tests/result/ultrasurf.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Guessed flow protos:	0

DPI Packets (TCP):	13	(4.33 pkts/flow)
Confidence DPI              : 3 (flows)
Num dissector calls: 153 (51.00 diss/flow)

TLS	5171	5127023	2
UltraSurf	2971	2991918	1

JA3 Host Stats: 
		 IP Address                  	 # JA3C     
	1	 10.132.0.23              	 1      


	1	TCP 10.132.0.23:38120 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][1826 pkts/239610 bytes <-> 2699 pkts/4500129 bytes][Goodput ratio: 32/96][53.52 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 550/499 45/36][Pkt Len c2s/s2c min/avg/max/stddev: 60/70 131/1667 1603/2646 187/725][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,20,5,2,4,3,1,0,1,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,34,0,1,0,0,0,0,20]
	2	TCP 65.49.68.25:50053 <-> 10.132.0.23:37898 [VLAN: 200][proto: 304/UltraSurf][Encrypted][Confidence: DPI][cat: VPN/2][1802 pkts/2867775 bytes <-> 1169 pkts/124143 bytes][Goodput ratio: 96/19][46.77 sec][bytes ratio: 0.917 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/31 438/290 32/43][Pkt Len c2s/s2c min/avg/max/stddev: 70/60 1591/106 2646/1900 592/121][PLAIN TEXT (OFdfbY)][Plen Bins: 0,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,28]
	3	TCP 10.132.0.23:38152 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][304 pkts/83187 bytes <-> 342 pkts/304097 bytes][Goodput ratio: 68/92][8.22 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/17 721/460 63/47][Pkt Len c2s/s2c min/avg/max/stddev: 60/70 274/889 1489/2646 406/918][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,35,7,5,4,4,1,0,1,0,1,0,0,1,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,4,4,1,0,0,0,3]