aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/cfgs/caches_global/result/mining.pcapng.out2
-rw-r--r--tests/cfgs/default/result/fins.pcap.out2
-rw-r--r--tests/cfgs/default/result/http-crash-content-disposition.pcap.out2
-rw-r--r--tests/cfgs/default/result/instagram.pcap.out10
-rw-r--r--tests/cfgs/default/result/mining.pcapng.out2
-rw-r--r--tests/cfgs/default/result/ocs.pcap.out24
-rw-r--r--tests/cfgs/default/result/pop3.pcap.out10
-rw-r--r--tests/cfgs/default/result/pop3_stls.pcap.out2
-rw-r--r--tests/cfgs/default/result/webex.pcap.out104
-rw-r--r--tests/cfgs/guessing_disable/result/webex.pcap.out104
10 files changed, 131 insertions, 131 deletions
diff --git a/tests/cfgs/caches_global/result/mining.pcapng.out b/tests/cfgs/caches_global/result/mining.pcapng.out
index 0295a393b..3e9c18edd 100644
--- a/tests/cfgs/caches_global/result/mining.pcapng.out
+++ b/tests/cfgs/caches_global/result/mining.pcapng.out
@@ -25,6 +25,6 @@ Mining 673 219078 4
Unsafe 673 219078 4
1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes][Goodput ratio: 93/43][1091.42 sec][currency: ZCash][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7234/8131 71734/71815 15224/15291][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 900/117 1514/376 709/99][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (method)][Plen Bins: 28,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,29,0,0]
- 2 TCP 147.229.13.222:49307 <-> 185.71.66.39:9999 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Mining/99][112 pkts/10941 bytes <-> 97 pkts/20817 bytes][Goodput ratio: 45/74][295.93 sec][currency: Ethereum][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 2992/2893 9784/10017 3265/3384][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/215 259/297 57/112][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Unknown][PLAIN TEXT (worker)][Plen Bins: 0,1,28,0,12,0,0,58,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 147.229.13.222:49307 <-> 185.71.66.39:9999 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Mining/99][112 pkts/10941 bytes <-> 97 pkts/20817 bytes][Goodput ratio: 45/74][295.93 sec][currency: Ethereum][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 2992/2893 9784/10017 3265/3384][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/215 259/297 57/112][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Windows][PLAIN TEXT (worker)][Plen Bins: 0,1,28,0,12,0,0,58,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes][Goodput ratio: 53/53][1154.54 sec][currency: ZCash/Monero][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 15953/19141 60205/60205 20621/20751][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/143 326/369 91/88][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (method)][Plen Bins: 0,40,0,0,0,44,0,13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Mining/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes][Goodput ratio: 70/78][1065.16 sec][currency: ZCash][bytes ratio: -0.136 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46166/51528 195463/195463 61020/65306][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 186/255 1498/364 395/138][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (method)][Plen Bins: 4,13,4,8,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0]
diff --git a/tests/cfgs/default/result/fins.pcap.out b/tests/cfgs/default/result/fins.pcap.out
index f0596c21b..2d2c76268 100644
--- a/tests/cfgs/default/result/fins.pcap.out
+++ b/tests/cfgs/default/result/fins.pcap.out
@@ -26,5 +26,5 @@ FINS 257 17841 3
Acceptable 257 17841 3
1 UDP 10.4.14.102:58722 -> 10.130.130.130:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 362/FINS, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][245 pkts/16887 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 69/0 582/0 46/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (filename.exeaaaaaaaaaaaaaaaaaaa)][Plen Bins: 89,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 10.1.1.173:17134 <-> 10.1.1.164:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][6 pkts/385 bytes <-> 4 pkts/366 bytes][Goodput ratio: 13/40][0.59 sec][bytes ratio: 0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/145 117/151 158/157 58/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 64/92 83/176 11/50][TCP Fingerprint: 2_128_8192_4697958db063/Unknown][PLAIN TEXT (EL20DR)][Plen Bins: 75,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 10.1.1.173:17134 <-> 10.1.1.164:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][6 pkts/385 bytes <-> 4 pkts/366 bytes][Goodput ratio: 13/40][0.59 sec][bytes ratio: 0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/145 117/151 158/157 58/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 64/92 83/176 11/50][TCP Fingerprint: 2_128_8192_4697958db063/Windows][PLAIN TEXT (EL20DR)][Plen Bins: 75,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 10.1.1.173:54855 <-> 10.1.1.164:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 362/FINS, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/55 bytes <-> 1 pkts/148 bytes][Goodput ratio: 23/71][0.16 sec][PLAIN TEXT (EL20DR)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/http-crash-content-disposition.pcap.out b/tests/cfgs/default/result/http-crash-content-disposition.pcap.out
index 70263e234..fe75dca40 100644
--- a/tests/cfgs/default/result/http-crash-content-disposition.pcap.out
+++ b/tests/cfgs/default/result/http-crash-content-disposition.pcap.out
@@ -24,4 +24,4 @@ HTTP 9 3328 1
Acceptable 9 3328 1
- 1 TCP 192.168.0.103:51171 <-> 174.129.0.10:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/691 bytes <-> 5 pkts/2637 bytes][Goodput ratio: 69/90][0.31 sec][Hostname/SNI: khu.sh][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/50 125/145 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 173/527 480/1492 178/601][URL: khu.sh/imessages.php?songify_a=3h248fIbwJ&new][StatusCode: 200][Req Content-Type: text/plain][Content-Type: text/html][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (POST /imessages.php)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
+ 1 TCP 192.168.0.103:51171 <-> 174.129.0.10:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/691 bytes <-> 5 pkts/2637 bytes][Goodput ratio: 69/90][0.31 sec][Hostname/SNI: khu.sh][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/50 125/145 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 173/527 480/1492 178/601][URL: khu.sh/imessages.php?songify_a=3h248fIbwJ&new][StatusCode: 200][Req Content-Type: text/plain][Content-Type: text/html][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (POST /imessages.php)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out
index 87935e0ab..82bd63292 100644
--- a/tests/cfgs/default/result/instagram.pcap.out
+++ b/tests/cfgs/default/result/instagram.pcap.out
@@ -54,19 +54,19 @@ JA3 Host Stats:
8 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 23][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][Goodput ratio: 96/0][0.04 sec][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 7/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484/66 1484/66 0/0][PLAIN TEXT (inOCIM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0]
9 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Web/5][14 pkts/924 bytes <-> 20 pkts/28115 bytes][Goodput ratio: 0/95][7.36 sec][bytes ratio: -0.936 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 735/0 7321/3 2195/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/1406 66/1484 0/309][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.832 (Encrypted or Random?)][PLAIN TEXT (dGQaNFV)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,94,0,0,0]
10 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 18][cat: Web/5][16 pkts/22931 bytes <-> 9 pkts/594 bytes][Goodput ratio: 95/0][0.02 sec][bytes ratio: 0.950 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 5/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 671/66 1433/66 1484/66 197/0][PLAIN TEXT (DD.DOo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0]
- 11 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 211/Instagram, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][Goodput ratio: 51/92][0.19 sec][Hostname/SNI: igcdn-photos-g-a.akamaihd.net][bytes ratio: -0.707 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/23 56/88 18/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/886 375/1484 114/640][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,10,10,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,40,0,0,0]
+ 11 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 211/Instagram, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][Goodput ratio: 51/92][0.19 sec][Hostname/SNI: igcdn-photos-g-a.akamaihd.net][bytes ratio: -0.707 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/23 56/88 18/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/886 375/1484 114/640][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,10,10,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,40,0,0,0]
12 TCP 192.168.2.17:49358 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 8][cat: SocialNetwork/6][7 pkts/1506 bytes <-> 10 pkts/7394 bytes][Goodput ratio: 68/91][0.20 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/21 12/155 5/51][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 215/739 595/1454 209/621][TCP Fingerprint: 2_64_65535_dd5737e4fedb/macOS][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309ht_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,0,10,10,0,0,0,0,0,0,10,0,0,10,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0]
13 TCP 192.168.2.17:49360 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 8][cat: SocialNetwork/6][6 pkts/1422 bytes <-> 10 pkts/7098 bytes][Goodput ratio: 71/91][0.03 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/2 14/16 6/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237/710 592/1454 213/633][TCP Fingerprint: 2_64_65535_dd5737e4fedb/macOS][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309ht_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,10,0,0,0,0,0,10,0,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0]
- 14 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 211/Instagram, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][Goodput ratio: 57/90][0.17 sec][Hostname/SNI: igcdn-photos-h-a.akamaihd.net][bytes ratio: -0.515 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/29 79/103 25/38][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/689 516/1484 151/647][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 7df57c06f869fc3ce509521cae2f75ce][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,0,0,12,0,12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,25,0,0,0]
+ 14 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 211/Instagram, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][Goodput ratio: 57/90][0.17 sec][Hostname/SNI: igcdn-photos-h-a.akamaihd.net][bytes ratio: -0.515 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/29 79/103 25/38][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/689 516/1484 151/647][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 7df57c06f869fc3ce509521cae2f75ce][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,0,0,12,0,12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,25,0,0,0]
15 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][6 pkts/4699 bytes <-> 6 pkts/1345 bytes][Goodput ratio: 92/71][2.36 sec][bytes ratio: 0.555 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 590/590 2180/2130 921/894][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 783/224 1464/1015 545/354][Plen Bins: 0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0]
16 TCP 192.168.2.17:49355 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][8 pkts/1324 bytes <-> 8 pkts/4461 bytes][Goodput ratio: 59/88][0.05 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/2 16/14 7/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 166/558 564/1454 167/553][Risk: ** Malicious Fingerpint **][Risk Score: 50][Risk Info: 7a29c223fb122ec64d10f0a159e07996][TCP Fingerprint: 2_64_65535_dd5737e4fedb/macOS][TLSv1.3 (Fizz)][JA3C: 7a29c223fb122ec64d10f0a159e07996][JA4: t00d0307ht_55b375c5d22e_1472448224a5][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,22,0,0,11,0,0,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0]
