aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/KakaoTalk_chat.pcap.out
blob: 0be889ab997052d440b34016656bd71d9ebece27 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

Guessed flow protos:	5

DPI Packets (TCP):	166	(8.74 pkts/flow)
DPI Packets (UDP):	36	(2.00 pkts/flow)
DPI Packets (other):	1	(1.00 pkts/flow)
Confidence Match by port    : 5 (flows)
Confidence DPI              : 33 (flows)
Num dissector calls: 560 (14.74 diss/flow)
LRU cache ookla:      0/1/0 (insert/search/found)
LRU cache bittorrent: 0/15/0 (insert/search/found)
LRU cache stun:       0/0/0 (insert/search/found)
LRU cache tls_cert:   0/9/0 (insert/search/found)
LRU cache mining:     0/5/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
LRU cache fpc_dns:    17/15/7 (insert/search/found)
Automa host:          45/43 (search/found)
Automa domain:        45/0 (search/found)
Automa tls cert:      0/0 (search/found)
Automa risk mask:     18/0 (search/found)
Automa common alpns:  0/0 (search/found)
Patricia risk mask:   60/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        0/0 (search/found)
Patricia risk IPv6:   0/0 (search/found)
Patricia protocols:   62/14 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

DNS	2	217	1
HTTP	15	840	2
ICMP	1	147	1
TLS	37	5258	7
Facebook	211	51558	11
HTTP_Proxy	26	3926	1
KakaoTalk	55	9990	15

Safe                            37 5258          7            
Acceptable                      99 15120         20           
Fun                            211 51558         11           

JA Host Stats: 
		 IP Address                  	 # JA4C     
	1	 10.24.82.188             	 3      


