tests/cfgs/default/result/telegram_voice.pcapng.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

DPI Packets (UDP):	45	(5.00 pkts/flow)
DPI Packets (other):	1	(1.00 pkts/flow)
Confidence DPI              : 10 (flows)
Num dissector calls: 206 (20.60 diss/flow)
LRU cache ookla:      0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun:       12/24/0 (insert/search/found)
LRU cache tls_cert:   0/0/0 (insert/search/found)
LRU cache mining:     0/0/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
LRU cache fpc_dns:    1/0/0 (insert/search/found)
Automa host:          4/2 (search/found)
Automa domain:        4/0 (search/found)
Automa tls cert:      0/0 (search/found)
Automa risk mask:     4/0 (search/found)
Automa common alpns:  0/0 (search/found)
Patricia risk mask:   16/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        0/0 (search/found)
Patricia risk IPv6:   1/0 (search/found)
Patricia protocols:   11/7 (search/found)
Patricia protocols IPv6: 2/0 (search/found)

MDNS	2	194	2
ICMP	5	812	1
Telegram	6	564	1
GoogleServices	2	208	1
TelegramVoip	853	161775	5

Acceptable                     868 163553        10           

	1	UDP 192.168.12.67:42567 <-> 91.108.9.34:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][401 pkts/72973 bytes <-> 341 pkts/67660 bytes][Goodput ratio: 77/79][14.03 sec][Hostname/SNI: telegram.org][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/37 364/362 30/30][Pkt Len c2s/s2c min/avg/max/stddev: 70/84 182/198 329/330 82/86][Mapped IP/Port: 93.35.170.144:39263][Peer IP/Port: 91.108.9.34:47026][Relayed IP/Port: 91.108.9.34:51052][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 0,28,6,5,5,1,6,21,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	2	UDP 192.168.12.67:41011 <-> 91.108.9.68:596 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: VoIP/10][12 pkts/2100 bytes <-> 60 pkts/14416 bytes][Goodput ratio: 76/83][10.53 sec][bytes ratio: -0.746 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 55/27 245/216 71/45][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 175/240 614/682 138/121][Mapped IP/Port: 91.108.9.68:596][PLAIN TEXT (kWpcVUz)][Plen Bins: 0,4,28,20,2,1,1,2,35,2,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	3	UDP 192.168.12.67:46013 <-> 91.108.13.52:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][10 pkts/1084 bytes <-> 6 pkts/804 bytes][Goodput ratio: 61/69][12.44 sec][Hostname/SNI: telegram.org][bytes ratio: 0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/0 1188/0 4001/0 1191/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 108/134 166/134 47/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (v/cApISKdp)][Plen Bins: 37,0,37,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	4	UDP 192.168.12.67:44405 <-> 91.108.17.41:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][11 pkts/1346 bytes <-> 4 pkts/536 bytes][Goodput ratio: 66/69][12.70 sec][Hostname/SNI: telegram.org][bytes ratio: 0.430 (Upload)][IAT c2s/s2c min/avg/max/stddev: 251/0 1355/0 4002/0 1120/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 122/134 166/134 48/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BIWk/i)][Plen Bins: 33,0,26,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	5	UDP 192.168.12.67:39027 <-> 91.108.13.51:597 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/376 bytes <-> 4 pkts/480 bytes][Goodput ratio: 55/65][10.63 sec][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 36/88 3502/3502 9969/10006 4577/4601][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 94/120 130/162 21/24][Mapped IP/Port: 91.108.13.51:597][PLAIN TEXT (BDlMWdxrdJP)][Plen Bins: 0,37,50,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	6	ICMP 192.168.12.67:0 -> 91.108.9.34:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/812 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.07 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 6.979 (Compressed Executable?)][PLAIN TEXT (XYRpDQCom)][Plen Bins: 0,0,20,60,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	7	UDP 192.168.12.67:46868 <-> 91.108.17.7:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 6][cat: Chat/9][3 pkts/246 bytes <-> 3 pkts/318 bytes][Goodput ratio: 49/60][10.65 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 500/500 5253/5253 10006/10006 4753/4753][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	8	UDP 192.168.12.67:44574 <-> 192.168.12.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.239/DNS.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/112 bytes][Goodput ratio: 56/62][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][0.0.0.0][PLAIN TEXT (crashlyticsreports)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	9	UDP [fe80::76da:38ff:feed:5332]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	10	UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]