blob: 089b4da13531ae4ac6761317135e621bdd039540 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
DNS 26 2848 7
HTTP 450 294880 19
SSDP 11 4984 1
WorldOfWarcraft 9 880 1
IGMP 2 120 1
TLS 38 2548 11
Google 22 2184 5
Github 3 234 1
Starcraft 236 51494 6
1 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][cat: Web/5][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Host: llnw.blizzard.com][pktlen c2s avg(stddev)/entropy: 5.0(56.2)/19.6][pktlen s2c avg(stddev)/entropy: 4.9(1451.1)/290.7][bytes ratio: -0.92][PLAIN TEXT (GET /sc)]
2 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][cat: Game/8][126 pkts/9157 bytes <-> 89 pkts/41021 bytes][pktlen c2s avg(stddev)/entropy: 4.9(72.7)/27.5][pktlen s2c avg(stddev)/entropy: 3.8(460.9)/593.0][bytes ratio: -0.64][PLAIN TEXT (matteobracci1@gmail.com)]
3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net][pktlen c2s avg(stddev)/entropy: 3.7(64.7)/37.1][pktlen s2c avg(stddev)/entropy: 4.6(1402.4)/386.6][bytes ratio: -0.95][PLAIN TEXT (GET /cms/bnet)]
4 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][pktlen c2s avg(stddev)/entropy: 3.3(68.6)/42.6][pktlen s2c avg(stddev)/entropy: 4.0(1352.8)/456.0][bytes ratio: -0.94][PLAIN TEXT (GET /cms/bnet)]
5 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][pktlen c2s avg(stddev)/entropy: 3.3(68.4)/41.8][pktlen s2c avg(stddev)/entropy: 4.0(1352.8)/456.0][bytes ratio: -0.94][PLAIN TEXT (GET /cms/bnet)]
6 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][pktlen c2s avg(stddev)/entropy: 3.3(68.4)/41.8][pktlen s2c avg(stddev)/entropy: 4.0(1352.8)/456.0][bytes ratio: -0.94][PLAIN TEXT (GET /cms/bnet)]
7 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][pktlen c2s avg(stddev)/entropy: 3.3(68.4)/41.8][pktlen s2c avg(stddev)/entropy: 4.0(1352.8)/456.0][bytes ratio: -0.94][PLAIN TEXT (GET /cms/bnet)]
8 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][11 pkts/4984 bytes -> 0 pkts/0 bytes][pktlen c2s avg(stddev)/entropy: 3.5(453.1)/30.1][pktlen s2c avg(stddev)/entropy: 0.0(nan)/0.0][bytes ratio: 1.00][PLAIN TEXT (osNOTIFY )]
9 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net][pktlen c2s avg(stddev)/entropy: 2.2(90.8)/77.1][pktlen s2c avg(stddev)/entropy: 1.6(564.7)/672.6][bytes ratio: -0.72][PLAIN TEXT (GET /sc)]
10 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net][pktlen c2s avg(stddev)/entropy: 2.2(91.2)/77.9][pktlen s2c avg(stddev)/entropy: 1.3(627.8)/695.8][bytes ratio: -0.70][PLAIN TEXT (GET /sc)]
11 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net][pktlen c2s avg(stddev)/entropy: 2.2(91.5)/78.6][pktlen s2c avg(stddev)/entropy: 1.5(521.8)/654.3][bytes ratio: -0.70][PLAIN TEXT (GET /service/s2/regions)]
12 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net][pktlen c2s avg(stddev)/entropy: 2.2(91.5)/78.6][pktlen s2c avg(stddev)/entropy: 1.4(614.2)/680.1][bytes ratio: -0.70][PLAIN TEXT (GET /service/s2/regions)]
13 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com][pktlen c2s avg(stddev)/entropy: 1.7(126.4)/138.9][pktlen s2c avg(stddev)/entropy: 1.3(166.8)/181.4][bytes ratio: -0.03][PLAIN TEXT (POST /collect HTTP/1.1)]
14 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net][pktlen c2s avg(stddev)/entropy: 2.4(78.8)/50.4][pktlen s2c avg(stddev)/entropy: 1.2(188.2)/222.1][bytes ratio: -0.23][PLAIN TEXT (GET /S2/enGB/client/alert)]
15 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net][pktlen c2s avg(stddev)/entropy: 2.4(79.2)/51.1][pktlen s2c avg(stddev)/entropy: 1.2(187.2)/220.4][bytes ratio: -0.22][PLAIN TEXT (GET /S2/enGB/client/regions)]
16 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net][pktlen c2s avg(stddev)/entropy: 2.4(79.2)/51.1][pktlen s2c avg(stddev)/entropy: 1.2(187.2)/220.4][bytes ratio: -0.22][PLAIN TEXT (GET /S2/enGB/client/regions)]
17 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net][pktlen c2s avg(stddev)/entropy: 2.3(80.2)/53.3][pktlen s2c avg(stddev)/entropy: 1.2(183.2)/213.5][bytes ratio: -0.21][PLAIN TEXT (GET /S2/enGB/client/feed/homepa)]
18 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net][pktlen c2s avg(stddev)/entropy: 2.3(80.5)/54.1][pktlen s2c avg(stddev)/entropy: 1.2(181.2)/210.0][bytes ratio: -0.20][PLAIN TEXT (GET /S2/enGB/client/feed/live)]
19 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net][pktlen c2s avg(stddev)/entropy: 1.9(96.4)/78.9][pktlen s2c avg(stddev)/entropy: 1.5(124.2)/111.3][bytes ratio: -0.02][PLAIN TEXT (GET /service/s2/alert/en)]
20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes][pktlen c2s avg(stddev)/entropy: 2.6(62.7)/8.8][pktlen s2c avg(stddev)/entropy: 2.7(75.1)/32.8][bytes ratio: -0.17]
21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com][pktlen c2s avg(stddev)/entropy: 2.2(73.4)/33.1][pktlen s2c avg(stddev)/entropy: 1.5(128.2)/114.8][bytes ratio: -0.17][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)]
22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net][pktlen c2s avg(stddev)/entropy: 1.0(84.0)/0.0][pktlen s2c avg(stddev)/entropy: 1.0(194.0)/0.0][bytes ratio: -0.40][PLAIN TEXT (bnetcmsus)]
23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][pktlen c2s avg(stddev)/entropy: 1.6(81.0)/2.8][pktlen s2c avg(stddev)/entropy: 1.6(77.3)/8.0][bytes ratio: 0.02]
