summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2023-11-09 23:18:55 +0100
committerToni Uhlig <matzeton@googlemail.com>2023-11-09 23:44:35 +0100
commit8ebaccc27d779e981b500e80b69f62396dcaa0ca (patch)
tree62993474d9ea00d23c579a649ab048fd2a8e76e6
parentdcb595e16153caa1600b64adea6af20009ea8419 (diff)
py-flow-info: Improved analyse result printing.1.6rc4
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat
-rwxr-xr-xexamples/py-flow-info/flow-info.py43
-rw-r--r--test/results/flow-info/caches_cfg/teams.pcap.out96
-rw-r--r--test/results/flow-info/default/1kxun.pcap.out78
-rw-r--r--test/results/flow-info/default/443-curl.pcap.out6
-rw-r--r--test/results/flow-info/default/443-firefox.pcap.out6
-rw-r--r--test/results/flow-info/default/443-git.pcap.out6
-rw-r--r--test/results/flow-info/default/443-opvn.pcap.out6
-rw-r--r--test/results/flow-info/default/443-safari.pcap.out6
-rw-r--r--test/results/flow-info/default/6in4tunnel.pcap.out6
-rw-r--r--test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out18
-rw-r--r--test/results/flow-info/default/KakaoTalk_chat.pcap.out18
-rw-r--r--test/results/flow-info/default/KakaoTalk_talk.pcap.out24
-rw-r--r--test/results/flow-info/default/Oscar.pcap.out6
-rw-r--r--test/results/flow-info/default/WebattackXSS.pcap.out114
-rw-r--r--test/results/flow-info/default/alexa-app.pcapng.out138
-rw-r--r--test/results/flow-info/default/amqp.pcap.out6
-rw-r--r--test/results/flow-info/default/android.pcap.out6
-rw-r--r--test/results/flow-info/default/anyconnect-vpn.pcap.out18
-rw-r--r--test/results/flow-info/default/anydesk.pcapng.out18
-rw-r--r--test/results/flow-info/default/bad-dns-traffic.pcap.out6
-rw-r--r--test/results/flow-info/default/bets.pcapng.out6
-rw-r--r--test/results/flow-info/default/bitcoin.pcap.out24
-rw-r--r--test/results/flow-info/default/bittorrent.pcap.out6
-rw-r--r--test/results/flow-info/default/bittorrent_tcp_miss.pcapng.out6
-rw-r--r--test/results/flow-info/default/bittorrent_utp.pcap.out6
-rw-r--r--test/results/flow-info/default/bot.pcap.out6
-rw-r--r--test/results/flow-info/default/capwap.pcap.out12
-rw-r--r--test/results/flow-info/default/cassandra.pcap.out12
-rw-r--r--test/results/flow-info/default/check_mk_new.pcap.out6
-rw-r--r--test/results/flow-info/default/citrix.pcap.out6
-rw-r--r--test/results/flow-info/default/coap_mqtt.pcap.out48
-rw-r--r--test/results/flow-info/default/collectd.pcap.out6
-rw-r--r--test/results/flow-info/default/custom_categories.pcapng.out6
-rw-r--r--test/results/flow-info/default/dnp3.pcap.out42
-rw-r--r--test/results/flow-info/default/dns-tunnel-iodine.pcap.out6
-rw-r--r--test/results/flow-info/default/dns2tcp_tunnel.pcap.out6
-rw-r--r--test/results/flow-info/default/dns_doh.pcap.out6
-rw-r--r--test/results/flow-info/default/dns_exfiltration.pcap.out6
-rw-r--r--test/results/flow-info/default/doh.pcapng.out6
-rw-r--r--test/results/flow-info/default/doq_adguard.pcapng.out6
-rw-r--r--test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out6
-rw-r--r--test/results/flow-info/default/drda_db2.pcap.out6
-rw-r--r--test/results/flow-info/default/dropbox.pcap.out24
-rw-r--r--test/results/flow-info/default/emotet.pcap.out30
-rw-r--r--test/results/flow-info/default/ethereum.pcap.out198
-rw-r--r--test/results/flow-info/default/exe_download.pcap.out6
-rw-r--r--test/results/flow-info/default/exe_download_as_png.pcap.out6
-rw-r--r--test/results/flow-info/default/facebook.pcap.out6
-rw-r--r--test/results/flow-info/default/fastcgi.pcap.out6
-rw-r--r--test/results/flow-info/default/fix.pcap.out30
-rw-r--r--test/results/flow-info/default/fix2.pcap.out12
-rw-r--r--test/results/flow-info/default/forticlient.pcap.out6
-rw-r--r--test/results/flow-info/default/ftp-start-tls.pcap.out6
-rw-r--r--test/results/flow-info/default/ftp.pcap.out12
-rw-r--r--test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out12
