1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
DPI Packets (UDP): 863 (95.89 pkts/flow)
DPI Packets (other): 1 (1.00 pkts/flow)
Confidence DPI : 10 (flows)
Num dissector calls: 206 (20.60 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 27/24/0 (insert/search/found)
LRU cache tls_cert: 0/1/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 1/0/0 (insert/search/found)
Automa host: 4/2 (search/found)
Automa domain: 4/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 4/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 16/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 1/0 (search/found)
Patricia protocols: 11/7 (search/found)
Patricia protocols IPv6: 2/0 (search/found)
MDNS 2 194 2
ICMP 5 812 1
Telegram 6 564 1
GoogleServices 2 208 1
TelegramVoip 853 161775 5
Acceptable 868 163553 10
JA Host Stats:
IP Address # JA4C
1 192.168.12.67 1
1 UDP 192.168.12.67:42567 <-> 91.108.9.34:1400 [proto: 30.355/DTLS.TelegramVoip][IP: 185/Telegram][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 742][DPI packets before monitoring: 43][cat: VoIP/10][401 pkts/72973 bytes <-> 341 pkts/67660 bytes][Goodput ratio: 77/79][14.03 sec][Hostname/SNI: telegram.org][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/37 364/362 30/30][Pkt Len c2s/s2c min/avg/max/stddev: 70/84 182/198 329/330 82/86][Mapped IP/Port: 93.35.170.144:39263, 91.108.9.34:51052, 91.108.9.34:47026][Peer IP/Port: 91.108.9.34:47026][Relayed IP/Port: 91.108.9.34:51052][RTP packets: 247/214][PLAIN TEXT (Unauthorized)][Plen Bins: 0,28,6,5,5,1,6,21,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.67:41011 <-> 91.108.9.68:596 [proto: 30.355/DTLS.TelegramVoip][IP: 185/Telegram][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 72][DPI packets before monitoring: 43][cat: VoIP/10][12 pkts/2100 bytes <-> 60 pkts/14416 bytes][Goodput ratio: 76/83][10.53 sec][bytes ratio: -0.746 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 55/27 245/216 71/45][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 175/240 614/682 138/121][Mapped IP/Port: 91.108.9.68:596][RTP packets: 0/34][DTLSv1.2][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 6431b01c80e20aa21a6d7a54b248a3bf][Issuer: CN=WebRTC][Subject: CN=WebRTC][Certificate SHA-1: 4B:2E:58:BF:EC:DB:36:D0:D1:46:24:49:66:83:AC:04:2B:AE:8D:E3][Validity: 2024-11-17 16:02:08 - 2024-12-18 16:02:08][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (kWpcVUz)][Plen Bins: 0,4,28,20,2,1,1,2,35,2,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.12.67:46013 <-> 91.108.13.52:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 16][cat: VoIP/10][10 pkts/1084 bytes <-> 6 pkts/804 bytes][Goodput ratio: 61/69][12.44 sec][Hostname/SNI: telegram.org][bytes ratio: 0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/0 1188/0 4001/0 1191/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 108/134 166/134 47/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (v/cApISKdp)][Plen Bins: 37,0,37,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.12.67:44405 <-> 91.108.17.41:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 15][cat: VoIP/10][11 pkts/1346 bytes <-> 4 pkts/536 bytes][Goodput ratio: 66/69][12.70 sec][Hostname/SNI: telegram.org][bytes ratio: 0.430 (Upload)][IAT c2s/s2c min/avg/max/stddev: 251/0 1355/0 4002/0 1120/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 122/134 166/134 48/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BIWk/i)][Plen Bins: 33,0,26,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.12.67:39027 <-> 91.108.13.51:597 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 8][cat: VoIP/10][4 pkts/376 bytes <-> 4 pkts/480 bytes][Goodput ratio: 55/65][10.63 sec][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 36/88 3502/3502 9969/10006 4577/4601][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 94/120 130/162 21/24][Mapped IP/Port: 91.108.13.51:597][PLAIN TEXT (BDlMWdxrdJP)][Plen Bins: 0,37,50,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 ICMP 192.168.12.67:0 -> 91.108.9.34:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/812 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.07 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 6.979 (Compressed Executable?)][PLAIN TEXT (XYRpDQCom)][Plen Bins: 0,0,20,60,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.12.67:46868 <-> 91.108.17.7:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 6][cat: Chat/9][3 pkts/246 bytes <-> 3 pkts/318 bytes][Goodput ratio: 49/60][10.65 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 500/500 5253/5253 10006/10006 4753/4753][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 192.168.12.67:44574 <-> 192.168.12.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.239/DNS.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/112 bytes][Goodput ratio: 56/62][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][0.0.0.0][PLAIN TEXT (crashlyticsreports)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP [fe80::76da:38ff:feed:5332]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|