tests/cfgs/default/result/vxlan.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

DPI Packets (TCP):	12	(6.00 pkts/flow)
DPI Packets (UDP):	6	(3.00 pkts/flow)
Confidence DPI              : 4 (flows)
Num dissector calls: 6 (1.50 diss/flow)
LRU cache ookla:      0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun:       0/0/0 (insert/search/found)
LRU cache tls_cert:   0/0/0 (insert/search/found)
LRU cache mining:     0/0/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
Automa host:          8/8 (search/found)
Automa domain:        8/0 (search/found)
Automa tls cert:      0/0 (search/found)
Automa risk mask:     2/0 (search/found)
Automa common alpns:  0/0 (search/found)
Patricia risk mask:   4/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        0/0 (search/found)
Patricia risk IPv6:   0/0 (search/found)
Patricia protocols:   4/4 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Facebook	127	85322	4

Fun                            127 85322         4            

JA3 Host Stats: 
		 IP Address                  	 # JA3C     
	1	 10.10.20.4               	 1      


	1	TCP 10.10.20.4:45228 <-> 157.240.224.35:443 [VLAN: 5][proto: VXLAN:91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][35 pkts/4938 bytes <-> 56 pkts/71223 bytes][Goodput ratio: 15/91][0.34 sec][Hostname/SNI: www.facebook.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/6 81/140 17/26][Pkt Len c2s/s2c min/avg/max/stddev: 120/120 141/1272 438/1500 66/477][Risk: ** TLS (probably) Not Carrying HTTPS **** Malicious JA3 Fingerp. **][Risk Score: 60][Risk Info: 40adfd923eb82b89d8836ba37a19bca1 / No ALPN][TLSv1.3][JA3C: 40adfd923eb82b89d8836ba37a19bca1][JA4: t13d311000_e8f1e7e78f70_5ac7197df9d2][JA3S: 475c9302dc42b2751db9edcac3b74891][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 0,0,1,0,0,5,0,0,0,1,0,0,0,0,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,87,0,0,0,0]
	2	TCP 10.10.20.4:45226 <-> 157.240.224.35:443 [VLAN: 5][proto: VXLAN:91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][15 pkts/2335 bytes <-> 13 pkts/5656 bytes][Goodput ratio: 24/72][0.38 sec][Hostname/SNI: facebook.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/15 224/113 62/35][Pkt Len c2s/s2c min/avg/max/stddev: 108/120 156/435 434/1500 86/497][Risk: ** TLS (probably) Not Carrying HTTPS **** Malicious JA3 Fingerp. **][Risk Score: 60][Risk Info: 40adfd923eb82b89d8836ba37a19bca1 / No ALPN][TLSv1.3][JA3C: 40adfd923eb82b89d8836ba37a19bca1][JA4: t13d311000_e8f1e7e78f70_5ac7197df9d2][JA3S: 475c9302dc42b2751db9edcac3b74891][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 20,0,10,0,0,20,0,0,0,10,0,0,0,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0]
	3	UDP 10.10.20.4:32860 <-> 8.8.8.8:53 [VLAN: 5][proto: VXLAN:5.119/DNS.Facebook][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/260 bytes <-> 2 pkts/362 bytes][Goodput ratio: 26/47][0.07 sec][Hostname/SNI: www.facebook.com][157.240.224.35][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	4	UDP 10.10.20.4:44437 <-> 8.8.8.8:53 [VLAN: 5][proto: VXLAN:5.119/DNS.Facebook][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/252 bytes <-> 2 pkts/296 bytes][Goodput ratio: 24/35][0.07 sec][Hostname/SNI: facebook.com][157.240.224.35][PLAIN TEXT (facebook)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]