-rw-r--r--test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out6
-rw-r--r--test/results/flow-info/default/geforcenow.pcapng.out12
-rw-r--r--test/results/flow-info/default/git.pcap.out6
-rw-r--r--test/results/flow-info/default/gnutella.pcap.out36
-rw-r--r--test/results/flow-info/default/googledns_android10.pcap.out18
-rw-r--r--test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out24
-rw-r--r--test/results/flow-info/default/hots.pcapng.out12
-rw-r--r--test/results/flow-info/default/http_auth.pcap.out6
-rw-r--r--test/results/flow-info/default/http_connect.pcap.out12
-rw-r--r--test/results/flow-info/default/http_ipv6.pcap.out6
-rw-r--r--test/results/flow-info/default/http_ua_splitted_in_two_pkts.pcapng.out6
-rw-r--r--test/results/flow-info/default/iax.pcap.out6
-rw-r--r--test/results/flow-info/default/icmp-tunnel.pcap.out6
-rw-r--r--test/results/flow-info/default/iec60780-5-104.pcap.out6
-rw-r--r--test/results/flow-info/default/imap-starttls.pcap.out6
-rw-r--r--test/results/flow-info/default/imap.pcap.out6
-rw-r--r--test/results/flow-info/default/imo.pcap.out12
-rw-r--r--test/results/flow-info/default/instagram.pcap.out54
-rw-r--r--test/results/flow-info/default/iphone.pcap.out24
-rw-r--r--test/results/flow-info/default/ipp.pcap.out6
-rw-r--r--test/results/flow-info/default/ipsec_isakmp_esp.pcap.out36
-rw-r--r--test/results/flow-info/default/jabber.pcap.out18
-rw-r--r--test/results/flow-info/default/kismet.pcap.out6
-rw-r--r--test/results/flow-info/default/kontiki.pcap.out6
-rw-r--r--test/results/flow-info/default/line.pcap.out24
-rw-r--r--test/results/flow-info/default/log4j-webapp-exploit.pcap.out6
-rw-r--r--test/results/flow-info/default/long_tls_certificate.pcap.out6
-rw-r--r--test/results/flow-info/default/malware.pcap.out6
-rw-r--r--test/results/flow-info/default/merakicloud.pcapng.out6
-rw-r--r--test/results/flow-info/default/modbus.pcap.out6
-rw-r--r--test/results/flow-info/default/monero.pcap.out12
-rw-r--r--test/results/flow-info/default/nest_log_sink.pcap.out60
-rw-r--r--test/results/flow-info/default/netbios.pcap.out12
-rw-r--r--test/results/flow-info/default/netflix.pcap.out162
-rw-r--r--test/results/flow-info/default/nfsv2.pcap.out6
-rw-r--r--test/results/flow-info/default/nfsv3.pcap.out6
-rw-r--r--test/results/flow-info/default/nintendo.pcap.out30
-rw-r--r--test/results/flow-info/default/nntp.pcap.out6
-rw-r--r--test/results/flow-info/default/no_sni.pcap.out18
-rw-r--r--test/results/flow-info/default/ocs.pcap.out12
-rw-r--r--test/results/flow-info/default/ocsp.pcapng.out36
-rw-r--r--test/results/flow-info/default/openvpn.pcap.out18
-rw-r--r--test/results/flow-info/default/opera-vpn.pcapng.out360
-rw-r--r--test/results/flow-info/default/pgm.pcap.out6
-rw-r--r--test/results/flow-info/default/pinterest.pcap.out78
-rw-r--r--test/results/flow-info/default/pop3.pcap.out6
-rw-r--r--test/results/flow-info/default/pop3_stls.pcap.out6
-rw-r--r--test/results/flow-info/default/pps.pcap.out30
-rw-r--r--test/results/flow-info/default/psiphon3.pcap.out6
-rw-r--r--test/results/flow-info/default/quic-28.pcap.out6
-rw-r--r--test/results/flow-info/default/quic-mvfst-22.pcap.out6
-rw-r--r--test/results/flow-info/default/quic.pcap.out12
-rw-r--r--test/results/flow-info/default/quic046.pcap.out6
-rw-r--r--test/results/flow-info/default/quic_q39.pcap.out6
-rw-r--r--test/results/flow-info/default/quickplay.pcap.out6
-rw-r--r--test/results/flow-info/default/reasm_crash_anon.pcapng.out6
-rw-r--r--test/results/flow-info/default/reasm_segv_anon.pcapng.out6
-rw-r--r--test/results/flow-info/default/reddit.pcap.out102
-rw-r--r--test/results/flow-info/default/roblox.pcapng.out6
-rw-r--r--test/results/flow-info/default/rtsp.pcap.out36
-rw-r--r--test/results/flow-info/default/rx.pcap.out6
-rw-r--r--test/results/flow-info/default/s7comm.pcap.out6
-rw-r--r--test/results/flow-info/default/safari.pcap.out6
