04:4e42:1d::720]:443 [proto: 91/TLS][Encrypted][cat: Media/1][372 pkts/33115 bytes <-> 436 pkts/1818025 bytes][Goodput ratio: 3/98][0.52 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 54/53 6/5][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 89/4170 603/16742 34/2692][TLSv1.2][Client: images.unsplash.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net][Certificate SHA-1: 1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6][Chrome][Validity: 2020-11-12 16:39:14 - 2021-07-07 17:15:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,60] 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51582 <-> [2a00:1450:4007:816::2003]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][78 pkts/8258 bytes <-> 146 pkts/317107 bytes][Goodput ratio: 19/96][0.99 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.949 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/5 147/122 32/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 106/2172 603/31494 73/3182][TLSv1.3][Client: www.gstatic.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,2,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,57,0,0,0,0,0,0,0,0,0,30] 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:60340 <-> [2a03:2880:f11f:83:face:b00c::25de]:443 [proto: 91.119/TLS.Facebook][Encrypted][cat: SocialNetwork/6][73 pkts/9751 bytes <-> 98 pkts/155098 bytes][Goodput ratio: 36/95][8.87 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 156/28 6193/1522 838/170][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 134/1583 685/12506 138/1762][TLSv1.3][Client: www.facebook.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,8,3,1,0,1,2,0,0,0,1,1,2,1,0,0,2,1,1,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,16,0,1,0,1,31,0,0,0,17] 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54416 <-> [2a00:1450:4007:806::200e]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][40 pkts/4645 bytes <-> 76 pkts/138349 bytes][Goodput ratio: 26/95][0.52 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/4 79/78 22/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 116/1820 603/16998 92/2650][TLSv1.3][Client: apis.google.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,2,1,2,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,0,0,0,1,0,0,0,1,1,0,0,0,0,2,0,0,0,61,0,0,0,0,0,0,0,0,0,15] 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51292 <-> [2a03:2880:f030:13:face:b00c::3]:443 [proto: 91.119/TLS.Facebook][Encrypted][cat: SocialNetwork/6][28 pkts/3763 bytes <-> 43 pkts/69376 bytes][Goodput ratio: 36/95][0.34 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/4 78/64 23/13][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 134/1613 603/12506 114/2280][TLSv1.3][Client: connect.facebook.net][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,7,9,2,0,2,0,0,7,0,0,0,2,0,0,0,2,0,2,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,2,0,0,17] 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40894 <-> [2a00:1450:4007:816::200d]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][52 pkts/6440 bytes <-> 74 pkts/54135 bytes][Goodput ratio: 30/88][13.52 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 337/4 6419/37 1406/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 124/732 603/2536 87/652][TLSv1.3][Client: accounts.google.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,15,5,0,6,5,1,4,2,0,1,0,0,4,4,0,1,0,1,1,1,0,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,31,0,0,0,0,0,0,0,0,0,5] 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40694 <-> [2a00:1450:4007:816::2004]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][43 pkts/11445 bytes <-> 64 pkts/36753 bytes][Goodput ratio: 68/85][1.89 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.525 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/28 960/963 172/136][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 266/574 1474/1294 372/530][TLSv1.3][Client: www.google.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,17,4,4,0,3,4,1,3,1,4,0,1,1,0,0,1,0,1,0,1,3,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,35,0,0,0,0,0,4,0,0,0,0] - 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43562 <-> [2a00:1450:4007:805::2003]:443 [proto: 91/TLS][ClearText][cat: Web/5][17 pkts/1782 bytes <-> 33 pkts/34703 bytes][Goodput ratio: 18/92][0.20 sec][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/6 28/173 8/32][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 105/1052 244/1294 46/464][PLAIN TEXT (E ATNCya)][Plen Bins: 0,6,0,6,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,75,0,0,0,0,0,0,0,0,0,0] + 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43562 <-> [2a00:1450:4007:805::2003]:443 [proto: 91/TLS][Encrypted][cat: Web/5][17 pkts/1782 bytes <-> 33 pkts/34703 bytes][Goodput ratio: 18/92][0.20 sec][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/6 28/173 8/32][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 105/1052 244/1294 46/464][PLAIN TEXT (E ATNCya)][Plen Bins: 0,6,0,6,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,75,0,0,0,0,0,0,0,0,0,0] 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38546 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][Encrypted][cat: SocialNetwork/6][23 pkts/3137 bytes <-> 29 pkts/28329 bytes][Goodput ratio: 37/91][0.38 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.801 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/14 111/135 29/35][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 136/977 603/1474 118/629][TLSv1.2][Client: assets.pinterest.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,7,3,3,0,0,3,7,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,63,0,0,0,0] 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:45126 <-> [2a00:1450:4007:80a::200e]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][26 pkts/3664 bytes <-> 35 pkts/26447 bytes][Goodput ratio: 39/89][0.43 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/6 157/112 39/22][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/756 603/1294 126/544][TLSv1.3][Client: www.google-analytics.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,9,12,0,0,0,2,0,2,0,0,5,2,0,2,0,2,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,2,0,50,0,0,0,0,0,0,0,0,0,0] - 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40114 <-> [64:ff9b::9765:7a6e]:443 [proto: 91/TLS][ClearText][cat: Media/1][22 pkts/2917 bytes <-> 26 pkts/20158 bytes][Goodput ratio: 35/89][0.13 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/3 45/37 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 133/775 603/1134 119/476][TLSv1.2][Client: js-agent.newrelic.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net][Certificate SHA-1: BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0][Chrome][Validity: 2020-10-23 11:03:25 - 2021-05-07 20:27:49][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,8,4,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47032 <-> [2600:1901::7a0b::]:443 [proto: 91/TLS][ClearText][cat: Web/5][20 pkts/3545 bytes <-> 21 pkts/7861 bytes][Goodput ratio: 51/77][0.52 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/24 224/174 60/46][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/374 603/1294 164/464][TLSv1.3][Client: sessions.bugsnag.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,15,15,10,5,0,0,0,5,0,0,5,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0] + 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40114 <-> [64:ff9b::9765:7a6e]:443 [proto: 91/TLS][Encrypted][cat: Media/1][22 pkts/2917 bytes <-> 26 pkts/20158 bytes][Goodput ratio: 35/89][0.13 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/3 45/37 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 133/775 603/1134 119/476][TLSv1.2][Client: js-agent.newrelic.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net][Certificate SHA-1: BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0][Chrome][Validity: 2020-10-23 11:03:25 - 2021-05-07 20:27:49][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,8,4,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47032 <-> [2600:1901::7a0b::]:443 [proto: 91/TLS][Encrypted][cat: Web/5][20 pkts/3545 bytes <-> 21 pkts/7861 bytes][Goodput ratio: 51/77][0.52 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/24 224/174 60/46][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/374 603/1294 164/464][TLSv1.3][Client: sessions.bugsnag.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,15,15,10,5,0,0,0,5,0,0,5,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0] 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47790 <-> [2a00:1450:4007:816::200a]:443 [proto: 91.239/TLS.GoogleServices][Encrypted][cat: Web/5][25 pkts/3823 bytes <-> 30 pkts/7281 bytes][Goodput ratio: 44/64][17.42 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 825/437 8675/8670 2387/1742][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/243 603/1294 123/316][TLSv1.3][Client: content-autofill.googleapis.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 6,32,21,3,10,3,0,0,0,0,0,3,3,0,0,3,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33280 <-> [64:ff9b::9765:7854]:443 [proto: 91.183/TLS.Pinterest][Encrypted][cat: SocialNetwork/6][17 pkts/2513 bytes <-> 16 pkts/7648 bytes][Goodput ratio: 41/82][0.22 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/11 41/49 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 148/478 603/1134 135/457][TLSv1.2][Client: accounts.pinterest.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,21,6,0,6,0,0,6,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38516 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][Encrypted][cat: SocialNetwork/6][10 pkts/1313 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 39/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.642 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/15 38/30 15/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/752 603/1474 157/668][TLSv1.2][Client: s.pinimg.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] @@ -34,19 +34,19 @@ JA3 Host Stats: 19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38518 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][Encrypted][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 47/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/10 37/31 16/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/752 603/1474 183/668][TLSv1.2][Client: s.pinimg.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] 20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38520 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][Encrypted][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 47/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/10 38/48 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/752 603/1474 183/668][TLSv1.2][Client: s.pinimg.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] 21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38522 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][Encrypted][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 47/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/10 38/48 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/752 603/1474 183/668][TLSv1.2][Client: s.pinimg.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] - 22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33156 <-> [64:ff9b::9765:7854]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33164 <-> [64:ff9b::9765:7854]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.26 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:34626 <-> [64:ff9b::acd9:13e2]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38402 <-> [2a04:4e42:1d::84]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.09 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38406 <-> [2a04:4e42:1d::84]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40560 <-> [2a00:1450:4007:816::2004]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.22 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40876 <-> [2a00:1450:4007:807::200a]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.22 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46918 <-> [2600:1901::7a0b::]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47682 <-> [2a00:1450:4007:816::200a]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48890 <-> [2a00:1450:4007:815::2003]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.22 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51446 <-> [2a00:1450:4007:816::2003]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51472 <-> [2a00:1450:4007:816::2003]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54308 <-> [2a00:1450:4007:806::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56940 <-> [2a04:4e42:1d::720]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57130 <-> [2a00:1450:4007:80c::200a]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58726 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33156 <-> [64:ff9b::9765:7854]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33164 <-> [64:ff9b::9765:7854]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.26 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:34626 <-> [64:ff9b::acd9:13e2]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38402 <-> [2a04:4e42:1d::84]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.09 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38406 <-> [2a04:4e42:1d::84]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40560 <-> [2a00:1450:4007:816::2004]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.22 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40876 <-> [2a00:1450:4007:807::200a]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.22 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46918 <-> [2600:1901::7a0b::]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47682 <-> [2a00:1450:4007:816::200a]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48890 <-> [2a00:1450:4007:815::2003]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.22 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51446 <-> [2a00:1450:4007:816::2003]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51472 <-> [2a00:1450:4007:816::2003]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54308 <-> [2a00:1450:4007:806::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56940 <-> [2a04:4e42:1d::720]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57130 <-> [2a00:1450:4007:80c::200a]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58726 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ps_vue.pcap.out b/tests/result/ps_vue.pcap.out index d6c9bba1e..80a644e27 100644 --- a/tests/result/ps_vue.pcap.out +++ b/tests/result/ps_vue.pcap.out @@ -8,9 +8,9 @@ Amazon 5 1380 2 1 TCP 8.252.2.139:80 -> 192.168.1.132:59198 [proto: 7.64/HTTP.PS_VUE][ClearText][cat: Video/26][1724 pkts/2198169 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][16.15 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/0 1184/0 56/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 1275/0 1372/0 336/0][PLAIN TEXT (ovwuGc)][Plen Bins: 5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,91,0,0,0,0,0,0] 2 TCP 13.33.255.96:443 -> 192.168.1.132:55076 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][4 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][10.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 63.140.57.73:443 -> 192.168.1.132:61267 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/791 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 209.102.209.13:443 -> 192.168.1.132:65112 [proto: 91/TLS][ClearText][cat: Web/5][3 pkts/193 bytes -> 0 pkts/0 bytes][Goodput ratio: 16/0][8.00 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 23.57.89.123:443 -> 192.168.1.132:52217 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/139 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 23.57.89.123:443 -> 192.168.1.132:55648 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/139 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 23.57.89.123:443 -> 192.168.1.132:62694 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/139 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 63.140.57.73:443 -> 192.168.1.132:61267 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/791 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 209.102.209.13:443 -> 192.168.1.132:65112 [proto: 91/TLS][Encrypted][cat: Web/5][3 pkts/193 bytes -> 0 pkts/0 bytes][Goodput ratio: 16/0][8.00 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 23.57.89.123:443 -> 192.168.1.132:52217 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/139 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 23.57.89.123:443 -> 192.168.1.132:55648 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/139 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 23.57.89.123:443 -> 192.168.1.132:62694 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/139 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 34.217.165.102:443 -> 192.168.1.132:63577 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-23.pcap.out b/tests/result/quic-23.pcap.out index 2e40ab53e..786a4f1fa 100644 --- a/tests/result/quic-23.pcap.out +++ b/tests/result/quic-23.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7 1 - 1 UDP [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7]:50339 <-> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][ClearText][cat: Web/5][10 pkts/2613 bytes <-> 10 pkts/4578 bytes][Goodput ratio: 76/86][0.11 sec][ALPN: h3-22][TLS Supported Versions: TLSv1.3][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 38/34 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 92/94 261/458 1342/1342 373/458][TLSv1.3][Client: quic.aiortc.org][JA3C: d9e7bdb15af8e499820ca74a68affd78][Plen Bins: 5,35,15,10,5,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0] + 1 UDP [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7]:50339 <-> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][10 pkts/2613 bytes <-> 10 pkts/4578 bytes][Goodput ratio: 76/86][0.11 sec][ALPN: h3-22][TLS Supported Versions: TLSv1.3][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 38/34 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 92/94 261/458 1342/1342 373/458][TLSv1.3][Client: quic.aiortc.org][JA3C: d9e7bdb15af8e499820ca74a68affd78][Plen Bins: 5,35,15,10,5,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0] diff --git a/tests/result/quic-24.pcap.out b/tests/result/quic-24.pcap.out index 216c40216..352de0027 100644 --- a/tests/result/quic-24.pcap.out +++ b/tests/result/quic-24.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 10.9.0.1 1 - 1 UDP 10.9.0.1:41436 <-> 10.9.0.2:443 [proto: 188/QUIC][ClearText][cat: Web/5][7 pkts/4672 bytes <-> 8 pkts/3328 bytes][Goodput ratio: 94/90][30.04 sec][ALPN: h3-24][TLS Supported Versions: TLSv1.3][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6006/4 30007/12 12000/4][Pkt Len c2s/s2c min/avg/max/stddev: 82/81 667/416 1294/1294 562/406][TLSv1.3][Client: localhost][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][Firefox][PLAIN TEXT (Udwn.wf)][Plen Bins: 0,34,0,6,6,0,0,0,6,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0] + 1 UDP 10.9.0.1:41436 <-> 10.9.0.2:443 [proto: 188/QUIC][Encrypted][cat: Web/5][7 pkts/4672 bytes <-> 8 pkts/3328 bytes][Goodput ratio: 94/90][30.04 sec][ALPN: h3-24][TLS Supported Versions: TLSv1.3][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6006/4 30007/12 12000/4][Pkt Len c2s/s2c min/avg/max/stddev: 82/81 667/416 1294/1294 562/406][TLSv1.3][Client: localhost][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][Firefox][PLAIN TEXT (Udwn.wf)][Plen Bins: 0,34,0,6,6,0,0,0,6,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-29.pcap.out b/tests/result/quic-29.pcap.out index 5b833dbec..38f8196b6 100644 --- a/tests/result/quic-29.pcap.out +++ b/tests/result/quic-29.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 10.9.0.1 1 - 1 UDP 10.9.0.1:36588 <-> 10.9.0.2:443 [proto: 188/QUIC][ClearText][cat: Web/5][6 pkts/4555 bytes <-> 9 pkts/4831 bytes][Goodput ratio: 94/92][0.04 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6/3 18/8 7/3][Pkt Len c2s/s2c min/avg/max/stddev: 84/81 759/537 1294/1294 552/493][TLSv1.3][Client: localhost][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][Firefox][PLAIN TEXT (SYmlKmO)][Plen Bins: 0,27,0,13,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0] + 1 UDP 10.9.0.1:36588 <-> 10.9.0.2:443 [proto: 188/QUIC][Encrypted][cat: Web/5][6 pkts/4555 bytes <-> 9 pkts/4831 bytes][Goodput ratio: 94/92][0.04 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6/3 18/8 7/3][Pkt Len c2s/s2c min/avg/max/stddev: 84/81 759/537 1294/1294 552/493][TLSv1.3][Client: localhost][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][Firefox][PLAIN TEXT (SYmlKmO)][Plen Bins: 0,27,0,13,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-33.pcapng.out b/tests/result/quic-33.pcapng.out index 4743efbf3..041020fd6 100644 --- a/tests/result/quic-33.pcapng.out +++ b/tests/result/quic-33.pcapng.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 ::1 1 - 1 UDP [::1]:51430 <-> [::1]:4443 [proto: 188/QUIC][ClearText][cat: Web/5][99 pkts/14736 bytes <-> 893 pkts/1325986 bytes][Goodput ratio: 58/96][0.01 sec][ALPN: h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 3/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/93 149/1485 1502/1502 183/146][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][PLAIN TEXT (NLZzZw)][Plen Bins: 0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,72,0,0] + 1 UDP [::1]:51430 <-> [::1]:4443 [proto: 188/QUIC][Encrypted][cat: Web/5][99 pkts/14736 bytes <-> 893 pkts/1325986 bytes][Goodput ratio: 58/96][0.01 sec][ALPN: h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 3/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/93 149/1485 1502/1502 183/146][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][PLAIN TEXT (NLZzZw)][Plen Bins: 0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,72,0,0] diff --git a/tests/result/quic-fuzz-overflow.pcapng.out b/tests/result/quic-fuzz-overflow.pcapng.out index dd1ce81a0..f85e7e092 100644 --- a/tests/result/quic-fuzz-overflow.pcapng.out +++ b/tests/result/quic-fuzz-overflow.pcapng.out @@ -4,4 +4,4 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) QUIC 1 1280 1 - 1 UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][PLAIN TEXT ( )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 1 UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][PLAIN TEXT ( )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-mvfst-22_decryption_error.pcap.out b/tests/result/quic-mvfst-22_decryption_error.pcap.out index c22daf88e..91638d3dd 100644 --- a/tests/result/quic-mvfst-22_decryption_error.pcap.out +++ b/tests/result/quic-mvfst-22_decryption_error.pcap.out @@ -4,4 +4,4 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) QUIC 353 400490 1 - 1 UDP 10.230.40.168:62196 <-> 94.97.225.146:443 [proto: 188/QUIC][ClearText][cat: Web/5][43 pkts/13029 bytes <-> 310 pkts/387461 bytes][Goodput ratio: 91/98][0.20 sec][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 15/43 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 59/66 303/1250 1260/1280 452/176][PLAIN TEXT (FSboeS)][Plen Bins: 4,4,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,85,0,0,0,0,0,0,0,0] + 1 UDP 10.230.40.168:62196 <-> 94.97.225.146:443 [proto: 188/QUIC][Encrypted][cat: Web/5][43 pkts/13029 bytes <-> 310 pkts/387461 bytes][Goodput ratio: 91/98][0.20 sec][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 15/43 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 59/66 303/1250 1260/1280 452/176][PLAIN TEXT (FSboeS)][Plen Bins: 4,4,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,85,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index 8116b7766..d1a37b608 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -9,11 +9,11 @@ QUIC 6 7072 1 1 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][Encrypted][cat: Email/3][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Goodput ratio: 72/95][37.93 sec][bytes ratio: -0.812 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 303/161 21144/21225 1960/1485][Pkt Len c2s/s2c min/avg/max/stddev: 67/61 149/916 1392/1392 207/581][User-Agent: beta Chrome/43.0.2357.45][Client: mail.google.com][PLAIN TEXT (mail.google.com)][Plen Bins: 4,37,1,5,3,0,3,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0] 2 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][Encrypted][cat: Media/1][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Goodput ratio: 80/97][1.00 sec][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 52/26 803/828 183/134][Pkt Len c2s/s2c min/avg/max/stddev: 79/61 211/1208 1392/1392 358/430][User-Agent: Chrome/50.0.2661.102 Linux x86_64][Client: www.youtube.com][PLAIN TEXT (www.youtube.com)][Plen Bins: 1,35,1,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,57,0,0,0,0,0] - 3 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 188/QUIC][ClearText][cat: Web/5][6 pkts/7072 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][4.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 800/0 1749/0 595/0][Pkt Len c2s/s2c min/avg/max/stddev: 112/0 1179/0 1392/0 477/0][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0] + 3 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 188/QUIC][Encrypted][cat: Web/5][6 pkts/7072 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][4.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 800/0 1749/0 595/0][Pkt Len c2s/s2c min/avg/max/stddev: 112/0 1179/0 1392/0 477/0][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0] 4 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][Encrypted][cat: Media/1][4 pkts/3682 bytes <-> 3 pkts/2863 bytes][Goodput ratio: 95/96][0.10 sec][bytes ratio: 0.125 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 22/20 33/10 52/20 13/10][Pkt Len c2s/s2c min/avg/max/stddev: 82/79 920/954 1392/1392 538/619][User-Agent: Chrome/49.0.2623.87 Linux x86_64][Client: www.youtube.com][PLAIN TEXT (www.youtube.com)][Plen Bins: 0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0] 5 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][Encrypted][cat: Web/5][3 pkts/2866 bytes <-> 3 pkts/2863 bytes][Goodput ratio: 96/96][0.10 sec][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/21 50/10 74/21 24/10][Pkt Len c2s/s2c min/avg/max/stddev: 82/79 955/954 1392/1392 618/619][User-Agent: Chrome/49.0.2623.87 Linux x86_64][Client: fonts.gstatic.com][PLAIN TEXT (fonts.gstatic.com)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0] 6 UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188.124/QUIC.YouTube][Encrypted][cat: Media/1][2 pkts/2784 bytes <-> 2 pkts/2784 bytes][Goodput ratio: 97/97][0.09 sec][User-Agent: Chrome/49.0.2623.87 Linux x86_64][Client: s.ytimg.com][PLAIN TEXT (s.ytimg.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 7 UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][Encrypted][cat: Web/5][3 pkts/1550 bytes <-> 2 pkts/2784 bytes][Goodput ratio: 92/97][0.16 sec][User-Agent: Chrome/49.0.2623.87 Linux x86_64][Client: www.google.com][PLAIN TEXT (www.google.comO)][Plen Bins: 0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0] 8 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][Encrypted][cat: Media/1][2 pkts/1471 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.10 sec][User-Agent: Chrome/49.0.2623.87 Linux x86_64][Client: i.ytimg.com][PLAIN TEXT (i.ytimg.com)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0] 9 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][Encrypted][cat: Media/1][1 pkts/1392 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 97/97][0.08 sec][User-Agent: Chrome/49.0.2623.87 Linux x86_64][Client: yt3.ggpht.com][PLAIN TEXT (yt3.ggpht.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 10 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 126/Google][ClearText][cat: Web/5][2 pkts/241 bytes <-> 1 pkts/123 bytes][Goodput ratio: 65/65][0.09 sec][Plen Bins: 0,33,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 126/Google][Encrypted][cat: Web/5][2 pkts/241 bytes <-> 1 pkts/123 bytes][Goodput ratio: 65/65][0.09 sec][Plen Bins: 0,33,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic_0RTT.pcap.out b/tests/result/quic_0RTT.pcap.out index 203191779..403585b33 100644 --- a/tests/result/quic_0RTT.pcap.out +++ b/tests/result/quic_0RTT.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 ::1 1 - 1 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][ALPN: h3-32][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: abcd][JA3C: a7b629a5bd67bfc25e2c78b3daa4c12f][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 1 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][ALPN: h3-32][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: abcd][JA3C: a7b629a5bd67bfc25e2c78b3daa4c12f][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic_frags_ch_in_multiple_packets.pcapng.out b/tests/result/quic_frags_ch_in_multiple_packets.pcapng.out index 52f086b9b..2c5e1c1bf 100644 --- a/tests/result/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/tests/result/quic_frags_ch_in_multiple_packets.pcapng.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 ::1 1 - 1 UDP [::1]:58822 <-> [::1]:4443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/1410 bytes][Goodput ratio: 95/91][0.01 sec][ALPN: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0] + 1 UDP [::1]:58822 <-> [::1]:4443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/1410 bytes][Goodput ratio: 95/91][0.01 sec][ALPN: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index d1dafecb8..507e8070b 100644 --- a/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -14,116 +14,116 @@ JA3 Host Stats: 4 159.117.176.124 1 - 1 UDP 52.187.20.175:49880 -> 208.229.157.81:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 2 UDP 52.187.20.175:50588 -> 208.229.157.81:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.09 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 3 UDP 52.187.20.175:51619 -> 208.229.157.81:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 4 UDP 52.187.20.175:52512 -> 196.245.61.64:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][PLAIN TEXT (2 x@/q)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 5 UDP 52.187.20.175:53260 -> 102.194.207.179:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 1 UDP 52.187.20.175:49880 -> 208.229.157.81:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 2 UDP 52.187.20.175:50588 -> 208.229.157.81:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.09 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 3 UDP 52.187.20.175:51619 -> 208.229.157.81:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 4 UDP 52.187.20.175:52512 -> 196.245.61.64:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][PLAIN TEXT (2 x@/q)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 5 UDP 52.187.20.175:53260 -> 102.194.207.179:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 6 UDP 52.187.20.175:57066 -> 108.171.138.182:443 [proto: 188.239/QUIC.GoogleServices][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][TLSv1.3][Client: clientservices.googleapis.com][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 7 UDP 52.187.20.175:61089 -> 99.42.133.245:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.13 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 8 UDP 52.187.20.175:61286 -> 198.74.29.79:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 9 UDP 52.187.20.175:61484 -> 202.152.155.121:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][PLAIN TEXT (BWtJ6@)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 10 UDP 52.187.20.175:62114 -> 198.74.29.79:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][PLAIN TEXT (yiCNDi1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 11 UDP 133.205.75.230:56528 -> 208.229.157.81:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 7 UDP 52.187.20.175:61089 -> 99.42.133.245:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.13 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 8 UDP 52.187.20.175:61286 -> 198.74.29.79:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 9 UDP 52.187.20.175:61484 -> 202.152.155.121:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][PLAIN TEXT (BWtJ6@)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 10 UDP 52.187.20.175:62114 -> 198.74.29.79:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][PLAIN TEXT (yiCNDi1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 11 UDP 133.205.75.230:56528 -> 208.229.157.81:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 12 UDP 147.196.90.42:61647 -> 177.86.46.206:443 [proto: 188.126/QUIC.Google][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.93 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][TLSv1.3][Client: sb-ssl.google.com][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 13 UDP 159.117.176.124:49521 -> 128.248.24.1:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 14 UDP 159.117.176.124:49867 -> 198.74.29.79:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][PLAIN TEXT (apK ctL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 15 UDP 159.117.176.124:58337 -> 208.229.157.81:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 16 UDP 159.117.176.124:61202 -> 198.74.29.79:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][PLAIN TEXT (AQ07rt)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 17 UDP 159.117.176.124:64134 -> 207.121.63.92:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][TLSv1.3][Client: www.google.com][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (lKQALj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 18 UDP 168.144.64.5:50224 -> 126.3.93.89:443 [proto: 188/QUIC][ClearText][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 19 UDP 52.187.20.175:63507 -> 121.209.126.161:443 [proto: 188/QUIC][ClearText][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.53 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 20 UDP 168.144.64.5:58351 -> 193.68.169.100:443 [proto: 188/QUIC][ClearText][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.23 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][TLSv1.3][Client: www.gstatic.com][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 13 UDP 159.117.176.124:49521 -> 128.248.24.1:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 14 UDP 159.117.176.124:49867 -> 198.74.29.79:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][PLAIN TEXT (apK ctL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 15 UDP 159.117.176.124:58337 -> 208.229.157.81:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 16 UDP 159.117.176.124:61202 -> 198.74.29.79:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][PLAIN TEXT (AQ07rt)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 17 UDP 159.117.176.124:64134 -> 207.121.63.92:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][TLSv1.3][Client: www.google.com][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (lKQALj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 18 UDP 168.144.64.5:50224 -> 126.3.93.89:443 [proto: 188/QUIC][Encrypted][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 19 UDP 52.187.20.175:63507 -> 121.209.126.161:443 [proto: 188/QUIC][Encrypted][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.53 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 20 UDP 168.144.64.5:58351 -> 193.68.169.100:443 [proto: 188/QUIC][Encrypted][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.23 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][TLSv1.3][Client: www.gstatic.com][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 21 UDP 52.187.20.175:58123 -> 118.89.218.46:443 [proto: 188.126/QUIC.Google][Encrypted][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.11 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][TLSv1.3][Client: accounts.google.com][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 22 UDP 168.144.64.5:51053 -> 241.138.147.133:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 23 UDP 168.144.64.5:53431 -> 128.248.24.1:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.07 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 24 UDP 168.144.64.5:55376 -> 212.22.246.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.33 sec][PLAIN TEXT (aUOvTUU)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 25 UDP 168.144.64.5:59827 -> 37.47.218.224:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 26 UDP 168.144.64.5:62719 -> 31.219.210.96:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 27 UDP 168.144.64.5:64964 -> 133.202.76.105:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 28 UDP 192.168.254.11:35124 -> 168.78.153.39:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.29 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 29 UDP 10.117.78.100:44252 -> 251.236.18.198:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 30 UDP 10.117.78.100:55273 -> 202.152.155.121:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 31 UDP 159.117.176.124:51856 -> 16.205.123.234:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 32 UDP 168.144.64.5:49153 -> 153.98.28.78:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 33 UDP 168.144.64.5:49217 -> 185.186.183.185:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 34 UDP 168.144.64.5:49324 -> 35.194.157.47:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 35 UDP 168.144.64.5:49860 -> 113.250.137.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 36 UDP 168.144.64.5:49926 -> 103.179.40.184:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 37 UDP 168.144.64.5:50023 -> 76.231.104.92:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (TJdZNR)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 38 UDP 168.144.64.5:50073 -> 152.128.87.238:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 39 UDP 168.144.64.5:50423 -> 144.237.113.58:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 40 UDP 168.144.64.5:50482 -> 121.209.126.161:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 41 UDP 168.144.64.5:50540 -> 99.45.60.254:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 42 UDP 168.144.64.5:50552 -> 108.171.138.182:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 43 UDP 168.144.64.5:51248 -> 99.42.133.245:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 44 UDP 168.144.64.5:51296 -> 128.248.24.1:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 45 UDP 168.144.64.5:51456 -> 102.194.207.179:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 46 UDP 168.144.64.5:52273 -> 244.214.160.219:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 47 UDP 168.144.64.5:52387 -> 143.52.137.18:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 48 UDP 168.144.64.5:52396 -> 153.98.28.78:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 49 UDP 168.144.64.5:52942 -> 93.100.151.221:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 50 UDP 168.144.64.5:53127 -> 113.250.137.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (R/maht)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 51 UDP 168.144.64.5:53404 -> 113.250.137.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 52 UDP 168.144.64.5:54016 -> 153.98.28.78:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 53 UDP 168.144.64.5:54120 -> 153.98.28.78:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 54 UDP 168.144.64.5:54449 -> 102.194.207.179:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 55 UDP 168.144.64.5:55066 -> 128.248.24.1:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 56 UDP 168.144.64.5:55479 -> 113.250.137.