aboutsummaryrefslogtreecommitdiff
path: root/tests/result/waze.pcap.out
blob: d241bc5ac924b932193d393c84e37ee4e8f3e25e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

Unknown	10	786	1
HTTP	65	64777	8
NTP	2	180	1
TLS	8	432	2
Google	13	2142	1
Waze	484	289335	19
WhatsApp	15	1341	1

JA3 Host Stats: 
		 IP Address                  	 # JA3C     
	1	 10.8.0.1                 	 2      


	1	TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][pktlen c2s avg(stddev)/entropy: 4.6(208.8)/183.0][pktlen s2c avg(stddev)/entropy: 3.1(1360.9)/3378.1][bytes ratio: -0.75][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
	2	TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][cat: Web/5][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net][pktlen c2s avg(stddev)/entropy: 4.0(68.9)/58.6][pktlen s2c avg(stddev)/entropy: 3.4(3438.7)/3467.6][bytes ratio: -0.96][PLAIN TEXT (GET /xtra)]
	3	TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][pktlen c2s avg(stddev)/entropy: 3.5(115.4)/132.3][pktlen s2c avg(stddev)/entropy: 2.4(3558.4)/6124.9][bytes ratio: -0.93][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
	4	TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][pktlen c2s avg(stddev)/entropy: 3.4(128.0)/147.3][pktlen s2c avg(stddev)/entropy: 2.6(2829.5)/3901.4][bytes ratio: -0.90][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
	5	TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][pktlen c2s avg(stddev)/entropy: 3.4(102.7)/98.2][pktlen s2c avg(stddev)/entropy: 2.6(2026.6)/2611.7][bytes ratio: -0.89][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
	6	TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][pktlen c2s avg(stddev)/entropy: 3.7(139.3)/140.6][pktlen s2c avg(stddev)/entropy: 2.6(518.8)/938.6][bytes ratio: -0.56][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
	7	TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][cat: Web/5][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][pktlen c2s avg(stddev)/entropy: 2.7(129.2)/86.6][pktlen s2c avg(stddev)/entropy: 1.4(1018.9)/1610.4][bytes ratio: -0.77][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
	8	TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][pktlen c2s avg(stddev)/entropy: 3.2(106.8)/85.4][pktlen s2c avg(stddev)/entropy: 2.7(594.6)/584.3][bytes ratio: -0.67][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
	9	TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][pktlen c2s avg(stddev)/entropy: 3.1(111.6)/87.6][pktlen s2c avg(stddev)/entropy: 2.4(648.7)/739.4][bytes ratio: -0.68][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
	10	TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][pktlen c2s avg(stddev)/entropy: 3.1(137.5)/123.8][pktlen s2c avg(stddev)/entropy: 1.8(411.2)/874.8][bytes ratio: -0.50][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
	11	TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][pktlen c2s avg(stddev)/entropy: 3.1(126.8)/106.9][pktlen s2c avg(stddev)/entropy: 2.1(383.6)/639.7][bytes ratio: -0.47][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
	12	TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][pktlen c2s avg(stddev)/entropy: 3.1(114.5)/94.6][pktlen s2c avg(stddev)/entropy: 1.8(490.3)/785.4][bytes ratio: -0.56][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
	13	TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][pktlen c2s avg(stddev)/entropy: 2.8(131.6)/107.7][pktlen s2c avg(stddev)/entropy: 1.9(485.4)/725.4][bytes ratio: -0.57][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
	14	TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com][pktlen c2s avg(stddev)/entropy: 3.1(65.7)/26.0][pktlen s2c avg(stddev)/entropy: 1.6(428.0)/650.9][bytes ratio: -0.71][PLAIN TEXT (GET /images/HD/CH)]
	15	TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 91.126/TLS.Google][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes][pktlen c2s avg(stddev)/entropy: 2.2(162.4)/176.8][pktlen s2c avg(stddev)/entropy: 1.8(167.5)/200.3][bytes ratio: 0.06][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 23f1f6e2f0015c166df49fdab4280370 (INSECURE)][Cipher: TLS_ECDHE_RSA_WITH_RC4_128_SHA]
	16	TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][pktlen c2s avg(stddev)/entropy: 2.8(74.2)/45.7][pktlen s2c avg(stddev)/entropy: 2.1(110.1)/137.5][bytes ratio: -0.13][PLAIN TEXT (GET /lang)]
	17	TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][cat: Chat/9][8 pkts/673 bytes <-> 7 pkts/668 bytes][pktlen c2s avg(stddev)/entropy: 2.8(84.1)/53.4][pktlen s2c avg(stddev)/entropy: 2.5(95.4)/66.5][bytes ratio: 0.00][PLAIN TEXT (Android)]
	18	TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][pktlen c2s avg(stddev)/entropy: 2.6(79.6)/54.1][pktlen s2c avg(stddev)/entropy: 2.1(110.1)/137.5][bytes ratio: -0.16][PLAIN TEXT (GET /newV)]
	19	TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][pktlen c2s avg(stddev)/entropy: 2.6(79.3)/53.4][pktlen s2c avg(stddev)/entropy: 2.1(110.1)/137.5][bytes ratio: -0.16][PLAIN TEXT (GET /lang)]
	20	TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][pktlen c2s avg(stddev)/entropy: 2.6(78.9)/52.3][pktlen s2c avg(stddev)/entropy: 2.1(110.1)/137.5][bytes ratio: -0.17][PLAIN TEXT (GET /langs/1.0/lang.portuguese)]
	21	TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com][pktlen c2s avg(stddev)/entropy: 2.6(78.6)/51.7][pktlen s2c avg(stddev)/entropy: 2.1(109.9)/136.8][bytes ratio: -0.17][PLAIN TEXT (GET /newV)]
	22	TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com][pktlen c2s avg(stddev)/entropy: 2.6(79.0)/52.7][pktlen s2c avg(stddev)/entropy: 2.1(104.7)/124.2][bytes ratio: -0.14][PLAIN TEXT (GET /shields)]
	23	TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 1.0(60.0)/6.0][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.05]
	24	TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 1.0(60.0)/6.0][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.05]
	25	TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 1.0(60.0)/6.0][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.05]
	26	TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 1.0(60.0)/6.0][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.05]
	27	TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 1.0(60.0)/6.0][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.05]
	28	TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.00]
	29	TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.00]
	30	TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.00]
	31	TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 1.0(54.0)/0.0][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.00]
	32	UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][pktlen c2s avg(stddev)/entropy: 0.0(90.0)/0.0][pktlen s2c avg(stddev)/entropy: 0.0(90.0)/0.0][bytes ratio: 0.00]


Undetected flows:
	1	TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 0/Unknown][8 pkts/678 bytes <-> 2 pkts/108 bytes][pktlen c2s avg(stddev)/entropy: 3.0(84.8)/10.8][pktlen s2c avg(stddev)/entropy: 1.0(54.0)/0.0][bytes ratio: 0.73]
Powered by cgit, Themed by Ted Yin.