-rw-r--r--test/results/flow-info/default/signal.pcap.out24
-rw-r--r--test/results/flow-info/default/simple-dnscrypt.pcap.out12
-rw-r--r--test/results/flow-info/default/sip.pcap.out6
-rw-r--r--test/results/flow-info/default/sites.pcapng.out12
-rw-r--r--test/results/flow-info/default/skinny.pcap.out42
-rw-r--r--test/results/flow-info/default/skype-conference-call.pcap.out6
-rw-r--r--test/results/flow-info/default/skype.pcap.out48
-rw-r--r--test/results/flow-info/default/skype_no_unknown.pcap.out30
-rw-r--r--test/results/flow-info/default/smb_deletefile.pcap.out6
-rw-r--r--test/results/flow-info/default/smtp-starttls.pcap.out12
-rw-r--r--test/results/flow-info/default/smtp.pcap.out6
-rw-r--r--test/results/flow-info/default/snapchat_call.pcapng.out6
-rw-r--r--test/results/flow-info/default/snapchat_call_v1.pcapng.out6
-rw-r--r--test/results/flow-info/default/softether.pcap.out6
-rw-r--r--test/results/flow-info/default/ssh.pcap.out6
-rw-r--r--test/results/flow-info/default/starcraft_battle.pcap.out18
-rw-r--r--test/results/flow-info/default/stun.pcap.out18
-rw-r--r--test/results/flow-info/default/stun_google_meet.pcapng.out18
-rw-r--r--test/results/flow-info/default/stun_signal.pcapng.out18
-rw-r--r--test/results/flow-info/default/stun_wa_call.pcapng.out12
-rw-r--r--test/results/flow-info/default/stun_zoom.pcapng.out6
-rw-r--r--test/results/flow-info/default/tailscale.pcap.out6
-rw-r--r--test/results/flow-info/default/teams.pcap.out96
-rw-r--r--test/results/flow-info/default/teamspeak3.pcap.out6
-rw-r--r--test/results/flow-info/default/teamviewer.pcap.out12
-rw-r--r--test/results/flow-info/default/telegram.pcap.out36
-rw-r--r--test/results/flow-info/default/telegram_videocall.pcapng.out24
-rw-r--r--test/results/flow-info/default/telnet.pcap.out6
-rw-r--r--test/results/flow-info/default/tftp.pcap.out6
-rw-r--r--test/results/flow-info/default/thrift.pcap.out6
-rw-r--r--test/results/flow-info/default/tinc.pcap.out12
-rw-r--r--test/results/flow-info/default/tls-appdata.pcap.out6
-rw-r--r--test/results/flow-info/default/tls_certificate_too_long.pcap.out12
-rw-r--r--test/results/flow-info/default/tls_long_cert.pcap.out6
-rw-r--r--test/results/flow-info/default/tls_verylong_certificate.pcap.out6
-rw-r--r--test/results/flow-info/default/tor.pcap.out30
-rw-r--r--test/results/flow-info/default/tplink_shp.pcap.out18
-rw-r--r--test/results/flow-info/default/trickbot.pcap.out6
-rw-r--r--test/results/flow-info/default/tumblr.pcap.out54
-rw-r--r--test/results/flow-info/default/tunnelbear.pcap.out18
-rw-r--r--test/results/flow-info/default/ultrasurf.pcap.out18
-rw-r--r--test/results/flow-info/default/viber.pcap.out24
-rw-r--r--test/results/flow-info/default/vk.pcapng.out12
-rw-r--r--test/results/flow-info/default/vnc.pcap.out12
-rw-r--r--test/results/flow-info/default/vxlan.pcap.out12
-rw-r--r--test/results/flow-info/default/wa_video.pcap.out18
-rw-r--r--test/results/flow-info/default/wa_voice.pcap.out30
-rw-r--r--test/results/flow-info/default/waze.pcap.out30
-rw-r--r--test/results/flow-info/default/webex.pcap.out36
-rw-r--r--test/results/flow-info/default/wechat.pcap.out102
-rw-r--r--test/results/flow-info/default/weibo.pcap.out36
-rw-r--r--test/results/flow-info/default/whatsapp_login_call.pcap.out36
-rw-r--r--test/results/flow-info/default/whatsapp_login_chat.pcap.out6
-rw-r--r--test/results/flow-info/default/whatsapp_voice_and_message.pcap.out18
-rw-r--r--test/results/flow-info/default/whatsappfiles.pcap.out12
-rw-r--r--test/results/flow-info/default/youtube_quic.pcap.out6
-rw-r--r--test/results/flow-info/default/youtubeupload.pcap.out6
-rw-r--r--test/results/flow-info/default/zcash.pcap.out6
-rw-r--r--test/results/flow-info/default/zoom.pcap.out18
-rw-r--r--test/results/flow-info/default/zoom2.pcap.out18
-rw-r--r--test/results/flow-info/default/zoom_p2p.pcapng.out24
