tests/cfgs/default/result/threema.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

Guessed flow protos:	2

DPI Packets (TCP):	66	(11.00 pkts/flow)
Confidence DPI              : 4 (flows)
Confidence Match by IP      : 2 (flows)
Num dissector calls: 1344 (224.00 diss/flow)
LRU cache ookla:      0/0/0 (insert/search/found)
LRU cache bittorrent: 0/6/0 (insert/search/found)
LRU cache stun:       0/0/0 (insert/search/found)
LRU cache tls_cert:   0/0/0 (insert/search/found)
LRU cache mining:     0/2/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
LRU cache fpc_dns:    0/6/0 (insert/search/found)
Automa host:          0/0 (search/found)
Automa domain:        0/0 (search/found)
Automa tls cert:      0/0 (search/found)
Automa risk mask:     0/0 (search/found)
Automa common alpns:  0/0 (search/found)
Patricia risk mask:   4/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        0/0 (search/found)
Patricia risk IPv6:   0/0 (search/found)
Patricia protocols:   6/6 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Threema	83	11578	6

Fun                             83 11578         6            

	1	TCP 192.168.2.100:50484 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][FPC: 305/Threema, Confidence: IP address][DPI packets: 10][cat: Chat/9][9 pkts/1998 bytes <-> 6 pkts/1066 bytes][Goodput ratio: 70/62][30.23 sec][bytes ratio: 0.304 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/28 347/6958 2277/27743 788/12000][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 222/178 801/534 238/162][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,33,22,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	2	TCP 192.168.2.100:50298 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][FPC: 305/Threema, Confidence: IP address][DPI packets: 10][cat: Chat/9][10 pkts/2025 bytes <-> 5 pkts/548 bytes][Goodput ratio: 67/38][46.73 sec][bytes ratio: 0.574 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/31 5838/33 46525/38 15378/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 202/110 510/146 167/24][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,44,11,0,0,11,0,0,0,11,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	3	TCP 192.168.2.100:50618 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][FPC: 305/Threema, Confidence: IP address][DPI packets: 10][cat: Chat/9][9 pkts/879 bytes <-> 6 pkts/1079 bytes][Goodput ratio: 31/62][5.39 sec][bytes ratio: -0.102 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/28 52/1686 209/4996 67/2340][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/180 257/661 59/217][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	4	TCP 192.168.2.100:50500 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][FPC: 305/Threema, Confidence: IP address][DPI packets: 10][cat: Chat/9][8 pkts/813 bytes <-> 4 pkts/676 bytes][Goodput ratio: 34/60][61.48 sec][bytes ratio: 0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/31 290/32 1612/32 591/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/169 257/390 61/131][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,40,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	5	TCP 192.168.2.100:50718 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: Match by IP][FPC: 305/Threema, Confidence: IP address][DPI packets: 13][cat: Chat/9][8 pkts/775 bytes <-> 5 pkts/472 bytes][Goodput ratio: 31/28][73.43 sec][bytes ratio: 0.243 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/28 12233/29 73277/30 27300/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/94 257/146 62/33][Risk: ** Fully Encrypted Flow **][Risk Score: 50][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,50,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	6	TCP 192.168.2.100:50860 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: Match by IP][FPC: 305/Threema, Confidence: IP address][DPI packets: 13][cat: Chat/9][8 pkts/775 bytes <-> 5 pkts/472 bytes][Goodput ratio: 31/28][60.00 sec][bytes ratio: 0.243 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/29 9996/31 59845/33 22293/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/94 257/146 62/33][Risk: ** Fully Encrypted Flow **][Risk Score: 50][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,50,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]