- 17 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 211/Instagram, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][Goodput ratio: 40/91][0.16 sec][Hostname/SNI: igcdn-photos-a-a.akamaihd.net][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/11 70/40 27/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112/778 292/1484 81/657][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,34,0,0,0]
- 18 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 211/Instagram, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][Goodput ratio: 40/91][0.16 sec][Hostname/SNI: igcdn-photos-a-a.akamaihd.net][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/12 71/47 27/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112/778 292/1484 81/657][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,34,0,0,0]
+ 17 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 211/Instagram, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][Goodput ratio: 40/91][0.16 sec][Hostname/SNI: igcdn-photos-a-a.akamaihd.net][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/11 70/40 27/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112/778 292/1484 81/657][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,34,0,0,0]
+ 18 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 211/Instagram, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][Goodput ratio: 40/91][0.16 sec][Hostname/SNI: igcdn-photos-a-a.akamaihd.net][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/12 71/47 27/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112/778 292/1484 81/657][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,34,0,0,0]
19 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][5 pkts/1279 bytes <-> 6 pkts/4118 bytes][Goodput ratio: 74/90][2.48 sec][bytes ratio: -0.526 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/51 254/202 110/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/686 1015/1464 380/610][Plen Bins: 0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0]
20 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][5 pkts/1279 bytes <-> 5 pkts/4020 bytes][Goodput ratio: 74/92][0.22 sec][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/43 215/172 93/74][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/804 1015/1464 380/595][Plen Bins: 0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0]
21 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.211/HTTP.Instagram, Confidence: DPI][DPI packets: 7][cat: SocialNetwork/6][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Goodput ratio: 46/94][0.18 sec][Hostname/SNI: photos-f.ak.instagram.com][bytes ratio: -0.722 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 61/0 184/1 87/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/488 140/1152 325/1484 107/470][URL: photos-f.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11424623_1608163109450421_663315883_n.jpg?se=7][User-Agent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
22 TCP 192.168.2.17:49359 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 8][cat: SocialNetwork/6][4 pkts/1208 bytes <-> 6 pkts/2647 bytes][Goodput ratio: 77/85][0.03 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.373 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/3 14/14 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 302/441 579/1454 232/505][TCP Fingerprint: 2_64_65535_dd5737e4fedb/macOS][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309ht_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,20,0,0,0,0,0,0,20,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0]
- 23 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][Goodput ratio: 62/50][0.80 sec][Hostname/SNI: telegraph-ash.instagram.com][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 94/80 183/182 82/81][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 176/133 530/231 155/70][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][JA3S: acb741bcdffb787c5a52654c78645bdf][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,12,0,25,12,12,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][Goodput ratio: 62/50][0.80 sec][Hostname/SNI: telegraph-ash.instagram.com][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 94/80 183/182 82/81][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 176/133 530/231 155/70][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][JA3S: acb741bcdffb787c5a52654c78645bdf][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,12,0,25,12,12,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 TCP 192.168.2.17:49361 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 8][cat: SocialNetwork/6][6 pkts/1422 bytes <-> 4 pkts/494 bytes][Goodput ratio: 71/45][0.03 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 13/15 6/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237/124 592/288 213/95][TCP Fingerprint: 2_64_65535_dd5737e4fedb/macOS][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309ht_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,25,0,0,0,25,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][4 pkts/580 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][0.01 sec][PLAIN TEXT ( 413767116)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/510 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][2.67 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/mining.pcapng.out b/tests/cfgs/default/result/mining.pcapng.out
index 0295a393b..3e9c18edd 100644
--- a/tests/cfgs/default/result/mining.pcapng.out
+++ b/tests/cfgs/default/result/mining.pcapng.out
@@ -25,6 +25,6 @@ Mining 673 219078 4
Unsafe 673 219078 4
1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes][Goodput ratio: 93/43][1091.42 sec][currency: ZCash][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7234/8131 71734/71815 15224/15291][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 900/117 1514/376 709/99][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (method)][Plen Bins: 28,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,29,0,0]
- 2 TCP 147.229.13.222:49307 <-> 185.71.66.39:9999 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Mining/99][112 pkts/10941 bytes <-> 97 pkts/20817 bytes][Goodput ratio: 45/74][295.93 sec][currency: Ethereum][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 2992/2893 9784/10017 3265/3384][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/215 259/297 57/112][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Unknown][PLAIN TEXT (worker)][Plen Bins: 0,1,28,0,12,0,0,58,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 147.229.13.222:49307 <-> 185.71.66.39:9999 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Mining/99][112 pkts/10941 bytes <-> 97 pkts/20817 bytes][Goodput ratio: 45/74][295.93 sec][currency: Ethereum][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 2992/2893 9784/10017 3265/3384][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/215 259/297 57/112][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Windows][PLAIN TEXT (worker)][Plen Bins: 0,1,28,0,12,0,0,58,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes][Goodput ratio: 53/53][1154.54 sec][currency: ZCash/Monero][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 15953/19141 60205/60205 20621/20751][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/143 326/369 91/88][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (method)][Plen Bins: 0,40,0,0,0,44,0,13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Mining/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes][Goodput ratio: 70/78][1065.16 sec][currency: ZCash][bytes ratio: -0.136 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46166/51528 195463/195463 61020/65306][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 186/255 1498/364 395/138][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (method)][Plen Bins: 4,13,4,8,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0]
diff --git a/tests/cfgs/default/result/ocs.pcap.out b/tests/cfgs/default/result/ocs.pcap.out
index 9a9a4256f..5f8e71b08 100644
--- a/tests/cfgs/default/result/ocs.pcap.out
+++ b/tests/cfgs/default/result/ocs.pcap.out
@@ -43,18 +43,18 @@ JA3 Host Stats:
1 192.168.180.2 4
- 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][IP: 218/OCS][ClearText][Confidence: DPI][FPC: 218/OCS, Confidence: IP address][DPI packets: 11][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Goodput ratio: 1/0][51.39 sec][Hostname/SNI: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/0 3996/0 235/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 60/0 715/0 25/0][URL: ocu03.labgency.ws/catalog/vod?v=3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (POST /catalog/vod)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/TLS.OCS][IP: 218/OCS][Encrypted][Confidence: DPI][FPC: 218/OCS, Confidence: IP address][DPI packets: 15][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][3.85 sec][Hostname/SNI: ocs.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 210/0 998/0 326/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 304/0 1440/0 368/0][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 0534a22b266a64a5cc9a90f7b5c483cc][JA4: t10d350300_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,0,0,0,0,0,22,11,0,11,0,0,0,0,0,0,0,0,0,11,11,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0]
- 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][IP: 218/OCS][ClearText][Confidence: DPI][FPC: 218/OCS, Confidence: IP address][DPI packets: 11][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Goodput ratio: 6/0][3.75 sec][Hostname/SNI: www.ocs.fr][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/0 91/0 30/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 65/0 208/0 24/0][URL: www.ocs.fr/data_plateforme/program/18496/tv_detail_mortdunpourw0012236_72f6c.jpg][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Empty or missing User-Agent][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (GET /data)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.275/TLS.Crashlytics][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 16][cat: DataTransfer/4][20 pkts/2715 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][2.62 sec][Hostname/SNI: settings.crashlytics.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 145/0 1003/0 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 40/0 136/0 1209/0 253/0][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: b030dba3ca09e2e484b9fa75adc4039c][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][Plen Bins: 0,20,0,0,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0]
- 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 12][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][0.42 sec][Hostname/SNI: mtalk.google.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 39/0 75/0 26/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 184/0 1287/0 339/0][Risk: ** TLS (probably) Not Carrying HTTPS **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][Firefox][Plen Bins: 0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
