DNS 2 205 1 MDNS 1 87 1 NetBIOS 3 330 1 SSDP 1 168 1 DHCP 1 321 1 ntop 20 4265 1 IMAPS 2 226 1 ICMP 3 210 2 TLS 2 114 1 Google 26 8851 3 Spotify 1 86 1 Zoom 635 354005 19 JA3 Host Stats: IP Address # JA3C 1 192.168.1.117 4 1 UDP 192.168.1.117:58327 <-> 109.94.160.99:8801 [proto: 189/Zoom][cat: Video/26][10 pkts/7806 bytes <-> 175 pkts/184434 bytes][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13.8/7.8 32/35 10.6/4.6][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 780.6/1053.9 1071/1071 444.1/129.4][PLAIN TEXT (replace)] 2 TCP 192.168.1.117:54871 <-> 109.94.160.99:443 [proto: 91.189/TLS.Zoom][cat: Video/26][127 pkts/54118 bytes <-> 83 pkts/17526 bytes][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 16.9/9.2 950/156 93.0/23.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 426.1/211.2 1506/1506 458.2/363.6][TLSv1.2][Client: zoomfrn99mmr.zoom.us][JA3C: c51de225944b7d58d48c0f99f86ba8e6][Server: *.zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 3 TCP 192.168.1.117:54866 <-> 52.202.62.236:443 [proto: 91.189/TLS.Zoom][cat: Video/26][16 pkts/3097 bytes <-> 17 pkts/18622 bytes][bytes ratio: -0.715 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32.5/27.5 114/143 46.8/50.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 193.6/1095.4 864/1506 265.3/617.8][TLSv1.2][Client: www3.zoom.us][JA3C: 535aca3d99fc247509cd50933cd71d37][Server: *.zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 4 TCP 192.168.1.117:54865 <-> 52.202.62.196:443 [proto: 91.189/TLS.Zoom][cat: Video/26][15 pkts/2448 bytes <-> 15 pkts/16505 bytes][bytes ratio: -0.742 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31.2/21.7 112/136 46.2/45.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 163.2/1100.3 687/1506 200.1/622.5][TLSv1.2][Client: zoom.us][JA3C: 535aca3d99fc247509cd50933cd71d37][Server: *.zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 5 TCP 192.168.1.117:54868 <-> 213.19.144.104:443 [proto: 91.189/TLS.Zoom][cat: Video/26][17 pkts/2534 bytes <-> 13 pkts/7180 bytes][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.9/41.1 87/168 27.5/61.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149.1/552.3 642/1506 174.8/611.7][TLSv1.2][Client: zoomam104zc.zoom.us][JA3C: c51de225944b7d58d48c0f99f86ba8e6][Server: *.zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 6 TCP 192.168.1.117:54869 <-> 213.244.140.85:443 [proto: 91.189/TLS.Zoom][cat: Video/26][16 pkts/2480 bytes <-> 13 pkts/7182 bytes][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.3/40.9 202/224 51.8/71.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 155.0/552.5 642/1506 178.5/611.7][TLSv1.2][Client: zoomfr85zc.zoom.us][JA3C: c51de225944b7d58d48c0f99f86ba8e6][Server: *.zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 7 TCP 192.168.1.117:54867 <-> 213.19.144.105:443 [proto: 91.189/TLS.Zoom][cat: Video/26][16 pkts/2468 bytes <-> 13 pkts/7188 bytes][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.2/42.6 147/178 40.5/63.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154.2/552.9 642/1506 178.9/611.6][TLSv1.2][Client: zoomam105zc.zoom.us][JA3C: c51de225944b7d58d48c0f99f86ba8e6][Server: *.zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 8 TCP 192.168.1.117:54870 <-> 213.244.140.84:443 [proto: 91.189/TLS.Zoom][cat: Video/26][16 pkts/1832 bytes <-> 12 pkts/6702 bytes][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.9/40.2 187/280 49.0/91.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 114.5/558.5 583/1506 129.0/636.0][TLSv1.2][Client: zoomfr84zc.zoom.us][JA3C: c51de225944b7d58d48c0f99f86ba8e6][Server: *.zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 9 TCP 192.168.1.117:54864 <-> 52.202.62.238:443 [proto: 91.189/TLS.Zoom][cat: Video/26][10 pkts/2030 bytes <-> 8 pkts/6283 bytes][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 58.5/40.3 110/131 49.6/57.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 203.0/785.4 812/1506 256.3/675.1][TLSv1.2][Client: log.zoom.us][JA3C: 535aca3d99fc247509cd50933cd71d37][Server: *.zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 10 TCP 192.168.1.117:53872 <-> 35.186.224.53:443 [proto: 91.126/TLS.Google][cat: Web/5][8 pkts/2017 bytes <-> 8 pkts/4822 bytes][bytes ratio: -0.410 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9.7/9.5 58/45 21.6/16.