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 57 UDP 168.144.64.5:55561 -> 35.194.157.47:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 58 UDP 168.144.64.5:55572 -> 117.148.117.30:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 59 UDP 168.144.64.5:55637 -> 169.81.163.225:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 60 UDP 168.144.64.5:55844 -> 112.1.105.138:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 61 UDP 168.144.64.5:56384 -> 117.148.117.30:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 62 UDP 168.144.64.5:56425 -> 125.136.204.4:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 63 UDP 168.144.64.5:56488 -> 177.86.46.206:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 64 UDP 168.144.64.5:56683 -> 113.250.137.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 65 UDP 168.144.64.5:56844 -> 113.250.137.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 66 UDP 168.144.64.5:57319 -> 7.71.118.27:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 67 UDP 168.144.64.5:57398 -> 137.238.249.2:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 68 UDP 168.144.64.5:57565 -> 217.254.108.174:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 69 UDP 168.144.64.5:57735 -> 137.238.249.2:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 70 UDP 168.144.64.5:57767 -> 76.83.40.87:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 71 UDP 168.144.64.5:58414 -> 153.98.28.78:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (rAnq62)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 72 UDP 168.144.64.5:58429 -> 38.57.8.121:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 73 UDP 168.144.64.5:58703 -> 93.100.151.221:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 74 UDP 168.144.64.5:58832 -> 117.148.117.30:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 75 UDP 168.144.64.5:58956 -> 128.248.24.1:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 76 UDP 168.144.64.5:59206 -> 76.231.104.92:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 77 UDP 168.144.64.5:59327 -> 153.98.28.78:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 78 UDP 168.144.64.5:59622 -> 153.98.28.78:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 79 UDP 168.144.64.5:59680 -> 117.148.117.30:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (xqgfA/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 80 UDP 168.144.64.5:59785 -> 128.248.24.1:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 81 UDP 168.144.64.5:59965 -> 22.12.150.194:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 82 UDP 168.144.64.5:60342 -> 93.100.151.221:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 83 UDP 168.144.64.5:60551 -> 128.248.24.1:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 84 UDP 168.144.64.5:60809 -> 9.65.169.252:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (XDlJUg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 85 UDP 168.144.64.5:60896 -> 45.228.175.189:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 87 UDP 168.144.64.5:60934 -> 128.248.24.1:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 88 UDP 168.144.64.5:60936 -> 9.65.169.252:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 89 UDP 168.144.64.5:60949 -> 185.186.183.185:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 90 UDP 168.144.64.5:61209 -> 35.194.157.47:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 91 UDP 168.144.64.5:61341 -> 16.232.218.117:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 93 UDP 168.144.64.5:62047 -> 136.125.67.96:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 94 UDP 168.144.64.5:62652 -> 158.146.215.30:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 95 UDP 168.144.64.5:62818 -> 113.250.137.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 96 UDP 168.144.64.5:63136 -> 9.65.169.252:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 97 UDP 168.144.64.5:63163 -> 113.250.137.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 98 UDP 168.144.64.5:63736 -> 213.188.47.247:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 99 UDP 168.144.64.5:63925 -> 39.227.72.32:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 100 UDP 168.144.64.5:64497 -> 102.194.207.179:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 101 UDP 168.144.64.5:64693 -> 113.250.137.243:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 102 UDP 168.144.64.5:64700 -> 16.232.218.117:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (gjom@g)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 103 UDP 168.144.64.5:64976 -> 220.80.126.73:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 104 UDP 168.144.64.5:65186 -> 9.65.169.252:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 105 UDP 168.144.64.5:65360 -> 65.33.51.74:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 106 UDP 168.144.64.5:65391 -> 128.248.24.1:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 107 UDP 192.168.254.11:38331 -> 93.100.151.221:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 108 UDP 192.168.254.11:43427 -> 98.251.203.81:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 109 UDP 192.168.254.11:45652 -> 170.196.90.126:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 110 UDP 192.168.254.11:49689 -> 87.179.155.149:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 111 UDP 192.168.254.11:51075 -> 117.148.117.30:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 112 UDP 192.168.254.11:54692 -> 171.182.169.23:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 113 UDP 192.168.254.11:59048 -> 251.236.18.198:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 22 UDP 168.144.64.5:51053 -> 241.138.147.133:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 23 UDP 168.144.64.5:53431 -> 128.248.24.1:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.07 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 24 UDP 168.144.64.5:55376 -> 212.22.246.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.33 sec][PLAIN TEXT (aUOvTUU)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 25 UDP 168.144.64.5:59827 -> 37.47.218.224:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 26 UDP 168.144.64.5:62719 -> 31.219.210.96:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 27 UDP 168.144.64.5:64964 -> 133.202.76.105:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 28 UDP 192.168.254.11:35124 -> 168.78.153.39:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.29 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 29 UDP 10.117.78.100:44252 -> 251.236.18.198:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 30 UDP 10.117.78.100:55273 -> 202.152.155.121:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 31 UDP 159.117.176.124:51856 -> 16.205.123.234:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 32 UDP 168.144.64.5:49153 -> 153.98.28.78:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 33 UDP 168.144.64.5:49217 -> 185.186.183.185:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 34 UDP 168.144.64.5:49324 -> 35.194.157.47:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 35 UDP 168.144.64.5:49860 -> 113.250.137.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 36 UDP 168.144.64.5:49926 -> 103.179.40.184:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 37 UDP 168.144.64.5:50023 -> 76.231.104.92:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (TJdZNR)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 38 UDP 168.144.64.5:50073 -> 152.128.87.238:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 39 UDP 168.144.64.5:50423 -> 144.237.113.58:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 40 UDP 168.144.64.5:50482 -> 121.209.126.161:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 41 UDP 168.144.64.5:50540 -> 99.45.60.254:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 42 UDP 168.144.64.5:50552 -> 108.171.138.182:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 43 UDP 168.144.64.5:51248 -> 99.42.133.245:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 44 UDP 168.144.64.5:51296 -> 128.248.24.1:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 45 UDP 168.144.64.5:51456 -> 102.194.207.179:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 46 UDP 168.144.64.5:52273 -> 244.214.160.219:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 47 UDP 168.144.64.5:52387 -> 143.52.137.18:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 48 UDP 168.144.64.5:52396 -> 153.98.28.78:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 49 UDP 168.144.64.5:52942 -> 93.100.151.221:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 50 UDP 168.144.64.5:53127 -> 113.250.137.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (R/maht)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 51 UDP 168.144.64.5:53404 -> 113.250.137.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 52 UDP 168.144.64.5:54016 -> 153.98.28.78:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 53 UDP 168.144.64.5:54120 -> 153.98.28.78:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 54 UDP 168.144.64.5:54449 -> 102.194.207.179:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 55 UDP 168.144.64.5:55066 -> 128.248.24.1:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 56 UDP 168.144.64.5:55479 -> 113.250.137.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 57 UDP 168.144.64.5:55561 -> 35.194.157.47:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 58 UDP 168.144.64.5:55572 -> 117.148.117.30:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 59 UDP 168.144.64.5:55637 -> 169.81.163.225:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 60 UDP 168.144.64.5:55844 -> 112.1.105.138:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 61 UDP 168.144.64.5:56384 -> 117.148.117.30:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 62 UDP 168.144.64.5:56425 -> 125.136.204.4:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 63 UDP 168.144.64.5:56488 -> 177.86.46.206:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 64 UDP 168.144.64.5:56683 -> 113.250.137.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 65 UDP 168.144.64.5:56844 -> 113.250.137.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 66 UDP 168.144.64.5:57319 -> 7.71.118.27:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 67 UDP 168.144.64.5:57398 -> 137.238.249.2:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 68 UDP 168.144.64.5:57565 -> 217.254.108.174:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 69 UDP 168.144.64.5:57735 -> 137.238.249.2:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 70 UDP 168.144.64.5:57767 -> 76.83.40.87:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 71 UDP 168.144.64.5:58414 -> 153.98.28.78:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (rAnq62)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 72 UDP 168.144.64.5:58429 -> 38.57.8.121:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 73 UDP 168.144.64.5:58703 -> 93.100.151.221:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 74 UDP 168.144.64.5:58832 -> 117.148.117.30:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 75 UDP 168.144.64.5:58956 -> 128.248.24.1:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 76 UDP 168.144.64.5:59206 -> 76.231.104.92:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 77 UDP 168.144.64.5:59327 -> 153.98.28.78:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 78 UDP 168.144.64.5:59622 -> 153.98.28.78:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 79 UDP 168.144.64.5:59680 -> 117.148.117.30:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (xqgfA/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 80 UDP 168.144.64.5:59785 -> 128.248.24.1:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 81 UDP 168.144.64.5:59965 -> 22.12.150.194:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 82 UDP 168.144.64.5:60342 -> 93.100.151.221:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 83 UDP 168.144.64.5:60551 -> 128.248.24.1:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 84 UDP 168.144.64.5:60809 -> 9.65.169.252:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (XDlJUg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 85 UDP 168.144.64.5:60896 -> 45.228.175.189:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 87 UDP 168.144.64.5:60934 -> 128.248.24.1:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 88 UDP 168.144.64.5:60936 -> 9.65.169.252:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 89 UDP 168.144.64.5:60949 -> 185.186.183.185:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 90 UDP 168.144.64.5:61209 -> 35.194.157.47:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 91 UDP 168.144.64.5:61341 -> 16.232.218.117:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 93 UDP 168.144.64.5:62047 -> 136.125.67.96:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 94 UDP 168.144.64.5:62652 -> 158.146.215.30:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 95 UDP 168.144.64.5:62818 -> 113.250.137.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 96 UDP 168.144.64.5:63136 -> 9.65.169.252:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 97 UDP 168.144.64.5:63163 -> 113.250.137.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 98 UDP 168.144.64.5:63736 -> 213.188.47.247:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 99 UDP 168.144.64.5:63925 -> 39.227.72.32:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 100 UDP 168.144.64.5:64497 -> 102.194.207.179:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 101 UDP 168.144.64.5:64693 -> 113.250.137.243:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 102 UDP 168.144.64.5:64700 -> 16.232.218.117:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (gjom@g)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 103 UDP 168.144.64.5:64976 -> 220.80.126.73:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 104 UDP 168.144.64.5:65186 -> 9.65.169.252:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 105 UDP 168.144.64.5:65360 -> 65.33.51.74:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 106 UDP 168.144.64.5:65391 -> 128.248.24.1:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 107 UDP 192.168.254.11:38331 -> 93.100.151.221:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 108 UDP 192.168.254.11:43427 -> 98.251.203.81:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 109 UDP 192.168.254.11:45652 -> 170.196.90.126:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 110 UDP 192.168.254.11:49689 -> 87.179.155.149:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 111 UDP 192.168.254.11:51075 -> 117.148.117.30:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 112 UDP 192.168.254.11:54692 -> 171.182.169.23:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 113 UDP 192.168.254.11:59048 -> 251.236.18.198:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] diff --git a/tests/result/quic_interop_V.pcapng.out b/tests/result/quic_interop_V.pcapng.out index 68589cea4..ce324d9d5 100644 --- a/tests/result/quic_interop_V.pcapng.out +++ b/tests/result/quic_interop_V.pcapng.out @@ -14,75 +14,75 @@ JA3 Host Stats: 2 192.168.1.128 1 - 1 UDP 192.168.1.128:34511 -> 131.159.24.198:443 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1419/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: pandora.cm.in.tum.de][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (SezYZO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 2 UDP 192.168.1.128:37643 -> 71.202.41.169:443 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 243/0 1426/0 4801/0 1546/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: 71.202.41.169][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (tIABbj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.128:34511 -> 131.159.24.198:443 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1419/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: pandora.cm.in.tum.de][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (SezYZO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 2 UDP 192.168.1.128:37643 -> 71.202.41.169:443 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 243/0 1426/0 4801/0 1546/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: 71.202.41.169][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (tIABbj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.128:42468 -> 138.91.188.147:4433 [proto: 188.212/QUIC.Microsoft][Encrypted][cat: Cloud/13][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1425/0 4800/0 1548/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.westus.cloudapp.azure.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 4 UDP 192.168.1.128:46334 -> 40.112.191.60:443 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 241/0 1426/0 4801/0 1545/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: f5quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 5 UDP 192.168.1.128:49658 -> 193.190.10.98:443 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.96 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: quicker.edm.uhasselt.be][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 4 UDP 192.168.1.128:46334 -> 40.112.191.60:443 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 241/0 1426/0 4801/0 1545/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: f5quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 5 UDP 192.168.1.128:49658 -> 193.190.10.98:443 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.96 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: quicker.edm.uhasselt.be][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] 6 UDP 192.168.1.128:50705 -> 138.91.188.147:4434 [proto: 188.212/QUIC.Microsoft][Encrypted][cat: Cloud/13][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.86 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1409/0 4800/0 1558/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.westus.cloudapp.azure.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 7 UDP 192.168.1.128:53402 -> 3.121.242.54:4434 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: ietf.akaquic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 8 UDP 192.168.1.128:59171 -> 193.190.10.98:4433 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1420/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quicker.edm.uhasselt.be][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 9 UDP 192.168.1.128:59515 -> 193.190.10.98:4434 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.84 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1406/0 4800/0 1560/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quicker.edm.uhasselt.be][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 10 UDP 192.168.1.128:60784 -> 3.121.242.54:4433 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1424/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: ietf.akaquic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 11 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:32957 -> [2606:4700:10::6816:826]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.99 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1427/0 4800/0 1547/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: cloudflare-quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (uhbU.2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 12 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:41857 -> [2606:4700:10::6816:826]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.86 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 151/0 1408/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: cloudflare-quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 13 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46242 -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:443 [proto: 188/QUIC][ClearText][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.85 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1407/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: test.privateoctopus.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (QQ/o746)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.1.128:53402 -> 3.121.242.54:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: ietf.akaquic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 8 UDP 192.168.1.128:59171 -> 193.190.10.98:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1420/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quicker.edm.uhasselt.be][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 9 UDP 192.168.1.128:59515 -> 193.190.10.98:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.84 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1406/0 4800/0 1560/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quicker.edm.uhasselt.be][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 10 UDP 192.168.1.128:60784 -> 3.121.242.54:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1424/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: ietf.akaquic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 11 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:32957 -> [2606:4700:10::6816:826]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.99 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1427/0 4800/0 1547/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: cloudflare-quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (uhbU.2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 12 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:41857 -> [2606:4700:10::6816:826]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.86 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 151/0 1408/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: cloudflare-quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 13 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46242 -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.85 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1407/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][Client: test.privateoctopus.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (QQ/o746)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 14 ICMPV6 [2400:8902::f03c:91ff:fe69:a454]:0 <-> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/2588 bytes <-> 2 pkts/290 bytes][Goodput ratio: 95/57][0.32 sec][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 15 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44924 <-> [2400:8902::f03c:91ff:fe69:a454]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.38 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: nghttp2.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 16 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56213 <-> [2400:8902::f03c:91ff:fe69:a454]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.42 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: nghttp2.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 15 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44924 <-> [2400:8902::f03c:91ff:fe69:a454]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.38 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: nghttp2.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 16 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56213 <-> [2400:8902::f03c:91ff:fe69:a454]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.42 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: nghttp2.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.1.128:39975 <-> 138.91.188.147:443 [proto: 188.212/QUIC.Microsoft][Encrypted][cat: Cloud/13][2 pkts/2588 bytes <-> 2 pkts/170 bytes][Goodput ratio: 97/50][0.33 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.westus.cloudapp.azure.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 18 UDP 192.168.1.128:35263 <-> 202.238.220.92:4434 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: mew.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 19 UDP 192.168.1.128:38933 <-> 202.238.220.92:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: mew.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 20 UDP 192.168.1.128:46576 <-> 40.112.191.60:4433 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.33 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: f5quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 21 UDP 192.168.1.128:53791 <-> 40.112.191.60:4434 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.34 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: f5quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 22 UDP 192.168.1.128:37784 <-> 140.227.52.92:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 23 UDP 192.168.1.128:42456 <-> 133.242.206.244:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.45 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: h2o.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 24 UDP 192.168.1.128:44619 <-> 140.227.52.92:4433 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (GypODF)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 25 UDP 192.168.1.128:45855 <-> 133.242.206.244:4434 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.46 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: h2o.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 26 UDP 192.168.1.128:57926 <-> 140.227.52.92:4434 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.43 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 27 UDP 192.168.1.128:37661 -> 71.202.41.169:4433 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: 71.202.41.169][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 28 UDP 192.168.1.128:38366 -> 202.238.220.92:4433 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: mew.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 29 UDP 192.168.1.128:49151 -> 133.242.206.244:4433 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.18 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: h2o.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 30 UDP 192.168.1.128:50289 -> 71.202.41.169:4434 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: 71.202.41.169][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (dCEQah)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 31 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38077 -> [2400:8902::f03c:91ff:fe69:a454]:443 [proto: 188/QUIC][ClearText][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.15 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: nghttp2.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.1.128:35263 <-> 202.238.220.92:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: mew.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 19 UDP 192.168.1.128:38933 <-> 202.238.220.92:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: mew.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 20 UDP 192.168.1.128:46576 <-> 40.112.191.60:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.33 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: f5quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 21 UDP 192.168.1.128:53791 <-> 40.112.191.60:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.34 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: f5quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 22 UDP 192.168.1.128:37784 <-> 140.227.52.92:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 23 UDP 192.168.1.128:42456 <-> 133.242.206.244:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.45 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: h2o.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 24 UDP 192.168.1.128:44619 <-> 140.227.52.92:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (GypODF)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 25 UDP 192.168.1.128:45855 <-> 133.242.206.244:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.46 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: h2o.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 26 UDP 192.168.1.128:57926 <-> 140.227.52.92:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.43 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 27 UDP 192.168.1.128:37661 -> 71.202.41.169:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: 71.202.41.169][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 28 UDP 192.168.1.128:38366 -> 202.238.220.92:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: mew.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 29 UDP 192.168.1.128:49151 -> 133.242.206.244:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.18 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: h2o.examp1e.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 30 UDP 192.168.1.128:50289 -> 71.202.41.169:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: 71.202.41.169][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (dCEQah)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 31 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38077 -> [2400:8902::f03c:91ff:fe69:a454]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.15 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: nghttp2.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 32 ICMPV6 [2001:19f0:4:34::1]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 33 ICMPV6 [2001:19f0:5:c21:5400:1ff:fe33:3b96]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.17 sec][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 34 ICMP 51.158.105.98:0 -> 192.168.1.128:0 [proto: 81/ICMP][ClearText][cat: Network/14][3 pkts/1770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.20 sec][Risk: ** Suspicious entropy **][Risk Score: 50][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38394 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.14 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: test.privateoctopus.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 36 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52080 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.13 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: test.privateoctopus.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 37 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51040 <-> [2604:a880:800:a1::1279:3001]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: http3-test.litespeedtech.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (bOP/lk)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 38 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53760 <-> [2604:a880:800:a1::1279:3001]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: http3-test.litespeedtech.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 39 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:48707 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quant.eggert.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (BykFtI)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 40 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52271 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quant.eggert.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 41 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60983 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quant.eggert.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 42 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:35643 <-> [2001:19f0:4:34::1]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.rocks][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 43 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:37876 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.aiortc.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 44 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39945 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.aiortc.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 45 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44605 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.aiortc.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 46 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:45852 <-> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.tech][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 47 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46353 <-> [2606:4700:10::6816:826]:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.02 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: cloudflare-quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 48 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49788 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.ogre.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 49 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53140 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.ogre.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 50 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49270 <-> [2001:bc8:47a4:1c25::1]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.04 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: h3.stammw.eu][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 51 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51185 <-> [2001:bc8:47a4:1c25::1]:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: h3.stammw.eu][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 52 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60346 <-> [2001:bc8:47a4:1c25::1]:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: h3.stammw.eu][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 35 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38394 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.14 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: test.privateoctopus.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 36 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52080 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.13 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: test.privateoctopus.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 37 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51040 <-> [2604:a880:800:a1::1279:3001]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: http3-test.litespeedtech.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (bOP/lk)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 38 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53760 <-> [2604:a880:800:a1::1279:3001]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: http3-test.litespeedtech.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 39 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:48707 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quant.eggert.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (BykFtI)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 40 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52271 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quant.eggert.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 41 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60983 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quant.eggert.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 42 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:35643 <-> [2001:19f0:4:34::1]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.rocks][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 43 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:37876 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.aiortc.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 44 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39945 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.aiortc.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 45 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44605 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.aiortc.org][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 46 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:45852 <-> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.tech][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 47 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46353 <-> [2606:4700:10::6816:826]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.02 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: cloudflare-quic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 48 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49788 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.ogre.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 49 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53140 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.ogre.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 50 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49270 <-> [2001:bc8:47a4:1c25::1]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.04 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: h3.stammw.eu][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 51 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51185 <-> [2001:bc8:47a4:1c25::1]:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: h3.stammw.eu][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 52 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60346 <-> [2001:bc8:47a4:1c25::1]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: h3.stammw.eu][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 53 ICMP 202.238.220.92:0 <-> 192.168.1.128:0 [proto: 81/ICMP][ClearText][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/194 bytes][Goodput ratio: 93/56][0.28 sec][Risk: ** Suspicious entropy **][Risk Score: 50][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 UDP 192.168.1.128:34903 <-> 18.189.84.245:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/77 bytes][Goodput ratio: 97/45][0.13 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: fb.mvfst.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 55 UDP 192.168.1.128:43475 <-> 18.189.84.245:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/73 bytes][Goodput ratio: 97/42][0.12 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: fb.mvfst.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 54 UDP 192.168.1.128:34903 <-> 18.189.84.245:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/77 bytes][Goodput ratio: 97/45][0.13 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: fb.mvfst.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 55 UDP 192.168.1.128:43475 <-> 18.189.84.245:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/73 bytes][Goodput ratio: 97/42][0.12 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: fb.mvfst.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] 56 ICMP 133.242.206.244:0 <-> 192.168.1.128:0 [proto: 81/ICMP][ClearText][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/178 bytes][Goodput ratio: 93/53][0.22 sec][Risk: ** Suspicious entropy **][Risk Score: 50][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 UDP 192.168.1.128:41587 -> 131.159.24.198:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: pandora.cm.in.tum.de][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 58 UDP 192.168.1.128:43735 -> 51.158.105.98:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.seemann.io][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 59 UDP 192.168.1.128:45250 -> 51.158.105.98:4433 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.seemann.io][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 60 UDP 192.168.1.128:47010 -> 3.121.242.54:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: ietf.akaquic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 61 UDP 192.168.1.128:48644 -> 131.159.24.198:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: pandora.cm.in.tum.de][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 62 UDP 192.168.1.128:51887 -> 51.158.105.98:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.seemann.io][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 63 UDP 192.168.1.128:54570 -> 18.189.84.245:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: fb.mvfst.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 64 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:34442 -> [2001:4800:7817:101:be76:4eff:fe04:631d]:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.ogre.