24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 110.212.58.216.in-addr.arpa][pktlen c2s avg(stddev)/entropy: 1.0(86.5)/0.5][pktlen s2c avg(stddev)/entropy: 1.0(141.0)/16.0][bytes ratio: -0.24]
25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com][pktlen c2s avg(stddev)/entropy: 1.0(77.0)/0.0][pktlen s2c avg(stddev)/entropy: 1.0(144.0)/0.0][bytes ratio: -0.30][PLAIN TEXT (blizzard)]
26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 100.1.168.192.in-addr.arpa][pktlen c2s avg(stddev)/entropy: 1.0(86.0)/0.0][pktlen s2c avg(stddev)/entropy: 1.0(130.0)/24.0][bytes ratio: -0.20][PLAIN TEXT (dynect)]
27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5.5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 26.186.239.80.in-addr.arpa][pktlen c2s avg(stddev)/entropy: 1.0(86.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.9(122.5)/36.5][bytes ratio: -0.18][PLAIN TEXT (signup)]
28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7.7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][pktlen c2s avg(stddev)/entropy: 1.3(106.7)/66.2][pktlen s2c avg(stddev)/entropy: 0.0(66.0)/0.0][bytes ratio: 0.66][PLAIN TEXT (GET /cms/bnet)]
29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7.7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][pktlen c2s avg(stddev)/entropy: 1.3(106.7)/66.2][pktlen s2c avg(stddev)/entropy: 0.0(66.0)/0.0][bytes ratio: 0.66][PLAIN TEXT (GET /cms/bnet)]
30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net][pktlen c2s avg(stddev)/entropy: 1.0(76.0)/0.0][pktlen s2c avg(stddev)/entropy: 1.0(92.0)/0.0][bytes ratio: -0.10][PLAIN TEXT (battle)]
31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.9(83.5)/23.5][bytes ratio: -0.21]
32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.9(83.5)/23.5][bytes ratio: -0.21]
33 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.9(83.5)/23.5][bytes ratio: -0.21]
34 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.9(83.5)/23.5][bytes ratio: -0.21]
35 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.9(83.5)/23.5][bytes ratio: -0.21]
36 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.9(83.5)/23.5][bytes ratio: -0.21]
37 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.9(83.5)/23.5][bytes ratio: -0.21]
38 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.9(83.5)/23.5][bytes ratio: -0.21]
39 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/TLS.Github][cat: Collaborative/15][2 pkts/145 bytes <-> 1 pkts/89 bytes][pktlen c2s avg(stddev)/entropy: 1.0(72.5)/12.5][pktlen s2c avg(stddev)/entropy: 0.0(89.0)/0.0][bytes ratio: 0.24]
40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/120 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 1.0(60.0)/0.0][bytes ratio: -0.05]
41 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/124 bytes][Host: 40.186.239.80.in-addr.arpa][pktlen c2s avg(stddev)/entropy: 0.0(86.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(124.0)/0.0][bytes ratio: -0.18][PLAIN TEXT (attens)]
42 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/TLS.Google][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(60.0)/0.0][bytes ratio: 0.29]
43 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes][pktlen c2s avg(stddev)/entropy: 0.0(55.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(66.0)/0.0][bytes ratio: -0.09]
44 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/TLS.Google][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes][pktlen c2s avg(stddev)/entropy: 0.0(55.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(66.0)/0.0][bytes ratio: -0.09]
45 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][2 pkts/120 bytes -> 0 pkts/0 bytes][pktlen c2s avg(stddev)/entropy: 1.0(60.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(nan)/0.0][bytes ratio: 1.00]
46 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/44 bytes <-> 1 pkts/60 bytes][pktlen c2s avg(stddev)/entropy: 0.0(44.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(60.0)/0.0][bytes ratio: -0.15]
47 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/44 bytes <-> 1 pkts/60 bytes][pktlen c2s avg(stddev)/entropy: 0.0(44.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(60.0)/0.0][bytes ratio: -0.15]
48 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][pktlen c2s avg(stddev)/entropy: 0.0(43.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(60.0)/0.0][bytes ratio: -0.17]
49 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][pktlen c2s avg(stddev)/entropy: 0.0(43.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(60.0)/0.0][bytes ratio: -0.17]
50 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes][pktlen c2s avg(stddev)/entropy: 0.0(66.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(nan)/0.0][bytes ratio: 1.00]
51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/TLS][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][pktlen c2s avg(stddev)/entropy: 0.0(60.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(nan)/0.0][bytes ratio: 1.00]
52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/TLS][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][pktlen c2s avg(stddev)/entropy: 0.0(60.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(nan)/0.0][bytes ratio: 1.00]
|