tests/cfgs/default/result/elasticsearch.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

DPI Packets (TCP):	16	(2.29 pkts/flow)
Confidence DPI              : 7 (flows)
Num dissector calls: 777 (111.00 diss/flow)
LRU cache ookla:      0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun:       0/0/0 (insert/search/found)
LRU cache tls_cert:   0/0/0 (insert/search/found)
LRU cache mining:     0/0/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
Automa host:          0/0 (search/found)
Automa domain:        0/0 (search/found)
Automa tls cert:      0/0 (search/found)
Automa risk mask:     0/0 (search/found)
Automa common alpns:  0/0 (search/found)
Patricia risk mask:   8/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        0/0 (search/found)
Patricia risk IPv6:   0/0 (search/found)
Patricia protocols:   14/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Elasticsearch	47	12739	7

Acceptable                      47 12739         7            

	1	TCP 172.16.16.107:33288 <-> 172.16.17.102:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][13 pkts/3821 bytes <-> 2 pkts/140 bytes][Goodput ratio: 77/0][16.06 sec][bytes ratio: 0.929 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/16030 1460/16030 16003/16030 4599/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/70 335/74 95/4][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	2	TCP 172.16.17.102:48038 <-> 172.16.16.106:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/2596 bytes <-> 7 pkts/1323 bytes][Goodput ratio: 79/64][760.45 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 26/1 126431/145462 725343/725412 268113/289976][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/189 930/441 348/155][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,16,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	3	TCP 172.16.16.107:9300 -> 172.16.17.102:40342 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/1824 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100]
	4	TCP 172.16.17.102:40282 <-> 172.16.16.107:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/769 bytes <-> 5 pkts/752 bytes][Goodput ratio: 30/55][0.22 sec][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/1 36/54 67/96 14/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 96/150 241/455 58/153][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (internal)][Plen Bins: 25,25,0,0,0,25,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	5	TCP 172.16.17.102:47980 -> 172.16.16.106:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/823 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][PLAIN TEXT (indices)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	6	TCP 172.16.17.102:48028 -> 172.16.16.106:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/488 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][PLAIN TEXT (indices)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	7	TCP 172.16.16.107:9300 -> 172.16.17.102:40298 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]