- 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 12][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][0.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/0 112/0 36/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 134/0 649/0 166/0][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 13][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][0.81 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/0 103/0 38/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 111/0 425/0 106/0][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,25,0,0,25,25,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][IP: 218/OCS][ClearText][Confidence: DPI][FPC: 218/OCS, Confidence: IP address][DPI packets: 6][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][1.36 sec][Hostname/SNI: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 272/0 1043/0 395/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182/0 824/0 287/0][URL: ocu03.labgency.ws/catalog/vod?v=3][User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (POST /catalog/vod)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][1.18 sec][Hostname/SNI: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 197/0 503/0 209/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77/0 136/0 37/0][URL: api.eu01.capptain.com/ip-to-country][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Empty or missing User-Agent][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (GET /ip)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 6][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Goodput ratio: 33/0][0.23 sec][Hostname/SNI: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 46/0 101/0 39/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 80/0 211/0 59/0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Empty or missing User-Agent][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (GET /xmpp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 TCP 192.168.180.2:46166 -> 137.135.131.52:5122 [proto: 276/Azure][IP: 276/Azure][Encrypted][Confidence: Match by IP][FPC: 276/Azure, Confidence: IP address][DPI packets: 6][cat: Cloud/13][6 pkts/360 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][31.08 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 998/0 6216/0 16046/0 5473/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 60/0 60/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][IP: 126/Google][Encrypted][Confidence: Match by IP][FPC: 126/Google, Confidence: IP address][DPI packets: 2][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][8.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][IP: 218/OCS][ClearText][Confidence: DPI][FPC: 218/OCS, Confidence: IP address][DPI packets: 11][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Goodput ratio: 1/0][51.39 sec][Hostname/SNI: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/0 3996/0 235/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 60/0 715/0 25/0][URL: ocu03.labgency.ws/catalog/vod?v=3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (POST /catalog/vod)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/TLS.OCS][IP: 218/OCS][Encrypted][Confidence: DPI][FPC: 218/OCS, Confidence: IP address][DPI packets: 15][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][3.85 sec][Hostname/SNI: ocs.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 210/0 998/0 326/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 304/0 1440/0 368/0][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 0534a22b266a64a5cc9a90f7b5c483cc][JA4: t10d350300_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,0,0,0,0,0,22,11,0,11,0,0,0,0,0,0,0,0,0,11,11,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0]
+ 3 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][IP: 218/OCS][ClearText][Confidence: DPI][FPC: 218/OCS, Confidence: IP address][DPI packets: 11][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Goodput ratio: 6/0][3.75 sec][Hostname/SNI: www.ocs.fr][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/0 91/0 30/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 65/0 208/0 24/0][URL: www.ocs.fr/data_plateforme/program/18496/tv_detail_mortdunpourw0012236_72f6c.jpg][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Empty or missing User-Agent][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (GET /data)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.275/TLS.Crashlytics][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 16][cat: DataTransfer/4][20 pkts/2715 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][2.62 sec][Hostname/SNI: settings.crashlytics.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 145/0 1003/0 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 40/0 136/0 1209/0 253/0][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: b030dba3ca09e2e484b9fa75adc4039c][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][Plen Bins: 0,20,0,0,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0]
+ 5 TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 12][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][0.42 sec][Hostname/SNI: mtalk.google.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 39/0 75/0 26/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 184/0 1287/0 339/0][Risk: ** TLS (probably) Not Carrying HTTPS **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][Firefox][Plen Bins: 0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
+ 6 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 12][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][0.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/0 112/0 36/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 134/0 649/0 166/0][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 13][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][0.81 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/0 103/0 38/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 111/0 425/0 106/0][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,25,0,0,25,25,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][IP: 218/OCS][ClearText][Confidence: DPI][FPC: 218/OCS, Confidence: IP address][DPI packets: 6][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][1.36 sec][Hostname/SNI: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 272/0 1043/0 395/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182/0 824/0 287/0][URL: ocu03.labgency.ws/catalog/vod?v=3][User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (POST /catalog/vod)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][1.18 sec][Hostname/SNI: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 197/0 503/0 209/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77/0 136/0 37/0][URL: api.eu01.capptain.com/ip-to-country][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Empty or missing User-Agent][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (GET /ip)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 6][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Goodput ratio: 33/0][0.23 sec][Hostname/SNI: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 46/0 101/0 39/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 80/0 211/0 59/0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Empty or missing User-Agent][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (GET /xmpp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 TCP 192.168.180.2:46166 -> 137.135.131.52:5122 [proto: 276/Azure][IP: 276/Azure][Encrypted][Confidence: Match by IP][FPC: 276/Azure, Confidence: IP address][DPI packets: 6][cat: Cloud/13][6 pkts/360 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][31.08 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 998/0 6216/0 16046/0 5473/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 60/0 60/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][IP: 126/Google][Encrypted][Confidence: Match by IP][FPC: 126/Google, Confidence: IP address][DPI packets: 2][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][8.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][< 1 sec][Hostname/SNI: xmpp.device06.eu01.capptain.com][0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (device06)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.228/DNS.PlayStore, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/72 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][< 1 sec][Hostname/SNI: android.clients.google.com][0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (android)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5.275/DNS.Crashlytics][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.275/DNS.Crashlytics, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: settings.crashlytics.com][0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (settings)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/pop3.pcap.out b/tests/cfgs/default/result/pop3.pcap.out
index d0c0e1cf2..bd03c65fe 100644
--- a/tests/cfgs/default/result/pop3.pcap.out
+++ b/tests/cfgs/default/result/pop3.pcap.out
@@ -24,9 +24,9 @@ POP3 144 31172 6
Unsafe 144 31172 6
- 1 TCP 192.168.0.4:26383 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Email/3][22 pkts/1338 bytes <-> 30 pkts/21359 bytes][Goodput ratio: 10/92][1.26 sec][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59/41 97/111 37/39][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 61/712 120/1514 14/680][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Unknown][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 47,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,30,0,0]
+ 1 TCP 192.168.0.4:26383 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Email/3][22 pkts/1338 bytes <-> 30 pkts/21359 bytes][Goodput ratio: 10/92][1.26 sec][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59/41 97/111 37/39][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 61/712 120/1514 14/680][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Windows][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 47,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,30,0,0]
2 TCP 143.225.229.181:35287 <-> 74.208.5.28:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Email/3][18 pkts/1269 bytes <-> 13 pkts/2646 bytes][Goodput ratio: 6/67][27.32 sec][User: cicciopernacchio@mail.com][Pwd: pippozzo][bytes ratio: -0.352 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1792/2973 5526/5668 2204/2427][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 70/204 98/1514 8/379][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found username (cicciopernacchio@mail.com)][TCP Fingerprint: 2_64_5840_8c07a80cc645/Unknown][PLAIN TEXT (OK POP server ready H migmxus)][Plen Bins: 60,20,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
- 3 TCP 192.168.0.4:26308 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Email/3][9 pkts/594 bytes <-> 10 pkts/881 bytes][Goodput ratio: 16/34][0.59 sec][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 29/0 64/64 81/88 18/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/88 120/145 20/32][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Unknown][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 63,9,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 192.168.0.4:26284 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 17][cat: Email/3][9 pkts/596 bytes <-> 9 pkts/735 bytes][Goodput ratio: 14/28][3.52 sec][bytes ratio: -0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 33/1 484/65 2995/98 1025/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/82 116/145 18/27][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Unknown][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 66,22,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 TCP 192.168.0.4:26272 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Email/3][6 pkts/348 bytes <-> 6 pkts/529 bytes][Goodput ratio: 3/33][0.21 sec][bytes ratio: -0.206 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 40/32 65/48 24/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58/88 66/145 4/31][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Unknown][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 60,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 TCP 192.168.0.4:26304 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Email/3][6 pkts/348 bytes <-> 6 pkts/529 bytes][Goodput ratio: 3/33][0.25 sec][bytes ratio: -0.206 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 44/43 73/81 27/33][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58/88 66/145 4/31][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Unknown][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 60,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 192.168.0.4:26308 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Email/3][9 pkts/594 bytes <-> 10 pkts/881 bytes][Goodput ratio: 16/34][0.59 