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252.1/602.8 1434/1484 447.5/585.4] 11 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 644.8/739.7 5003/5003 1647.5/1740.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 219.8/206.7 932/1292 283.1/364.2][TLSv1.2][Client: dati.ntop.org][JA3C: a795593605a13211941d44505b4d1e39][JA3S: dd4b012f7a008e741554bd0a4ed12920][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] 12 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.126/TLS.Google][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][TLSv1][Client: www.googletagmanager.com][JA3C: d78489b860c8bf7838a6ff0b4d131541][PLAIN TEXT (www.googletagmanager.com)] 13 TCP 192.168.1.117:53867 <-> 104.199.65.42:80 [proto: 7.126/HTTP.Google][cat: Web/5][4 pkts/710 bytes <-> 2 pkts/242 bytes][bytes ratio: 0.492 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/64 31.0/64.0 32/64 0.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/121 177.5/121.0 329/121 115.0/0.0] 14 UDP 192.168.1.117:61731 <-> 109.94.160.99:8801 [proto: 189/Zoom][cat: Video/26][4 pkts/372 bytes <-> 4 pkts/290 bytes][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/35 28.0/27.3 49/47 18.5/19.9][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 93.0/72.5 151/93 39.9/13.7][PLAIN TEXT (replace)] 15 UDP 192.168.1.117:60620 <-> 109.94.160.99:8801 [proto: 189/Zoom][cat: Video/26][4 pkts/408 bytes <-> 3 pkts/222 bytes][bytes ratio: 0.295 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/31 413.3/15.5 1209/31 562.7/15.5][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 102.0/74.0 149/85 33.3/10.4][PLAIN TEXT (replace)] 16 UDP 192.168.1.117:23903 <-> 162.255.37.14:3478 [proto: 78.189/STUN.Zoom][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10.0/9.0 10/9 0.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86.0/74.0 86/74 0.0/0.0] 17 UDP 192.168.1.117:23903 <-> 162.255.38.14:3478 [proto: 78.189/STUN.Zoom][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10.0/9.5 10/10 0.0/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86.0/74.0 86/74 0.0/0.0] 18 UDP 192.168.1.117:23903 <-> 162.255.38.14:3479 [proto: 78.189/STUN.Zoom][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10.0/9.5 10/10 0.0/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86.0/74.0 86/74 0.0/0.0] 19 UDP 192.168.1.117:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][3 pkts/330 bytes -> 0 pkts/0 bytes][Host: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)] 20 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: tl-sg116e][DHCP Fingerprint: 1,3] 21 TCP 192.168.1.117:54341 -> 62.149.152.153:993 [proto: 51/IMAPS][cat: Email/3][2 pkts/226 bytes -> 0 pkts/0 bytes] 22 UDP 192.168.1.117:65394 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/65 bytes <-> 1 pkts/140 bytes][Host: local][PLAIN TEXT (servers)] 23 UDP 192.168.1.117:51185 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/80 bytes <-> 1 pkts/96 bytes][Host: zoomfrn99mmr.zoom.us][PLAIN TEXT (zoomfrn)] 24 UDP 192.168.1.117:58063 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/78 bytes <-> 1 pkts/94 bytes][Host: zoomfr84zc.zoom.us][PLAIN TEXT (zoomfr84z)] 25 UDP 192.168.1.117:62563 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/78 bytes <-> 1 pkts/94 bytes][Host: zoomfr85zc.zoom.us][PLAIN TEXT (zoomfr85z)] 26 UDP 192.168.1.117:57025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] 27 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/72 bytes <-> 1 pkts/88 bytes][Host: www3.zoom.us] 28 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/71 bytes <-> 1 pkts/87 bytes][Host: log.zoom.us] 29 ICMP 192.168.1.117:0 -> 162.255.38.14:0 [proto: 81/ICMP][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] 30 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes] 31 UDP 192.168.1.117:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][PLAIN TEXT (spotify)] 32 UDP 192.168.1.117:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SpotUdp)] 33 ICMP 192.168.1.117:0 -> 192.168.1.1:0 [proto: 81/ICMP][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes]