1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
Guessed flow protos: 1
DPI Packets (TCP): 129 (9.92 pkts/flow)
DPI Packets (UDP): 2 (2.00 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 13 (flows)
Num dissector calls: 2197 (156.93 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/1/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/13/0 (insert/search/found)
Automa host: 2/0 (search/found)
Automa domain: 2/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 1/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 2/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 15/13 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
DNS 15 1612 1
NestLogSink 759 116848 13
Acceptable 774 118460 14
1 TCP 192.168.242.15:63342 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 8][cat: Cloud/13][37 pkts/14650 bytes <-> 35 pkts/4115 bytes][Goodput ratio: 86/54][4.71 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 142/150 1347/1490 251/290][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 396/118 585/733 192/108][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,1,1,0,0,0,0,0,0,0,0,0,0,45,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 192.168.242.15:63345 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 8][cat: Cloud/13][36 pkts/14613 bytes <-> 35 pkts/4114 bytes][Goodput ratio: 86/54][4.14 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 11/0 132/134 1166/1477 229/290][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 406/118 584/732 185/107][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,1,0,1,0,0,0,0,0,0,0,0,0,45,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.242.15:63351 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 8][cat: Cloud/13][25 pkts/9229 bytes <-> 24 pkts/2916 bytes][Goodput ratio: 85/55][3.56 sec][bytes ratio: 0.520 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/0 164/174 1319/1484 293/350][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 369/122 584/733 204/130][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,2,0,0,0,0,0,0,0,0,2,0,0,41,0,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.242.15:63348 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 8][cat: Cloud/13][25 pkts/9114 bytes <-> 24 pkts/2915 bytes][Goodput ratio: 85/55][3.42 sec][bytes ratio: 0.515 (Upload)][IAT c2s/s2c min/avg/max/stddev: 10/0 158/169 1167/1475 266/349][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 365/121 584/732 205/129][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,2,0,0,0,0,2,0,0,0,0,0,0,41,0,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.242.15:63343 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Cloud/13][60 pkts/5549 bytes <-> 56 pkts/5094 bytes][Goodput ratio: 36/41][1799.54 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/16 33935/28187 60073/60075 29484/29645][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 92/91 585/731 97/126][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,24,0,5,5,37,0,0,0,5,0,0,5,0,0,0,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 192.168.242.15:63352 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Cloud/13][50 pkts/4894 bytes <-> 46 pkts/4392 bytes][Goodput ratio: 40/43][1508.66 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/17 33170/30242 60184/60262 29630/29816][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 98/95 586/730 105/136][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,21,0,6,6,34,0,0,0,6,0,0,6,0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 192.168.242.15:63346 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Cloud/13][41 pkts/4409 bytes <-> 37 pkts/3907 bytes][Goodput ratio: 45/49][1042.88 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/15 27924/26022 60088/60136 29301/29455][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 108/106 585/731 114/151][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,25,0,6,6,31,0,0,0,6,0,0,6,0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 192.168.242.15:63349 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Cloud/13][28 pkts/3254 bytes <-> 24 pkts/3040 bytes][Goodput ratio: 50/57][602.97 sec][bytes ratio: 0.034 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/14 24649/24894 60122/60151 29303/29368][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 116/127 584/732 117/181][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,28,0,7,7,21,7,0,0,7,0,0,0,0,0,0,7,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 192.168.242.15:63350 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Cloud/13][18 pkts/2655 bytes <-> 14 pkts/2499 bytes][Goodput ratio: 61/70][153.64 sec][bytes ratio: 0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/15 10960/13629 60124/60155 21488/24847][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 148/178 585/731 137/222][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,28,0,7,7,21,7,0,0,7,0,0,0,0,0,0,7,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 192.168.242.15:63340 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 32][cat: Cloud/13][42 pkts/2576 bytes <-> 41 pkts/2214 bytes][Goodput ratio: 2/0][1615.16 sec][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/143 39827/40755 60071/60122 27934/27880][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 61/54 116/54 9/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 192.168.242.15:63344 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 9][cat: Cloud/13][11 pkts/2565 bytes <-> 10 pkts/1389 bytes][Goodput ratio: 76/61][5.29 sec][bytes ratio: 0.297 (Upload)][IAT c2s/s2c min/avg/max/stddev: 61/0 640/729 2711/3410 865/1202][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 233/139 584/732 217/199][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,40,10,0,0,0,0,0,0,10,0,0,0,0,10,0,20,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 192.168.242.15:63347 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 8][cat: Cloud/13][10 pkts/1983 bytes <-> 10 pkts/1390 bytes][Goodput ratio: 71/61][2.81 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 63/0 342/349 1182/1489 363/517][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 198/139 586/733 195/200][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,44,11,0,0,0,0,0,0,11,0,0,0,0,11,0,11,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 192.168.242.15:63353 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 8][cat: Cloud/13][10 pkts/1983 bytes <-> 10 pkts/1389 bytes][Goodput ratio: 71/61][2.65 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 70/0 321/348 1162/1502 366/527][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 198/139 586/732 195/199][TCP Fingerprint: 2_255_4608_287a07a47787/Unknown][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,44,11,0,0,0,0,0,0,11,0,0,0,0,11,0,11,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 192.168.242.15:52849 <-> 192.168.242.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][8 pkts/713 bytes <-> 7 pkts/899 bytes][Goodput ratio: 53/67][3600.37 sec][Hostname/SNI: weave-logsink.nest.com][35.188.154.186][bytes ratio: -0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 22/4311 596403/515880 1795476/1795277 670696/701384][Pkt Len c2s/s2c min/avg/max/stddev: 82/98 89/128 101/169 9/35][PLAIN TEXT (logsink)][Plen Bins: 0,80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|