sec][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 29/0 64/64 81/88 18/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/88 120/145 20/32][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Windows][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 63,9,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 192.168.0.4:26284 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 17][cat: Email/3][9 pkts/596 bytes <-> 9 pkts/735 bytes][Goodput ratio: 14/28][3.52 sec][bytes ratio: -0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 33/1 484/65 2995/98 1025/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/82 116/145 18/27][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Windows][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 66,22,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 TCP 192.168.0.4:26272 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Email/3][6 pkts/348 bytes <-> 6 pkts/529 bytes][Goodput ratio: 3/33][0.21 sec][bytes ratio: -0.206 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 40/32 65/48 24/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58/88 66/145 4/31][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Windows][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 60,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 TCP 192.168.0.4:26304 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Email/3][6 pkts/348 bytes <-> 6 pkts/529 bytes][Goodput ratio: 3/33][0.25 sec][bytes ratio: -0.206 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 44/43 73/81 27/33][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58/88 66/145 4/31][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_8192_4697958db063/Windows][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 60,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/pop3_stls.pcap.out b/tests/cfgs/default/result/pop3_stls.pcap.out
index c043dffe1..86493a311 100644
--- a/tests/cfgs/default/result/pop3_stls.pcap.out
+++ b/tests/cfgs/default/result/pop3_stls.pcap.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 192.168.20.18 1
- 1 TCP 192.168.20.18:50583 <-> 72.249.41.52:110 [proto: 23/POPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 18][cat: Email/3][23 pkts/2059 bytes <-> 30 pkts/9130 bytes][Goodput ratio: 39/82][5.43 sec][Hostname/SNI: pop.lavabit.com][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/0 273/202 2072/2002 508/432][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/304 368/1514 69/480][Risk: ** Obsolete TLS (v1.1 or older) **** Unsafe Protocol **][Risk Score: 110][Risk Info: TLSv1][TCP Fingerprint: 2_128_8192_4697958db063/Unknown][TLSv1][JA3C: 207409c2b30e670ca50e1eac016a4831][JA4: t10d360400_77f462745360_a875e5012fde][ServerNames: *.lavabit.com,lavabit.com][JA3S: 6b96cf9c27b0223177b0e9f135fe4899 (INSECURE)][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certificates.godaddy.com/repository, CN=Go Daddy Secure Certification Authority][Subject: O=*.lavabit.com, OU=Domain Control Validated, CN=*.lavabit.com][Certificate SHA-1: 1D:14:60:3D:5E:0F:A2:EB:61:C5:27:F8:A4:26:80:B3:E5:BB:A2:B2][Validity: 2012-02-17 04:07:46 - 2017-02-17 04:07:46][Cipher: TLS_RSA_WITH_RC4_128_SHA][PLAIN TEXT (ERR Unrecognized command.)][Plen Bins: 34,37,2,2,2,5,0,2,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
+ 1 TCP 192.168.20.18:50583 <-> 72.249.41.52:110 [proto: 23/POPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 18][cat: Email/3][23 pkts/2059 bytes <-> 30 pkts/9130 bytes][Goodput ratio: 39/82][5.43 sec][Hostname/SNI: pop.lavabit.com][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/0 273/202 2072/2002 508/432][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/304 368/1514 69/480][Risk: ** Obsolete TLS (v1.1 or older) **** Unsafe Protocol **][Risk Score: 110][Risk Info: TLSv1][TCP Fingerprint: 2_128_8192_4697958db063/Windows][TLSv1][JA3C: 207409c2b30e670ca50e1eac016a4831][JA4: t10d360400_77f462745360_a875e5012fde][ServerNames: *.lavabit.com,lavabit.com][JA3S: 6b96cf9c27b0223177b0e9f135fe4899 (INSECURE)][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certificates.godaddy.com/repository, CN=Go Daddy Secure Certification Authority][Subject: O=*.lavabit.com, OU=Domain Control Validated, CN=*.lavabit.com][Certificate SHA-1: 1D:14:60:3D:5E:0F:A2:EB:61:C5:27:F8:A4:26:80:B3:E5:BB:A2:B2][Validity: 2012-02-17 04:07:46 - 2017-02-17 04:07:46][Cipher: TLS_RSA_WITH_RC4_128_SHA][PLAIN TEXT (ERR Unrecognized command.)][Plen Bins: 34,37,2,2,2,5,0,2,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out
index 560209b4a..a44a6bf11 100644
--- a/tests/cfgs/default/result/webex.pcap.out
+++ b/tests/cfgs/default/result/webex.pcap.out
@@ -39,60 +39,60 @@ JA3 Host Stats:
1 10.8.0.1 6
- 1 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][Goodput ratio: 68/99][2.76 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112/101 455/404 117/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172/3746 590/18020 206/4700][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,3,0,0,3,0,0,3,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,45]
- 2 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][Goodput ratio: 77/97][5.52 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/138 1189/1223 220/218][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/1717 590/17734 233/3587][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][ServerNames: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Firefox][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,2,4,0,0,0,2,0,4,2,0,0,0,2,4,2,24,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,22,0,0,0,0,24]
- 3 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][Goodput ratio: 48/97][2.62 sec][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/154 1031/979 260/240][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/2130 590/8901 135/2682][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,34]
- 4 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][Goodput ratio: 56/98][3.76 sec][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 383/399 1876/1875 577/571][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2863 528/14373 150/4304][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,9,9,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
- 5 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][21 pkts/2017 bytes <-> 22 pkts/32272 bytes][Goodput ratio: 43/96][5.83 sec][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 347/332 2165/2214 528/526][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 96/1467 528/10581 119/2498][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (sTTjbc)][Plen Bins: 0,9,4,4,0,4,9,4,0,9,9,0,0,0,4,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
- 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][Goodput ratio: 66/97][1.48 sec][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108/139 519/469 176/158][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165/1865 590/8448 193/2711][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,0,0,0,0,0,0,9,0,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,36]
- 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][Goodput ratio: 76/60][68.57 sec][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1424/790 16039/7189 2911/1473][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 229/134 590/3961 154/547][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,5,40,16,1,11,3,1,0,0,5,0,3,0,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
+ 1 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][Goodput ratio: 68/99][2.76 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112/101 455/404 117/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172/3746 590/18020 206/4700][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,3,0,0,3,0,0,3,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,45]
+ 2 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][Goodput ratio: 77/97][5.52 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/138 1189/1223 220/218][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/1717 590/17734 233/3587][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][ServerNames: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Firefox][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,2,4,0,0,0,2,0,4,2,0,0,0,2,4,2,24,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,22,0,0,0,0,24]
+ 3 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][Goodput ratio: 48/97][2.62 sec][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/154 1031/979 260/240][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/2130 590/8901 135/2682][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,34]
+ 4 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][Goodput ratio: 56/98][3.76 sec][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 383/399 1876/1875 577/571][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2863 528/14373 150/4304][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,9,9,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
+ 5 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][21 pkts/2017 bytes <-> 22 pkts/32272 bytes][Goodput ratio: 43/96][5.83 sec][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 347/332 2165/2214 528/526][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 96/1467 528/10581 119/2498][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (sTTjbc)][Plen Bins: 0,9,4,4,0,4,9,4,0,9,9,0,0,0,4,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
+ 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][Goodput ratio: 66/97][1.48 sec][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108/139 519/469 176/158][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165/1865 590/8448 193/2711][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,0,0,0,0,0,0,9,0,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,36]
+ 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][Goodput ratio: 76/60][68.57 sec][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1424/790 16039/7189 2911/1473][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 229/134 590/3961 154/547][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,5,40,16,1,11,3,1,0,0,5,0,3,0,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][95.92 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1008/0 4783/0 32494/0 6932/0][Pkt Len c2s/s2c min/avg/max/stddev: 698/0 698/0 698/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][Goodput ratio: 65/80][21.38 sec][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 796/452 6005/3010 1691/778][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/276 432/3961 108/830][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,13,17,13,4,4,30,0,0,0,4,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4]
- 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 14][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][Goodput ratio: 55/90][41.17 sec][Hostname/SNI: api.crittercism.com][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3166/655 34507/5259 9151/1546][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124/542 590/1502 149/614][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: *.crittercism.com,crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com][Certificate SHA-1: 68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18][Validity: 2015-01-14 00:00:00 - 2020-01-13 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 8,8,8,0,0,0,8,8,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,8,0,0,0,0,16,0,8,0,0]
- 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][Goodput ratio: 64/94][3.96 sec][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 523/352 2070/1020 730/365][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/873 576/3993 179/1444][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][Goodput ratio: 70/95][1.07 sec][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/51 160/195 357/356 154/126][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187/990 576/3993 192/1508][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][Goodput ratio: 63/93][3.00 sec][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 385/312 2171/1116 743/396][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/828 528/2974 166/1099][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28]
- 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][Goodput ratio: 63/93][3.01 sec][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 386/312 2179/1125 746/385][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/825 528/2633 166/1028][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,28]
- 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][Goodput ratio: 66/93][0.78 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 97/110 277/276 117/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/832 528/2581 172/1033][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,28]
- 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.10 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 546/396 2119/1071 812/386][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.09 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 545/396 2066/1021 793/377][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][Goodput ratio: 63/92][4.04 sec][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 534/640 3074/2046 1048/713][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/649 528/3993 166/1255][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,34,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16]
- 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][Goodput ratio: 66/93][2.90 sec][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 433/304 2119/1065 772/366][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/723 528/2633 172/919][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,14]
- 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][Goodput ratio: 66/87][1.15 sec][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 113/139 555/553 189/186][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/401 590/2581 167/758][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,22,0,0,11,11,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,11]
- 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.40 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/190 512/509 170/160][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
- 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.32 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 118/180 470/468 157/151][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
- 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][4.59 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 305/639 1712/1786 557/738][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
- 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][Goodput ratio: 67/91][3.85 sec][Hostname/SNI: ssl.google-analytics.com][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389/621 1225/1224 477/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171/604 590/3751 168/1199][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][ServerNames: *.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Firefox][Validity: 2015-09-29 19:00:07 - 2015-12-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,14,0,0,14,14,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
- 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][Goodput ratio: 43/90][3.11 sec][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263/413 1025/1231 416/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/550 380/2581 101/889][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20]
- 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.09 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 301/484 1105/1237 425/496][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
- 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.08 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 299/483 1096/1238 423/498][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
- 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
- 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][Goodput ratio: 14/92][4.09 sec][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596/745 1927/1038 776/424][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/705 117/2896 22/1054][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][Goodput ratio: 15/94][4.08 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018/992 2975/1922 1214/785][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/835 117/3961 23/1563][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
- 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][Goodput ratio: 60/50][13.16 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644/1879 10453/11491 3421/3952][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/109 590/472 163/127][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 28,14,0,0,14,0,14,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][59.53 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8504/9920 59268/59268 20725/22069][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][13.15 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877/2190 12884/12885 4494/4783][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Goodput ratio: 64/60][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8230/114 40802/243 16286/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/137 590/551 194/185][URL: cp.pushwoosh.com/json/1.3/registerDevice][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (POST /j)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][Goodput ratio: 69/28][1.57 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/390 1555/1504 621/643][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 183/76 590/183 180/48][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,20,20,0,20,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Goodput ratio: 53/65][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 10286/13713 40778/40779 17605/19138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 125/153 388/551 132/199][URL: cp.pushwoosh.com/json/1.3/applicationOpen][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (POST /j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][Goodput ratio: 65/80][21.38 sec][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 796/452 6005/3010 1691/778][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/276 432/3961 108/830][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,13,17,13,4,4,30,0,0,0,4,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4]
+ 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 14][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][Goodput ratio: 55/90][41.17 sec][Hostname/SNI: api.crittercism.com][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3166/655 34507/5259 9151/1546][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124/542 590/1502 149/614][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: *.crittercism.com,crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com][Certificate SHA-1: 68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18][Validity: 2015-01-14 00:00:00 - 2020-01-13 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 8,8,8,0,0,0,8,8,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,8,0,0,0,0,16,0,8,0,0]
+ 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][Goodput ratio: 64/94][3.96 sec][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 523/352 2070/1020 730/365][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/873 576/3993 179/1444][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][Goodput ratio: 70/95][1.07 sec][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/51 160/195 357/356 154/126][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187/990 576/3993 192/1508][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][Goodput ratio: 63/93][3.00 sec][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 385/312 2171/1116 743/396][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/828 528/2974 166/1099][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28]
+ 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][Goodput ratio: 63/93][3.01 sec][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 386/312 2179/1125 746/385][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/825 528/2633 166/1028][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,28]
+ 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][Goodput ratio: 66/93][0.78 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 97/110 277/276 117/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/832 528/2581 172/1033][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,28]
+ 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.10 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 546/396 2119/1071 812/386][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.09 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 545/396 2066/1021 793/377][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][Goodput ratio: 63/92][4.04 sec][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 534/640 3074/2046 1048/713][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/649 528/3993 166/1255][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,34,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16]
+ 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][Goodput ratio: 66/93][2.90 sec][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 433/304 2119/1065 772/366][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/723 528/2633 172/919][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,14]
+ 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][Goodput ratio: 66/87][1.15 sec][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 113/139 555/553 189/186][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/401 590/2581 167/758][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,22,0,0,11,11,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,11]
+ 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.40 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/190 512/509 170/160][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
+ 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.32 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 118/180 470/468 157/151][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
+ 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][4.59 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 305/639 1712/1786 557/738][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
+ 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][Goodput ratio: 67/91][3.85 sec][Hostname/SNI: ssl.google-analytics.com][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389/621 1225/1224 477/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171/604 590/3751 168/1199][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][ServerNames: *.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Firefox][Validity: 2015-09-29 19:00:07 - 2015-12-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,14,0,0,14,14,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
+ 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][Goodput ratio: 43/90][3.11 sec][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263/413 1025/1231 416/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/550 380/2581 101/889][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20]
+ 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.09 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 301/484 1105/1237 425/496][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
+ 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.08 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 299/483 1096/1238 423/498][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
+ 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
