tests/cfgs/default/result/conncheck.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

DPI Packets (TCP):	65	(7.22 pkts/flow)
DPI Packets (UDP):	2	(2.00 pkts/flow)
Confidence DPI              : 10 (flows)
Num dissector calls: 136 (13.60 diss/flow)
LRU cache ookla:      0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun:       0/0/0 (insert/search/found)
LRU cache tls_cert:   0/0/0 (insert/search/found)
LRU cache mining:     0/0/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
LRU cache fpc_dns:    0/10/0 (insert/search/found)
Automa host:          11/6 (search/found)
Automa domain:        11/0 (search/found)
Automa tls cert:      0/0 (search/found)
Automa risk mask:     1/0 (search/found)
Automa common alpns:  0/0 (search/found)
Patricia risk mask:   2/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        0/0 (search/found)
Patricia risk IPv6:   0/0 (search/found)
Patricia protocols:   14/6 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

DNS	2	305	1
HTTP	10	2272	1
ntop	61	10472	6
Google	10	2153	1
GoogleServices	9	1912	1

Safe                            61 10472         6            
Acceptable                      31 6642          4            

	1	TCP 10.1.0.60:38024 <-> 92.123.101.121:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: ConnCheck/30][9 pkts/2198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 73/0][7.08 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: 0.935 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 885/0 3618/0 1162/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 244/74 294/74 93/0][URL: conn-service-eu-04.allawnos.com/generate204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (nGET /generate204 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	2	TCP 10.1.0.60:49674 <-> 142.250.180.163:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 10][cat: ConnCheck/30][9 pkts/2079 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][7.05 sec][Hostname/SNI: www.google.eu][bytes ratio: 0.931 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 881/0 3584/0 1153/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 231/74 277/74 86/0][URL: www.google.eu/generate_204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	3	TCP 10.1.0.70:54612 <-> 142.250.180.138:80 [proto: 7.239/HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 9][cat: ConnCheck/30][8 pkts/1838 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][3.67 sec][Hostname/SNI: play.googleapis.com][bytes ratio: 0.923 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 524/0 1824/0 607/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 230/74 283/74 92/0][URL: play.googleapis.com/generate_204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	4	TCP 10.1.0.60:46980 <-> 92.123.101.153:80 [proto: 7.26/HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][6 pkts/632 bytes <-> 5 pkts/1191 bytes][Goodput ratio: 36/72][0.01 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: -0.307 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/4 5/7 2/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105/238 294/919 84/340][URL: conn-service-eu-04.allawnos.com/generate204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	5	TCP 10.1.0.60:38008 <-> 92.123.101.121:80 [proto: 7.26/HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][5 pkts/566 bytes <-> 5 pkts/1191 bytes][Goodput ratio: 40/72][0.03 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: -0.356 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 21/21 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/238 294/919 90/340][URL: conn-service-eu-04.allawnos.com/generate204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	6	TCP 10.1.0.60:49642 <-> 142.250.180.163:80 [proto: 7.26/HTTP.ntop][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][5 pkts/549 bytes <-> 5 pkts/1174 bytes][Goodput ratio: 38/71][0.02 sec][Hostname/SNI: www.google.eu][bytes ratio: -0.363 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/5 6/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/235 277/902 84/334][URL: www.google.eu/generate_204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	7	TCP 10.1.0.60:49656 <-> 142.250.180.163:80 [proto: 7.26/HTTP.ntop][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][5 pkts/549 bytes <-> 5 pkts/1174 bytes][Goodput ratio: 38/71][0.01 sec][Hostname/SNI: www.google.eu][bytes ratio: -0.363 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/4 7/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/235 277/902 84/334][URL: www.google.eu/generate_204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	8	TCP 10.1.0.60:49658 <-> 142.250.180.163:80 [proto: 7.26/HTTP.ntop][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][5 pkts/549 bytes <-> 5 pkts/1174 bytes][Goodput ratio: 38/71][0.03 sec][Hostname/SNI: www.google.eu][bytes ratio: -0.363 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 15/21 5/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/235 277/902 84/334][URL: www.google.eu/generate_204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	9	TCP 10.1.0.60:49672 <-> 142.250.180.163:80 [proto: 7.26/HTTP.ntop][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][5 pkts/549 bytes <-> 5 pkts/1174 bytes][Goodput ratio: 38/71][0.01 sec][Hostname/SNI: www.google.eu][bytes ratio: -0.363 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 2/3 5/7 2/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/235 277/902 84/334][URL: www.google.eu/generate_204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	10	UDP 10.1.0.60:46571 <-> 10.1.0.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/214 bytes][Goodput ratio: 53/80][0.01 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][92.123.101.121][PLAIN TEXT (service)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]