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 65 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38689 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.tech][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 66 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39624 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.tech][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 67 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:43645 -> [2001:19f0:4:34::1]:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.rocks][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 68 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44243 -> [2001:19f0:4:34::1]:4434 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.rocks][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 69 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56073 -> [2604:a880:800:a1::1279:3001]:443 [proto: 188/QUIC][ClearText][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: http3-test.litespeedtech.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 57 UDP 192.168.1.128:41587 -> 131.159.24.198:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: pandora.cm.in.tum.de][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 58 UDP 192.168.1.128:43735 -> 51.158.105.98:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.seemann.io][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 59 UDP 192.168.1.128:45250 -> 51.158.105.98:4433 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.seemann.io][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 60 UDP 192.168.1.128:47010 -> 3.121.242.54:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: ietf.akaquic.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 61 UDP 192.168.1.128:48644 -> 131.159.24.198:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: pandora.cm.in.tum.de][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 62 UDP 192.168.1.128:51887 -> 51.158.105.98:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.seemann.io][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 63 UDP 192.168.1.128:54570 -> 18.189.84.245:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: fb.mvfst.net][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 64 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:34442 -> [2001:4800:7817:101:be76:4eff:fe04:631d]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.ogre.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 65 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38689 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.tech][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 66 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39624 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.tech][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 67 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:43645 -> [2001:19f0:4:34::1]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: quic.rocks][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 68 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44243 -> [2001:19f0:4:34::1]:4434 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known protocol on non standard port **][Risk Score: 50][TLSv1.3][Client: quic.rocks][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 69 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56073 -> [2604:a880:800:a1::1279:3001]:443 [proto: 188/QUIC][Encrypted][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][Client: http3-test.litespeedtech.com][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 70 ICMPV6 [2604:a880:800:a1::1279:3001]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 71 ICMPV6 [2001:4800:7817:101:be76:4eff:fe04:631d]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 72 ICMP 131.159.24.198:0 -> 192.168.1.128:0 [proto: 81/ICMP][ClearText][cat: Network/14][2 pkts/1180 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.14 sec][Risk: ** Suspicious entropy **][Risk Score: 50][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic_q50.pcap.out b/tests/result/quic_q50.pcap.out index f47a64b4b..1302698de 100644 --- a/tests/result/quic_q50.pcap.out +++ b/tests/result/quic_q50.pcap.out @@ -4,4 +4,4 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) QUIC 20 20434 1 - 1 UDP 248.144.129.147:39203 <-> 184.151.193.237:443 [proto: 188/QUIC][ClearText][cat: Web/5][6 pkts/3579 bytes <-> 14 pkts/16855 bytes][Goodput ratio: 93/97][0.47 sec][bytes ratio: -0.650 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 85/27 210/221 80/63][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 596/1204 1392/1392 588/461][User-Agent: Chrome/83.0.4103.101 Android 8.0.0; LDN-L21][Client: www.googletagmanager.com][PLAIN TEXT (x.GdrZY)][Plen Bins: 5,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0,0,0,0] + 1 UDP 248.144.129.147:39203 <-> 184.151.193.237:443 [proto: 188/QUIC][Encrypted][cat: Web/5][6 pkts/3579 bytes <-> 14 pkts/16855 bytes][Goodput ratio: 93/97][0.47 sec][bytes ratio: -0.650 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 85/27 210/221 80/63][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 596/1204 1392/1392 588/461][User-Agent: Chrome/83.0.4103.101 Android 8.0.0; LDN-L21][Client: www.googletagmanager.com][PLAIN TEXT (x.GdrZY)][Plen Bins: 5,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0,0,0,0] diff --git a/tests/result/reddit.pcap.out b/tests/result/reddit.pcap.out index 0e5ce9388..2becdb7e1 100644 --- a/tests/result/reddit.pcap.out +++ b/tests/result/reddit.pcap.out @@ -22,39 +22,39 @@ JA3 Host Stats: 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56558 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][404 pkts/183421 bytes <-> 443 pkts/371457 bytes][Goodput ratio: 81/90][14.25 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/18 1287/1228 166/104][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 454/839 1474/6331 591/765][TLSv1.2][Client: www.reddit.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,65,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30] 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:52296 <-> [2a00:1450:4007:815::2016]:443 [proto: 91.124/TLS.YouTube][Encrypted][cat: Media/1][60 pkts/6514 bytes <-> 114 pkts/132241 bytes][Goodput ratio: 21/93][9.64 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/2 67/67 15/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 109/1160 603/3710 78/617][TLSv1.3][Client: i.ytimg.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,3,5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0,0,0,0,0,4] 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51026 <-> [64:ff9b::acd9:12c2]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][66 pkts/8507 bytes <-> 80 pkts/125556 bytes][Goodput ratio: 33/95][3.50 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 2691/2682 373/334][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1569 1133/5638 165/1322][TLSv1.3][Client: securepubads.g.doubleclick.net][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,6,2,1,0,0,0,1,3,0,0,0,0,2,0,1,1,0,1,0,0,1,1,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,42,0,0,0,27] - 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46806 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][ClearText][cat: Web/5][37 pkts/4520 bytes <-> 67 pkts/115565 bytes][Goodput ratio: 29/95][0.23 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/3 37/32 9/7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 122/1725 603/10958 105/1750][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,1,3,0,1,0,0,0,1,1,0,0,0,0,0,0,1,0,3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,51,0,0,1,0,1,1,1,0,0,29] + 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46806 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][Encrypted][cat: Web/5][37 pkts/4520 bytes <-> 67 pkts/115565 bytes][Goodput ratio: 29/95][0.23 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/3 37/32 9/7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 122/1725 603/10958 105/1750][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,1,3,0,1,0,0,0,1,1,0,0,0,0,0,0,1,0,3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,51,0,0,1,0,1,1,1,0,0,29] 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56578 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][57 pkts/7347 bytes <-> 76 pkts/103122 bytes][Goodput ratio: 33/94][11.79 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.867 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 271/71 6900/2972 1125/399][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1357 603/10566 102/1695][TLSv1.2][Client: styles.redditmedia.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,13,1,1,0,0,1,1,0,0,1,1,1,0,1,6,2,0,0,1,0,0,0,0,2,1,1,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23] - 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38320 <-> [64:ff9b::6853:b3b6]:443 [proto: 91/TLS][ClearText][cat: Web/5][56 pkts/6503 bytes <-> 62 pkts/97797 bytes][Goodput ratio: 26/95][1.36 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.875 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/16 501/619 77/87][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 116/1577 665/5638 108/1301][TLSv1.3][Client: c.aaxads.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 1,0,4,3,0,0,1,3,4,0,0,0,0,0,3,0,1,0,3,0,0,0,0,0,0,1,0,0,0,3,0,0,1,0,0,0,0,0,0,1,0,0,9,31,0,0,0,26] + 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38320 <-> [64:ff9b::6853:b3b6]:443 [proto: 91/TLS][Encrypted][cat: Web/5][56 pkts/6503 bytes <-> 62 pkts/97797 bytes][Goodput ratio: 26/95][1.36 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.875 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/16 501/619 77/87][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 116/1577 665/5638 108/1301][TLSv1.3][Client: c.aaxads.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 1,0,4,3,0,0,1,3,4,0,0,0,0,0,3,0,1,0,3,0,0,0,0,0,0,1,0,0,0,3,0,0,1,0,0,0,0,0,0,1,0,0,9,31,0,0,0,26] 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47302 <-> [2a00:1450:4007:80c::2003]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][43 pkts/5078 bytes <-> 71 pkts/73972 bytes][Goodput ratio: 27/92][2.39 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.872 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/38 2098/2123 370/274][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 118/1042 603/2502 91/579][TLSv1.3][Client: fonts.gstatic.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,4,5,4,0,0,1,0,1,1,0,0,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,69,0,0,0,0,1,0,0,0,0,4] 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50960 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.239/TLS.GoogleServices][Encrypted][cat: Web/5][63 pkts/9382 bytes <-> 101 pkts/50108 bytes][Goodput ratio: 42/83][11.54 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.685 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 175/97 3298/3291 595/448][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/496 1254/2419 170/528][TLSv1.3][Client: www.googletagservices.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,27,7,4,3,9,1,3,4,0,0,1,1,0,1,2,1,0,1,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,24,0,0,0,0,0,0,0,0,0,1] 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56594 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][56 pkts/6579 bytes <-> 56 pkts/43995 bytes][Goodput ratio: 27/89][10.00 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 223/78 6000/1288 917/258][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/786 603/1134 85/450][TLSv1.2][Client: b.thumbs.redditmedia.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.thumbs.redditmedia.com,thumbs.redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com][Certificate SHA-1: FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75][Chrome][Validity: 2020-02-18 00:00:00 - 2021-05-14 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,1,15,3,0,0,0,0,3,0,1,0,0,1,3,0,1,3,0,1,0,0,0,0,0,0,0,0,0,1,1,0,63,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43492 <-> [64:ff9b::df9:21c6]:443 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][32 pkts/4130 bytes <-> 41 pkts/43404 bytes][Goodput ratio: 33/92][3.33 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.826 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/83 2442/2482 493/425][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1059 603/2862 111/716][TLSv1.3][Client: c.amazon-adsystem.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,0,7,2,2,0,0,2,2,5,2,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,5] 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36964 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][32 pkts/4373 bytes <-> 53 pkts/40038 bytes][Goodput ratio: 37/89][0.36 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/138 11/21][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/755 603/2556 117/617][TLSv1.3][Client: tpc.googlesyndication.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,8,3,0,8,3,1,6,1,3,1,0,1,1,1,0,1,0,1,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,41,0,0,0,0,0,0,0,0,0,3] - 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39520 <-> [2a00:1450:4007:816::2008]:443 [proto: 91/TLS][ClearText][cat: Web/5][33 pkts/3852 bytes <-> 36 pkts/38105 bytes][Goodput ratio: 26/92][0.21 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.816 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 43/38 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/1058 603/2502 99/724][TLSv1.3][Client: www.googletagmanager.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,2,5,0,0,0,0,0,2,0,0,0,0,0,5,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0,0,0,0,0,0,0,14] + 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39520 <-> [2a00:1450:4007:816::2008]:443 [proto: 91/TLS][Encrypted][cat: Web/5][33 pkts/3852 bytes <-> 36 pkts/38105 bytes][Goodput ratio: 26/92][0.21 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.816 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 43/38 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/1058 603/2502 99/724][TLSv1.3][Client: www.googletagmanager.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,2,5,0,0,0,0,0,2,0,0,0,0,0,5,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0,0,0,0,0,0,0,14] 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58122 <-> [2a00:1450:4007:805::2001]:443 [proto: 91.124/TLS.YouTube][Encrypted][cat: Media/1][34 pkts/4406 bytes <-> 37 pkts/20521 bytes][Goodput ratio: 33/84][9.61 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 352/8 9266/68 1748/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 130/555 603/1294 104/520][TLSv1.3][Client: yt3.ggpht.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,17,5,17,0,0,0,0,2,0,2,0,2,2,0,2,5,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0] - 18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48648 <-> [2620:116:800d:21:f916:5049:f87f:108e]:443 [proto: 91/TLS][ClearText][cat: Web/5][22 pkts/3573 bytes <-> 22 pkts/14972 bytes][Goodput ratio: 47/87][0.65 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/11 94/78 32/20][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 162/681 603/1474 142/625][TLSv1.2][Client: secure.quantserve.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com][Certificate SHA-1: 3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90][Chrome][Validity: 2020-10-02 00:00:00 - 2021-10-07 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,4,9,0,0,0,0,14,0,0,4,4,0,0,0,4,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0] + 18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48648 <-> [2620:116:800d:21:f916:5049:f87f:108e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][22 pkts/3573 bytes <-> 22 pkts/14972 bytes][Goodput ratio: 47/87][0.65 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/11 94/78 32/20][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 162/681 603/1474 142/625][TLSv1.2][Client: secure.quantserve.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com][Certificate SHA-1: 3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90][Chrome][Validity: 2020-10-02 00:00:00 - 2021-10-07 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,4,9,0,0,0,0,14,0,0,4,4,0,0,0,4,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0] 19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57282 <-> [2a00:1450:4007:805::2004]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][20 pkts/2757 bytes <-> 19 pkts/11579 bytes][Goodput ratio: 37/86][0.21 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/9 62/67 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 138/609 603/1294 125/544][TLSv1.3][Client: www.google.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,11,11,0,0,0,11,0,5,0,0,0,0,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,0,0,0,0,0,0,0] 20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56592 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][19 pkts/2787 bytes <-> 18 pkts/10331 bytes][Goodput ratio: 41/85][0.20 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.575 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 52/50 19/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/574 603/1134 131/477][TLSv1.2][Client: emoji.redditmedia.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,18,5,0,0,0,0,5,5,0,0,0,0,0,0,11,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40028 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91.239/TLS.GoogleServices][Encrypted][cat: Web/5][25 pkts/5078 bytes <-> 28 pkts/7828 bytes][Goodput ratio: 57/69][14.15 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.213 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/634 75/13857 21/2886][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 203/280 910/1294 240/323][TLSv1.3][Client: safebrowsing.googleapis.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,27,15,3,0,0,3,0,0,11,3,0,0,0,0,3,3,0,3,7,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] 22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56782 <-> [64:ff9b::68f4:2ac8]:443 [proto: 91.120/TLS.Twitter][Encrypted][cat: SocialNetwork/6][23 pkts/5030 bytes <-> 22 pkts/7292 bytes][Goodput ratio: 61/74][4.33 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 216/228 2512/2545 565/587][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 219/331 854/1474 227/405][TLSv1.2][Client: syndication.twitter.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com][Certificate SHA-1: 09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F][Chrome][Validity: 2020-01-02 00:00:00 - 2020-12-24 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,15,0,20,0,0,4,4,4,15,0,0,4,0,4,0,4,0,0,0,4,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0] 23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56640 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][23 pkts/3696 bytes <-> 22 pkts/8527 bytes][Goodput ratio: 46/78][0.57 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.395 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/30 307/307 76/75][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 161/388 603/1134 157/388][TLSv1.2][Client: gateway.reddit.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,20,4,4,0,0,0,4,0,0,4,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46646 <-> [64:ff9b::345f:7ca5]:443 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][14 pkts/3201 bytes <-> 13 pkts/8450 bytes][Goodput ratio: 62/87][0.22 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/17 60/42 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 229/650 762/1446 254/571][TLSv1.2][Client: aax-eu.amazon-adsystem.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com][JA3S: 49b45fc1ab090aa3a159778313fc9b9e][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=aax-eu.amazon-adsystem.com][Certificate SHA-1: 5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B][Chrome][Validity: 2020-06-15 00:00:00 - 2021-06-15 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,8,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,8,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0] - 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59624 <-> [2a00:1450:4007:80b::2001]:443 [proto: 91/TLS][ClearText][cat: Web/5][18 pkts/2649 bytes <-> 17 pkts/8456 bytes][Goodput ratio: 41/83][0.15 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 34/33 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/497 603/1294 137/490][Risk: ** Suspicious DGA domain name **][Risk Score: 100][TLSv1.3][Client: 8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.co][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,0,0,0,6,0,6,0,6,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0] - 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46808 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][ClearText][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 32/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 32/32 11/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] - 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46810 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][ClearText][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9100 bytes][Goodput ratio: 32/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 31/34 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] - 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46814 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][ClearText][cat: Web/5][14 pkts/1769 bytes <-> 13 pkts/9102 bytes][Goodput ratio: 33/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] - 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46812 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][ClearText][cat: Web/5][14 pkts/1769 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 33/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] + 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59624 <-> [2a00:1450:4007:80b::2001]:443 [proto: 91/TLS][Encrypted][cat: Web/5][18 pkts/2649 bytes <-> 17 pkts/8456 bytes][Goodput ratio: 41/83][0.15 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 34/33 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/497 603/1294 137/490][Risk: ** Suspicious DGA domain name **][Risk Score: 100][TLSv1.3][Client: 8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.co][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,0,0,0,6,0,6,0,6,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0] + 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46808 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][Encrypted][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 32/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 32/32 11/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] + 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46810 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][Encrypted][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9100 bytes][Goodput ratio: 32/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 31/34 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] + 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46814 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][Encrypted][cat: Web/5][14 pkts/1769 bytes <-> 13 pkts/9102 bytes][Goodput ratio: 33/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] + 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46812 <-> [2a00:1450:4007:808::2001]:443 [proto: 91/TLS][Encrypted][cat: Web/5][14 pkts/1769 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 33/88][0.12 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][TLSv1.3][Client: cdn.ampproject.org][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] 30 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39736 <-> [2606:2800:134:1a0d:1429:742:782:b6]:443 [proto: 91.120/TLS.Twitter][Encrypted][cat: SocialNetwork/6][18 pkts/3180 bytes <-> 18 pkts/7527 bytes][Goodput ratio: 51/79][0.25 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 51/41 19/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/418 609/1294 176/478][TLSv1.3][Client: cdn.syndication.twimg.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,0,18,11,0,0,0,11,0,0,5,0,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0] 31 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51100 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][20 pkts/3169 bytes <-> 22 pkts/6495 bytes][Goodput ratio: 45/71][0.25 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 50/31 19/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/295 603/1474 141/415][TLSv1.3][Client: ad.doubleclick.net][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 20,24,15,4,0,4,4,0,0,0,0,0,4,0,0,0,4,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0] - 32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47006 <-> [64:ff9b::34d3:acec]:443 [proto: 91/TLS][ClearText][cat: Web/5][12 pkts/2260 bytes <-> 11 pkts/7351 bytes][Goodput ratio: 54/87][0.30 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/31 67/134 23/42][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 188/668 663/1474 202/634][TLSv1.2][Client: d9.flashtalking.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=tag.device9.com][Certificate SHA-1: 8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3][Chrome][Validity: 2020-08-06 10:30:28 - 2021-09-17 11:41:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,30,0,0,0,0] - 33 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56186 <-> [2600:9000:219c:ee00:6:44e3:f8c0:93a1]:443 [proto: 91/TLS][ClearText][cat: Web/5][14 pkts/2163 bytes <-> 13 pkts/7387 bytes][Goodput ratio: 44/85][0.16 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/13 39/40 13/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 154/568 603/1294 140/540][TLSv1.3][Client: rules.quantcount.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,0,25,0,0,0,0,8,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0] + 32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47006 <-> [64:ff9b::34d3:acec]:443 [proto: 91/TLS][Encrypted][cat: Web/5][12 pkts/2260 bytes <-> 11 pkts/7351 bytes][Goodput ratio: 54/87][0.30 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/31 67/134 23/42][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 188/668 663/1474 202/634][TLSv1.2][Client: d9.flashtalking.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=tag.device9.com][Certificate SHA-1: 8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3][Chrome][Validity: 2020-08-06 10:30:28 - 2021-09-17 11:41:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,30,0,0,0,0] + 33 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56186 <-> [2600:9000:219c:ee00:6:44e3:f8c0:93a1]:443 [proto: 91/TLS][Encrypted][cat: Web/5][14 pkts/2163 bytes <-> 13 pkts/7387 bytes][Goodput ratio: 44/85][0.16 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/13 39/40 13/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 154/568 603/1294 140/540][TLSv1.3][Client: rules.quantcount.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,0,25,0,0,0,0,8,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0] 34 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59336 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][17 pkts/2490 bytes <-> 16 pkts/7006 bytes][Goodput ratio: 41/80][0.14 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/37 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/438 603/1294 132/466][TLSv1.3][Client: adservice.google.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,13,0,0,0,6,0,6,0,0,0,0,6,0,0,6,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0] 35 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38166 <-> [2a00:1450:4007:811::200a]:443 [proto: 91.239/TLS.GoogleServices][Encrypted][cat: Web/5][18 pkts/2582 bytes <-> 17 pkts/6805 bytes][Goodput ratio: 40/78][0.19 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 43/43 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 143/400 603/1294 130/409][TLSv1.3][Client: fonts.googleapis.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,6,0,12,0,0,0,0,0,6,6,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0] - 36 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39626 <-> [64:ff9b::2278:cf94]:443 [proto: 91/TLS][ClearText][cat: Web/5][16 pkts/2444 bytes <-> 15 pkts/6941 bytes][Goodput ratio: 43/81][0.43 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/33 104/221 29/63][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/463 603/1474 135/553][TLSv1.3][Client: id.rlcdn.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,7,0,0,0,0,7,0,0,0,0,0,0,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0] - 37 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91/TLS][ClearText][cat: Web/5][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][TLSv1.3][Client: sb.scorecardresearch.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0] + 36 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39626 <-> [64:ff9b::2278:cf94]:443 [proto: 91/TLS][Encrypted][cat: Web/5][16 pkts/2444 bytes <-> 15 pkts/6941 bytes][Goodput ratio: 43/81][0.43 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/33 104/221 29/63][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/463 603/1474 135/553][TLSv1.3][Client: id.rlcdn.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,7,0,0,0,0,7,0,0,0,0,0,0,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0] + 37 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91/TLS][Encrypted][cat: Web/5][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][TLSv1.3][Client: sb.scorecardresearch.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0] 38 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51006 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][16 pkts/2404 bytes <-> 15 pkts/5962 bytes][Goodput ratio: 42/78][0.15 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 52/37 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 150/397 603/1294 135/433][TLSv1.3][Client: adservice.google.fr][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,0,0,0,7,0,7,0,0,0,0,0,0,0,7,0,7,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0] 39 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54726 <-> [2a00:1450:4007:808::2006]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][16 pkts/2391 bytes <-> 15 pkts/5296 bytes][Goodput ratio: 42/75][0.22 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/9 66/45 24/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/353 603/1294 134/414][TLSv1.3][Client: static.doubleclick.net][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,21,14,0,0,0,0,0,7,0,0,0,7,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0] - 40 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:32970 <-> [64:ff9b::6853:b3d1]:443 [proto: 91/TLS][ClearText][cat: Web/5][11 pkts/2007 bytes <-> 10 pkts/4815 bytes][Goodput ratio: 52/82][0.14 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 62/32 23/13][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 182/482 603/1474 186/513][TLSv1.3][Client: www.aaxdetect.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,11,0,0,0,0,11,22,0,11,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0] + 40 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:32970 <-> [64:ff9b::6853:b3d1]:443 [proto: 91/TLS][Encrypted][cat: Web/5][11 pkts/2007 bytes <-> 10 pkts/4815 bytes][Goodput ratio: 52/82][0.14 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 62/32 23/13][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 182/482 603/1474 186/513][TLSv1.3][Client: www.aaxdetect.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,11,0,0,0,0,11,22,0,11,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0] 41 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56574 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.14 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/6 41/38 16/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][TLSv1.2][Client: styles.redditmedia.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56576 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.14 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/5 53/38 20/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][TLSv1.2][Client: styles.redditmedia.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56590 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.15 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 52/51 20/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][TLSv1.2][Client: emoji.redditmedia.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -74,4 +74,4 @@ JA3 Host Stats: 57 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36968 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][10 pkts/1425 bytes <-> 9 pkts/4016 bytes][Goodput ratio: 41/81][0.14 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/8 47/40 18/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/446 603/1294 155/488][TLSv1.3][Client: tpc.googlesyndication.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] 58 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56586 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 54/43 23/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][TLSv1.2][Client: preview.redd.it][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56588 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Encrypted][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 53/42 22/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][TLSv1.2][Client: preview.redd.it][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36972 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/168 bytes <-> 1 pkts/94 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36972 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/168 bytes <-> 1 pkts/94 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/safari.pcap.out b/tests/result/safari.pcap.out index 714898e46..9519b7d28 100644 --- a/tests/result/safari.pcap.out +++ b/tests/result/safari.pcap.out @@ -9,10 +9,10 @@ JA3 Host Stats: 1 192.168.1.178 2 - 1 TCP 192.168.1.178:55262 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][770 pkts/55268 bytes <-> 1313 pkts/1959863 bytes][Goodput ratio: 8/96][5.92 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.945 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 3388/3416 146/105][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/1493 514/1506 47/126][TLSv1.2][Client: www.iit.cnr.it][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] - 2 TCP 192.168.1.178:55267 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][356 pkts/26392 bytes <-> 571 pkts/841944 bytes][Goodput ratio: 11/96][0.97 sec][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 84/77 9/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/1475 517/1506 57/196][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] - 3 TCP 192.168.1.178:55268 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][323 pkts/24626 bytes <-> 477 pkts/704321 bytes][Goodput ratio: 13/96][0.91 sec][bytes ratio: -0.932 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 116/146 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/1477 511/1506 64/189][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] - 4 TCP 192.168.1.178:55265 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][343 pkts/25933 bytes <-> 458 pkts/675289 bytes][Goodput ratio: 13/96][0.98 sec][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 103/78 10/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/1474 515/1506 62/190][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] - 5 TCP 192.168.1.178:55269 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][307 pkts/22856 bytes <-> 462 pkts/676638 bytes][Goodput ratio: 9/95][0.89 sec][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 105/147 10/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/1465 508/1506 51/220][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] - 6 TCP 192.168.1.178:55266 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][250 pkts/20232 bytes <-> 371 pkts/530337 bytes][Goodput ratio: 18/95][0.85 sec][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 106/77 11/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 81/1429 503/1506 77/274][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] - 7 TCP 192.168.1.178:55285 <-> 146.48.58.18:443 [proto: 91/TLS][ClearText][cat: Web/5][9 pkts/1312 bytes <-> 9 pkts/5298 bytes][Goodput ratio: 54/89][0.13 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 33/28 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/589 444/1506 129/618][TLSv1.2][Client: www.iit.cnr.it][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,12,12,0,0,0,0,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0] + 1 TCP 192.168.1.178:55262 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][770 pkts/55268 bytes <-> 1313 pkts/1959863 bytes][Goodput ratio: 8/96][5.92 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.945 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 3388/3416 146/105][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/1493 514/1506 47/126][TLSv1.2][Client: www.iit.cnr.it][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] + 2 TCP 192.168.1.178:55267 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][356 pkts/26392 bytes <-> 571 pkts/841944 bytes][Goodput ratio: 11/96][0.97 sec][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 84/77 9/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/1475 517/1506 57/196][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] + 3 TCP 192.168.1.178:55268 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][323 pkts/24626 bytes <-> 477 pkts/704321 bytes][Goodput ratio: 13/96][0.91 sec][bytes ratio: -0.932 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 116/146 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/1477 511/1506 64/189][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] + 4 TCP 192.168.1.178:55265 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][343 pkts/25933 bytes <-> 458 pkts/675289 bytes][Goodput ratio: 13/96][0.98 sec][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 103/78 10/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/1474 515/1506 62/190][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] + 5 TCP 192.168.1.178:55269 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][307 pkts/22856 bytes <-> 462 pkts/676638 bytes][Goodput ratio: 9/95][0.89 sec][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 105/147 10/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/1465 508/1506 51/220][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] + 6 TCP 192.168.1.178:55266 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][250 pkts/20232 bytes <-> 371 pkts/530337 bytes][Goodput ratio: 18/95][0.85 sec][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 106/77 11/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 81/1429 503/1506 77/274][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.iit.cnr.it][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] + 7 TCP 192.168.1.178:55285 <-> 146.48.58.18:443 [proto: 91/TLS][Encrypted][cat: Web/5][9 pkts/1312 bytes <-> 9 pkts/5298 bytes][Goodput ratio: 54/89][0.13 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 33/28 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/589 444/1506 129/618][TLSv1.2][Client: www.iit.cnr.it][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,12,12,0,0,0,0,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0] diff --git a/tests/result/signal.pcap.out b/tests/result/signal.pcap.out index f66fe59a4..1badda28f 100644 --- a/tests/result/signal.pcap.out +++ b/tests/result/signal.pcap.out @@ -30,9 +30,9 @@ JA3 Host Stats: 11 TCP 192.168.2.17:57025 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Encrypted][cat: Chat/9][15 pkts/2041 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 51/79][0.58 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 166/184 54/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/321 583/1506 133/473][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] 12 TCP 192.168.2.17:49226 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][Encrypted][cat: Chat/9][13 pkts/1688 bytes <-> 11 pkts/3569 bytes][Goodput ratio: 48/79][9.90 sec][bytes ratio: -0.358 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/57 113/154 53/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/324 502/1506 120/473][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,30,20,0,0,0,10,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] 13 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][ClearText][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][15.76 sec][Host: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][ClearText][cat: Web/5][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 12/13][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158/4 347/16 157/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68/78 90/105 16/15][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][Encrypted][cat: Web/5][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 12/13][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158/4 347/16 157/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68/78 90/105 16/15][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 192.168.2.17:56996 <-> 17.248.146.144:443 [proto: 91.140/TLS.Apple][Encrypted][cat: Web/5][4 pkts/341 bytes <-> 4 pkts/264 bytes][Goodput ratio: 23/0][0.03 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/0 8/0 25/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/66 112/66 20/0][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][ClearText][cat: Web/5][5 pkts/317 bytes <-> 3 pkts/221 bytes][Goodput ratio: 7/10][0.03 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 24/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63/74 89/89 14/11][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][Encrypted][cat: Web/5][5 pkts/317 bytes <-> 3 pkts/221 bytes][Goodput ratio: 7/10][0.03 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 24/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63/74 89/89 14/11][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.2.17:56263 <-> 192.168.2.1:53 [proto: 5.39/DNS.Signal][ClearText][cat: Chat/9][1 pkts/97 bytes <-> 1 pkts/193 bytes][Goodput ratio: 56/78][0.03 sec][Host: textsecure-service.whispersystems.org][54.175.47.110][PLAIN TEXT (textsecure)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 192.168.2.17:60793 <-> 192.168.2.1:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.04 sec][Host: e673.dsce9.akamaiedge.net][23.57.24.16][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 ICMP 192.168.2.17:0 -> 192.168.2.1:0 [proto: 81/ICMP][ClearText][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index c90b8efc7..b103d8bb4 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -24,72 +24,72 @@ JA3 Host Stats: 1 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][Goodput ratio: 71/92][166.18 sec][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002/608 30166/30261 4602/3439][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 227/778 1506/1506 423/553][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 06207a1730b5deeb207b0556e102ded2][ServerNames: *.