+ 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][Goodput ratio: 14/92][4.09 sec][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596/745 1927/1038 776/424][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/705 117/2896 22/1054][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][Goodput ratio: 15/94][4.08 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018/992 2975/1922 1214/785][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/835 117/3961 23/1563][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
+ 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][Goodput ratio: 60/50][13.16 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644/1879 10453/11491 3421/3952][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/109 590/472 163/127][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 28,14,0,0,14,0,14,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][59.53 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8504/9920 59268/59268 20725/22069][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][13.15 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877/2190 12884/12885 4494/4783][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Goodput ratio: 64/60][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8230/114 40802/243 16286/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/137 590/551 194/185][URL: cp.pushwoosh.com/json/1.3/registerDevice][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (POST /j)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][Goodput ratio: 69/28][1.57 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/390 1555/1504 621/643][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 183/76 590/183 180/48][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,20,20,0,20,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Goodput ratio: 53/65][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 10286/13713 40778/40779 17605/19138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 125/153 388/551 132/199][URL: cp.pushwoosh.com/json/1.3/applicationOpen][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (POST /j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][IP: 141/Webex][Encrypted][Confidence: Match by IP][FPC: 141/Webex, Confidence: IP address][DPI packets: 7][cat: VoIP/10][14 pkts/1071 bytes <-> 2 pkts/100 bytes][Goodput ratio: 45/16][20.24 sec][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1602/117 8966/117 2266/0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76/50 84/50 14/0][Plen Bins: 31,68,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][Goodput ratio: 44/32][0.51 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 101/149 442/392 172/173][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102/80 281/146 81/36][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][Goodput ratio: 48/37][0.45 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112/148 444/442 192/208][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/86 281/183 86/56][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,33,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][7 pkts/501 bytes <-> 4 pkts/216 bytes][Goodput ratio: 13/0][2.03 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 405/1 1009/1 490/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/54 117/54 21/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.40 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/24 1079/2662 5297/5301 2109/2638][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][12.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 2407/5982 11950/11953 4771/5971][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 44 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.42 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/39 1083/2667 5292/5295 2105/2628][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 45 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.43 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 1085/2670 5289/5293 2102/2622][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 6007/14985 29960/29963 11976/14978][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 47 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.03 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 6007/14984 29964/29966 11979/14982][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 48 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.41 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 1080/2665 5295/5298 2107/2633][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][Goodput ratio: 48/0][59.48 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 19827/29739 59456/59456 28022/29717][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/54 270/54 91/0][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.00 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/51 4998/7496 14940/14942 7030/7446][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 5][cat: Web/5][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][Goodput ratio: 44/32][0.51 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 101/149 442/392 172/173][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102/80 281/146 81/36][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][Goodput ratio: 48/37][0.45 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112/148 444/442 192/208][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/86 281/183 86/56][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,33,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][7 pkts/501 bytes <-> 4 pkts/216 bytes][Goodput ratio: 13/0][2.03 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 405/1 1009/1 490/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/54 117/54 21/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.40 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/24 1079/2662 5297/5301 2109/2638][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][12.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 2407/5982 11950/11953 4771/5971][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 44 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.42 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/39 1083/2667 5292/5295 2105/2628][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 45 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.43 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 1085/2670 5289/5293 2102/2622][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 6007/14985 29960/29963 11976/14978][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 47 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.03 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 6007/14984 29964/29966 11979/14982][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 48 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.41 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 1080/2665 5295/5298 2107/2633][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][Goodput ratio: 48/0][59.48 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 19827/29739 59456/59456 28022/29717][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/54 270/54 91/0][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.00 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/51 4998/7496 14940/14942 7030/7446][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 5][cat: Web/5][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: Match by port][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: Match by port][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 3][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/guessing_disable/result/webex.pcap.out b/tests/cfgs/guessing_disable/result/webex.pcap.out
index 6227405be..30e36cfc2 100644
--- a/tests/cfgs/guessing_disable/result/webex.pcap.out
+++ b/tests/cfgs/guessing_disable/result/webex.pcap.out
@@ -38,63 +38,63 @@ JA3 Host Stats:
1 10.8.0.1 6
- 1 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][Goodput ratio: 68/99][2.76 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112/101 455/404 117/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172/3746 590/18020 206/4700][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,3,0,0,3,0,0,3,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,45]
- 2 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][Goodput ratio: 77/97][5.52 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/138 1189/1223 220/218][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/1717 590/17734 233/3587][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][ServerNames: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Firefox][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,2,4,0,0,0,2,0,4,2,0,0,0,2,4,2,24,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,22,0,0,0,0,24]
- 3 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][Goodput ratio: 48/97][2.62 sec][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/154 1031/979 260/240][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/2130 590/8901 135/2682][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,34]
- 4 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][Goodput ratio: 56/98][3.76 sec][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 383/399 1876/1875 577/571][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2863 528/14373 150/4304][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,9,9,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
- 5 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][21 pkts/2017 bytes <-> 22 pkts/32272 bytes][Goodput ratio: 43/96][5.83 sec][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 347/332 2165/2214 528/526][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 96/1467 528/10581 119/2498][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (sTTjbc)][Plen Bins: 0,9,4,4,0,4,9,4,0,9,9,0,0,0,4,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
- 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][Goodput ratio: 66/97][1.48 sec][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108/139 519/469 176/158][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165/1865 590/8448 193/2711][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,0,0,0,0,0,0,9,0,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,36]
- 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][Goodput ratio: 76/60][68.57 sec][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1424/790 16039/7189 2911/1473][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 229/134 590/3961 154/547][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,5,40,16,1,11,3,1,0,0,5,0,3,0,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
+ 1 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][Goodput ratio: 68/99][2.76 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112/101 455/404 117/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172/3746 590/18020 206/4700][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,3,0,0,3,0,0,3,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,45]
+ 2 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][Goodput ratio: 77/97][5.52 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/138 1189/1223 220/218][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/1717 590/17734 233/3587][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][ServerNames: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Firefox][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,2,4,0,0,0,2,0,4,2,0,0,0,2,4,2,24,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,22,0,0,0,0,24]
+ 3 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][Goodput ratio: 48/97][2.62 sec][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/154 1031/979 260/240][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/2130 590/8901 135/2682][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,34]
+ 4 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][Goodput ratio: 56/98][3.76 sec][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 383/399 1876/1875 577/571][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2863 528/14373 150/4304][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,9,9,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
