tests/cfgs/default/result/whois.pcapng.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

Guessed flow protos:	1

DPI Packets (TCP):	16	(5.33 pkts/flow)
Confidence Match by port    : 1 (flows)
Confidence DPI              : 2 (flows)
Num dissector calls: 209 (69.67 diss/flow)
LRU cache ookla:      0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun:       0/0/0 (insert/search/found)
LRU cache tls_cert:   0/2/0 (insert/search/found)
LRU cache mining:     0/1/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
LRU cache fpc_dns:    0/3/0 (insert/search/found)
Automa host:          0/0 (search/found)
Automa domain:        0/0 (search/found)
Automa tls cert:      1/0 (search/found)
Automa risk mask:     0/0 (search/found)
Automa common alpns:  2/2 (search/found)
Patricia risk mask:   4/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        0/0 (search/found)
Patricia risk IPv6:   0/0 (search/found)
Patricia protocols:   6/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

TLS	7	2046	1
Whois-DAS	16	4294	2

Safe                             7 2046          1            
Acceptable                      16 4294          2            

JA Host Stats: 
		 IP Address                  	 # JA4C     
	1	 10.17.34.139             	 1      


	1	TCP 192.30.45.30:43 -> 10.160.63.128:53217 [VLAN: 1908][proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Network/14][5 pkts/3410 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.33 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (   Domain Name)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0]
	2	TCP 10.17.34.139:64016 <-> 10.17.51.8:4343 [VLAN: 1603][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Web/5][4 pkts/628 bytes <-> 3 pkts/1418 bytes][Goodput ratio: 54/86][0.24 sec][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.386 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/229 74/229 222/229 105/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/70 157/473 228/1278 71/569][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h2 / Expected on port 443][TCP Fingerprint: 2_128_64240_17d25aa9512d/Unknown][TLSv1.2][JA3C: 5f48063f9f3a827056ccdabadcc3886a][JA4: t12d1908h2_d83cc789557e_16bbda4055b2][JA3S: 649d6810e8392f63dc311eecb6b7098b][Issuer: CN=10.17.51.7][Subject: CN=10.17.51.7, CN=10.17.51.7][Certificate SHA-1: DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5][Firefox][Validity: 2017-11-14 08:00:00 - 2022-11-13 08:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
	3	TCP 10.0.2.15:44188 <-> 192.0.47.59:43 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Network/14][6 pkts/357 bytes <-> 5 pkts/527 bytes][Goodput ratio: 4/44][0.30 sec][Hostname/SNI: example.com][bytes ratio: -0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/119 60/60 120/119 50/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 60/105 74/287 8/91][TCP Fingerprint: 2_64_29200_8c07a80cc645/Unknown][PLAIN TEXT (example.com)][Plen Bins: 50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]