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com][JA3S: 5e4e5596180ebd0ac0317125ee490707][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2][Subject: CN=*.gateway.messenger.live.com][Certificate SHA-1: 95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51][Validity: 2014-10-27 22:51:07 - 2016-10-26 22:51:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 19,1,2,5,0,1,2,0,0,3,0,1,0,1,0,0,0,1,1,0,0,0,2,0,1,0,0,12,2,1,0,0,0,0,0,0,2,0,0,0,2,4,0,0,0,30,0,0] - 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes][Goodput ratio: 75/85][96.43 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 448/357 8300/8646 1136/1099][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/433 1506/1506 343/569][PLAIN TEXT ( 0sKWL)][Plen Bins: 28,12,3,3,9,3,1,0,1,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,23,0,0] + 2 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes][Goodput ratio: 75/85][96.43 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 448/357 8300/8646 1136/1099][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/433 1506/1506 343/569][PLAIN TEXT ( 0sKWL)][Plen Bins: 28,12,3,3,9,3,1,0,1,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,23,0,0] 3 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][79 pkts/29479 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][160.13 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1136/0 19950/0 4579/0][Pkt Len c2s/s2c min/avg/max/stddev: 327/0 373/0 405/0 29/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,8,30,18,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/TLS.AppleiCloud][Encrypted][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][Goodput ratio: 76/77][46.31 sec][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 115/85 899/1012 250/251][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 224/248 680/1494 261/324][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: p05-keyvalueservice.icloud.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,20,2,0,0,0,0,2,0,0,14,0,0,0,0,4,2,7,7,16,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0] 5 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][14 pkts/7281 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][6.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 508/0 3090/0 1136/0][Pkt Len c2s/s2c min/avg/max/stddev: 475/0 520/0 555/0 31/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,42,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/TLS.Dropbox][Encrypted][cat: Cloud/13][8 pkts/1636 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 68/88][141.04 sec][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 141/2 23483/23483 53811/53950 23773/23909][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 204/543 343/1020 138/477][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes][Goodput ratio: 78/28][32.96 sec][bytes ratio: 0.856 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2304/22 5155/43 2241/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 299/93 398/172 147/46][Plen Bins: 7,7,0,7,0,0,0,0,0,0,78,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 91/TLS][ClearText][cat: Web/5][11 pkts/4406 bytes <-> 8 pkts/705 bytes][Goodput ratio: 83/26][0.60 sec][bytes ratio: 0.724 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/29 343/72 105/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 401/88 1506/237 547/56][Plen Bins: 55,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0] + 7 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes][Goodput ratio: 78/28][32.96 sec][bytes ratio: 0.856 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2304/22 5155/43 2241/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 299/93 398/172 147/46][Plen Bins: 7,7,0,7,0,0,0,0,0,0,78,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 91/TLS][Encrypted][cat: Web/5][11 pkts/4406 bytes <-> 8 pkts/705 bytes][Goodput ratio: 83/26][0.60 sec][bytes ratio: 0.724 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/29 343/72 105/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 401/88 1506/237 547/56][Plen Bins: 55,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0] 9 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][17 pkts/3605 bytes <-> 1 pkts/74 bytes][Goodput ratio: 69/0][69.74 sec][bytes ratio: 0.960 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4362/0 8437/0 3867/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 212/74 257/74 81/0][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: apps.skypeassets.com][JA3C: 799135475da362592a4be9199d258726][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][Goodput ratio: 69/0][55.58 sec][bytes ratio: 0.958 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3492/0 6700/0 2904/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 216/74 251/74 72/0][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][ClearText][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][150.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30053/0 30073/0 30087/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 544/0 544/0 544/0 0/0][PLAIN TEXT ( 1573195445)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][ClearText][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][150.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30053/0 30074/0 30087/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 544/0 544/0 544/0 0/0][PLAIN TEXT ( 1573195445)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][ClearText][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][120.16 sec][PLAIN TEXT ( 3375359593)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][ClearText][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][120.15 sec][PLAIN TEXT ( 3375359593)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 91/TLS][ClearText][cat: Web/5][9 pkts/1968 bytes <-> 7 pkts/632 bytes][Goodput ratio: 69/26][0.29 sec][bytes ratio: 0.514 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/39 52/53 24/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 219/90 1418/199 424/45][Plen Bins: 71,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0] + 15 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 91/TLS][Encrypted][cat: Web/5][9 pkts/1968 bytes <-> 7 pkts/632 bytes][Goodput ratio: 69/26][0.29 sec][bytes ratio: 0.514 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/39 52/53 24/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 219/90 1418/199 424/45][Plen Bins: 71,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0] 16 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/2140 bytes <-> 3 pkts/200 bytes][Goodput ratio: 62/0][20.12 sec][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1686/0 6249/0 2227/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 178/67 233/74 77/6][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: apps.skype.com][JA3C: 3d49c0a7161d6636fcb6973f14e05046][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238.140/ApplePush.Apple][Encrypted][cat: Cloud/13][6 pkts/1211 bytes <-> 6 pkts/666 bytes][Goodput ratio: 67/40][66.95 sec][bytes ratio: 0.290 (Upload)][IAT c2s/s2c min/avg/max/stddev: 228/1 16680/16680 43974/44201 18099/18357][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 202/111 471/156 151/45][Plen Bins: 0,0,50,0,0,0,33,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1554 bytes <-> 3 pkts/200 bytes][Goodput ratio: 44/0][29.28 sec][bytes ratio: 0.772 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/73 2360/73 8785/73 2806/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 120/67 138/74 27/6][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/TLS][ClearText][cat: Web/5][13 pkts/1392 bytes <-> 3 pkts/200 bytes][Goodput ratio: 37/0][25.19 sec][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/66 2028/66 7535/66 2316/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 107/67 138/74 21/6][Plen Bins: 0,90,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/TLS][Encrypted][cat: Web/5][13 pkts/1392 bytes <-> 3 pkts/200 bytes][Goodput ratio: 37/0][25.19 sec][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/66 2028/66 7535/66 2316/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 107/67 138/74 21/6][Plen Bins: 0,90,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1305 bytes <-> 3 pkts/285 bytes][Goodput ratio: 39/28][17.34 sec][bytes ratio: 0.642 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/77 1416/77 5596/77 1926/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 109/95 138/145 31/36][Plen Bins: 0,77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/1218 bytes <-> 4 pkts/351 bytes][Goodput ratio: 40/22][28.33 sec][bytes ratio: 0.553 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/144 2462/3596 14821/7049 4470/3452][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 111/88 138/145 34/33][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/285 bytes][Goodput ratio: 37/28][17.15 sec][bytes ratio: 0.628 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/72 1414/72 4128/72 1485/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 104/95 138/145 28/36][Plen Bins: 0,77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/955 bytes <-> 9 pkts/561 bytes][Goodput ratio: 35/6][31.00 sec][bytes ratio: 0.260 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/8 2790/4672 15237/15319 4910/5535][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 87/62 381/75 93/5][Plen Bins: 83,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1270 bytes <-> 3 pkts/243 bytes][Goodput ratio: 38/15][18.12 sec][bytes ratio: 0.679 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/124 1296/124 4572/124 1447/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/81 138/103 29/16][Plen Bins: 0,88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1207 bytes <-> 3 pkts/277 bytes][Goodput ratio: 34/26][17.90 sec][bytes ratio: 0.627 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/124 1280/124 4315/124 1403/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 101/92 138/137 26/32][Plen Bins: 0,77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/TLS][ClearText][cat: Web/5][12 pkts/1221 bytes <-> 3 pkts/231 bytes][Goodput ratio: 35/11][19.92 sec][bytes ratio: 0.682 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/128 1424/128 6319/128 1855/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 102/77 138/91 26/10][Plen Bins: 11,77,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][14 pkts/1083 bytes <-> 4 pkts/359 bytes][Goodput ratio: 14/26][27.76 sec][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 2230/36 8404/71 2519/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/90 141/159 18/40][Plen Bins: 81,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/1020 bytes <-> 4 pkts/421 bytes][Goodput ratio: 16/35][19.16 sec][bytes ratio: 0.416 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1603/66 5463/131 1891/66][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/105 172/163 28/39][Plen Bins: 70,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/TLS][Encrypted][cat: Web/5][12 pkts/1221 bytes <-> 3 pkts/231 bytes][Goodput ratio: 35/11][19.92 sec][bytes ratio: 0.682 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/128 1424/128 6319/128 1855/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 102/77 138/91 26/10][Plen Bins: 11,77,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][14 pkts/1083 bytes <-> 4 pkts/359 bytes][Goodput ratio: 14/26][27.76 sec][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 2230/36 8404/71 2519/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/90 141/159 18/40][Plen Bins: 81,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1020 bytes <-> 4 pkts/421 bytes][Goodput ratio: 16/35][19.16 sec][bytes ratio: 0.416 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1603/66 5463/131 1891/66][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/105 172/163 28/39][Plen Bins: 70,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1151 bytes <-> 3 pkts/260 bytes][Goodput ratio: 31/21][18.87 sec][bytes ratio: 0.631 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/126 1350/126 5288/126 1597/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 96/87 138/120 23/24][Plen Bins: 0,88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/1050 bytes <-> 4 pkts/351 bytes][Goodput ratio: 31/22][27.57 sec][bytes ratio: 0.499 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/148 2390/3556 14149/6963 4258/3408][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 95/88 138/145 24/33][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/390 bytes][Goodput ratio: 15/30][19.16 sec][bytes ratio: 0.443 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 1603/66 5454/128 1890/62][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/98 162/138 25/29][Plen Bins: 70,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][14 pkts/1085 bytes <-> 4 pkts/315 bytes][Goodput ratio: 14/16][28.25 sec][bytes ratio: 0.550 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2270/41 8492/76 2559/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 78/79 143/115 19/22][Plen Bins: 81,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/TLS][ClearText][cat: Web/5][11 pkts/1140 bytes <-> 3 pkts/250 bytes][Goodput ratio: 36/18][11.63 sec][bytes ratio: 0.640 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/130 1177/130 4498/130 1454/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 104/83 138/110 29/19][Plen Bins: 0,87,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/975 bytes <-> 4 pkts/412 bytes][Goodput ratio: 12/34][19.05 sec][bytes ratio: 0.406 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1596/66 5396/130 1974/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/103 127/146 16/34][Plen Bins: 70,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/TLS][ClearText][cat: Web/5][13 pkts/1176 bytes <-> 3 pkts/200 bytes][Goodput ratio: 26/0][26.92 sec][bytes ratio: 0.709 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/66 2171/66 8161/66 2541/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 90/67 138/74 17/6][Plen Bins: 90,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/371 bytes][Goodput ratio: 14/27][17.70 sec][bytes ratio: 0.459 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1517/38 5471/77 1774/38][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/93 152/157 22/37][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/977 bytes <-> 4 pkts/384 bytes][Goodput ratio: 12/29][20.90 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1750/71 5966/142 2163/71][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/96 129/125 17/26][Plen Bins: 70,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][12 pkts/940 bytes <-> 5 pkts/415 bytes][Goodput ratio: 16/19][28.23 sec][bytes ratio: 0.387 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 2652/2383 13157/7000 3965/3265][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/83 166/135 27/26][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/993 bytes <-> 4 pkts/360 bytes][Goodput ratio: 14/24][24.38 sec][bytes ratio: 0.468 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2081/67 5842/128 2142/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/90 145/146 21/32][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/390 bytes][Goodput ratio: 15/30][19.16 sec][bytes ratio: 0.443 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 1603/66 5454/128 1890/62][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/98 162/138 25/29][Plen Bins: 70,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][14 pkts/1085 bytes <-> 4 pkts/315 bytes][Goodput ratio: 14/16][28.25 sec][bytes ratio: 0.550 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2270/41 8492/76 2559/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 78/79 143/115 19/22][Plen Bins: 81,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/TLS][Encrypted][cat: Web/5][11 pkts/1140 bytes <-> 3 pkts/250 bytes][Goodput ratio: 36/18][11.63 sec][bytes ratio: 0.640 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/130 1177/130 4498/130 1454/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 104/83 138/110 29/19][Plen Bins: 0,87,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/975 bytes <-> 4 pkts/412 bytes][Goodput ratio: 12/34][19.05 sec][bytes ratio: 0.406 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1596/66 5396/130 1974/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/103 127/146 16/34][Plen Bins: 70,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/TLS][Encrypted][cat: Web/5][13 pkts/1176 bytes <-> 3 pkts/200 bytes][Goodput ratio: 26/0][26.92 sec][bytes ratio: 0.709 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/66 2171/66 8161/66 2541/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 90/67 138/74 17/6][Plen Bins: 90,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/371 bytes][Goodput ratio: 14/27][17.70 sec][bytes ratio: 0.459 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1517/38 5471/77 1774/38][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/93 152/157 22/37][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/977 bytes <-> 4 pkts/384 bytes][Goodput ratio: 12/29][20.90 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1750/71 5966/142 2163/71][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/96 129/125 17/26][Plen Bins: 70,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/940 bytes <-> 5 pkts/415 bytes][Goodput ratio: 16/19][28.23 sec][bytes ratio: 0.387 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 2652/2383 13157/7000 3965/3265][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/83 166/135 27/26][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/993 bytes <-> 4 pkts/360 bytes][Goodput ratio: 14/24][24.38 sec][bytes ratio: 0.468 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2081/67 5842/128 2142/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/90 145/146 21/32][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1074 bytes <-> 3 pkts/277 bytes][Goodput ratio: 26/26][19.68 sec][bytes ratio: 0.590 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/129 1407/129 6102/129 1797/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 90/92 138/137 21/32][Plen Bins: 77,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1102 bytes <-> 3 pkts/247 bytes][Goodput ratio: 28/17][19.10 sec][bytes ratio: 0.634 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/133 1364/133 5509/133 1647/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 92/82 138/107 22/18][Plen Bins: 0,88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1109 bytes <-> 3 pkts/236 bytes][Goodput ratio: 29/13][18.34 sec][bytes ratio: 0.649 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/126 1312/126 4764/126 1485/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 92/79 138/96 22/13][Plen Bins: 11,77,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/334 bytes][Goodput ratio: 13/20][32.24 sec][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2789/64 14182/123 4002/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/84 136/134 17/30][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/334 bytes][Goodput ratio: 13/20][32.24 sec][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2789/64 14182/123 4002/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/84 136/134 17/30][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/1074 bytes <-> 3 pkts/254 bytes][Goodput ratio: 32/19][18.41 sec][bytes ratio: 0.617 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/211 1608/211 4614/211 1688/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 98/85 138/114 26/21][Plen Bins: 0,87,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/317 bytes][Goodput ratio: 14/16][33.05 sec][bytes ratio: 0.522 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2859/66 14565/131 4102/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 78/79 142/117 19/22][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/317 bytes][Goodput ratio: 14/16][33.05 sec][bytes ratio: 0.522 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2859/66 14565/131 4102/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 78/79 142/117 19/22][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1088 bytes <-> 3 pkts/236 bytes][Goodput ratio: 27/13][18.51 sec][bytes ratio: 0.644 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/129 1324/129 4948/129 1521/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 91/79 138/96 21/13][Plen Bins: 11,77,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/989 bytes <-> 4 pkts/323 bytes][Goodput ratio: 12/18][32.74 sec][bytes ratio: 0.508 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2832/65 14348/124 4046/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/81 121/123 13/25][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/TLS][ClearText][cat: Web/5][11 pkts/960 bytes <-> 4 pkts/351 bytes][Goodput ratio: 24/22][24.53 sec][bytes ratio: 0.465 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/128 2019/1896 10839/3664 3284/1768][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 87/88 138/145 21/33][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][12 pkts/969 bytes <-> 4 pkts/337 bytes][Goodput ratio: 17/21][30.85 sec][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2831/106 12195/206 3629/100][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 81/84 175/137 29/31][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/989 bytes <-> 4 pkts/323 bytes][Goodput ratio: 12/18][32.74 sec][bytes ratio: 0.508 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2832/65 14348/124 4046/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/81 121/123 13/25][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/TLS][Encrypted][cat: Web/5][11 pkts/960 bytes <-> 4 pkts/351 bytes][Goodput ratio: 24/22][24.53 sec][bytes ratio: 0.465 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/128 2019/1896 10839/3664 3284/1768][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 87/88 138/145 21/33][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/969 bytes <-> 4 pkts/337 bytes][Goodput ratio: 17/21][30.85 sec][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2831/106 12195/206 3629/100][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 81/84 175/137 29/31][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1039 bytes <-> 3 pkts/267 bytes][Goodput ratio: 24/23][18.56 sec][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/127 1332/127 6326/127 1844/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 87/89 138/127 20/27][Plen Bins: 77,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][12 pkts/899 bytes <-> 5 pkts/406 bytes][Goodput ratio: 12/17][27.73 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2605/2274 12714/6673 3839/3111][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/81 125/126 16/23][Plen Bins: 77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/899 bytes <-> 5 pkts/406 bytes][Goodput ratio: 12/17][27.73 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2605/2274 12714/6673 3839/3111][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/81 125/126 16/23][Plen Bins: 77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/1002 bytes <-> 3 pkts/285 bytes][Goodput ratio: 34/28][17.63 sec][bytes ratio: 0.557 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/299 1709/299 4196/299 1640/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 100/95 138/145 29/36][Plen Bins: 0,71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/836 bytes <-> 5 pkts/442 bytes][Goodput ratio: 13/23][21.99 sec][bytes ratio: 0.308 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2111/517 6939/1415 2451/637][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/88 136/162 20/37][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/841 bytes <-> 5 pkts/429 bytes][Goodput ratio: 14/21][28.10 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2769/2594 13054/7485 4056/3461][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/86 141/149 21/32][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/836 bytes <-> 5 pkts/442 bytes][Goodput ratio: 13/23][21.99 sec][bytes ratio: 0.308 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2111/517 6939/1415 2451/637][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/88 136/162 20/37][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/841 bytes <-> 5 pkts/429 bytes][Goodput ratio: 14/21][28.10 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2769/2594 13054/7485 4056/3461][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/86 141/149 21/32][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/999 bytes <-> 4 pkts/266 bytes][Goodput ratio: 26/0][20.97 sec][bytes ratio: 0.579 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/146 1648/146 7365/146 2216/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 91/66 138/74 18/5][Plen Bins: 87,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1032 bytes <-> 3 pkts/230 bytes][Goodput ratio: 23/10][19.27 sec][bytes ratio: 0.635 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/128 1379/128 5639/128 1682/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 86/77 138/90 20/10][Plen Bins: 88,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/866 bytes <-> 5 pkts/396 bytes][Goodput ratio: 16/15][28.08 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2765/2512 13013/7241 4051/3346][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 79/79 166/116 28/19][Plen Bins: 75,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 58 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/820 bytes <-> 5 pkts/416 bytes][Goodput ratio: 11/19][28.35 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2800/2555 13330/7366 4128/3404][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/83 120/136 16/27][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/386 bytes][Goodput ratio: 14/29][20.24 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1952/64 5189/127 2093/62][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/96 143/172 22/44][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/822 bytes <-> 4 pkts/390 bytes][Goodput ratio: 12/30][13.57 sec][bytes ratio: 0.356 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1158/148 4662/295 1409/148][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/98 122/128 16/28][Plen Bins: 62,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/866 bytes <-> 5 pkts/396 bytes][Goodput ratio: 16/15][28.08 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2765/2512 13013/7241 4051/3346][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 79/79 166/116 28/19][Plen Bins: 75,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 58 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/820 bytes <-> 5 pkts/416 bytes][Goodput ratio: 11/19][28.35 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2800/2555 13330/7366 4128/3404][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/83 120/136 16/27][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/386 bytes][Goodput ratio: 14/29][20.24 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1952/64 5189/127 2093/62][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/96 143/172 22/44][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/822 bytes <-> 4 pkts/390 bytes][Goodput ratio: 12/30][13.57 sec][bytes ratio: 0.356 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1158/148 4662/295 1409/148][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/98 122/128 16/28][Plen Bins: 62,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 61 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/857 bytes <-> 4 pkts/351 bytes][Goodput ratio: 23/22][27.82 sec][bytes ratio: 0.419 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/314 3464/3682 14258/7049 4499/3368][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 86/88 138/145 22/33][Plen Bins: 71,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 62 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/TLS][ClearText][cat: Web/5][9 pkts/862 bytes <-> 3 pkts/285 bytes][Goodput ratio: 31/28][10.17 sec][bytes ratio: 0.503 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/263 850/263 2602/263 907/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 96/95 138/145 28/36][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/TLS][Encrypted][cat: Web/5][9 pkts/862 bytes <-> 3 pkts/285 bytes][Goodput ratio: 31/28][10.17 sec][bytes ratio: 0.503 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/263 850/263 2602/263 907/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 96/95 138/145 28/36][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 63 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/237 bytes][Goodput ratio: 24/13][13.66 sec][bytes ratio: 0.573 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/295 926/295 3053/295 1023/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 87/79 138/97 22/13][Plen Bins: 85,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 64 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][9 pkts/822 bytes <-> 3 pkts/285 bytes][Goodput ratio: 28/28][17.82 sec][bytes ratio: 0.485 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/295 1918/295 4327/295 1632/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 91/95 138/145 25/36][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 65 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][cat: Network/14][4 pkts/908 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][13.03 sec][Host: _afpovertcp._tcp.local][_afpovertcp._tcp.local][PLAIN TEXT (afpovertc)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 66 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][4 pkts/828 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][13.03 sec][Host: _afpovertcp._tcp.local][_afpovertcp._tcp.local][PLAIN TEXT (afpovertc)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 67 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][6 pkts/417 bytes <-> 4 pkts/352 bytes][Goodput ratio: 17/32][5.54 sec][bytes ratio: 0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/63 1107/1825 3027/3063 1309/1280][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 70/88 123/166 25/45][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][6 pkts/417 bytes <-> 4 pkts/352 bytes][Goodput ratio: 17/32][5.54 sec][bytes ratio: 0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/63 1107/1825 3027/3063 1309/1280][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 70/88 123/166 25/45][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 68 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][ClearText][cat: Network/14][8 pkts/656 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][34.64 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 253/0 4948/0 31039/0 10656/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 69 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][26.45 sec][Host: a.config.skype.trafficmanager.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4409/0 9094/0 3390/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93/0 93/0 0/0][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 70 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][26.45 sec][Host: a.config.skype.trafficmanager.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4409/0 9094/0 3391/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/0 93/0 93/0 0/0][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -108,8 +108,8 @@ JA3 Host Stats: 83 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.25 sec][Host: 335.0.7.7.3.rst5.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4374/0 9080/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 84 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.25 sec][Host: 335.0.7.7.3.rst5.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1007/0 4374/0 9080/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 85 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][26.40 sec][Host: 335.0.7.7.3.rst6.r.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4399/0 9084/0 3383/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 88/0 88/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 86 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/TLS][ClearText][cat: Web/5][8 pkts/608 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][11.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1001/0 1574/0 4002/0 1050/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 76/0 78/0 5/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 87 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes][Goodput ratio: 1/2][8.32 sec][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/64 1663/2751 6736/6736 2591/2874][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 59/62 78/66 9/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/TLS][Encrypted][cat: Web/5][8 pkts/608 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][11.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1001/0 1574/0 4002/0 1050/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 76/0 78/0 5/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 87 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes][Goodput ratio: 1/2][8.32 sec][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/64 1663/2751 6736/6736 2591/2874][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 59/62 78/66 9/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 88 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.42 sec][Host: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1010/0 4403/0 9097/0 3414/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 89 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.31 sec][Host: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384/0 9098/0 3397/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 90 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][26.31 sec][Host: b.config.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1060/0 4384/0 9098/0 3397/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][PLAIN TEXT (config)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -118,9 +118,9 @@ JA3 Host Stats: 93 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.46 sec][Host: dsn4.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1006/0 4409/0 9093/0 3413/0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 76/0 76/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 94 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.55 sec][Host: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1088/0 4424/0 9093/0 3397/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 95 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.55 sec][Host: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1087/0 4424/0 9094/0 3398/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 96 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][3 pkts/297 bytes <-> 3 pkts/186 bytes][Goodput ratio: 37/0][0.81 sec][bytes ratio: 0.230 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/43 24/43 49/43 24/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99/62 165/66 48/3][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 97 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][120.02 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 98 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 3/0][0.43 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/43 21/43 42/43 21/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64/62 78/66 10/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 96 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][3 pkts/297 bytes <-> 3 pkts/186 bytes][Goodput ratio: 37/0][0.81 sec][bytes ratio: 0.230 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/43 24/43 49/43 24/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99/62 165/66 48/3][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][120.02 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 98 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 3/0][0.43 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/43 21/43 42/43 21/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64/62 78/66 10/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 99 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][5 pkts/360 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][8.15 sec][Host: ui.skype.com][::][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 100 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 101 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index bbcb03f58..ec5b0fbec 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -24,47 +24,47 @@ JA3 Host Stats: 1 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][Goodput ratio: 72/92][51.22 sec][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 370/331 45360/45460 3946/3736][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/784 1506/1506 433/565][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 06207a1730b5deeb207b0556e102ded2][ServerNames: *.