1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
DPI Packets (TCP): 8 (8.00 pkts/flow)
DPI Packets (UDP): 2 (1.00 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 3 (1.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
Automa host: 3/3 (search/found)
Automa domain: 3/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 2/2 (search/found)
Patricia risk mask: 4/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 3/3 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
YouTubeUpload 137 127038 3
Fun 137 127038 3
JA3 Host Stats:
IP Address # JA3C
1 192.168.2.27 1
1 UDP 192.168.2.27:51925 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Media/1][80 pkts/100473 bytes <-> 20 pkts/6003 bytes][Goodput ratio: 97/86][3.49 sec][Hostname/SNI: upload.youtube.com][bytes ratio: 0.887 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/249 1825/1883 217/551][Pkt Len c2s/s2c min/avg/max/stddev: 77/58 1256/300 1392/1392 385/473][User-Agent: Chrome/62.0.3202.94 Windows NT 10.0; Win64; x64][QUIC ver: Q039][PLAIN TEXT (upload.youtube.comQ)][Plen Bins: 13,8,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0,0,0,0]
2 UDP 192.168.2.27:62232 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Media/1][13 pkts/8651 bytes <-> 11 pkts/6463 bytes][Goodput ratio: 94/93][16.89 sec][Hostname/SNI: upload.youtube.com][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1667/2090 14942/15097 4450/4941][Pkt Len c2s/s2c min/avg/max/stddev: 65/60 665/588 1392/1392 634/618][User-Agent: Chrome/62.0.3202.94 Windows NT 10.0; Win64; x64][QUIC ver: Q039][PLAIN TEXT (upload.youtube.comQ)][Plen Bins: 20,33,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,37,0,0,0,0,0]
3 TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/TLS.YouTubeUpload][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 8][cat: Media/1][6 pkts/649 bytes <-> 7 pkts/4799 bytes][Goodput ratio: 45/92][0.12 sec][Hostname/SNI: upload.youtube.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.762 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/12 57/39 23/15][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 108/686 256/1484 73/634][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: bc6c386f480ee97b9d9e52d472b772d8][TLSv1.2][JA3C: bc6c386f480ee97b9d9e52d472b772d8][JA4: t12d1310h2_8b80da21ef18_e69ac49eb88f][ServerNames: upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com][JA3S: b26c652e0a402a24b5ca2a660e84f9d5][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com][Certificate SHA-1: EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63][Validity: 2017-11-01 13:50:15 - 2018-01-24 13:31:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,28,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,28,0,0,0]
|