+ 5 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][21 pkts/2017 bytes <-> 22 pkts/32272 bytes][Goodput ratio: 43/96][5.83 sec][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 347/332 2165/2214 528/526][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 96/1467 528/10581 119/2498][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (sTTjbc)][Plen Bins: 0,9,4,4,0,4,9,4,0,9,9,0,0,0,4,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
+ 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][Goodput ratio: 66/97][1.48 sec][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108/139 519/469 176/158][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165/1865 590/8448 193/2711][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,0,0,0,0,0,0,9,0,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,36]
+ 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][Goodput ratio: 76/60][68.57 sec][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1424/790 16039/7189 2911/1473][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 229/134 590/3961 154/547][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,5,40,16,1,11,3,1,0,0,5,0,3,0,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][95.92 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1008/0 4783/0 32494/0 6932/0][Pkt Len c2s/s2c min/avg/max/stddev: 698/0 698/0 698/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][Goodput ratio: 65/80][21.38 sec][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 796/452 6005/3010 1691/778][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/276 432/3961 108/830][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,13,17,13,4,4,30,0,0,0,4,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4]
- 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 14][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][Goodput ratio: 55/90][41.17 sec][Hostname/SNI: api.crittercism.com][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3166/655 34507/5259 9151/1546][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124/542 590/1502 149/614][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: *.crittercism.com,crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com][Certificate SHA-1: 68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18][Validity: 2015-01-14 00:00:00 - 2020-01-13 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 8,8,8,0,0,0,8,8,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,8,0,0,0,0,16,0,8,0,0]
- 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][Goodput ratio: 64/94][3.96 sec][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 523/352 2070/1020 730/365][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/873 576/3993 179/1444][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][Goodput ratio: 70/95][1.07 sec][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/51 160/195 357/356 154/126][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187/990 576/3993 192/1508][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][Goodput ratio: 63/93][3.00 sec][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 385/312 2171/1116 743/396][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/828 528/2974 166/1099][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28]
- 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][Goodput ratio: 63/93][3.01 sec][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 386/312 2179/1125 746/385][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/825 528/2633 166/1028][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,28]
- 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][Goodput ratio: 66/93][0.78 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 97/110 277/276 117/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/832 528/2581 172/1033][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,28]
- 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.10 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 546/396 2119/1071 812/386][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.09 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 545/396 2066/1021 793/377][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][Goodput ratio: 63/92][4.04 sec][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 534/640 3074/2046 1048/713][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/649 528/3993 166/1255][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,34,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16]
- 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][Goodput ratio: 66/93][2.90 sec][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 433/304 2119/1065 772/366][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/723 528/2633 172/919][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,14]
- 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][Goodput ratio: 66/87][1.15 sec][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 113/139 555/553 189/186][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/401 590/2581 167/758][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,22,0,0,11,11,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,11]
- 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.40 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/190 512/509 170/160][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
- 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.32 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 118/180 470/468 157/151][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
- 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][4.59 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 305/639 1712/1786 557/738][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
- 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][Goodput ratio: 67/91][3.85 sec][Hostname/SNI: ssl.google-analytics.com][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389/621 1225/1224 477/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171/604 590/3751 168/1199][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][ServerNames: *.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Firefox][Validity: 2015-09-29 19:00:07 - 2015-12-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,14,0,0,14,14,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
- 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][Goodput ratio: 43/90][3.11 sec][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263/413 1025/1231 416/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/550 380/2581 101/889][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20]
- 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.09 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 301/484 1105/1237 425/496][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
- 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.08 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 299/483 1096/1238 423/498][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
- 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
- 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][Goodput ratio: 14/92][4.09 sec][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596/745 1927/1038 776/424][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/705 117/2896 22/1054][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][Goodput ratio: 15/94][4.08 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018/992 2975/1922 1214/785][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/835 117/3961 23/1563][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
- 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][Goodput ratio: 60/50][13.16 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644/1879 10453/11491 3421/3952][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/109 590/472 163/127][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 28,14,0,0,14,0,14,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][59.53 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8504/9920 59268/59268 20725/22069][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][13.15 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877/2190 12884/12885 4494/4783][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Goodput ratio: 64/60][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8230/114 40802/243 16286/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/137 590/551 194/185][URL: cp.pushwoosh.com/json/1.3/registerDevice][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (POST /j)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][Goodput ratio: 69/28][1.57 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/390 1555/1504 621/643][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 183/76 590/183 180/48][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,20,20,0,20,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Goodput ratio: 53/65][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 10286/13713 40778/40779 17605/19138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 125/153 388/551 132/199][URL: cp.pushwoosh.com/json/1.3/applicationOpen][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][PLAIN TEXT (POST /j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 38 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][Goodput ratio: 44/32][0.51 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 101/149 442/392 172/173][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102/80 281/146 81/36][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 39 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][Goodput ratio: 48/37][0.45 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112/148 444/442 192/208][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/86 281/183 86/56][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,33,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 40 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][7 pkts/501 bytes <-> 4 pkts/216 bytes][Goodput ratio: 13/0][2.03 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 405/1 1009/1 490/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/54 117/54 21/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 41 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.40 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/24 1079/2662 5297/5301 2109/2638][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 42 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][12.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 2407/5982 11950/11953 4771/5971][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 43 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.42 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/39 1083/2667 5292/5295 2105/2628][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 44 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.43 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 1085/2670 5289/5293 2102/2622][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 45 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 6007/14985 29960/29963 11976/14978][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 46 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.03 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 6007/14984 29964/29966 11979/14982][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 47 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.41 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 1080/2665 5295/5298 2107/2633][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 48 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][Goodput ratio: 48/0][59.48 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 19827/29739 59456/59456 28022/29717][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/54 270/54 91/0][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 49 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.00 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/51 4998/7496 14940/14942 7030/7446][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 50 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 51 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 52 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 5][cat: Web/5][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][Goodput ratio: 65/80][21.38 sec][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 796/452 6005/3010 1691/778][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/276 432/3961 108/830][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,13,17,13,4,4,30,0,0,0,4,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4]