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com][JA3S: 5e4e5596180ebd0ac0317125ee490707][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2][Subject: CN=*.gateway.messenger.live.com][Certificate SHA-1: 95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51][Validity: 2014-10-27 22:51:07 - 2016-10-26 22:51:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 19,2,1,5,0,1,2,0,0,3,0,0,0,1,0,0,0,1,1,0,0,1,1,0,1,0,1,10,1,1,0,0,0,0,0,0,2,0,0,0,3,5,0,0,0,30,0,0] - 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes][Goodput ratio: 78/89][22.75 sec][bytes ratio: -0.323 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/215 3095/3095 411/401][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/612 1506/1506 406/626][PLAIN TEXT (nZREBS)][Plen Bins: 26,8,2,1,4,2,0,1,0,4,1,0,0,2,0,0,2,1,1,1,2,0,0,0,0,0,0,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,30,0,0] + 2 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes][Goodput ratio: 78/89][22.75 sec][bytes ratio: -0.323 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/215 3095/3095 411/401][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/612 1506/1506 406/626][PLAIN TEXT (nZREBS)][Plen Bins: 26,8,2,1,4,2,0,1,0,4,1,0,0,2,0,0,2,1,1,1,2,0,0,0,0,0,0,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,30,0,0] 3 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/TLS.Apple][Encrypted][cat: Web/5][38 pkts/9082 bytes <-> 38 pkts/10499 bytes][Goodput ratio: 77/80][68.36 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2273/323 55625/8255 10014/1510][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 239/276 680/1494 273/358][PLAIN TEXT (/tBGEll)][Plen Bins: 16,16,0,0,0,0,0,0,0,0,16,0,0,0,0,5,2,5,13,16,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0] - 4 TCP 192.168.1.34:51307 <-> 149.13.32.15:13392 [proto: 91/TLS][ClearText][cat: Web/5][19 pkts/16968 bytes <-> 7 pkts/531 bytes][Goodput ratio: 93/13][10.40 sec][bytes ratio: 0.939 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 625/19 4127/44 1113/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 893/76 1506/123 670/20][Plen Bins: 27,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,51,0,0] - 5 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 91/TLS][ClearText][cat: Web/5][18 pkts/15111 bytes <-> 7 pkts/531 bytes][Goodput ratio: 92/13][6.05 sec][bytes ratio: 0.932 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 377/19 2072/42 642/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 840/76 1506/123 681/20][Plen Bins: 23,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,48,0,0] + 4 TCP 192.168.1.34:51307 <-> 149.13.32.15:13392 [proto: 91/TLS][Encrypted][cat: Web/5][19 pkts/16968 bytes <-> 7 pkts/531 bytes][Goodput ratio: 93/13][10.40 sec][bytes ratio: 0.939 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 625/19 4127/44 1113/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 893/76 1506/123 670/20][Plen Bins: 27,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,51,0,0] + 5 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 91/TLS][Encrypted][cat: Web/5][18 pkts/15111 bytes <-> 7 pkts/531 bytes][Goodput ratio: 92/13][6.05 sec][bytes ratio: 0.932 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 377/19 2072/42 642/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 840/76 1506/123 681/20][Plen Bins: 23,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,48,0,0] 6 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][36 pkts/13402 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][60.04 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1254/0 19850/0 4801/0][Pkt Len c2s/s2c min/avg/max/stddev: 327/0 372/0 405/0 29/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,11,27,22,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 91/TLS][ClearText][cat: Web/5][16 pkts/11797 bytes <-> 7 pkts/493 bytes][Goodput ratio: 91/6][3.34 sec][bytes ratio: 0.920 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/30 1428/74 413/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 737/70 1506/85 681/7][Plen Bins: 33,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,40,0,0] - 8 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 91/TLS][ClearText][cat: Web/5][12 pkts/5655 bytes <-> 8 pkts/553 bytes][Goodput ratio: 86/5][0.16 sec][bytes ratio: 0.822 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/19 43/43 19/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 471/69 1506/85 596/8][Plen Bins: 45,9,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,18,0,0] + 7 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 91/TLS][Encrypted][cat: Web/5][16 pkts/11797 bytes <-> 7 pkts/493 bytes][Goodput ratio: 91/6][3.34 sec][bytes ratio: 0.920 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/30 1428/74 413/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 737/70 1506/85 681/7][Plen Bins: 33,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,40,0,0] + 8 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 91/TLS][Encrypted][cat: Web/5][12 pkts/5655 bytes <-> 8 pkts/553 bytes][Goodput ratio: 86/5][0.16 sec][bytes ratio: 0.822 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/19 43/43 19/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 471/69 1506/85 596/8][Plen Bins: 45,9,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,18,0,0] 9 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][Goodput ratio: 69/0][54.57 sec][bytes ratio: 0.958 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3429/0 6616/0 2851/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 216/74 251/74 72/0][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: apps.skype.com][JA3C: 799135475da362592a4be9199d258726][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes][Goodput ratio: 75/29][14.87 sec][bytes ratio: 0.836 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1411/28 6276/55 1939/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 270/97 401/150 156/38][Plen Bins: 10,0,20,0,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes][Goodput ratio: 75/29][14.87 sec][bytes ratio: 0.836 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1411/28 6276/55 1939/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 270/97 401/150 156/38][Plen Bins: 10,0,20,0,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/TLS.Dropbox][Encrypted][cat: Cloud/13][4 pkts/818 bytes <-> 4 pkts/2172 bytes][Goodput ratio: 68/88][30.64 sec][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 222/2 10212/10139 30193/30413 14128/14336][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 204/543 343/1020 138/477][PLAIN TEXT (ZeNjsq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/2074 bytes <-> 1 pkts/74 bytes][Goodput ratio: 64/0][14.82 sec][bytes ratio: 0.931 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1393/0 6406/0 1894/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 189/74 233/74 73/0][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: apps.skype.com][JA3C: 3d49c0a7161d6636fcb6973f14e05046][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1446 bytes <-> 4 pkts/266 bytes][Goodput ratio: 40/0][28.33 sec][bytes ratio: 0.689 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/63 2321/63 11234/63 3206/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 111/66 138/74 23/5][Plen Bins: 0,90,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/TLS][ClearText][cat: Web/5][13 pkts/1437 bytes <-> 3 pkts/200 bytes][Goodput ratio: 39/0][24.81 sec][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/59 2001/59 7498/59 2283/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 111/67 138/74 23/6][Plen Bins: 0,90,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/TLS][Encrypted][cat: Web/5][13 pkts/1437 bytes <-> 3 pkts/200 bytes][Goodput ratio: 39/0][24.81 sec][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/59 2001/59 7498/59 2283/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 111/67 138/74 23/6][Plen Bins: 0,90,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1333 bytes <-> 3 pkts/251 bytes][Goodput ratio: 41/18][18.20 sec][bytes ratio: 0.683 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/123 1301/123 4567/123 1449/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 111/84 138/111 32/20][Plen Bins: 0,11,88,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1284 bytes <-> 3 pkts/285 bytes][Goodput ratio: 38/28][17.85 sec][bytes ratio: 0.637 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/81 1425/81 4989/81 1713/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 107/95 138/145 30/36][Plen Bins: 0,77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/TLS][ClearText][cat: Web/5][12 pkts/1291 bytes <-> 3 pkts/242 bytes][Goodput ratio: 39/15][18.81 sec][bytes ratio: 0.684 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/129 1345/129 4168/129 1444/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 108/81 138/102 30/15][Plen Bins: 0,88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/TLS][Encrypted][cat: Web/5][12 pkts/1291 bytes <-> 3 pkts/242 bytes][Goodput ratio: 39/15][18.81 sec][bytes ratio: 0.684 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/129 1345/129 4168/129 1444/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 108/81 138/102 30/15][Plen Bins: 0,88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1235 bytes <-> 3 pkts/285 bytes][Goodput ratio: 36/28][16.83 sec][bytes ratio: 0.625 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/66 1402/66 6762/66 1929/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 103/95 138/145 27/36][Plen Bins: 0,77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/265 bytes][Goodput ratio: 37/22][18.45 sec][bytes ratio: 0.650 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/127 1320/127 4821/127 1498/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 104/88 138/125 28/26][Plen Bins: 0,88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][14 pkts/1117 bytes <-> 4 pkts/337 bytes][Goodput ratio: 16/21][30.54 sec][bytes ratio: 0.536 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2455/42 9200/81 2778/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 80/84 175/137 27/31][Plen Bins: 81,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/TLS][ClearText][cat: Web/5][11 pkts/1164 bytes <-> 3 pkts/268 bytes][Goodput ratio: 38/23][17.61 sec][bytes ratio: 0.626 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/199 1475/199 4207/199 1525/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/89 138/128 31/28][Plen Bins: 0,87,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][14 pkts/1117 bytes <-> 4 pkts/337 bytes][Goodput ratio: 16/21][30.54 sec][bytes ratio: 0.536 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2455/42 9200/81 2778/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 80/84 175/137 27/31][Plen Bins: 81,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/TLS][Encrypted][cat: Web/5][11 pkts/1164 bytes <-> 3 pkts/268 bytes][Goodput ratio: 38/23][17.61 sec][bytes ratio: 0.626 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/199 1475/199 4207/199 1525/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/89 138/128 31/28][Plen Bins: 0,87,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/1077 bytes <-> 4 pkts/351 bytes][Goodput ratio: 39/22][32.26 sec][bytes ratio: 0.508 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/225 3631/5557 15560/10889 4792/5332][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 108/88 138/145 34/33][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][14 pkts/1059 bytes <-> 4 pkts/367 bytes][Goodput ratio: 12/27][27.54 sec][bytes ratio: 0.485 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/8 2213/38 8343/69 2500/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/92 117/167 12/44][Plen Bins: 81,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/1011 bytes <-> 4 pkts/415 bytes][Goodput ratio: 15/34][12.52 sec][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1044/40 4851/80 1546/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/104 163/171 25/41][Plen Bins: 70,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/TLS][ClearText][cat: Web/5][12 pkts/1130 bytes <-> 3 pkts/285 bytes][Goodput ratio: 30/28][16.56 sec][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/62 1386/62 6081/62 1875/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 94/95 138/145 22/36][Plen Bins: 0,77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][14 pkts/1059 bytes <-> 4 pkts/367 bytes][Goodput ratio: 12/27][27.54 sec][bytes ratio: 0.485 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/8 2213/38 8343/69 2500/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/92 117/167 12/44][Plen Bins: 81,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1011 bytes <-> 4 pkts/415 bytes][Goodput ratio: 15/34][12.52 sec][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1044/40 4851/80 1546/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/104 163/171 25/41][Plen Bins: 70,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/TLS][Encrypted][cat: Web/5][12 pkts/1130 bytes <-> 3 pkts/285 bytes][Goodput ratio: 30/28][16.56 sec][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/62 1386/62 6081/62 1875/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 94/95 138/145 22/36][Plen Bins: 0,77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1130 bytes <-> 3 pkts/285 bytes][Goodput ratio: 30/28][17.58 sec][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/77 1583/77 5936/77 2059/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 94/95 138/145 22/36][Plen Bins: 0,77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/1095 bytes <-> 3 pkts/285 bytes][Goodput ratio: 28/28][17.58 sec][bytes ratio: 0.587 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/78 1584/78 5941/78 2060/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 91/95 138/145 21/36][Plen Bins: 0,77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/1022 bytes <-> 4 pkts/351 bytes][Goodput ratio: 35/22][28.19 sec][bytes ratio: 0.489 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/294 3359/3765 13674/7236 4326/3471][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 102/88 138/145 30/33][Plen Bins: 0,71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/1006 bytes <-> 4 pkts/361 bytes][Goodput ratio: 15/25][17.15 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 1477/38 6479/71 1968/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/90 158/147 24/33][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1006 bytes <-> 4 pkts/361 bytes][Goodput ratio: 15/25][17.15 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 1477/38 6479/71 1968/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/90 158/147 24/33][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/1012 bytes <-> 4 pkts/351 bytes][Goodput ratio: 35/22][33.88 sec][bytes ratio: 0.485 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/291 3830/6656 17161/13020 5286/6365][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 101/88 138/145 30/33][Plen Bins: 0,71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/986 bytes <-> 4 pkts/344 bytes][Goodput ratio: 12/23][32.35 sec][bytes ratio: 0.483 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2797/63 14147/123 3995/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/86 118/144 13/34][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/981 bytes <-> 4 pkts/348 bytes][Goodput ratio: 13/22][17.40 sec][bytes ratio: 0.476 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 1497/40 6272/72 2024/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/87 133/134 18/27][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/318 bytes][Goodput ratio: 13/16][32.75 sec][bytes ratio: 0.519 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2833/65 14399/127 4060/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/80 136/118 17/23][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][12 pkts/951 bytes <-> 4 pkts/341 bytes][Goodput ratio: 15/22][29.62 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2714/103 11633/206 3500/103][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/85 157/141 24/33][Plen Bins: 77,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/858 bytes <-> 5 pkts/426 bytes][Goodput ratio: 15/21][27.75 sec][bytes ratio: 0.336 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2725/2317 12657/6632 3959/3054][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/85 158/146 26/31][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/856 bytes <-> 5 pkts/409 bytes][Goodput ratio: 15/17][29.81 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2935/2960 14701/8573 4584/3971][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/82 156/129 26/24][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/844 bytes <-> 5 pkts/413 bytes][Goodput ratio: 14/18][28.48 sec][bytes ratio: 0.343 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/16 2815/2538 12362/7300 3843/3369][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/83 144/133 22/25][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/TLS][ClearText][cat: Web/5][10 pkts/972 bytes <-> 3 pkts/285 bytes][Goodput ratio: 32/28][9.23 sec][bytes ratio: 0.547 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/195 633/195 2177/195 725/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 97/95 138/145 27/36][Plen Bins: 0,71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/986 bytes <-> 4 pkts/344 bytes][Goodput ratio: 12/23][32.35 sec][bytes ratio: 0.483 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2797/63 14147/123 3995/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/86 118/144 13/34][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/981 bytes <-> 4 pkts/348 bytes][Goodput ratio: 13/22][17.40 sec][bytes ratio: 0.476 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 1497/40 6272/72 2024/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/87 133/134 18/27][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/318 bytes][Goodput ratio: 13/16][32.75 sec][bytes ratio: 0.519 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2833/65 14399/127 4060/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/80 136/118 17/23][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][12 pkts/951 bytes <-> 4 pkts/341 bytes][Goodput ratio: 15/22][29.62 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2714/103 11633/206 3500/103][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/85 157/141 24/33][Plen Bins: 77,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/858 bytes <-> 5 pkts/426 bytes][Goodput ratio: 15/21][27.75 sec][bytes ratio: 0.336 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2725/2317 12657/6632 3959/3054][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/85 158/146 26/31][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/856 bytes <-> 5 pkts/409 bytes][Goodput ratio: 15/17][29.81 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2935/2960 14701/8573 4584/3971][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/82 156/129 26/24][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/844 bytes <-> 5 pkts/413 bytes][Goodput ratio: 14/18][28.48 sec][bytes ratio: 0.343 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/16 2815/2538 12362/7300 3843/3369][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/83 144/133 22/25][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/TLS][Encrypted][cat: Web/5][10 pkts/972 bytes <-> 3 pkts/285 bytes][Goodput ratio: 32/28][9.23 sec][bytes ratio: 0.547 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/195 633/195 2177/195 725/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 97/95 138/145 27/36][Plen Bins: 0,71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/902 bytes <-> 4 pkts/351 bytes][Goodput ratio: 27/22][27.81 sec][bytes ratio: 0.440 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/292 3406/3304 14303/6316 4510/3012][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 90/88 138/145 23/33][Plen Bins: 0,71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][11 pkts/815 bytes <-> 5 pkts/423 bytes][Goodput ratio: 11/20][27.98 sec][bytes ratio: 0.317 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 2765/2392 12863/6880 3983/3176][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 74/85 115/143 14/29][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][11 pkts/815 bytes <-> 5 pkts/423 bytes][Goodput ratio: 11/20][27.98 sec][bytes ratio: 0.317 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 2765/2392 12863/6880 3983/3176][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 74/85 115/143 14/29][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/852 bytes <-> 4 pkts/351 bytes][Goodput ratio: 23/22][30.09 sec][bytes ratio: 0.416 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/294 3511/4388 15598/8483 4824/4095][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 85/88 138/145 22/33][Plen Bins: 71,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes][Goodput ratio: 16/28][17.94 sec][bytes ratio: 0.350 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1703/148 4607/294 1700/146][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/94 159/164 28/40][Plen Bins: 71,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes][Goodput ratio: 16/28][17.94 sec][bytes ratio: 0.350 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1703/148 4607/294 1700/146][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/94 159/164 28/40][Plen Bins: 71,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/285 bytes][Goodput ratio: 24/28][18.79 sec][bytes ratio: 0.507 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/199 2008/199 5293/199 1965/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 87/95 138/145 22/36][Plen Bins: 71,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][ClearText][cat: System/18][6 pkts/958 bytes <-> 2 pkts/184 bytes][Goodput ratio: 74/54][1.27 sec][Host: __msbrowse__][bytes ratio: 0.678 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1258 253/1258 1243/1258 495/0][Pkt Len c2s/s2c min/avg/max/stddev: 104/92 160/92 271/92 79/0][PLAIN TEXT (FPFPENFDECFCEPFHFDEFFPFPACAB)][Plen Bins: 0,75,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238.140/ApplePush.Apple][Encrypted][cat: Cloud/13][4 pkts/674 bytes <-> 4 pkts/444 bytes][Goodput ratio: 61/40][10.70 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 215/1 3565/3494 10265/10480 4737/4940][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 168/111 279/156 103/45][Plen Bins: 0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -73,7 +73,7 @@ JA3 Host Stats: 48 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][ClearText][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT ( 3375359593)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][ClearText][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT ( 3375359593)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][7 pkts/680 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][1.26 sec][Host: __msbrowse__][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 210/0 1261/0 470/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 97/0 110/0 8/0][PLAIN TEXT (FPFPENFDECFCEPFHFDEFFPFPACAB)][Plen Bins: 0,71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][6 pkts/353 bytes <-> 5 pkts/306 bytes][Goodput ratio: 1/2][11.59 sec][bytes ratio: 0.071 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2640/2885 10417/10457 4490/4391][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 59/61 78/66 9/2][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][6 pkts/353 bytes <-> 5 pkts/306 bytes][Goodput ratio: 1/2][11.59 sec][bytes ratio: 0.071 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2640/2885 10417/10457 4490/4391][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 59/61 78/66 9/2][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Host: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642/0 27046/0 8520/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][53.50 sec][Host: conn.skype.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1093/0 7642/0 27046/0 8520/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 81/0 81/0 0/0][PLAIN TEXT (akadns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][26.41 sec][Host: pipe.prd.skypedata.akadns.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1071/0 4400/0 9094/0 3403/0][Pkt Len c2s/s2c min/avg/max/stddev: 89/0 89/0 89/0 0/0][PLAIN TEXT (skypedata)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -94,12 +94,12 @@ JA3 Host Stats: 69 UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][26.56 sec][Host: dsn13.d.skype.net][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4426/0 9099/0 3400/0][Pkt Len c2s/s2c min/avg/max/stddev: 77/0 77/0 77/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 70 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.50 sec][Host: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1089/0 4416/0 9098/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 71 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][ClearText][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][26.50 sec][Host: api.skype.com][::][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1091/0 4416/0 9098/0 3405/0][Pkt Len c2s/s2c min/avg/max/stddev: 73/0 73/0 73/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 72 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][3 pkts/293 bytes <-> 3 pkts/186 bytes][Goodput ratio: 36/0][0.69 sec][bytes ratio: 0.223 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/54 26/54 53/54 26/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/62 161/66 46/3][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 73 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/TLS][ClearText][cat: Web/5][6 pkts/468 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1005/0 1010/0 1015/0 4/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][3 pkts/293 bytes <-> 3 pkts/186 bytes][Goodput ratio: 36/0][0.69 sec][bytes ratio: 0.223 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/54 26/54 53/54 26/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/62 161/66 46/3][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/TLS][Encrypted][cat: Web/5][6 pkts/468 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1005/0 1010/0 1015/0 4/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 74 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10.16/NetBIOS.SMBv1][ClearText][cat: System/18][2 pkts/452 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][1.26 sec][Host: alicegate][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EBEMEJEDEFEHEBFEEFCACACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 75 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][ClearText][cat: System/18][2 pkts/432 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][1.26 sec][Host: lucasmacbookpro][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EMFFEDEBFDENEBEDECEPEPELFAFCEP)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 76 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][3 pkts/237 bytes <-> 3 pkts/186 bytes][Goodput ratio: 21/0][0.47 sec][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/62 34/62 68/62 34/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/62 105/66 21/3][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype_Teams][ClearText][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 3/0][0.52 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/61 31/61 62/61 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64/62 78/66 10/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 76 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][3 pkts/237 bytes <-> 3 pkts/186 bytes][Goodput ratio: 21/0][0.47 sec][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/62 34/62 68/62 34/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/62 105/66 21/3][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype_Teams][Encrypted][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 3/0][0.52 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/61 31/61 62/61 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64/62 78/66 10/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 78 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/TLS.Skype_Teams][Encrypted][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 3/0][0.36 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/65 31/65 62/65 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64/62 78/66 10/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/skype_udp.pcap.out b/tests/result/skype_udp.pcap.out index f2d461b9d..18fa957a0 100644 --- a/tests/result/skype_udp.pcap.out +++ b/tests/result/skype_udp.pcap.out @@ -4,4 +4,4 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Skype_Teams 5 339 1 - 1 UDP 192.168.1.2:35990 <-> 24.224.190.149:39262 [proto: 125/Skype_Teams][ClearText][4 pkts/279 bytes <-> 1 pkts/60 bytes][Goodput ratio: 40/30][72.51 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.2:35990 <-> 24.224.190.149:39262 [proto: 125/Skype_Teams][Encrypted][4 pkts/279 bytes <-> 1 pkts/60 bytes][Goodput ratio: 40/30][72.51 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ssh.pcap.out b/tests/result/ssh.pcap.out index 7b6c74b1f..1e4dd3355 100644 --- a/tests/result/ssh.pcap.out +++ b/tests/result/ssh.pcap.out @@ -4,4 +4,4 @@ DPI Packets (TCP): 10 (10.00 pkts/flow) SSH 258 35546 1 - 1 TCP 172.16.238.1:58395 <-> 172.16.238.168:22 [proto: 92/SSH][ClearText][cat: RemoteAccess/12][159 pkts/15615 bytes <-> 99 pkts/19931 bytes][Goodput ratio: 33/67][248.48 sec][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1846/2934 166223/166224 14794/19692][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/201 970/1346 83/283][Risk: ** SSH Obsolete Client Version/Cipher **** SSH Obsolete Server Version/Cipher **][Risk Score: 150][Client: SSH-2.0-OpenSSH_5.3][HASSH-C: 21B457A327CE7A2D4FCE5EF2C42400BD][Server: SSH-2.0-OpenSSH_5.6][HASSH-S: B1C6C0D56317555B85C7005A3DE29325][Plen Bins: 2,76,12,2,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0] + 1 TCP 172.16.238.1:58395 <-> 172.16.238.168:22 [proto: 92/SSH][Encrypted][cat: RemoteAccess/12][159 pkts/15615 bytes <-> 99 pkts/19931 bytes][Goodput ratio: 33/67][248.48 sec][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1846/2934 166223/166224 14794/19692][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/201 970/1346 83/283][Risk: ** SSH Obsolete Client Version/Cipher **** SSH Obsolete Server Version/Cipher **][Risk Score: 150][Client: SSH-2.0-OpenSSH_5.3][HASSH-C: 21B457A327CE7A2D4FCE5EF2C42400BD][Server: SSH-2.0-OpenSSH_5.6][HASSH-S: B1C6C0D56317555B85C7005A3DE29325][Plen Bins: 2,76,12,2,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index ed6af3b0f..724fc47f7 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -36,7 +36,7 @@ Starcraft 236 51494 6 20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][ClearText][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes][Goodput ratio: 14/22][10.56 sec][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2624/2614 6381/6342 2711/2730][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 63/75 74/155 9/33][Plen Bins: 80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][ClearText][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Goodput ratio: 23/53][0.60 sec][Host: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 148/102 198/203 80/102][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/128 139/327 33/115][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][Content-Type: text/plain][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)][Plen Bins: 0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][ClearText][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Goodput ratio: 50/78][0.09 sec][Host: bnetcmsus-a.akamaihd.net][2.228.46.112][PLAIN TEXT (bnetcmsus)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 126/Google][ClearText][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][Goodput ratio: 48/45][28.94 sec][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457/14457 15059/14974 602/517][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81/77 83/83 3/8][Plen Bins: 16,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 126/Google][Encrypted][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][Goodput ratio: 48/45][28.94 sec][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457/14457 15059/14974 602/517][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81/77 83/83 3/8][Plen Bins: 16,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][ClearText][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Goodput ratio: 51/70][0.05 sec][Host: 110.212.58.216.in-addr.arpa][::][Plen Bins: 0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][ClearText][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Goodput ratio: 45/71][0.08 sec][Host: llnw.blizzard.com][87.248.221.254][PLAIN TEXT (blizzard)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][ClearText][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Goodput ratio: 51/67][0.06 sec][Host: 100.1.168.192.in-addr.arpa][::][PLAIN TEXT (dynect)][Plen Bins: 0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -44,19 +44,19 @@ Starcraft 236 51494 6 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][ClearText][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45/0][0.04 sec][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][StatusCode: 0][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][ClearText][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45/0][0.04 sec][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][StatusCode: 0][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][ClearText][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Goodput ratio: 44/54][0.08 sec][Host: nydus.battle.net][80.239.186.26][PLAIN TEXT (battle)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/TLS.Github][Encrypted][cat: Collaborative/15][2 pkts/145 bytes <-> 1 pkts/89 bytes][Goodput ratio: 21/39][0.13 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/120 bytes][Goodput ratio: 0/0][0.12 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/120 bytes][Goodput ratio: 0/0][0.12 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/124 bytes][Goodput ratio: 51/66][0.05 sec][Host: 40.186.239.80.in-addr.arpa][::][PLAIN TEXT (attens)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][ClearText][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes][Goodput ratio: 2/0][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][Encrypted][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes][Goodput ratio: 2/0][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes][Goodput ratio: 2/0][0.04 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][ClearText][cat: Network/14][2 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][ClearText][cat: Game/8][1 pkts/44 bytes <-> 1 pkts/60 bytes][Goodput ratio: 4/3][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -64,5 +64,5 @@ Starcraft 236 51494 6 48 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][ClearText][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/11][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][ClearText][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/11][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][ClearText][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/steam.pcap.out b/tests/result/steam.pcap.out index 8f13f6778..c9c9822a9 100644 --- a/tests/result/steam.pcap.out +++ b/tests/result/steam.pcap.out @@ -4,29 +4,29 @@ DPI Packets (UDP): 55 (1.00 pkts/flow) Steam 104 9020 55 - 1 UDP 192.168.188.149:45665 <-> 72.165.61.188:27018 [proto: 74/Steam][ClearText][cat: Game/8][5 pkts/846 bytes <-> 6 pkts/608 bytes][Goodput ratio: 75/58][0.69 sec][bytes ratio: 0.164 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/0 149/124 298/289 107/116][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 169/101 366/158 117/28][PLAIN TEXT (H@VS01)][Plen Bins: 0,63,9,9,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.188.149:45665 <-> 68.142.91.34:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.09 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.188.149:45665 <-> 68.142.91.35:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.10 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 192.168.188.149:45665 <-> 68.142.91.36:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.10 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP 192.168.188.149:45665 <-> 68.142.116.178:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.02 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.188.149:45665 <-> 68.142.116.179:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.02 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 192.168.188.149:45665 <-> 69.28.145.170:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.188.149:45665 <-> 69.28.145.170:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.188.149:45665 <-> 69.28.145.171:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 UDP 192.168.188.149:45665 <-> 69.28.145.171:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 UDP 192.168.188.149:45665 <-> 69.28.145.172:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.188.149:45665 <-> 69.28.145.172:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 192.168.188.149:45665 <-> 72.165.61.174:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 192.168.188.149:45665 <-> 72.165.61.174:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 UDP 192.168.188.149:45665 <-> 72.165.61.175:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 192.168.188.149:45665 <-> 72.165.61.175:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 UDP 192.168.188.149:45665 <-> 72.165.61.176:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][PLAIN TEXT (FIVS01)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 192.168.188.149:45665 <-> 72.165.61.176:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.188.149:45665 <-> 72.165.61.185:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 UDP 192.168.188.149:45665 <-> 72.165.61.185:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 192.168.188.149:45665 <-> 72.165.61.187:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 UDP 192.168.188.149:45665 <-> 72.165.61.187:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.168.188.149:45665 <-> 72.165.61.188:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.188.149:45665 <-> 72.165.61.188:27018 [proto: 74/Steam][Encrypted][cat: Game/8][5 pkts/846 bytes <-> 6 pkts/608 bytes][Goodput ratio: 75/58][0.69 sec][bytes ratio: 0.164 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/0 149/124 298/289 107/116][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 169/101 366/158 117/28][PLAIN TEXT (H@VS01)][Plen Bins: 0,63,9,9,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.188.149:45665 <-> 68.142.91.34:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.09 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.188.149:45665 <-> 68.142.91.35:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.10 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.188.149:45665 <-> 68.142.91.36:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.10 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.188.149:45665 <-> 68.142.116.178:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.02 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.188.149:45665 <-> 68.142.116.179:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.02 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.188.149:45665 <-> 69.28.145.170:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.188.149:45665 <-> 69.28.145.170:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.188.149:45665 <-> 69.28.145.171:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.188.149:45665 <-> 69.28.145.171:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.188.149:45665 <-> 69.28.145.172:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.188.149:45665 <-> 69.28.145.172:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.188.149:45665 <-> 72.165.61.174:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.188.149:45665 <-> 72.165.61.174:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 192.168.188.149:45665 <-> 72.165.61.175:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 192.168.188.149:45665 <-> 72.165.61.175:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 192.168.188.149:45665 <-> 72.165.61.176:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][PLAIN TEXT (FIVS01)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.188.149:45665 <-> 72.165.61.176:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.188.149:45665 <-> 72.165.61.185:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 192.168.188.149:45665 <-> 72.165.61.185:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.188.149:45665 <-> 72.165.61.187:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 192.168.188.149:45665 <-> 72.165.61.187:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.188.149:45665 <-> 72.165.61.188:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.188.149:45665 <-> 146.66.152.12:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.19 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.168.188.149:45665 <-> 146.66.152.12:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.19 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.188.149:45665 <-> 146.66.152.12:27019 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.20 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -39,23 +39,23 @@ Steam 104 9020 55 33 UDP 192.168.188.149:45665 <-> 146.66.152.15:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.19 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 UDP 192.168.188.149:45665 <-> 146.66.152.15:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.19 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP 192.168.188.149:45665 <-> 146.66.152.15:27019 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.18 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 UDP 192.168.188.149:45665 <-> 208.111.133.84:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.16 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 UDP 192.168.188.149:45665 <-> 208.111.133.84:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.15 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 UDP 192.168.188.149:45665 <-> 208.111.133.85:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.16 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 UDP 192.168.188.149:45665 <-> 208.111.133.85:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.16 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 UDP 192.168.188.149:45665 <-> 208.111.171.82:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.08 sec][PLAIN TEXT (b VS01)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 UDP 192.168.188.149:45665 -> 81.171.115.5:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 UDP 192.168.188.149:45665 -> 81.171.115.5:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 UDP 192.168.188.149:45665 -> 81.171.115.5:27019 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 UDP 192.168.188.149:45665 -> 81.171.115.6:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 UDP 192.168.188.149:45665 -> 81.171.115.6:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 UDP 192.168.188.149:45665 -> 81.171.115.6:27019 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 UDP 192.168.188.149:45665 -> 81.171.115.7:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 UDP 192.168.188.149:45665 -> 81.171.115.7:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 UDP 192.168.188.149:45665 -> 81.171.115.7:27019 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 UDP 192.168.188.149:45665 -> 81.171.115.8:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 UDP 192.168.188.149:45665 -> 81.171.115.8:27018 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 UDP 192.168.188.149:45665 -> 81.171.115.8:27019 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 UDP 192.168.188.149:45665 -> 203.77.185.4:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 UDP 192.168.188.149:45665 -> 203.77.185.5:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 UDP 192.168.188.149:45665 -> 208.111.171.83:27017 [proto: 74/Steam][ClearText][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 UDP 192.168.188.149:45665 <-> 208.111.133.84:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.16 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 UDP 192.168.188.149:45665 <-> 208.111.133.84:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.15 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 UDP 192.168.188.149:45665 <-> 208.111.133.85:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.16 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 UDP 192.168.188.149:45665 <-> 208.111.133.85:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.16 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 UDP 192.168.188.149:45665 <-> 208.111.171.82:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.08 sec][PLAIN TEXT (b VS01)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 UDP 192.168.188.149:45665 -> 81.171.115.5:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 UDP 192.168.188.149:45665 -> 81.171.115.5:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 UDP 192.168.188.149:45665 -> 81.171.115.5:27019 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 UDP 192.168.188.149:45665 -> 81.171.115.6:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 192.168.188.149:45665 -> 81.171.115.6:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 UDP 192.168.188.149:45665 -> 81.171.115.6:27019 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 UDP 192.168.188.149:45665 -> 81.171.115.7:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 UDP 192.168.188.149:45665 -> 81.171.115.7:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 UDP 192.168.188.149:45665 -> 81.171.115.7:27019 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 UDP 192.168.188.149:45665 -> 81.171.115.8:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 UDP 192.168.188.149:45665 -> 81.171.115.8:27018 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 UDP 192.168.188.149:45665 -> 81.171.115.8:27019 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 UDP 192.168.188.149:45665 -> 203.77.185.4:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 UDP 192.168.188.149:45665 -> 203.77.185.5:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 UDP 192.168.188.149:45665 -> 208.111.171.83:27017 [proto: 74/Steam][Encrypted][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/steam_datagram_relay_ping.pcapng.out b/tests/result/steam_datagram_relay_ping.pcapng.out index 61df5ec4f..c9de0e808 100644 --- a/tests/result/steam_datagram_relay_ping.pcapng.out +++ b/tests/result/steam_datagram_relay_ping.pcapng.out @@ -4,4 +4,4 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) Steam 2 2684 1 - 1 UDP 192.168.2.100:52157 -> 139.45.193.10:27018 [proto: 74/Steam][ClearText][cat: Game/8][2 pkts/2684 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.52 sec][PLAIN TEXT (sdping)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0] + 1 UDP 192.168.2.100:52157 -> 139.45.193.10:27018 [proto: 74/Steam][Encrypted][cat: Game/8][2 pkts/2684 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.52 sec][PLAIN TEXT (sdping)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0] diff --git a/tests/result/synscan.pcap.out b/tests/result/synscan.pcap.out index f34c833ef..cc6a7c69b 100644 --- a/tests/result/synscan.pcap.out +++ b/tests/result/synscan.pcap.out @@ -56,7 +56,7 @@ TargusDataspeed 2 116 2 DNP3 2 116 2 iSCSI 2 116 2 - 1 TCP 172.16.0.8:36050 -> 64.13.134.52:22 [proto: 92/SSH][ClearText][cat: RemoteAccess/12][5 pkts/298 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][21.68 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 172.16.0.8:36050 -> 64.13.134.52:22 [proto: 92/SSH][Encrypted][cat: RemoteAccess/12][5 pkts/298 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][21.68 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][::][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.16.0.8:36050 <-> 64.13.134.52:80 [proto: 7/HTTP][ClearText][cat: Web/5][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.27 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 172.16.0.8:36050 <-> 64.13.134.52:25 [proto: 3/SMTP][ClearText][cat: Email/3][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -72,24 +72,24 @@ iSCSI 2 116 2 14 TCP 172.16.0.8:36050 -> 64.13.134.52:143 [proto: 4/IMAP][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 172.16.0.8:36050 -> 64.13.134.52:179 [proto: 13/BGP][ClearText][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP 172.16.0.8:36050 -> 64.13.134.52:389 [proto: 112/LDAP][ClearText][cat: System/18][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 172.16.0.8:36050 -> 64.13.134.52:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 172.16.0.8:36050 -> 64.13.134.52:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 TCP 172.16.0.8:36050 -> 64.13.134.52:445 [proto: 41/SMBv23][ClearText][cat: System/18][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 172.16.0.8:36050 -> 64.13.134.52:465 [proto: 29/SMTPS][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 TCP 172.16.0.8:36050 -> 64.13.134.52:500 [proto: 79/IPsec][ClearText][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 172.16.0.8:36050 -> 64.13.134.52:465 [proto: 29/SMTPS][Encrypted][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP 172.16.0.8:36050 -> 64.13.134.52:500 [proto: 79/IPsec][Encrypted][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 172.16.0.8:36050 -> 64.13.134.52:514 [proto: 17/Syslog][ClearText][cat: System/18][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 172.16.0.8:36050 -> 64.13.134.52:548 [proto: 97/AFP][ClearText][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 TCP 172.16.0.8:36050 -> 64.13.134.52:554 [proto: 50/RTSP][ClearText][cat: Media/1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP 172.16.0.8:36050 -> 64.13.134.52:587 [proto: 29/SMTPS][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP 172.16.0.8:36050 -> 64.13.134.52:587 [proto: 29/SMTPS][Encrypted][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 172.16.0.8:36050 -> 64.13.134.52:873 [proto: 166/RSYNC][ClearText][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 TCP 172.16.0.8:36050 -> 64.13.134.52:903 [proto: 28/VMware][ClearText][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP 172.16.0.8:36050 -> 64.13.134.52:993 [proto: 51/IMAPS][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP 172.16.0.8:36050 -> 64.13.134.52:995 [proto: 23/POPS][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 TCP 172.16.0.8:36050 -> 64.13.134.52:993 [proto: 51/IMAPS][Encrypted][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP 172.16.0.8:36050 -> 64.13.134.52:995 [proto: 23/POPS][Encrypted][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 172.16.0.8:36050 -> 64.13.134.52:1080 [proto: 172/SOCKS][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 172.16.0.8:36050 -> 64.13.134.52:1119 [proto: 213/Starcraft][ClearText][cat: Game/8][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 172.16.0.8:36050 -> 64.13.134.52:1352 [proto: 150/LotusNotes][ClearText][cat: Collaborative/15][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 172.16.0.8:36050 -> 64.13.134.52:1433 [proto: 114/MsSQL-TDS][ClearText][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 TCP 172.16.0.8:36050 -> 64.13.134.52:1434 [proto: 114/MsSQL-TDS][ClearText][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 172.16.0.8:36050 -> 64.13.134.52:1494 [proto: 132/Citrix][ClearText][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 172.16.0.8:36050 -> 64.13.134.52:1494 [proto: 132/Citrix][Encrypted][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 TCP 172.16.0.8:36050 -> 64.13.134.52:1521 [proto: 167/Oracle][ClearText][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 TCP 172.16.0.8:36050 -> 64.13.134.52:1719 [proto: 158/H323][ClearText][cat: VoIP/10][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 TCP 172.16.0.8:36050 -> 64.13.134.52:1720 [proto: 158/H323][ClearText][cat: VoIP/10][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -112,14 +112,14 @@ iSCSI 2 116 2 54 TCP 172.16.0.8:36050 -> 64.13.134.52:5800 [proto: 89/VNC][ClearText][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 TCP 172.16.0.8:36050 -> 64.13.134.52:5900 [proto: 89/VNC][ClearText][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 172.16.0.8:36050 -> 64.13.134.52:5901 [proto: 89/VNC][ClearText][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 TCP 172.16.0.8:36050 -> 64.13.134.52:8008 [proto: 161/CiscoVPN][ClearText][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 TCP 172.16.0.8:36050 -> 64.13.134.52:8008 [proto: 161/CiscoVPN][Encrypted][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 TCP 172.16.0.8:36050 -> 64.13.134.52:8009 [proto: 139/AJP][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 TCP 172.16.0.8:36050 -> 64.13.134.52:8010 [proto: 139/AJP][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 TCP 172.16.0.8:36050 -> 64.13.134.52:8080 [proto: 131/HTTP_Proxy][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 61 TCP 172.16.0.8:36050 -> 64.13.134.52:8181 [proto: 7/HTTP][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 TCP 172.16.0.8:36050 -> 64.13.134.52:8333 [proto: 42/Mining][ClearText][cat: Mining/99][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 63 TCP 172.16.0.8:36050 -> 64.13.134.52:9418 [proto: 226/Git][ClearText][cat: Collaborative/15][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 64 TCP 172.16.0.8:36050 -> 64.13.134.52:10000 [proto: 161/CiscoVPN][ClearText][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 TCP 172.16.0.8:36050 -> 64.13.134.52:10000 [proto: 161/CiscoVPN][Encrypted][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 65 TCP 172.16.0.8:36050 -> 64.13.134.52:20000 [proto: 244/DNP3][ClearText][cat: IoT-Scada/31][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 66 TCP 172.16.0.8:36051 -> 64.13.134.52:20 [proto: 175/FTP_DATA][ClearText][cat: Download/7][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 67 TCP 172.16.0.8:36051 -> 64.13.134.52:21 [proto: 1/FTP_CONTROL][ClearText][cat: Download/7][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -133,24 +133,24 @@ iSCSI 2 116 2 75 TCP 172.16.0.8:36051 -> 64.13.134.52:143 [proto: 4/IMAP][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 TCP 172.16.0.8:36051 -> 64.13.134.52:179 [proto: 13/BGP][ClearText][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 77 TCP 172.16.0.8:36051 -> 64.13.134.52:389 [proto: 112/LDAP][ClearText][cat: System/18][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 78 TCP 172.16.0.8:36051 -> 64.13.134.52:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 78 TCP 172.16.0.8:36051 -> 64.13.134.52:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 TCP 172.16.0.8:36051 -> 64.13.134.52:445 [proto: 41/SMBv23][ClearText][cat: System/18][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 80 TCP 172.16.0.8:36051 -> 64.13.134.52:465 [proto: 29/SMTPS][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 81 TCP 172.16.0.8:36051 -> 64.13.134.52:500 [proto: 79/IPsec][ClearText][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 80 TCP 172.16.0.8:36051 -> 64.13.134.52:465 [proto: 29/SMTPS][Encrypted][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 81 TCP 172.16.0.8:36051 -> 64.13.134.52:500 [proto: 79/IPsec][Encrypted][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 82 TCP 172.16.0.8:36051 -> 64.13.134.52:514 [proto: 17/Syslog][ClearText][cat: System/18][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 83 TCP 172.16.0.8:36051 -> 64.13.134.52:548 [proto: 97/AFP][ClearText][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 84 TCP 172.16.0.8:36051 -> 64.13.134.52:554 [proto: 50/RTSP][ClearText][cat: Media/1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 85 TCP 172.16.0.8:36051 -> 64.13.134.52:587 [proto: 29/SMTPS][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 85 TCP 172.16.0.8:36051 -> 64.13.134.52:587 [proto: 29/SMTPS][Encrypted][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 86 TCP 172.16.0.8:36051 -> 64.13.134.52:873 [proto: 166/RSYNC][ClearText][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 87 TCP 172.16.0.8:36051 -> 64.13.134.52:903 [proto: 28/VMware][ClearText][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 88 TCP 172.16.0.8:36051 -> 64.13.134.52:993 [proto: 51/IMAPS][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 89 TCP 172.16.0.8:36051 -> 64.13.134.52:995 [proto: 23/POPS][ClearText][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 88 TCP 172.16.0.8:36051 -> 64.13.134.52:993 [proto: 51/IMAPS][Encrypted][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 89 TCP 172.16.0.8:36051 -> 64.13.134.52:995 [proto: 23/POPS][Encrypted][cat: Email/3][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 90 TCP 172.16.0.8:36051 -> 64.13.134.52:1080 [proto: 172/SOCKS][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 91 TCP 172.16.0.8:36051 -> 64.13.134.52:1119 [proto: 213/Starcraft][ClearText][cat: Game/8][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 92 TCP 172.16.0.8:36051 -> 64.13.134.52:1352 [proto: 150/LotusNotes][ClearText][cat: Collaborative/15][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 93 TCP 172.16.0.8:36051 -> 64.13.134.52:1433 [proto: 114/MsSQL-TDS][ClearText][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 94 TCP 172.16.0.8:36051 -> 64.13.134.52:1434 [proto: 114/MsSQL-TDS][ClearText][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 95 TCP 172.16.0.8:36051 -> 64.13.134.52:1494 [proto: 132/Citrix][ClearText][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 95 TCP 172.16.0.8:36051 -> 64.13.134.52:1494 [proto: 132/Citrix][Encrypted][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 96 TCP 172.16.0.8:36051 -> 64.13.134.52:1521 [proto: 167/Oracle][ClearText][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 97 TCP 172.16.0.8:36051 -> 64.13.134.52:1719 [proto: 158/H323][ClearText][cat: VoIP/10][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 98 TCP 172.16.0.8:36051 -> 64.13.134.52:1720 [proto: 158/H323][ClearText][cat: VoIP/10][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -173,14 +173,14 @@ iSCSI 2 116 2 115 TCP 172.16.0.8:36051 -> 64.13.134.52:5800 [proto: 89/VNC][ClearText][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 116 TCP 172.16.0.8:36051 -> 64.13.134.52:5900 [proto: 89/VNC][ClearText][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 117 TCP 172.16.0.8:36051 -> 64.13.134.52:5901 [proto: 89/VNC][ClearText][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 118 TCP 172.16.0.8:36051 -> 64.13.134.52:8008 [proto: 161/CiscoVPN][ClearText][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 118 TCP 172.16.0.8:36051 -> 64.13.134.52:8008 [proto: 161/CiscoVPN][Encrypted][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 119 TCP 172.16.0.8:36051 -> 64.13.134.52:8009 [proto: 139/AJP][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 120 TCP 172.16.0.8:36051 -> 64.13.134.52:8010 [proto: 139/AJP][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 121 TCP 172.16.0.8:36051 -> 64.13.134.52:8080 [proto: 131/HTTP_Proxy][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 122 TCP 172.16.0.8:36051 -> 64.13.134.52:8181 [proto: 7/HTTP][ClearText][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 123 TCP 172.16.0.8:36051 -> 64.13.134.52:8333 [proto: 42/Mining][ClearText][cat: Mining/99][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 124 TCP 172.16.0.8:36051 -> 64.13.134.52:9418 [proto: 226/Git][ClearText][cat: Collaborative/15][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 125 TCP 172.16.0.8:36051 -> 64.13.134.52:10000 [proto: 161/CiscoVPN][ClearText][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 125 TCP 172.16.0.8:36051 -> 64.13.134.52:10000 [proto: 161/CiscoVPN][Encrypted][cat: VPN/2][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 126 TCP 172.16.0.8:36051 -> 64.13.134.52:20000 [proto: 244/DNP3][ClearText][cat: IoT-Scada/31][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index 9a35d09b0..b29dfbe5f 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -45,12 +45,12 @@ JA3 Host Stats: 19 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][Encrypted][cat: Collaborative/15][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] 20 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][Encrypted][cat: Collaborative/15][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] 21 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Encrypted][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TLSv1.2][Client: northeurope.notifications.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 22 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][ClearText][cat: Web/5][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][ALPN: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][Client: api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0] - 23 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][ClearText][cat: Web/5][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][ALPN: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][Client: euno-1.api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0] + 22 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][Encrypted][cat: Web/5][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][ALPN: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][Client: api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0] + 23 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][Encrypted][cat: Web/5][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][ALPN: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][Client: euno-1.api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0] 24 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][Encrypted][cat: Cloud/13][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0] 25 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Encrypted][cat: Collaborative/15][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][ALPN: h2;http/1.1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][TLSv1.2][Client: config.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] - 26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91/TLS][ClearText][cat: Web/5][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] - 27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91/TLS][ClearText][cat: Web/5][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] + 26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91/TLS][Encrypted][cat: Web/5][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] + 27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91/TLS][Encrypted][cat: Web/5][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] 28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Encrypted][cat: Collaborative/15][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: trouter2-asse-a.trouter.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0] 29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][Encrypted][cat: Collaborative/15][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0] 30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91.121/TLS.Dropbox][Encrypted][cat: Cloud/13][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0] @@ -68,7 +68,7 @@ JA3 Host Stats: 42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.250/STUN.Teams][ClearText][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][ClearText][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Host: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.250/STUN.Teams][ClearText][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.250/STUN.Teams][ClearText][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.250/STUN.Teams][ClearText][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.SkypeCall][ClearText][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Risk: ** Known protocol on non standard port **][Risk Score: 50][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -105,7 +105,7 @@ JA3 Host Stats: 79 UDP 192.168.1.6:60813 <-> 192.168.1.1:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/109 bytes][Goodput ratio: 54/61][0.01 sec][Host: skypedataprdcolneu04.cloudapp.net][52.114.77.33][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 TCP 192.168.1.6:58533 -> 149.154.167.91:443 [proto: 91.185/TLS.Telegram][Encrypted][cat: Chat/9][3 pkts/186 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][4.29 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 ICMP 93.71.110.205:0 -> 192.168.1.6:0 [proto: 81/ICMP][ClearText][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 82 UDP 192.168.1.112:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 82 UDP 192.168.1.112:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/telegram.pcap.out b/tests/result/telegram.pcap.out index 84127bd93..fadcdf83c 100644 --- a/tests/result/telegram.pcap.out +++ b/tests/result/telegram.pcap.out @@ -43,7 +43,7 @@ GoogleServices 2 186 1 23 UDP [fe80::18a0:a412:8935:c01b]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][cat: Network/14][5 pkts/945 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][40.09 sec][Host: _sleep-proxy._udp.local][_sleep-proxy._udp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,0,60,20,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.1.77:52127 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.168.1.53:56384 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][4 pkts/672 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.01 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 UDP 192.168.1.53:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][8 pkts/656 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][40.88 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1749/0 5840/0 21180/0 6407/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (fSpotUdp0)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 192.168.1.53:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][8 pkts/656 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][40.88 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1749/0 5840/0 21180/0 6407/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (fSpotUdp0)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 UDP 192.168.1.75:57916 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][3 pkts/501 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][0.30 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][ClearText][cat: Network/14][1 pkts/397 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (6.10.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 UDP 192.168.1.53:50698 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][2 pkts/336 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][2.00 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -53,7 +53,7 @@ GoogleServices 2 186 1 33 UDP 192.168.1.77:52118 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][ClearText][cat: Cloud/13][1 pkts/75 bytes <-> 1 pkts/209 bytes][Goodput ratio: 43/80][0.01 sec][Host: in.appcenter.ms][20.44.78.251][PLAIN TEXT (appcenter)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 UDP 192.168.1.77:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Host: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP 192.168.1.43:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][ClearText][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Host: desktop-rb5t12g][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EEEFFDELFEEPFACNFCECDFFEDBDCEH)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 UDP 192.168.1.77:23174 -> 87.11.205.195:60723 [proto: 159/OpenVPN][ClearText][cat: VPN/2][2 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][1.50 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 UDP 192.168.1.77:23174 -> 87.11.205.195:60723 [proto: 159/OpenVPN][Encrypted][cat: VPN/2][2 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][1.50 sec][Risk: ** Known protocol on non standard port **][Risk Score: 50][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 UDP 192.168.1.77:58615 <-> 192.168.1.1:53 [proto: 5.121/DNS.Dropbox][ClearText][cat: Cloud/13][1 pkts/81 bytes <-> 1 pkts/123 bytes][Goodput ratio: 48/65][0.03 sec][Host: telemetry.dropbox.com][162.125.19.9][PLAIN TEXT (telemetry)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 UDP 192.168.1.77:49764 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][ClearText][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/121 bytes][Goodput ratio: 42/65][0.05 sec][Host: dati.ntop.org][167.99.215.164][PLAIN TEXT (digitalocean)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 UDP 192.168.1.77:47127 <-> 192.168.1.1:53 [proto: 5.239/DNS.GoogleServices][ClearText][cat: Web/5][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.00 sec][Host: www.googletagservices.com][192.168.1.157][PLAIN TEXT (googletagservices)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -63,7 +63,7 @@ GoogleServices 2 186 1 43 UDP 192.168.1.77:5812 <-> 192.168.1.1:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.00 sec][Host: pixel.wp.com][192.168.1.157][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP [fe80::4dc:edec:5b0c:a661]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][cat: Network/14][1 pkts/111 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Host: _raop._tcp.local][_raop._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 UDP 192.168.1.52:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Host: _raop._tcp.local][_raop._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 UDP 192.168.1.77:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 UDP 192.168.1.77:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/tls_certificate_too_long.pcap.out b/tests/result/tls_certificate_too_long.pcap.out index 0b6c1873c..6b373c2c2 100644 --- a/tests/result/tls_certificate_too_long.pcap.out +++ b/tests/result/tls_certificate_too_long.pcap.out @@ -39,7 +39,7 @@ JA3 Host Stats: 19 UDP 192.168.1.121:58161 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][ClearText][cat: Cloud/13][1 pkts/77 bytes <-> 1 pkts/244 bytes][Goodput ratio: 45/82][0.03 sec][Host: www.microsoft.com][2.22.33.235][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP [fe80::1059:a858:f9e7:cf94]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][cat: Network/14][2 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][1.02 sec][Host: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 UDP 192.168.1.121:65492 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][ClearText][cat: Cloud/13][1 pkts/115 bytes <-> 1 pkts/191 bytes][Goodput ratio: 63/78][0.07 sec][Host: wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com][::][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP 192.168.1.121:53905 <-> 140.82.113.26:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/163 bytes][Goodput ratio: 0/19][0.11 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 192.168.1.121:53905 <-> 140.82.113.26:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/163 bytes][Goodput ratio: 0/19][0.11 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 UDP 192.168.1.121:53884 <-> 8.8.8.8:53 [proto: 5.212/DNS.Microsoft][ClearText][cat: Cloud/13][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 46/79][0.02 sec][Host: wdcp.microsoft.com][40.113.10.47][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.1.139:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][2 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][1.02 sec][Host: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.168.1.121:65213 <-> 8.8.8.8:53 [proto: 5.140/DNS.Apple][ClearText][cat: Web/5][1 pkts/80 bytes <-> 1 pkts/193 bytes][Goodput ratio: 47/78][0.01 sec][Host: time-macos.apple.com][17.253.54.251][PLAIN TEXT (aaplimg)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -49,7 +49,7 @@ JA3 Host Stats: 29 UDP 192.168.1.121:50288 <-> 17.253.54.251:123 [proto: 9.140/NTP.Apple][ClearText][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 53/53][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 UDP 192.168.1.121:56865 <-> 17.253.54.251:123 [proto: 9.140/NTP.Apple][ClearText][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 53/53][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 UDP 192.168.1.121:65099 <-> 17.253.54.251:123 [proto: 9.140/NTP.Apple][ClearText][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 53/53][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 192.168.1.121:52746 <-> 52.149.21.60:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 192.168.1.121:52746 <-> 52.149.21.60:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 IGMP 192.168.1.139:0 -> 224.0.0.2:0 [proto: 82/IGMP][ClearText][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 IGMP 192.168.1.139:0 -> 224.0.0.251:0 [proto: 82/IGMP][ClearText][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tls_invalid_reads.pcap.out b/tests/result/tls_invalid_reads.pcap.out index 433e69632..c6ac8cc43 100644 --- a/tests/result/tls_invalid_reads.pcap.out +++ b/tests/result/tls_invalid_reads.pcap.out @@ -10,6 +10,6 @@ JA3 Host Stats: 1 10.191.139.17 1 - 1 TCP 192.168.10.101:3967 <-> 206.33.61.113:443 [proto: 91/TLS][ClearText][cat: Web/5][4 pkts/330 bytes <-> 3 pkts/1497 bytes][Goodput ratio: 31/89][0.08 sec][bytes ratio: -0.639 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/38 25/19 58/38 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 82/499 156/905 43/346][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3S: 53611273a714cb4789c8222932efd5a7 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.10.101:3967 <-> 206.33.61.113:443 [proto: 91/TLS][Encrypted][cat: Web/5][4 pkts/330 bytes <-> 3 pkts/1497 bytes][Goodput ratio: 31/89][0.08 sec][bytes ratio: -0.639 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/38 25/19 58/38 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 82/499 156/905 43/346][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3S: 53611273a714cb4789c8222932efd5a7 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.191.139.17:58552 <-> 54.221.224.45:443 [VLAN: 2][proto: GTP:91.178/TLS.Amazon][Encrypted][cat: Web/5][2 pkts/442 bytes <-> 1 pkts/118 bytes][Goodput ratio: 41/0][0.23 sec][ALPN: ][Risk: ** TLS suspicious extension **][Risk Score: 100][TLSv1.2][Client: e.crashlytics.com][JA3C: 5f704e1e0a47641621b22177875f4e85][Firefox][PLAIN TEXT (e.crashlytics.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 74.80.160.99:3258 -> 67.217.77.28:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/64 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 74.80.160.99:3258 -> 67.217.77.28:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/64 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tls_long_cert.pcap.out b/tests/result/tls_long_cert.pcap.out index 9a1d1ade1..b152955db 100644 --- a/tests/result/tls_long_cert.pcap.out +++ b/tests/result/tls_long_cert.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 192.168.2.126 1 - 1 TCP 192.168.2.126:60174 <-> 104.111.215.93:443 [proto: 91/TLS][ClearText][cat: Web/5][86 pkts/8534 bytes <-> 96 pkts/109067 bytes][Goodput ratio: 33/94][71.34 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1046/930 45462/45488 6189/5865][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 99/1136 902/1514 118/525][TLSv1.2][Client: www.repubblica.it][JA3C: 66918128f1b9b03303d77c6f2eefd128][ServerNames: www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018][Subject: C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it][Certificate SHA-1: 0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1][Chrome][Validity: 2019-03-07 00:00:00 - 2020-05-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,4,3,1,1,0,2,3,0,0,1,0,1,0,0,1,0,0,0,6,0,0,0,1,0,1,0,0,1,0,0,13,0,0,0,0,2,0,0,1,1,0,0,0,54,0,0] + 1 TCP 192.168.2.126:60174 <-> 104.111.215.93:443 [proto: 91/TLS][Encrypted][cat: Web/5][86 pkts/8534 bytes <-> 96 pkts/109067 bytes][Goodput ratio: 33/94][71.34 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1046/930 45462/45488 6189/5865][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 99/1136 902/1514 118/525][TLSv1.2][Client: www.repubblica.it][JA3C: 66918128f1b9b03303d77c6f2eefd128][ServerNames: www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018][Subject: C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it][Certificate SHA-1: 0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1][Chrome][Validity: 2019-03-07 00:00:00 - 2020-05-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,4,3,1,1,0,2,3,0,0,1,0,1,0,0,1,0,0,0,6,0,0,0,1,0,1,0,0,1,0,0,13,0,0,0,0,2,0,0,1,1,0,0,0,54,0,0] diff --git a/tests/result/tls_verylong_certificate.pcap.out b/tests/result/tls_verylong_certificate.pcap.out index 2260bf0e8..de2cbb03c 100644 --- a/tests/result/tls_verylong_certificate.pcap.out +++ b/tests/result/tls_verylong_certificate.pcap.out @@ -9,4 +9,4 @@ JA3 Host Stats: 1 192.168.1.160 1 - 1 TCP 192.168.1.160:54804 <-> 151.101.66.49:443 [proto: 91/TLS][ClearText][cat: Media/1][24 pkts/2404 bytes <-> 24 pkts/19825 bytes][Goodput ratio: 35/92][0.09 sec][ALPN: http/1.1][bytes ratio: -0.784 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 15/21 5/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 100/826 583/1434 109/662][TLSv1.2][Client: feodotracker.abuse.ch][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net][Certificate SHA-1: E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B][Firefox][Validity: 2019-11-19 01:31:22 - 2020-08-29 17:19:32][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,16,0,4,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,55,0,0,0,0,0] + 1 TCP 192.168.1.160:54804 <-> 151.101.66.49:443 [proto: 91/TLS][Encrypted][cat: Media/1][24 pkts/2404 bytes <-> 24 pkts/19825 bytes][Goodput ratio: 35/92][0.09 sec][ALPN: http/1.1][bytes ratio: -0.784 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 15/21 5/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 100/826 583/1434 109/662][TLSv1.2][Client: feodotracker.abuse.ch][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net][Certificate SHA-1: E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B][Firefox][Validity: 2019-11-19 01:31:22 - 2020-08-29 17:19:32][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,16,0,4,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,55,0,0,0,0,0] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 487cb9852..1b990e4ab 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -14,14 +14,14 @@ JA3 Host Stats: 1 192.168.1.252 1 - 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 91/TLS][ClearText][cat: Web/5][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][Goodput ratio: 78/95][134.33 sec][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/86 33482/11394 1582/404][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 262/1176 1514/1514 349/544][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,2,0,0,0,1,3,0,1,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,1,0,42,0,0] + 1 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 91/TLS][Encrypted][cat: Web/5][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes][Goodput ratio: 78/95][134.33 sec][bytes ratio: -0.760 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/86 33482/11394 1582/404][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 262/1176 1514/1514 349/544][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: www.jmts2id.