-rw-r--r--test/results/flow-info/enable_doh_heuristic/doh.pcapng.out6
-rw-r--r--test/results/flow-info/enable_payload_stat/1kxun.pcap.out78
-rw-r--r--test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out30
182 files changed, 1993 insertions, 1980 deletions
diff --git a/examples/py-flow-info/flow-info.py b/examples/py-flow-info/flow-info.py
index 57a74db36..f905231e4 100755
--- a/examples/py-flow-info/flow-info.py
+++ b/examples/py-flow-info/flow-info.py
@@ -257,6 +257,12 @@ def onFlowCleanup(instance, current_flow, global_user_data):
return True
+def limitFloatValue(value, fmt, limit):
+ if float(value) < float(limit) and float(value) > 0.0:
+ return '<' + str(fmt).format(limit)
+ else:
+ return ' ' + str(fmt).format(value)
+
def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
stats = global_user_data
stats.update(json_dict, current_flow)
@@ -417,24 +423,31 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
flow_event_name += '{}{:>16}{}'.format(TermColor.WARNING,
json_dict['flow_event_name'], TermColor.END)
if args.print_analyse_results is True:
- next_lines = [' {:>9}|{:>9}|{:>9}|{:>9}|{:>15}|{:>8}'.format(
+ next_lines = [' {:>10}|{:>10}|{:>10}|{:>10}|{:>17}|{:>9}'.format(
'min', 'max', 'avg', 'stddev', 'variance', 'entropy')]
- next_lines += ['[IAT.........: {:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}|{:>15.3f}|{:>8.3f}]'.format(
- nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['min']),
- nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['max']),
- nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['avg']),
- nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['stddev']),
- nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['var']),
- json_dict['data_analysis']['iat']['ent']
+ next_lines += ['[IAT.........: {}|{}|{}|{}|{}|{}]'.format(
+ limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['min']),
+ '{:>9.3f}', 0.001),
+ limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['max']),
+ '{:>9.3f}', 0.001),
+ limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['avg']),
+ '{:>9.3f}', 0.001),
+ limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['stddev']),
+ '{:>9.3f}', 0.001),
+ limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['var']),
+ '{:>16.3f}', 0.001),
+ limitFloatValue(json_dict['data_analysis']['iat']['ent'],
+ '{:>8.3f}', 0.001)
)]
next_lines += ['']
- next_lines[-1] += '[PKTLEN......: {:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}|{:>15.3f}|{:>8.3f}]'.format(
- json_dict['data_analysis']['pktlen']['min'],
- json_dict['data_analysis']['pktlen']['max'],
- json_dict['data_analysis']['pktlen']['avg'],
- json_dict['data_analysis']['pktlen']['stddev'],
- json_dict['data_analysis']['pktlen']['var'],
- json_dict['data_analysis']['pktlen']['ent']
+ next_lines[-1] += '[PKTLEN......: {}|{}|{}|{}|{}|{}]'.format(
+ limitFloatValue(json_dict['data_analysis']['pktlen']['min'], '{:>9.3f}', 0.001),
+ limitFloatValue(json_dict['data_analysis']['pktlen']['max'], '{:>9.3f}', 0.001),
+ limitFloatValue(json_dict['data_analysis']['pktlen']['avg'], '{:>9.3f}', 0.001),
+ limitFloatValue(json_dict['data_analysis']['pktlen']['stddev'],
+ '{:>9.3f}', 0.001),
+ limitFloatValue(json_dict['data_analysis']['pktlen']['var'], '{:>16.3f}', 0.001),
+ limitFloatValue(json_dict['data_analysis']['pktlen']['ent'], '{:>8.3f}', 0.001)
)
next_lines += ['']
next_lines[-1] += '[BINS(c->s)..: {}]'.format(','.join([str(n) for n in json_dict['data_analysis']['bins']['c_to_s']]))
diff --git a/test/results/flow-info/caches_cfg/teams.pcap.out b/test/results/flow-info/caches_cfg/teams.pcap.out
index 5fbd73a71..9ebd658bc 100644
--- a/test/results/flow-info/caches_cfg/teams.pcap.out
+++ b/test/results/flow-info/caches_cfg/teams.pcap.out
@@ -20,9 +20,9 @@
detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.030| 0.006| 0.009| 77.930| 3.700]
