tests/cfgs/default/result/tls_esni_sni_both.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

DPI Packets (TCP):	12	(6.00 pkts/flow)
Confidence DPI              : 2 (flows)
Num dissector calls: 2 (1.00 diss/flow)
LRU cache ookla:      0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun:       0/0/0 (insert/search/found)
LRU cache tls_cert:   0/4/0 (insert/search/found)
LRU cache mining:     0/0/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
LRU cache fpc_dns:    0/2/0 (insert/search/found)
Automa host:          2/0 (search/found)
Automa domain:        2/0 (search/found)
Automa tls cert:      0/0 (search/found)
Automa risk mask:     2/0 (search/found)
Automa common alpns:  0/0 (search/found)
Patricia risk mask:   4/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        0/0 (search/found)
Patricia risk IPv6:   0/0 (search/found)
Patricia protocols:   2/2 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

TLS	38	15899	2

Safe                            38 15899         2            

JA Host Stats: 
		 IP Address                  	 # JA4C     
	1	 192.168.1.21             	 1      


	1	TCP 192.168.1.21:55500 <-> 104.17.175.85:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: Web/5][11 pkts/1461 bytes <-> 9 pkts/7270 bytes][Goodput ratio: 58/93][0.13 sec][Hostname/SNI: these-are-not-the-droids-youre-looking-for.com][TLS Supported Versions: TLSv1.3][bytes ratio: -0.665 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/10 53/43 21/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 133/808 688/1514 179/685][Risk: ** TLS (probably) Not Carrying HTTPS **** TLS Susp ESNI Usage **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.3][JA3C: 077d20c3f8c5a1f091dc937c515b69c1][JA4: t13d031100_55b375c5d22e_77359c92d649][JA3S: d75f9129bb5d05492a65ff78e081bcb2][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][PLAIN TEXT (mw/KUc)][Plen Bins: 11,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,33,0,0]
	2	TCP 192.168.1.21:55514 <-> 104.17.175.85:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: Web/5][10 pkts/1412 bytes <-> 8 pkts/5756 bytes][Goodput ratio: 60/92][0.12 sec][Hostname/SNI: you-think-thats-normal-tls-traffic-youre-seeing.com][TLS Supported Versions: TLSv1.3][bytes ratio: -0.606 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/11 50/38 20/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 141/720 693/1514 188/676][Risk: ** TLS (probably) Not Carrying HTTPS **** TLS Susp ESNI Usage **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.3][JA3C: 077d20c3f8c5a1f091dc937c515b69c1][JA4: t13d031100_55b375c5d22e_77359c92d649][JA3S: d75f9129bb5d05492a65ff78e081bcb2][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,25,0,0]