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,2,0,0,0,1,3,0,1,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,1,0,42,0,0] 2 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 91.163/TLS.Tor][Encrypted][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes][Goodput ratio: 77/96][106.13 sec][bytes ratio: -0.790 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/109 30770/31166 1830/1316][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 252/1248 1514/1514 355/507][Risk: ** Obsolete TLS version (older than 1.2) **** Suspicious DGA domain name **** Unsafe Protocol **][Risk Score: 210][TLSv1][Client: www.q4cyamnc6mtokjurvdclt.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: e1691a31bfe345d2692da75636ddfb00][Issuer: CN=www.gg562izcxdvqdk.com][Subject: CN=www.fcsyvnlemwxv5p.net][Certificate SHA-1: C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A][Validity: 2013-09-15 00:00:00 - 2014-02-21 23:59:59][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,1,74,0,0] - 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 91/TLS][ClearText][cat: Web/5][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][Goodput ratio: 84/91][109.04 sec][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2212/966 44777/37995 8343/4770][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 366/580 1514/1514 350/568][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.xkgk7fdx362yyyxib.com][Subject: CN=www.g6ghvisevf3ibuu5.net][Certificate SHA-1: 94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7][Validity: 2013-10-03 00:00:00 - 2013-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 2,1,1,1,1,0,1,0,0,3,0,0,0,0,0,0,2,0,58,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,1,0,22,0,0] + 3 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 91/TLS][Encrypted][cat: Web/5][62 pkts/22715 bytes <-> 79 pkts/45823 bytes][Goodput ratio: 84/91][109.04 sec][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2212/966 44777/37995 8343/4770][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 366/580 1514/1514 350/568][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: www.ct7ctrgb6cr7.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.xkgk7fdx362yyyxib.com][Subject: CN=www.g6ghvisevf3ibuu5.net][Certificate SHA-1: 94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7][Validity: 2013-10-03 00:00:00 - 2013-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 2,1,1,1,1,0,1,0,0,3,0,0,0,0,0,0,2,0,58,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,1,0,22,0,0] 4 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 91.163/TLS.Tor][Encrypted][cat: VPN/2][17 pkts/5489 bytes <-> 21 pkts/7031 bytes][Goodput ratio: 82/84][135.32 sec][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 10378/8441 132386/132736 35221/32094][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 323/335 640/1514 270/385][Risk: ** Obsolete TLS version (older than 1.2) **** Suspicious DGA domain name **** Unsafe Protocol **][Risk Score: 210][TLSv1][Client: www.gfu7hbxpfp.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.xkgk7fdx362yyyxib.com][Subject: CN=www.g6ghvisevf3ibuu5.net][Certificate SHA-1: 94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7][Validity: 2013-10-03 00:00:00 - 2013-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,5,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,65,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] 5 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 91.163/TLS.Tor][Encrypted][cat: VPN/2][16 pkts/4858 bytes <-> 18 pkts/6284 bytes][Goodput ratio: 81/84][108.05 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 6124/2564 71328/34353 19661/8817][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 304/349 640/1514 267/398][Risk: ** Obsolete TLS version (older than 1.2) **** Suspicious DGA domain name **** Unsafe Protocol **][Risk Score: 210][TLSv1][Client: www.e6r5p57kbafwrxj3plz.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.gmvuy6mtjbxevwo3w.com][Subject: CN=www.bpcau5b3haif5els.net][Certificate SHA-1: 3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C][Validity: 2013-06-07 00:00:00 - 2014-02-07 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,5,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] - 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 91/TLS][ClearText][cat: Web/5][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][Goodput ratio: 75/87][135.27 sec][bytes ratio: -0.292 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 11234/11261 72591/72890 25060/25130][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 231/421 640/1514 243/403][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.wohgpas45j6ucw.com][Subject: CN=www.7d43ah2kikrabj.net][Certificate SHA-1: F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B][Validity: 2013-09-11 00:00:00 - 2013-11-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,11,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] - 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 91/TLS][ClearText][cat: Web/5][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][Goodput ratio: 76/87][74.24 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/15 6155/6464 63835/63837 17571/19124][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 242/430 640/1514 247/416][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.a3uycdf3rn5md.com][Subject: CN=www.l7xvysfnvkb.net][Certificate SHA-1: EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0][Validity: 2013-11-02 00:00:00 - 2014-02-17 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,12,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] + 6 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 91/TLS][Encrypted][cat: Web/5][16 pkts/3691 bytes <-> 16 pkts/6740 bytes][Goodput ratio: 75/87][135.27 sec][bytes ratio: -0.292 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 11234/11261 72591/72890 25060/25130][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 231/421 640/1514 243/403][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: www.t3i3ru.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.wohgpas45j6ucw.com][Subject: CN=www.7d43ah2kikrabj.net][Certificate SHA-1: F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B][Validity: 2013-09-11 00:00:00 - 2013-11-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,5,11,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] + 7 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 91/TLS][Encrypted][cat: Web/5][15 pkts/3634 bytes <-> 14 pkts/6027 bytes][Goodput ratio: 76/87][74.24 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/15 6155/6464 63835/63837 17571/19124][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 242/430 640/1514 247/416][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][Client: www.6gyip7tqim7sieb.com][JA3C: 581a3c7f54555512b8cd16e87dfe165b][JA3S: 184d532a16876b78846ae6a03f654890][Issuer: CN=www.a3uycdf3rn5md.com][Subject: CN=www.l7xvysfnvkb.net][Certificate SHA-1: EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0][Validity: 2013-11-02 00:00:00 - 2014-02-17 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,12,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] 8 UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][ClearText][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][600.89 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30033/0 66765/0 360548/0 103868/0][Pkt Len c2s/s2c min/avg/max/stddev: 186/0 186/0 186/0 0/0][PLAIN TEXT ( 676879976)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][ClearText][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][31.41 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 6282/0 16006/0 5400/0][Pkt Len c2s/s2c min/avg/max/stddev: 151/0 151/0 151/0 0/0][PLAIN TEXT (Endian)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][ClearText][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Host: endian-pc][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EFEOEEEJEBEOCNFAEDCACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tumblr.pcap.out b/tests/result/tumblr.pcap.out index 9063c95fe..fbf7bc479 100644 --- a/tests/result/tumblr.pcap.out +++ b/tests/result/tumblr.pcap.out @@ -13,50 +13,50 @@ JA3 Host Stats: 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 2 - 1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56794 <-> [64:ff9b::c000:4d03]:443 [proto: 91/TLS][ClearText][cat: Web/5][4211 pkts/395469 bytes <-> 16806 pkts/21471795 bytes][Goodput ratio: 5/93][17.22 sec][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 7179/1998 174/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 94/1278 1474/2858 55/501][Plen Bins: 21,2,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0] + 1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56794 <-> [64:ff9b::c000:4d03]:443 [proto: 91/TLS][Encrypted][cat: Web/5][4211 pkts/395469 bytes <-> 16806 pkts/21471795 bytes][Goodput ratio: 5/93][17.22 sec][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 7179/1998 174/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 94/1278 1474/2858 55/501][Plen Bins: 21,2,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0] 2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56842 <-> [64:ff9b::c000:4d03]:443 [proto: 91.90/TLS.Tumblr][Encrypted][cat: SocialNetwork/6][761 pkts/66942 bytes <-> 910 pkts/1112522 bytes][Goodput ratio: 2/93][6.32 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/1 5753/83 236/5][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 88/1223 603/2512 26/530][TLSv1.3][Client: 64.media.tumblr.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,1,1,1,0,0,1,0,1,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,71,0,0,0,1] - 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:42908 <-> [64:ff9b::98c7:1593]:443 [proto: 91/TLS][ClearText][cat: Web/5][385 pkts/77999 bytes <-> 477 pkts/518966 bytes][Goodput ratio: 58/92][18.94 sec][bytes ratio: -0.739 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/13 11658/1405 679/90][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 203/1088 1474/2380 361/613][Plen Bins: 8,3,0,2,1,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,73,0,0,0,0] - 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43434 <-> [64:ff9b::c000:4d28]:443 [proto: 91/TLS][ClearText][cat: Web/5][157 pkts/14309 bytes <-> 169 pkts/199532 bytes][Goodput ratio: 6/93][17.57 sec][bytes ratio: -0.866 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 141/1 13385/22 1229/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 91/1181 249/1486 23/567][Plen Bins: 13,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,82,0,0,0,0] - 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43420 <-> [64:ff9b::c000:4d28]:443 [proto: 91/TLS][ClearText][cat: Web/5][125 pkts/12378 bytes <-> 164 pkts/199664 bytes][Goodput ratio: 13/93][17.28 sec][bytes ratio: -0.883 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155/38 9909/4918 1100/422][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 99/1217 337/1486 41/527][Plen Bins: 7,1,1,3,1,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,82,0,0,0,0] + 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:42908 <-> [64:ff9b::98c7:1593]:443 [proto: 91/TLS][Encrypted][cat: Web/5][385 pkts/77999 bytes <-> 477 pkts/518966 bytes][Goodput ratio: 58/92][18.94 sec][bytes ratio: -0.739 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/13 11658/1405 679/90][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 203/1088 1474/2380 361/613][Plen Bins: 8,3,0,2,1,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,73,0,0,0,0] + 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43434 <-> [64:ff9b::c000:4d28]:443 [proto: 91/TLS][Encrypted][cat: Web/5][157 pkts/14309 bytes <-> 169 pkts/199532 bytes][Goodput ratio: 6/93][17.57 sec][bytes ratio: -0.866 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 141/1 13385/22 1229/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 91/1181 249/1486 23/567][Plen Bins: 13,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,82,0,0,0,0] + 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43420 <-> [64:ff9b::c000:4d28]:443 [proto: 91/TLS][Encrypted][cat: Web/5][125 pkts/12378 bytes <-> 164 pkts/199664 bytes][Goodput ratio: 13/93][17.28 sec][bytes ratio: -0.883 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155/38 9909/4918 1100/422][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 99/1217 337/1486 41/527][Plen Bins: 7,1,1,3,1,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,82,0,0,0,0] 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49548 <-> [2a00:1450:4007:809::200e]:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][38 pkts/4471 bytes <-> 69 pkts/80966 bytes][Goodput ratio: 27/93][0.38 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.895 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 83/70 18/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 118/1173 603/6126 94/887][TLSv1.3][Client: apis.google.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,2,0,1,1,1,4,1,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0,0,7] 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38608 <-> [2a00:1450:4007:80b::200a]:443 [proto: 91.239/TLS.GoogleServices][Encrypted][cat: Web/5][26 pkts/3265 bytes <-> 37 pkts/41715 bytes][Goodput ratio: 31/92][0.25 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/3 67/44 18/8][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 126/1127 603/3227 111/829][TLSv1.3][Client: ajax.googleapis.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,2,5,0,0,0,0,0,5,0,0,0,0,0,2,2,2,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,17] - 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48240 <-> [64:ff9b::9765:789d]:443 [proto: 91/TLS][ClearText][cat: Web/5][38 pkts/3530 bytes <-> 38 pkts/38240 bytes][Goodput ratio: 7/91][19.87 sec][bytes ratio: -0.831 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 662/0 19473/1 3494/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 93/1006 216/1134 25/322][PLAIN TEXT (BclzBC)][Plen Bins: 0,5,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,86,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48240 <-> [64:ff9b::9765:789d]:443 [proto: 91/TLS][Encrypted][cat: Web/5][38 pkts/3530 bytes <-> 38 pkts/38240 bytes][Goodput ratio: 7/91][19.87 sec][bytes ratio: -0.831 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 662/0 19473/1 3494/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 93/1006 216/1134 25/322][PLAIN TEXT (BclzBC)][Plen Bins: 0,5,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,86,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43328 <-> [64:ff9b::4a72:9a16]:443 [proto: 91.90/TLS.Tumblr][Encrypted][cat: SocialNetwork/6][29 pkts/3925 bytes <-> 33 pkts/25475 bytes][Goodput ratio: 36/89][1.02 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.733 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/31 200/232 63/57][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 135/772 603/1486 124/645][TLSv1.2][Client: catasters.tumblr.com][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.tumblr.com,tumblr.com][JA3S: 738f0c3c6e00286f3afac626676d352d][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tumblr.com][Certificate SHA-1: 14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2][Chrome][Validity: 2020-03-26 00:00:00 - 2022-06-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 18,0,9,3,3,0,0,0,3,3,0,0,0,0,3,0,3,0,0,0,0,3,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,3,0,0,41,0,0,0,0] - 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58380 <-> [2606:2800:135:155a:23ba:b2a:25ff:122d]:443 [proto: 91/TLS][ClearText][cat: Web/5][21 pkts/3364 bytes <-> 29 pkts/20662 bytes][Goodput ratio: 46/88][0.18 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.720 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 47/47 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 160/712 609/1294 156/543][TLSv1.3][Client: consent.cmp.oath.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,3,7,7,0,0,0,7,3,0,0,0,0,0,3,0,7,0,0,0,3,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,44,0,0,0,0,0,0,0,0,0,0] - 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][ClearText][cat: Web/5][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][TLSv1.3][Client: sb.scorecardresearch.com][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0] + 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58380 <-> [2606:2800:135:155a:23ba:b2a:25ff:122d]:443 [proto: 91/TLS][Encrypted][cat: Web/5][21 pkts/3364 bytes <-> 29 pkts/20662 bytes][Goodput ratio: 46/88][0.18 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.720 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 47/47 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 160/712 609/1294 156/543][TLSv1.3][Client: consent.cmp.oath.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,3,7,7,0,0,0,7,3,0,0,0,0,0,3,0,7,0,0,0,3,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,44,0,0,0,0,0,0,0,0,0,0] + 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][Encrypted][cat: Web/5][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][TLSv1.3][Client: sb.scorecardresearch.com][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0] 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47118 <-> [2001:4998:14:800::1001]:443 [proto: 91.70/TLS.Yahoo][Encrypted][cat: Web/5][16 pkts/2550 bytes <-> 15 pkts/7383 bytes][Goodput ratio: 46/82][0.57 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/48 315/282 83/84][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 159/492 603/1474 154/531][TLSv1.3][Client: cookiex.ngd.yahoo.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,14,14,0,0,0,0,0,14,0,0,0,0,7,0,0,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,14,0,0,0,0] - 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][ClearText][cat: Web/5][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][TLSv1.3][Client: sb.scorecardresearch.com][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51874 <-> [64:ff9b::c000:4c03]:443 [proto: 91/TLS][ClearText][cat: Web/5][14 pkts/1971 bytes <-> 14 pkts/1808 bytes][Goodput ratio: 39/33][17.08 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1544/33 16623/194 4769/64][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/129 243/205 64/49][Plen Bins: 0,28,0,42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57286 <-> [64:ff9b::8fcc:d927]:443 [proto: 91/TLS][ClearText][cat: Web/5][5 pkts/1152 bytes <-> 4 pkts/910 bytes][Goodput ratio: 63/62][0.20 sec][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 50/4 113/9 49/4][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 230/228 730/613 250/223][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:41266 <-> [2620:116:800d:21:8c6e:cf2c:8d6:9fb5]:443 [proto: 91/TLS][ClearText][cat: Web/5][5 pkts/1186 bytes <-> 4 pkts/790 bytes][Goodput ratio: 64/56][0.21 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 52/8 121/15 49/6][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 237/198 750/486 257/168][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58382 <-> [2606:2800:135:155a:23ba:b2a:25ff:122d]:443 [proto: 91/TLS][ClearText][cat: Web/5][7 pkts/1091 bytes <-> 5 pkts/537 bytes][Goodput ratio: 47/18][0.07 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.340 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/15 24/39 10/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/107 603/185 183/39][TLSv1.3][Client: consent.cmp.oath.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:55560 <-> [2a00:1450:4007:817::200a]:443 [proto: 91/TLS][ClearText][cat: Web/5][5 pkts/625 bytes <-> 8 pkts/900 bytes][Goodput ratio: 31/24][0.84 sec][bytes ratio: -0.180 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/130 765/770 360/286][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 125/112 203/157 43/28][Plen Bins: 0,71,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56782 <-> [64:ff9b::68f4:2ac8]:443 [proto: 91/TLS][ClearText][cat: Web/5][5 pkts/539 bytes <-> 5 pkts/763 bytes][Goodput ratio: 20/44][18.08 sec][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4520/4504 17850/17820 7696/7688][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 108/153 149/373 27/112][Plen Bins: 0,75,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:35892 <-> [2a00:1450:4007:815::2002]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40190 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:42674 <-> [64:ff9b::4a72:9a15]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43602 <-> [64:ff9b::df9:21c6]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44164 <-> [2a00:1450:4007:805::2003]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:45706 <-> [2a00:1450:4007:80a::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48988 <-> [2a00:1450:4007:811::2004]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.07 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49002 <-> [2a00:1450:4007:811::2004]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.20 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49462 <-> [2a00:1450:4007:809::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49464 <-> [2a00:1450:4007:809::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49496 <-> [2a00:1450:4007:815::2003]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49546 <-> [2a00:1450:4007:815::2003]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50906 <-> [64:ff9b::d83a:d582]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.17 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50960 <-> [2a00:1450:4007:805::2002]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:55014 <-> [2a00:1450:4007:806::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.20 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56558 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56564 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56578 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56582 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56592 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.43 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56594 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56640 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.08 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57770 <-> [2a00:1450:4007:80b::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.09 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57788 <-> [2a00:1450:4007:80b::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58004 <-> [2a00:1450:4007:808::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.19 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58614 <-> [2a00:1450:4007:805::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58616 <-> [2a00:1450:4007:805::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58618 <-> [2a00:1450:4007:805::200e]:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][Encrypted][cat: Web/5][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][TLSv1.3][Client: sb.scorecardresearch.com][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51874 <-> [64:ff9b::c000:4c03]:443 [proto: 91/TLS][Encrypted][cat: Web/5][14 pkts/1971 bytes <-> 14 pkts/1808 bytes][Goodput ratio: 39/33][17.08 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1544/33 16623/194 4769/64][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/129 243/205 64/49][Plen Bins: 0,28,0,42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57286 <-> [64:ff9b::8fcc:d927]:443 [proto: 91/TLS][Encrypted][cat: Web/5][5 pkts/1152 bytes <-> 4 pkts/910 bytes][Goodput ratio: 63/62][0.20 sec][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 50/4 113/9 49/4][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 230/228 730/613 250/223][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:41266 <-> [2620:116:800d:21:8c6e:cf2c:8d6:9fb5]:443 [proto: 91/TLS][Encrypted][cat: Web/5][5 pkts/1186 bytes <-> 4 pkts/790 bytes][Goodput ratio: 64/56][0.21 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 52/8 121/15 49/6][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 237/198 750/486 257/168][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58382 <-> [2606:2800:135:155a:23ba:b2a:25ff:122d]:443 [proto: 91/TLS][Encrypted][cat: Web/5][7 pkts/1091 bytes <-> 5 pkts/537 bytes][Goodput ratio: 47/18][0.07 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.340 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/15 24/39 10/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/107 603/185 183/39][TLSv1.3][Client: consent.cmp.oath.com][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:55560 <-> [2a00:1450:4007:817::200a]:443 [proto: 91/TLS][Encrypted][cat: Web/5][5 pkts/625 bytes <-> 8 pkts/900 bytes][Goodput ratio: 31/24][0.84 sec][bytes ratio: -0.180 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/130 765/770 360/286][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 125/112 203/157 43/28][Plen Bins: 0,71,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56782 <-> [64:ff9b::68f4:2ac8]:443 [proto: 91/TLS][Encrypted][cat: Web/5][5 pkts/539 bytes <-> 5 pkts/763 bytes][Goodput ratio: 20/44][18.08 sec][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4520/4504 17850/17820 7696/7688][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 108/153 149/373 27/112][Plen Bins: 0,75,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:35892 <-> [2a00:1450:4007:815::2002]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40190 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:42674 <-> [64:ff9b::4a72:9a15]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43602 <-> [64:ff9b::df9:21c6]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44164 <-> [2a00:1450:4007:805::2003]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:45706 <-> [2a00:1450:4007:80a::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48988 <-> [2a00:1450:4007:811::2004]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.07 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49002 <-> [2a00:1450:4007:811::2004]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.20 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49462 <-> [2a00:1450:4007:809::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49464 <-> [2a00:1450:4007:809::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49496 <-> [2a00:1450:4007:815::2003]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49546 <-> [2a00:1450:4007:815::2003]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50906 <-> [64:ff9b::d83a:d582]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.17 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50960 <-> [2a00:1450:4007:805::2002]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:55014 <-> [2a00:1450:4007:806::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.20 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56558 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56564 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56578 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56582 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56592 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.43 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56594 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56640 <-> [64:ff9b::9765:798c]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.08 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57770 <-> [2a00:1450:4007:80b::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.09 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57788 <-> [2a00:1450:4007:80b::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58004 <-> [2a00:1450:4007:808::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.19 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58614 <-> [2a00:1450:4007:805::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58616 <-> [2a00:1450:4007:805::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58618 <-> [2a00:1450:4007:805::200e]:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 19b86e64e..c97ab12cd 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -22,26 +22,26 @@ JA3 Host Stats: 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/TLS.Viber][Encrypted][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][Goodput ratio: 38/95][5.64 sec][ALPN: h2;http/1.1][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 162/2 5370/40 907/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1306 774/1514 151/466][TLSv1.2][Client: dl-media.viber.com][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.viber.com,viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com][Certificate SHA-1: E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A][Firefox][Validity: 2016-06-26 00:00:00 - 2018-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,4,0,2,0,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0] 2 TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/TLS.Viber][Encrypted][cat: Chat/9][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][Goodput ratio: 57/91][5.69 sec][ALPN: h2;http/1.1][bytes ratio: -0.669 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 622/10 5492/35 1722/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/776 435/1514 138/635][TLSv1.2][Client: media.cdn.viber.com][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.cdn.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com][Certificate SHA-1: B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39][Firefox][Validity: 2016-07-03 00:00:00 - 2018-07-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,7,0,7,0,7,0,0,15,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][Goodput ratio: 69/86][1.00 sec][ALPN: http/1.1][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/60 176/183 76/72][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217/468 1514/1514 380/570][TLSv1.2][Client: brahe.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,15,0,7,0,15,0,0,7,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0] - 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][ClearText][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes][Goodput ratio: 68/38][46.77 sec][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1220/1489 7187/7333 2090/2188][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 205/107 657/176 184/43][Plen Bins: 0,3,57,18,0,0,0,0,0,0,3,3,0,3,0,0,9,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][Encrypted][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes][Goodput ratio: 68/38][46.77 sec][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1220/1489 7187/7333 2090/2188][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 205/107 657/176 184/43][Plen Bins: 0,3,57,18,0,0,0,0,0,0,3,3,0,3,0,0,9,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][Goodput ratio: 81/77][33.94 sec][ALPN: http/1.1][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2821/2646 23555/23575 6838/7399][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 356/286 1038/884 370/258][TLSv1.2][Client: app-measurement.com][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,0,7,0,0,0,0,0,0,40,0,0,0,7,0,0,0,0,0,0,7,0,15,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][Goodput ratio: 49/89][1.01 sec][ALPN: http/1.1][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/51 273/178 102/80][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 131/583 432/1514 112/601][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,0,0,9,0,9,0,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] - 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/TLS][ClearText][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][Goodput ratio: 55/90][0.23 sec][ALPN: http/1.1][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/19 152/60 47/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/693 631/1514 169/616][TLSv1.2][Client: venetia.iad.appboy.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Firefox][Plen Bins: 0,0,11,0,0,11,0,0,11,0,11,0,0,0,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] + 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/TLS][Encrypted][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][Goodput ratio: 55/90][0.23 sec][ALPN: http/1.1][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/19 152/60 47/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/693 631/1514 169/616][TLSv1.2][Client: venetia.iad.appboy.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Firefox][Plen Bins: 0,0,11,0,0,11,0,0,11,0,11,0,0,0,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][Goodput ratio: 48/88][0.92 sec][ALPN: http/1.1][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 93/53 185/189 87/84][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 133/560 433/1514 111/605][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Firefox][Plen Bins: 18,0,0,9,0,9,0,0,18,0,0,9,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] - 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][ClearText][cat: VoIP/10][24 pkts/5035 bytes <-> 22 pkts/2302 bytes][Goodput ratio: 80/60][7.22 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/15 304/334 529/529 209/188][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 210/105 299/118 115/20][PLAIN TEXT (Android)][Plen Bins: 19,15,32,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][ClearText][cat: VoIP/10][25 pkts/4344 bytes <-> 18 pkts/1872 bytes][Goodput ratio: 76/60][5.68 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 203/279 513/531 233/236][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 174/104 299/118 120/20][PLAIN TEXT (Android)][Plen Bins: 30,13,27,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][Encrypted][cat: VoIP/10][24 pkts/5035 bytes <-> 22 pkts/2302 bytes][Goodput ratio: 80/60][7.22 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/15 304/334 529/529 209/188][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 210/105 299/118 115/20][PLAIN TEXT (Android)][Plen Bins: 19,15,32,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][Encrypted][cat: VoIP/10][25 pkts/4344 bytes <-> 18 pkts/1872 bytes][Goodput ratio: 76/60][5.68 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 203/279 513/531 233/236][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 174/104 299/118 120/20][PLAIN TEXT (Android)][Plen Bins: 30,13,27,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][ClearText][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 97/97][< 1 sec][PLAIN TEXT (1234567890ABCDEFGHIJKLMNOPQ)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] 12 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Goodput ratio: 46/89][0.00 sec][Host: mapi.apptimize.com][54.69.166.226][PLAIN TEXT (apptimize)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/TLS][ClearText][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0/0][5.72 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 1907/0 5652/0 2648/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/TLS][ClearText][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0/0][7.27 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 2422/0 7191/0 3372/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/TLS][Encrypted][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0/0][5.72 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 1907/0 5652/0 2648/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/TLS][Encrypted][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0/0][7.27 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 2422/0 7191/0 3372/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][20.01 sec][Host: _805741c9._sub._googlecast._tcp.local][_805741c9._sub._googlecast._tcp.local][PLAIN TEXT (805741C)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Goodput ratio: 43/86][0.00 sec][Host: app.adjust.com][178.162.219.58][PLAIN TEXT (adjust)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][ClearText][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 46/79][0.00 sec][Host: graph.facebook.com][31.13.86.8][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Goodput ratio: 48/77][0.03 sec][Host: venetia.iad.appboy.com][151.101.1.130][PLAIN TEXT (venetia)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][ClearText][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Goodput ratio: 46/77][0.12 sec][Host: media.cdn.viber.com][54.230.93.96][PLAIN TEXT (cloudfront)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][ClearText][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Goodput ratio: 46/77][0.03 sec][Host: dl-media.viber.com][54.230.93.53][PLAIN TEXT (cloudfront)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 126/Google][ClearText][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes][Goodput ratio: 35/34][0.00 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 126/Google][Encrypted][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes][Goodput ratio: 35/34][0.00 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.02 sec][Host: app-measurement.com][172.217.23.78][PLAIN TEXT (measurement)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][ClearText][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Host: www.google.com][216.58.205.100][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][ClearText][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/62 bytes][Goodput ratio: 44/32][0.03 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][ClearText][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/62 bytes][Goodput ratio: 44/32][0.03 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][Encrypted][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/62 bytes][Goodput ratio: 44/32][0.03 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][Encrypted][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/62 bytes][Goodput ratio: 44/32][0.03 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/wa_video.pcap.out b/tests/result/wa_video.pcap.out index 536e95f8c..c2b021566 100644 --- a/tests/result/wa_video.pcap.out +++ b/tests/result/wa_video.pcap.out @@ -12,7 +12,7 @@ Spotify 1 86 1 1 UDP 192.168.2.12:53688 <-> 91.252.56.51:32641 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][547 pkts/395895 bytes <-> 346 pkts/288942 bytes][Goodput ratio: 94/95][10.71 sec][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/16 707/132 55/25][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 724/835 1182/1335 379/339][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (dBXAnF)][Plen Bins: 1,4,2,10,9,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,4,3,5,8,3,5,0,4,3,4,5,1,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.12:53688 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][347 pkts/223797 bytes <-> 146 pkts/24878 bytes][Goodput ratio: 93/75][22.48 sec][bytes ratio: 0.800 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/77 2891/3013 278/400][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 645/170 1181/1095 402/174][PLAIN TEXT (hw3@PydH)][Plen Bins: 11,29,10,5,5,0,0,0,0,0,0,0,0,0,14,0,3,0,0,0,0,0,0,0,0,1,1,0,1,3,2,0,2,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][ClearText][cat: Chat/9][66 pkts/8810 bytes <-> 67 pkts/11758 bytes][Goodput ratio: 50/62][27.94 sec][bytes ratio: -0.143 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 365/429 6456/7033 1181/1216][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/175 1454/1454 183/248][PLAIN TEXT (AaPKuGR)][Plen Bins: 2,50,0,5,13,17,0,0,2,0,0,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] + 3 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][Encrypted][cat: Chat/9][66 pkts/8810 bytes <-> 67 pkts/11758 bytes][Goodput ratio: 50/62][27.94 sec][bytes ratio: -0.143 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 365/429 6456/7033 1181/1216][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/175 1454/1454 183/248][PLAIN TEXT (AaPKuGR)][Plen Bins: 2,50,0,5,13,17,0,0,2,0,0,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] 4 UDP 192.168.2.12:53688 -> 1.60.78.64:59491 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][18 pkts/1548 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.75 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 618/0 631/0 695/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][ClearText][cat: Cloud/13][2 pkts/764 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][ClearText][cat: Network/14][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][8.20 sec][Host: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -23,4 +23,4 @@ Spotify 1 86 1 11 UDP 192.168.2.12:53688 <-> 185.60.216.51:3478 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][3 pkts/504 bytes <-> 1 pkts/86 bytes][Goodput ratio: 75/51][22.48 sec][Plen Bins: 0,25,0,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.2.12:51458 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][2 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][3.00 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 192.168.2.12:65025 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][2 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][3.01 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (KTSpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (KTSpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/wa_voice.pcap.out b/tests/result/wa_voice.pcap.out index e2178a8c8..460e0396c 100644 --- a/tests/result/wa_voice.pcap.out +++ b/tests/result/wa_voice.pcap.out @@ -23,7 +23,7 @@ JA3 Host Stats: 1 TCP 192.168.2.12:50504 <-> 157.240.20.52:443 [proto: 91.142/TLS.WhatsApp][Encrypted][cat: Chat/9][41 pkts/3669 bytes <-> 44 pkts/43871 bytes][Goodput ratio: 27/93][0.41 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 129/77 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 89/997 583/1454 85/624][TLSv1.3][Client: pps.whatsapp.net][JA3C: 7a7a639628f0fe5c7e057628a5bbec5a][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 8,11,4,0,0,2,2,0,2,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,61,0,0,0,0] - 2 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][ClearText][cat: Chat/9][132 pkts/14116 bytes <-> 131 pkts/24439 bytes][Goodput ratio: 38/65][54.73 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 342/421 9349/9387 1279/1420][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/187 393/1454 62/283][PLAIN TEXT (fd.9LTIP9)][Plen Bins: 1,63,2,3,10,10,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0] + 2 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][Encrypted][cat: Chat/9][132 pkts/14116 bytes <-> 131 pkts/24439 bytes][Goodput ratio: 38/65][54.73 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 342/421 9349/9387 1279/1420][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/187 393/1454 62/283][PLAIN TEXT (fd.9LTIP9)][Plen Bins: 1,63,2,3,10,10,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0] 3 UDP 91.252.56.51:32704 <-> 192.168.2.12:56328 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][87 pkts/14598 bytes <-> 77 pkts/17336 bytes][Goodput ratio: 75/81][11.91 sec][bytes ratio: -0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 136/121 921/265 137/64][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 168/225 318/331 61/68][Risk: ** Known protocol on non standard port **][Risk Score: 50][PLAIN TEXT (KEXQD/)][Plen Bins: 6,4,7,27,16,4,11,12,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 192.168.2.12:50503 <-> 31.13.86.51:443 [proto: 91.242/TLS.WhatsAppFiles][Encrypted][cat: Download/7][25 pkts/2993 bytes <-> 25 pkts/21759 bytes][Goodput ratio: 44/92][0.39 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 127/126 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/870 583/1454 124/639][TLSv1.3][Client: media-mxp1-1.cdn.whatsapp.net][JA3C: b92a79ed03c3ff5611abb2305370d3e3][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 7,14,7,0,0,3,0,0,7,0,3,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0] 5 TCP 192.168.2.12:49354 <-> 17.242.60.84:5223 [proto: 238.140/ApplePush.Apple][Encrypted][cat: Cloud/13][14 pkts/6933 bytes <-> 10 pkts/1074 bytes][Goodput ratio: 87/39][54.11 sec][bytes ratio: 0.732 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4462/757 43773/5113 12515/1779][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 495/107 1506/215 607/44][Plen Bins: 0,42,14,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,21,0,0] @@ -45,7 +45,7 @@ JA3 Host Stats: 21 UDP 192.168.2.12:60765 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][ClearText][cat: Chat/9][1 pkts/74 bytes <-> 1 pkts/113 bytes][Goodput ratio: 43/62][0.03 sec][Host: g.whatsapp.net][157.240.20.53][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP 192.168.2.12:50191 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 UDP 192.168.2.12:57546 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.00 sec][PLAIN TEXT (KTSpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.00 sec][PLAIN TEXT (KTSpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 169.254.162.244:50384 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.2.1:50384 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 UDP 192.168.2.12:51431 <-> 192.168.2.1:53 [proto: 5.126/DNS.Google][ClearText][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Host: www.google.com][216.239.38.120][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 72d533a98..97d41e75a 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -43,9 +43,9 @@ JA3 Host Stats: 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][ClearText][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 53/53][0.31 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index eac3efc59..7199fd641 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -45,14 +45,14 @@ JA3 Host Stats: 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS version (older than 1.2) **** Weak TLS cipher **][Risk Score: 200][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16] 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][Goodput ratio: 14/92][4.09 sec][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596/745 1927/1038 776/424][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/705 117/2896 22/1054][Risk: ** Obsolete TLS version (older than 1.2) **** Weak TLS cipher **][Risk Score: 200][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33] 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][Goodput ratio: 15/94][4.08 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018/992 2975/1922 1214/785][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/835 117/3961 23/1563][Risk: ** Obsolete TLS version (older than 1.2) **** Weak TLS cipher **][Risk Score: 200][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][ClearText][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][ClearText][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][Goodput ratio: 60/50][13.16 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644/1879 10453/11491 3421/3952][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/109 590/472 163/127][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 28,14,0,0,14,0,14,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][ClearText][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][59.53 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8504/9920 59268/59268 20725/22069][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][ClearText][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][13.15 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877/2190 12884/12885 4494/4783][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][Goodput ratio: 60/50][13.16 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644/1879 10453/11491 3421/3952][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/109 590/472 163/127][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 28,14,0,0,14,0,14,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][59.53 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8504/9920 59268/59268 20725/22069][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][13.15 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877/2190 12884/12885 4494/4783][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][ClearText][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Goodput ratio: 64/60][41.15 sec][Host: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8230/114 40802/243 16286/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/137 590/551 194/185][URL: cp.pushwoosh.com/json/1.3/registerDevice][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][PLAIN TEXT (POST /j)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][ClearText][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][Goodput ratio: 69/28][1.57 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/390 1555/1504 621/643][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 183/76 590/183 180/48][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,20,20,0,20,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][Goodput ratio: 69/28][1.57 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/390 1555/1504 621/643][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 183/76 590/183 180/48][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,20,20,0,20,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][ClearText][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Goodput ratio: 53/65][41.15 sec][Host: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 10286/13713 40778/40779 17605/19138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 125/153 388/551 132/199][URL: cp.pushwoosh.com/json/1.3/applicationOpen][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][PLAIN TEXT (POST /j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][ClearText][cat: VoIP/10][14 pkts/1071 bytes <-> 2 pkts/100 bytes][Goodput ratio: 45/16][20.24 sec][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1602/117 8966/117 2266/0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76/50 84/50 14/0][Plen Bins: 31,68,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][Encrypted][cat: VoIP/10][14 pkts/1071 bytes <-> 2 pkts/100 bytes][Goodput ratio: 45/16][20.24 sec][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1602/117 8966/117 2266/0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76/50 84/50 14/0][Plen Bins: 31,68,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][Goodput ratio: 44/32][0.51 sec][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 101/149 442/392 172/173][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102/80 281/146 81/36][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][Goodput ratio: 48/37][0.45 sec][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112/148 444/442 192/208][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/86 281/183 86/56][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,33,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][7 pkts/501 bytes <-> 4 pkts/216 bytes][Goodput ratio: 13/0][2.03 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 405/1 1009/1 490/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/54 117/54 21/0][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -63,12 +63,12 @@ JA3 Host Stats: 46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 6007/14985 29960/29963 11976/14978][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.03 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 6007/14984 29964/29966 11979/14982][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.41 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 1080/2665 5295/5298 2107/2633][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][ClearText][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][Goodput ratio: 48/0][59.48 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 19827/29739 59456/59456 28022/29717][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/54 270/54 91/0][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][Goodput ratio: 48/0][59.48 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 19827/29739 59456/59456 28022/29717][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/54 270/54 91/0][Risk: ** Obsolete TLS version (older than 1.2) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.00 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/51 4998/7496 14940/14942 7030/7446][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS version (older than 1.2) **][Risk Score: 100][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][ClearText][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][Encrypted][cat: VoIP/10][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/TLS.Amazon][Encrypted][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 19de2aea2..c5c5c3d7c 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -61,7 +61,7 @@ JA3 Host Stats: 34 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][44 pkts/3608 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][3914.88 sec][Host: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6684/0 41917/0 11732/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Encrypted][cat: Chat/9][2 pkts/2508 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][17.47 sec][PLAIN TEXT (G@aRkU)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] 36 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][cat: Network/14][14 pkts/1428 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][123.08 sec][Host: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 4608/0 45060/0 12222/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/0 102/0 102/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][ClearText][cat: Web/5][10 pkts/660 bytes <-> 10 pkts/660 bytes][Goodput ratio: 0/0][540.78 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 45051/45051 61959/61957 180207/180208 44694/44695][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][Encrypted][cat: Web/5][10 pkts/660 bytes <-> 10 pkts/660 bytes][Goodput ratio: 0/0][540.78 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 45051/45051 61959/61957 180207/180208 44694/44695][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][14 pkts/1148 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][123.08 sec][Host: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 4608/0 45058/0 12221/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][Encrypted][cat: Chat/9][13 pkts/866 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][140.92 sec][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 272/45308 12755/45308 45020/45308 13611/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 67/70 74/74 2/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][3 pkts/1078 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][92.69 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -83,9 +83,9 @@ JA3 Host Stats: 56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][Encrypted][cat: Chat/9][5 pkts/338 bytes <-> 3 pkts/214 bytes][Goodput ratio: 0/0][11.56 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 2890/0 9679/0 3944/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/71 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][ClearText][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][90.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 232/0 12972/0 83248/0 28714/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][ClearText][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][94.52 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 13502/0 85920/0 29594/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/TLS][ClearText][cat: Web/5][5 pkts/290 bytes <-> 4 pkts/234 bytes][Goodput ratio: 0/0][47.04 sec][bytes ratio: 0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 301/1307 11760/23331 45054/45355 19226/22024][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58/58 74/66 8/5][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/TLS][Encrypted][cat: Web/5][5 pkts/290 bytes <-> 4 pkts/234 bytes][Goodput ratio: 0/0][47.04 sec][bytes ratio: 0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 301/1307 11760/23331 45054/45355 19226/22024][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58/58 74/66 8/5][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][3 pkts/198 bytes <-> 4 pkts/319 bytes][Goodput ratio: 0/17][14.77 sec][bytes ratio: -0.234 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/40 7363/7364 14726/14687 7363/7324][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/80 66/121 0/24][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/TLS][ClearText][cat: Web/5][4 pkts/216 bytes <-> 4 pkts/253 bytes][Goodput ratio: 0/12][20.65 sec][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/652 6763/10145 19992/19638 9355/9493][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 54/63 54/85 0/13][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/TLS][Encrypted][cat: Web/5][4 pkts/216 bytes <-> 4 pkts/253 bytes][Goodput ratio: 0/12][20.65 sec][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/652 6763/10145 19992/19638 9355/9493][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 54/63 54/85 0/13][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][ClearText][cat: Chat/9][1 pkts/74 bytes <-> 1 pkts/391 bytes][Goodput ratio: 43/89][0.28 sec][Host: web.wechat.com][203.205.147.171][PLAIN TEXT (wechat)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][3 pkts/198 bytes <-> 3 pkts/198 bytes][Goodput ratio: 0/0][90.15 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 45055/45054 45056/45055 45056/45056 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][Encrypted][cat: Chat/9][6 pkts/396 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][92.42 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 607/0 18483/0 85584/0 33566/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -96,7 +96,7 @@ JA3 Host Stats: 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][ClearText][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43/82][0.03 sec][Host: ssl.gstatic.com][172.217.23.67][PLAIN TEXT (gstatic)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][ClearText][cat: Collaborative/15][1 pkts/75 bytes <-> 1 pkts/227 bytes][Goodput ratio: 43/81][0.04 sec][Host: docs.google.com][216.58.198.46][PLAIN TEXT (google)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 71 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][ClearText][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3756.16 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.36 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.36 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 73 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][ClearText][cat: Network/14][4 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3763.44 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 74 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Encrypted][cat: Chat/9][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.33 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 75 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][0.01 sec][Host: lbjamwptxz][PLAIN TEXT (lbjamwptx)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index ee79ec44b..2d85f2948 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -22,12 +22,12 @@ JA3 Host Stats: 5 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][ClearText][cat: SocialNetwork/6][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Goodput ratio: 37/94][1.37 sec][Host: img.t.sinajs.cn][bytes ratio: -0.800 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 72/75 375/438 116/123][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/1046 525/1502 127/557][URL: img.t.sinajs.cn/t6/skin/default/skin.css?version=201605130537][StatusCode: 200][Content-Type: text/css][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/skin/default/skin.css)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,5,10,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,58,0,0,0] 6 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][ClearText][cat: SocialNetwork/6][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Goodput ratio: 28/95][0.56 sec][Host: img.t.sinajs.cn][bytes ratio: -0.850 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 32/38 252/181 64/51][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1216 539/1502 108/526][URL: img.t.sinajs.cn/t6/style/images/common/font/wbficon.woff?id=201605111746][StatusCode: 200][Content-Type: application/x-font-woff][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/images/common/fon)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0,0] 7 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][ClearText][cat: SocialNetwork/6][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Goodput ratio: 49/89][0.23 sec][Host: img.t.sinajs.cn][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 45/42 163/160 63/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 135/626 530/1502 161/505][URL: img.t.sinajs.cn/t6/style/images/global_nav/WB_logo_b.png][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/images/global)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0] - 8 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 126/Google][ClearText][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes][Goodput ratio: 74/71][1.60 sec][bytes ratio: 0.197 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 76/2 266/14 1385/29 503/13][Pkt Len c2s/s2c min/avg/max/stddev: 67/74 163/146 406/433 122/129][Plen Bins: 21,35,14,0,0,7,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 126/Google][ClearText][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes][Goodput ratio: 78/83][0.69 sec][bytes ratio: -0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171/228 626/662 264/307][Pkt Len c2s/s2c min/avg/max/stddev: 77/85 193/245 353/660 93/241][Plen Bins: 0,33,11,11,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 126/Google][Encrypted][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes][Goodput ratio: 74/71][1.60 sec][bytes ratio: 0.197 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 76/2 266/14 1385/29 503/13][Pkt Len c2s/s2c min/avg/max/stddev: 67/74 163/146 406/433 122/129][Plen Bins: 21,35,14,0,0,7,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 126/Google][Encrypted][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes][Goodput ratio: 78/83][0.69 sec][bytes ratio: -0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171/228 626/662 264/307][Pkt Len c2s/s2c min/avg/max/stddev: 77/85 193/245 353/660 93/241][Plen Bins: 0,33,11,11,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][ClearText][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Goodput ratio: 61/73][1.05 sec][Host: weibo.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/347 176/348 353/348 174/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147/216 500/689 177/273][URL: weibo.com/login.php?lang=en-us][StatusCode: 301][Content-Type: text/html][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /login.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][ClearText][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Goodput ratio: 66/0][0.46 sec][Host: js.t.sinajs.cn][URL: js.t.sinajs.cn/t5/register/js/v6/pl/base.js?version=201605130537][StatusCode: 0][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (KGET /t)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][ClearText][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Goodput ratio: 70/0][0.38 sec][Host: u1.img.mobile.sina.cn][URL: u1.img.mobile.sina.cn/public/files/image/620x300_img5653d57c6dab2.png][StatusCode: 0][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /public/files/image/620)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/TLS][ClearText][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][Goodput ratio: 52/0][0.16 sec][ALPN: h2;spdy/3.1;http/1.1][TLSv1.2][Client: g.alicdn.com][JA3C: 58e7f64db6e4fe4941dd9691d421196c][Firefox][PLAIN TEXT (g.alicdn.com)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/TLS][Encrypted][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][Goodput ratio: 52/0][0.16 sec][ALPN: h2;spdy/3.1;http/1.1][TLSv1.2][Client: g.alicdn.com][JA3C: 58e7f64db6e4fe4941dd9691d421196c][Firefox][PLAIN TEXT (g.alicdn.com)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][ClearText][cat: SocialNetwork/6][1 pkts/75 bytes <-> 1 pkts/191 bytes][Goodput ratio: 43/78][0.11 sec][Host: img.t.sinajs.cn][93.188.134.246][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][ClearText][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/190 bytes][Goodput ratio: 43/77][0.54 sec][Host: js.t.sinajs.cn][93.188.134.246][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/171 bytes][Goodput ratio: 41/75][0.19 sec][Host: g.alicdn.com][47.89.65.229][PLAIN TEXT (alicdn)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -36,7 +36,7 @@ JA3 Host Stats: 19 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/157 bytes][Goodput ratio: 45/73][0.47 sec][Host: acjstb.aliyun.com][42.156.184.19][Risk: ** Suspicious DGA domain name **][Risk Score: 100][PLAIN TEXT (alibabadns)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][ClearText][cat: SocialNetwork/6][1 pkts/73 bytes <-> 1 pkts/142 bytes][Goodput ratio: 42/70][0.06 sec][Host: www.weibo.com][93.188.134.137][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.22 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.22 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.36 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.34 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/112 bytes][Goodput ratio: 43/62][0.20 sec][Host: log.mmstat.com][140.205.174.1][PLAIN TEXT (mmstat)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -49,13 +49,13 @@ JA3 Host Stats: 32 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][ClearText][cat: SocialNetwork/6][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][< 1 sec][Host: account.weibo.com][::][PLAIN TEXT (account)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][ClearText][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][ClearText][cat: SocialNetwork/6][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][Host: data.weibo.com][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][ClearText][cat: SocialNetwork/6][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Host: c.weibo.cn][::][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index ad889bd54..403c8cc27 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -50,18 +50,18 @@ JA3 Host Stats: 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][14.33 sec][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][14.33 sec][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][14.33 sec][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/TLS][ClearText][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/217 bytes][Goodput ratio: 0/39][0.03 sec][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/TLS][Encrypted][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/217 bytes][Goodput ratio: 0/39][0.03 sec][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][ClearText][cat: Web/5][3 pkts/198 bytes <-> 2 pkts/132 bytes][Goodput ratio: 0/0][0.20 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][ClearText][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/251 bytes][Goodput ratio: 46/83][0.07 sec][Host: query.ess.apple.com][17.178.104.12][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][ClearText][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44/79][0.03 sec][Host: e13.whatsapp.net][158.85.233.52][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][77.07 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][77.07 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][0.24 sec][Host: lucas-imac.local][lucas-imac.local][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][0.24 sec][Host: lucas-imac.local][lucas-imac.local][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][2 pkts/218 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][0.24 sec][Host: lucas-imac.local][lucas-imac.local][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][2 pkts/218 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][0.24 sec][Host: lucas-imac.local][lucas-imac.local][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][ClearText][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/TLS][ClearText][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/TLS][Encrypted][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/TLS.Apple][Encrypted][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.28 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/TLS.Apple][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/TLS.Apple][Encrypted][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.17 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 31872874b..d528665aa 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -18,7 +18,7 @@ Spotify 1 86 1 5 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][ClearText][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44/79][0.03 sec][Host: e12.whatsapp.net][184.173.179.47][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][cat: Network/14][1 pkts/111 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Host: _raop._tcp.local][_raop._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Host: _raop._tcp.local][_raop._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index c3de01c72..533417d7d 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -7,10 +7,10 @@ WhatsAppCall 44 5916 8 TLS 46 4990 1 WhatsApp 171 17149 4 - 1 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][ClearText][cat: Chat/9][30 pkts/2539 bytes <-> 32 pkts/3070 bytes][Goodput ratio: 35/44][47.83 sec][bytes ratio: -0.095 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1858/1709 28667/28718 5783/5581][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 85/96 299/559 55/94][PLAIN TEXT (Android)][Plen Bins: 47,21,7,3,7,7,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 91/TLS][ClearText][cat: Web/5][24 pkts/3029 bytes <-> 22 pkts/1961 bytes][Goodput ratio: 57/39][13.49 sec][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 681/812 10696/10748 2366/2570][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126/89 590/469 124/92][PLAIN TEXT (Android)][Plen Bins: 21,10,37,5,0,10,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][ClearText][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes][Goodput ratio: 69/60][8.61 sec][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 717/767 8044/4043 2210/1535][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 179/135 590/1022 203/241][PLAIN TEXT (Android)][Plen Bins: 36,0,0,9,9,9,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][ClearText][cat: Chat/9][26 pkts/2311 bytes <-> 26 pkts/2300 bytes][Goodput ratio: 38/39][10.07 sec][bytes ratio: 0.002 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 495/397 6149/6160 1351/1326][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 89/88 299/308 58/61][PLAIN TEXT (Android)][Plen Bins: 26,40,8,8,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][Encrypted][cat: Chat/9][30 pkts/2539 bytes <-> 32 pkts/3070 bytes][Goodput ratio: 35/44][47.83 sec][bytes ratio: -0.095 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1858/1709 28667/28718 5783/5581][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 85/96 299/559 55/94][PLAIN TEXT (Android)][Plen Bins: 47,21,7,3,7,7,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 91/TLS][Encrypted][cat: Web/5][24 pkts/3029 bytes <-> 22 pkts/1961 bytes][Goodput ratio: 57/39][13.49 sec][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 681/812 10696/10748 2366/2570][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126/89 590/469 124/92][PLAIN TEXT (Android)][Plen Bins: 21,10,37,5,0,10,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][Encrypted][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes][Goodput ratio: 69/60][8.61 sec][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 717/767 8044/4043 2210/1535][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 179/135 590/1022 203/241][PLAIN TEXT (Android)][Plen Bins: 36,0,0,9,9,9,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][Encrypted][cat: Chat/9][26 pkts/2311 bytes <-> 26 pkts/2300 bytes][Goodput ratio: 38/39][10.07 sec][bytes ratio: 0.002 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 495/397 6149/6160 1351/1326][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 89/88 299/308 58/61][PLAIN TEXT (Android)][Plen Bins: 26,40,8,8,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 91.142/TLS.WhatsApp][Encrypted][cat: Chat/9][14 pkts/1123 bytes <-> 13 pkts/1097 bytes][Goodput ratio: 31/36][1.34 sec][bytes ratio: 0.012 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/114 318/331 104/95][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 80/84 231/286 44/62][PLAIN TEXT (Android)][Plen Bins: 50,25,8,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][5 pkts/840 bytes <-> 4 pkts/344 bytes][Goodput ratio: 75/51][60.68 sec][bytes ratio: 0.419 (Upload)][IAT c2s/s2c min/avg/max/stddev: 208/189 15170/210 60006/241 25886/23][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Plen Bins: 0,44,0,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.45/STUN.WhatsAppCall][ClearText][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][58.83 sec][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/whois.pcapng.out b/tests/result/whois.pcapng.out index b37b1a415..51dffa7d0 100644 --- a/tests/result/whois.pcapng.out +++ b/tests/result/whois.pcapng.out @@ -11,5 +11,5 @@ JA3 Host Stats: 1 TCP 192.30.45.30:43 -> 10.160.63.128:53217 [VLAN: 1908][proto: 170/Whois-DAS][ClearText][cat: Network/14][5 pkts/3410 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.33 sec][PLAIN TEXT ( Domain Name)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0] - 2 TCP 10.17.34.139:64016 <-> 10.17.51.8:4343 [VLAN: 1603][proto: 91/TLS][ClearText][cat: Web/5][4 pkts/628 bytes <-> 3 pkts/1418 bytes][Goodput ratio: 54/86][0.24 sec][ALPN: h2;http/1.1][bytes ratio: -0.386 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/229 74/229 222/229 105/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/70 157/473 228/1278 71/569][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.2][JA3C: 5f48063f9f3a827056ccdabadcc3886a][JA3S: 649d6810e8392f63dc311eecb6b7098b][Issuer: CN=10.17.51.7][Subject: CN=10.17.51.7, CN=10.17.51.7][Certificate SHA-1: DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5][Firefox][Validity: 2017-11-14 08:00:00 - 2022-11-13 08:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] + 2 TCP 10.17.34.139:64016 <-> 10.17.51.8:4343 [VLAN: 1603][proto: 91/TLS][Encrypted][cat: Web/5][4 pkts/628 bytes <-> 3 pkts/1418 bytes][Goodput ratio: 54/86][0.24 sec][ALPN: h2;http/1.1][bytes ratio: -0.386 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/229 74/229 222/229 105/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/70 157/473 228/1278 71/569][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.2][JA3C: 5f48063f9f3a827056ccdabadcc3886a][JA3S: 649d6810e8392f63dc311eecb6b7098b][Issuer: CN=10.17.51.7][Subject: CN=10.17.51.7, CN=10.17.51.7][Certificate SHA-1: DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5][Firefox][Validity: 2017-11-14 08:00:00 - 2022-11-13 08:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] 3 TCP 10.0.2.15:44188 <-> 192.0.47.59:43 [proto: 170/Whois-DAS][ClearText][cat: Network/14][6 pkts/357 bytes <-> 5 pkts/527 bytes][Goodput ratio: 4/44][0.30 sec][Host: example.com][bytes ratio: -0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/119 60/60 120/119 50/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 60/105 74/287 8/91][PLAIN TEXT (example.com)][Plen Bins: 50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index 7c62ed376..483ad4b83 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -42,7 +42,7 @@ JA3 Host Stats: 18 UDP 192.168.1.117:23903 <-> 162.255.38.14:3479 [proto: 78.189/STUN.Zoom][ClearText][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.18 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/10 10/10 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Risk: ** Known protocol on non standard port **][Risk Score: 50][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 UDP 192.168.1.117:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][3 pkts/330 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Host: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][ClearText][cat: Network/14][1 pkts/321 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Host: tl-sg116e][DHCP Fingerprint: 1,3][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP 192.168.1.117:54341 -> 62.149.152.153:993 [proto: 51/IMAPS][ClearText][cat: Email/3][2 pkts/226 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][3.59 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP 192.168.1.117:54341 -> 62.149.152.153:993 [proto: 51/IMAPS][Encrypted][cat: Email/3][2 pkts/226 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][3.59 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP 192.168.1.117:65394 <-> 192.168.1.1:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 35/70][0.04 sec][Host: local][::][PLAIN TEXT (servers)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 UDP 192.168.1.117:51185 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][ClearText][cat: Video/26][1 pkts/80 bytes <-> 1 pkts/96 bytes][Goodput ratio: 47/56][0.04 sec][Host: zoomfrn99mmr.zoom.us][109.94.160.99][PLAIN TEXT (zoomfrn)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.1.117:58063 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][ClearText][cat: Video/26][1 pkts/78 bytes <-> 1 pkts/94 bytes][Goodput ratio: 46/55][0.03 sec][Host: zoomfr84zc.zoom.us][213.244.140.84][PLAIN TEXT (zoomfr84z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -51,7 +51,7 @@ JA3 Host Stats: 27 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][ClearText][cat: Video/26][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.04 sec][Host: www3.zoom.us][52.202.62.236][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][ClearText][cat: Video/26][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.04 sec][Host: log.zoom.us][52.202.62.238][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 ICMP 192.168.1.117:0 -> 162.255.38.14:0 [proto: 81.189/ICMP.Zoom][ClearText][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][ClearText][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][Encrypted][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 UDP 192.168.1.117:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 UDP 192.168.1.117:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][ClearText][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 UDP 192.168.1.117:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][Encrypted][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 ICMP 192.168.1.117:0 -> 192.168.1.1:0 [proto: 81/ICMP][ClearText][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |