diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/pcap/anydesk.pcap | bin | 0 -> 2906892 bytes | |||
| -rw-r--r-- | tests/result/anydesk.pcap.out | 9 |
2 files changed, 9 insertions, 0 deletions
diff --git a/tests/pcap/anydesk.pcap b/tests/pcap/anydesk.pcap Binary files differnew file mode 100644 index 000000000..8b9c70352 --- /dev/null +++ b/tests/pcap/anydesk.pcap diff --git a/tests/result/anydesk.pcap.out b/tests/result/anydesk.pcap.out new file mode 100644 index 000000000..d973bd9f4 --- /dev/null +++ b/tests/result/anydesk.pcap.out @@ -0,0 +1,9 @@ +AnyDesk 6963 2795460 2 + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.149.129 1 + + + 1 TCP 192.168.149.129:43535 <-> 51.83.238.219:80 [proto: 91.252/TLS.AnyDesk][cat: RemoteAccess/12][2942 pkts/175103 bytes <-> 4001 pkts/2618640 bytes][Goodput ratio: 9/92][55.97 sec][bytes ratio: -0.875 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/14 7028/7028 153/126][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 60/654 1514/1514 50/618][Risk: ** Known protocol on non standard port **** TLS (probably) not carrying HTTPS **][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA3S: 107030a763c7224285717ff1569a17f3][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384] + 2 TCP 192.168.149.129:36351 <-> 51.83.239.144:80 [proto: 7.252/HTTP.AnyDesk][cat: RemoteAccess/12][10 pkts/792 bytes <-> 10 pkts/925 bytes][Goodput ratio: 32/38][45.83 sec][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 32/31 5700/5700 15000/15001 7162/7162][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/92 105/213 25/45] |