1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
Guessed flow protos: 3
DPI Packets (TCP): 8 (8.00 pkts/flow)
DPI Packets (UDP): 75 (25.00 pkts/flow)
DPI Packets (other): 1 (1.00 pkts/flow)
Confidence Match by IP : 3 (flows)
Confidence DPI : 2 (flows)
Num dissector calls: 863 (172.60 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 1/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
Automa host: 1/1 (search/found)
Automa domain: 1/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 1/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 10/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia protocols: 16/13 (search/found)
ICMP 27 1890 1
Zoom 11950 9004950 4
JA3 Host Stats:
IP Address # JA3C
1 192.168.1.178 1
1 UDP 192.168.1.178:60653 <-> 144.195.73.154:8801 [proto: 189/Zoom][Encrypted][Confidence: Match by IP][cat: Video/26][3824 pkts/4162390 bytes <-> 4907 pkts/4203451 bytes][Goodput ratio: 96/95][40.59 sec][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/6 101/100 10/10][Pkt Len c2s/s2c min/avg/max/stddev: 94/60 1088/857 1339/1339 242/271][PLAIN TEXT (replace)][Plen Bins: 0,2,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,1,74,3,1,0,1,9,1,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.1.178:58117 <-> 144.195.73.154:8801 [proto: 189/Zoom][Encrypted][Confidence: Match by IP][cat: Video/26][1283 pkts/302584 bytes <-> 947 pkts/159626 bytes][Goodput ratio: 82/75][39.98 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/36 141/131 26/34][Pkt Len c2s/s2c min/avg/max/stddev: 106/60 236/169 376/369 87/64][PLAIN TEXT (replace)][Plen Bins: 0,1,64,18,7,0,0,4,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.1.178:50076 <-> 144.195.73.154:443 [proto: 91.189/TLS.Zoom][Encrypted][Confidence: DPI][cat: Video/26][491 pkts/108525 bytes <-> 411 pkts/58625 bytes][Goodput ratio: 70/54][44.41 sec][Hostname/SNI: zoomsjccv154mmr.sjc.zoom.us][bytes ratio: 0.299 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/109 1466/1467 185/193][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 221/143 1506/1506 285/210][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 832952db10f1453442636675bed2702b][ServerNames: *.sjc.zoom.us][JA3S: 8aca82d60194883e764ab2743e60c380][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us][Certificate SHA-1: 43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7][Firefox][Validity: 2021-04-13 00:00:00 - 2022-04-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,17,13,5,3,8,2,1,0,1,0,1,1,3,1,2,4,2,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]
4 UDP 192.168.1.178:57953 <-> 144.195.73.154:8801 [proto: 189/Zoom][Encrypted][Confidence: Match by IP][cat: Video/26][43 pkts/5229 bytes <-> 44 pkts/4520 bytes][Goodput ratio: 65/59][39.68 sec][bytes ratio: 0.073 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 941/849 3580/3749 1440/1522][Pkt Len c2s/s2c min/avg/max/stddev: 69/60 122/103 185/133 41/28][PLAIN TEXT (replace)][Plen Bins: 35,2,43,13,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 ICMP 192.168.1.178:0 -> 144.195.73.154:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Network/14][27 pkts/1890 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.15 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 20/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70/0 70/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|