	1	TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: DNS][DPI packets: 12][cat: SocialNetwork/6][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][Goodput ratio: 72/84][0.98 sec][Hostname/SNI: graph.facebook.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/57 123/297 41/77][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 204/364 1053/1336 304/449][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1.2][JA4: t12d750600_a38d13a9a7b3_36aea2269ab5][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6806b8fe92d7d465715d771eb102ff04][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Firefox][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,38,0,6,0,0,0,0,6,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,6,6,0,0,0,6,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0]
	2	TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][Goodput ratio: 69/87][0.55 sec][Hostname/SNI: developers.facebook.com][bytes ratio: -0.433 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/35 106/208 37/56][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 184/433 1257/1336 332/513][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1.2][JA4: t12d750600_a38d13a9a7b3_36aea2269ab5][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6806b8fe92d7d465715d771eb102ff04][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Firefox][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,24,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,24,0,0,0,0,0,0,0]
	3	TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][Goodput ratio: 73/88][0.77 sec][Hostname/SNI: api.facebook.com][bytes ratio: -0.329 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 96/75 312/350 98/119][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 258/569 1401/1456 416/540][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1.2][JA4: t12d750600_a38d13a9a7b3_36aea2269ab5][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6806b8fe92d7d465715d771eb102ff04][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Firefox][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,22,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,22,0,0,0,0]
	4	TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 15][cat: SocialNetwork/6][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][Goodput ratio: 59/78][10.77 sec][bytes ratio: -0.249 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 411/375 2329/2320 582/599][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 142/263 710/1336 155/440][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 25,12,6,6,6,12,0,0,0,6,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0]
	5	TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: DNS][DPI packets: 13][cat: SocialNetwork/6][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][Goodput ratio: 66/85][0.86 sec][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/71 489/365 131/103][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 167/389 899/1336 222/491][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 15,15,0,15,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0]
	6	TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 9][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][Goodput ratio: 57/79][28.98 sec][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2050/118 26937/448 6904/127][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 133/265 578/1336 134/439][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 31,12,6,6,6,6,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0]
	7	TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/TLS.KakaoTalk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 193/KakaoTalk, Confidence: DNS][DPI packets: 13][cat: Chat/9][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][Goodput ratio: 63/84][11.34 sec][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/74 10357/172 3082/62][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 157/364 429/1336 152/451][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][ServerNames: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4][Issuer: C=US, O=Thawte, Inc., CN=Thawte SSL CA][Subject: C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com][Certificate SHA-1: 0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4][Validity: 2014-04-18 00:00:00 - 2016-04-17 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,16,0,0,0,8,8,0,0,0,16,25,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0]
	8	TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 21][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][Goodput ratio: 48/63][46.77 sec][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2833/4340 12590/13131 4126/4407][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131/188 657/274 136/75][Risk: ** Fully Encrypted Flow **][Risk Score: 50][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][Plen Bins: 13,13,27,0,27,6,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	9	TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 18][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][Goodput ratio: 71/25][24.52 sec][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3456/3426 12765/12806 4427/4480][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193/75 303/98 123/21][Plen Bins: 0,44,0,0,0,0,0,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	10	TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][Goodput ratio: 27/87][0.31 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107/56 199/108 92/52][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 97/533 146/1456 35/652][Risk: ** Known Proto on Non Std Port **** Obsolete TLS (v1.1 or older) **][Risk Score: 150][Risk Info: TLSv1 / Expected on port 443][TCP Fingerprint: 2_64_14000_078416dac97d/Unknown][TLSv1][JA4: t10d150000_e2ff6cb279ee_e3b0c44298fc][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0]
	11	TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 119/Facebook, Confidence: DNS][DPI packets: 7][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Goodput ratio: 38/45][21.97 sec][Hostname/SNI: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 115/102 264/210 106/77][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/104 243/339 73/105][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	12	TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 7][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Goodput ratio: 38/49][21.81 sec][Hostname/SNI: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5452/101 21457/215 9241/81][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/114 243/339 73/112][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	13	TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 14][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][Goodput ratio: 0/0][25.75 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 136/98 3845/3844 13075/13111 4719/4735][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56/56 56/56 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	14	TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 193/KakaoTalk, Confidence: DNS][DPI packets: 5][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes][Goodput ratio: 0/0][13.28 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	15	TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/139 bytes <-> 2 pkts/112 bytes][Goodput ratio: 19/0][0.03 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	16	UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/166 bytes][Goodput ratio: 43/73][0.04 sec][Hostname/SNI: katalk.kakao.com][110.76.142.34][PLAIN TEXT (katalk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	17	UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.119/DNS.Facebook, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/144 bytes][Goodput ratio: 48/69][0.05 sec][Hostname/SNI: developers.facebook.com][31.13.68.84][PLAIN TEXT (developers)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	18	UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.119/DNS.Facebook, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/138 bytes][Goodput ratio: 44/68][0.04 sec][Hostname/SNI: graph.facebook.com][31.13.68.70][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	19	UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/130 bytes][Goodput ratio: 49/66][0.05 sec][Hostname/SNI: 2.97.252.173.in-addr.arpa][0.0.0.0][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	20	UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/136 bytes][Goodput ratio: 44/67][0.04 sec][Hostname/SNI: ac-talk.kakao.com][110.76.141.112][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	21	UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/130 bytes][Goodput ratio: 47/66][0.04 sec][Hostname/SNI: booking.loco.kakao.com][110.76.142.125][PLAIN TEXT (booking)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	22	UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/126 bytes][Goodput ratio: 46/65][0.04 sec][Hostname/SNI: up-gp.talk.kakao.com][110.76.141.26][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	23	UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.13 sec][Hostname/SNI: up-p.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	24	UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.13 sec][Hostname/SNI: up-v.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	25	UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.04 sec][Hostname/SNI: up-m.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	26	UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.03 sec][Hostname/SNI: up-a.talk.kakao.com][210.103.240.16][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	27	UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/124 bytes][Goodput ratio: 45/64][0.13 sec][Hostname/SNI: up-c.talk.kakao.com][110.76.141.85][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	28	UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45/62][0.03 sec][Hostname/SNI: plus-talk.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	29	UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/119 bytes][Goodput ratio: 45/62][0.04 sec][Hostname/SNI: plus-talk.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	30	UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.119/DNS.Facebook, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/118 bytes][Goodput ratio: 43/62][0.05 sec][Hostname/SNI: api.facebook.com][31.13.68.84][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	31	UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 42/61][0.08 sec][Hostname/SNI: auth.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	32	UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 42/61][0.03 sec][Hostname/SNI: item.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	33	TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 25/0][41.33 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	34	UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 45/54][0.04 sec][Hostname/SNI: dn-l.talk.kakao.com][110.76.141.86][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	35	TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	36	ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/147 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	37	TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	38	TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No client to server traffic / Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.