+ 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 14][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][Goodput ratio: 55/90][41.17 sec][Hostname/SNI: api.crittercism.com][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3166/655 34507/5259 9151/1546][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124/542 590/1502 149/614][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: *.crittercism.com,crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com][Certificate SHA-1: 68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18][Validity: 2015-01-14 00:00:00 - 2020-01-13 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 8,8,8,0,0,0,8,8,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,8,0,0,0,0,16,0,8,0,0]
+ 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][Goodput ratio: 64/94][3.96 sec][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 523/352 2070/1020 730/365][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/873 576/3993 179/1444][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][Goodput ratio: 70/95][1.07 sec][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/51 160/195 357/356 154/126][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187/990 576/3993 192/1508][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][Goodput ratio: 63/93][3.00 sec][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 385/312 2171/1116 743/396][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/828 528/2974 166/1099][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28]
+ 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][Goodput ratio: 63/93][3.01 sec][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 386/312 2179/1125 746/385][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/825 528/2633 166/1028][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,28]
+ 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][Goodput ratio: 66/93][0.78 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 97/110 277/276 117/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/832 528/2581 172/1033][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,28]
+ 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.10 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 546/396 2119/1071 812/386][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.09 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 545/396 2066/1021 793/377][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][Goodput ratio: 63/92][4.04 sec][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 534/640 3074/2046 1048/713][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/649 528/3993 166/1255][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,34,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16]
+ 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][Goodput ratio: 66/93][2.90 sec][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 433/304 2119/1065 772/366][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/723 528/2633 172/919][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,14]
+ 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][Goodput ratio: 66/87][1.15 sec][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 113/139 555/553 189/186][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/401 590/2581 167/758][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,22,0,0,11,11,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,11]
+ 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.40 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/190 512/509 170/160][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
+ 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.32 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 118/180 470/468 157/151][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
+ 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][4.59 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 305/639 1712/1786 557/738][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
+ 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][Goodput ratio: 67/91][3.85 sec][Hostname/SNI: ssl.google-analytics.com][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389/621 1225/1224 477/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171/604 590/3751 168/1199][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][ServerNames: *.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Firefox][Validity: 2015-09-29 19:00:07 - 2015-12-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,14,0,0,14,14,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
+ 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][Goodput ratio: 43/90][3.11 sec][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263/413 1025/1231 416/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/550 380/2581 101/889][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20]
+ 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.09 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 301/484 1105/1237 425/496][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
+ 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.08 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 299/483 1096/1238 423/498][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
+ 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
+ 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][Goodput ratio: 14/92][4.09 sec][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596/745 1927/1038 776/424][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/705 117/2896 22/1054][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][Goodput ratio: 15/94][4.08 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018/992 2975/1922 1214/785][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/835 117/3961 23/1563][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
+ 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][Goodput ratio: 60/50][13.16 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644/1879 10453/11491 3421/3952][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/109 590/472 163/127][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 28,14,0,0,14,0,14,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][59.53 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8504/9920 59268/59268 20725/22069][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][13.15 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877/2190 12884/12885 4494/4783][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Goodput ratio: 64/60][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8230/114 40802/243 16286/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/137 590/551 194/185][URL: cp.pushwoosh.com/json/1.3/registerDevice][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (POST /j)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][Goodput ratio: 69/28][1.57 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/390 1555/1504 621/643][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 183/76 590/183 180/48][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,20,20,0,20,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Goodput ratio: 53/65][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 10286/13713 40778/40779 17605/19138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 125/153 388/551 132/199][URL: cp.pushwoosh.com/json/1.3/applicationOpen][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (POST /j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 38 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][Goodput ratio: 44/32][0.51 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 101/149 442/392 172/173][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102/80 281/146 81/36][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 39 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][Goodput ratio: 48/37][0.45 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112/148 444/442 192/208][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/86 281/183 86/56][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,33,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 40 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][7 pkts/501 bytes <-> 4 pkts/216 bytes][Goodput ratio: 13/0][2.03 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 405/1 1009/1 490/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/54 117/54 21/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 41 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.40 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/24 1079/2662 5297/5301 2109/2638][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 42 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][12.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 2407/5982 11950/11953 4771/5971][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 43 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.42 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/39 1083/2667 5292/5295 2105/2628][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 44 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.43 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 1085/2670 5289/5293 2102/2622][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 45 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 6007/14985 29960/29963 11976/14978][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 46 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.03 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 6007/14984 29964/29966 11979/14982][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 47 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.41 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 1080/2665 5295/5298 2107/2633][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 48 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][Goodput ratio: 48/0][59.48 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 19827/29739 59456/59456 28022/29717][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/54 270/54 91/0][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 49 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.00 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/51 4998/7496 14940/14942 7030/7446][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 50 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 51 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 52 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 5][cat: Web/5][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Undetected flows:
1 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 0/Unknown][IP: 141/Webex][ClearText][Confidence: Unknown][FPC: 141/Webex, Confidence: IP address][DPI packets: 7][14 pkts/1071 bytes <-> 2 pkts/100 bytes][Goodput ratio: 45/16][20.24 sec][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1602/117 8966/117 2266/0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76/50 84/50 14/0][Plen Bins: 31,68,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 0/Unknown][IP: 141/Webex][ClearText][Confidence: Unknown][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_14600_8c07a80cc645/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 0/Unknown][IP: 141/Webex][ClearText][Confidence: Unknown][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 0/Unknown][IP: 265/AmazonAWS][ClearText][Confidence: Unknown][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 3][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.