tests/result/snapchat.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Guessed flow protos:	3

DPI Packets (TCP):	56	(18.67 pkts/flow)
Confidence DPI              : 3 (flows)

Google	22	2879	1
Snapchat	34	7320	2

JA3 Host Stats: 
		 IP Address                  	 # JA3C     
	1	 10.8.0.1                 	 2      


	1	TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][Goodput ratio: 78/74][0.72 sec][Hostname/SNI: feelinsonice-hrd.appspot.com][ALPN: http/1.1][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/102 503/453 172/166][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 254/207 590/1123 237/350][TLSv1.2][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,28,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	2	TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][Goodput ratio: 78/58][0.57 sec][Hostname/SNI: feelinsonice-hrd.appspot.com][ALPN: http/1.1][bytes ratio: 0.389 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/86 403/353 142/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 261/129 590/502 236/150][TLSv1.2][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,14,0,14,0,0,0,0,0,0,0,14,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	3	TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 91.126/TLS.Google][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1910 bytes <-> 11 pkts/969 bytes][Goodput ratio: 68/39][2.27 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 283/283 2052/2000 670/650][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 174/88 590/292 163/75][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extension **][Risk Score: 60][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA3S: fbe78c619e7ea20046131294ad087f05][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,12,0,25,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]