tests/cfgs/default/result/tls_heur__vmess-tcp-tls.pcapng.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

DPI Packets (TCP):	18	(6.00 pkts/flow)
DPI Packets (UDP):	15	(2.14 pkts/flow)
Confidence DPI              : 10 (flows)
Num dissector calls: 170 (17.00 diss/flow)
LRU cache ookla:      0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun:       0/0/0 (insert/search/found)
LRU cache tls_cert:   0/2/0 (insert/search/found)
LRU cache mining:     0/0/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
LRU cache fpc_dns:    3/3/1 (insert/search/found)
Automa host:          17/8 (search/found)
Automa domain:        17/0 (search/found)
Automa tls cert:      0/0 (search/found)
Automa risk mask:     7/0 (search/found)
Automa common alpns:  4/4 (search/found)
Patricia risk mask:   14/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        0/0 (search/found)
Patricia risk IPv6:   0/0 (search/found)
Patricia protocols:   19/1 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

DNS	8	680	4
TLS	30	14152	1
YouTube	34	22317	4
SOCKS	28	10046	1

Safe                            30 14152         1            
Acceptable                      36 10726         5            
Fun                             34 22317         4            

JA3 Host Stats: 
		 IP Address                  	 # JA3C     
	1	 127.0.0.1                	 1      
	2	 192.168.1.183            	 1      


	1	TCP 192.168.1.183:58612 <-> 216.58.204.142:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 124/YouTube, Confidence: DNS][DPI packets: 6][cat: Media/1][11 pkts/1577 bytes <-> 15 pkts/19414 bytes][Goodput ratio: 52/95][0.10 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.850 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/8 74/66 24/18][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 143/1294 585/6668 151/1565][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 4ea056e63b7910cbf543f0c095064dfe][JA4: t13d3113h2_e8f1e7e78f70_ce5650b735ce][JA3S: 907bf3ecef1c987c889946b737b43de8][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 12,6,6,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,44,0,0,0,6]
	2	TCP 127.0.0.1:57874 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/2501 bytes <-> 14 pkts/11651 bytes][Goodput ratio: 56/92][0.16 sec][Hostname/SNI: test.lan][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/12 40/74 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 156/832 731/2138 166/797][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 7a15285d4efc355608b304698cd7f9ab][JA4: t13d1911h2_9dc949149365_e7c285222651][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,12,12,5,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,19]
	3	TCP 127.0.0.1:40136 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][17 pkts/1999 bytes <-> 11 pkts/8047 bytes][Goodput ratio: 42/91][0.14 sec][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/1 40/4 14/2][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 118/732 585/2612 119/967][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (www.youtube.com)][Plen Bins: 37,25,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18]
	4	UDP 127.0.0.1:46548 <-> 127.0.0.53:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/176 bytes <-> 2 pkts/484 bytes][Goodput ratio: 50/82][0.00 sec][Hostname/SNI: www.youtube.com][216.58.204.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	5	UDP 192.168.1.183:49817 <-> 192.168.1.253:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/88 bytes <-> 1 pkts/253 bytes][Goodput ratio: 49/82][0.00 sec][Hostname/SNI: www.youtube.com][216.58.204.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	6	UDP 192.168.1.183:41933 <-> 192.168.1.253:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/88 bytes <-> 1 pkts/237 bytes][Goodput ratio: 49/81][0.00 sec][Hostname/SNI: www.youtube.com][2a00:1450:4002:410::200e][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	7	UDP 127.0.0.1:45262 <-> 127.0.0.53:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 45/54][0.00 sec][Hostname/SNI: test.lan][127.0.0.1][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	8	UDP 192.168.1.183:42485 <-> 192.168.1.253:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 45/54][0.00 sec][Hostname/SNI: test.lan][127.0.0.1][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	9	UDP 127.0.0.1:50125 <-> 127.0.0.53:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/81 bytes][Goodput ratio: 45/45][0.00 sec][Hostname/SNI: test.lan][0.0.0.0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	10	UDP 192.168.1.183:58009 <-> 192.168.1.253:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/81 bytes][Goodput ratio: 45/45][< 1 sec][Hostname/SNI: test.lan][0.0.0.0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]