- [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700]
+ [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900]
[BINS(c->s)..: 10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0]
@@ -37,9 +37,9 @@
detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com]
detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com]
analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.221| 0.032| 0.054| 2931.592| 3.400]
- [PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.221| 0.032| 0.054| 2931.592| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400]
[BINS(c->s)..: 5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0]
[BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0]
@@ -55,9 +55,9 @@
detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.050| 0.018| 0.021| 449.200| 3.900]
- [PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900]
+ [PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200]
[BINS(c->s)..: 7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0]
@@ -139,9 +139,9 @@
detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.153| 0.028| 0.040| 1626.047| 3.600]
- [PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.153| 0.028| 0.040| 1626.047| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300]
[BINS(c->s)..: 5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0]
@@ -156,9 +156,9 @@
detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
RISK: Known Proto on Non Std Port
analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.201| 0.025| 0.047| 2215.159| 3.200]
- [PKTLEN......: 40.000| 1492.000| 340.200| 510.300| 260451.700| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.201| 0.025| 0.047| 2215.159| 3.200]
+ [PKTLEN......: 40.000| 1492.000| 340.200| 510.300| 260451.700| 3.800]
[BINS(c->s)..: 11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1]
@@ -176,9 +176,9 @@
detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.115| 0.021| 0.031| 968.681| 3.500]
- [PKTLEN......: 52.000| 1492.000| 377.200| 521.700| 272149.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.115| 0.021| 0.031| 968.681| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 377.200| 521.700| 272149.200| 3.900]
[BINS(c->s)..: 11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1]
@@ -192,9 +192,9 @@
detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.010| 0.146| 0.490| 239614.050| 1.700]
- [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700]
+ [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800]
[BINS(c->s)..: 9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1]
@@ -203,9 +203,9 @@
[ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3]
detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.540| 0.024| 0.095| 8949.939| 1.900]
- [PKTLEN......: 40.000| 1492.000| 331.500| 473.500| 224192.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.540| 0.024| 0.095| 8949.939| 1.900]
+ [PKTLEN......: 40.000| 1492.000| 331.500| 473.500| 224192.200| 3.900]
[BINS(c->s)..: 9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0]
@@ -256,9 +256,9 @@
detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.154| 0.015| 0.036| 1274.324| 2.800]
- [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800]
+ [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000]
[BINS(c->s)..: 10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1]
@@ -278,9 +278,9 @@
detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.053| 0.020| 0.022| 492.470| 3.900]
- [PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.053| 0.020| 0.022| 492.470| 3.900]
+ [PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100]
[BINS(c->s)..: 9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0]
@@ -303,9 +303,9 @@
detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.126| 0.019| 0.032| 1006.354| 3.400]
- [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900]
[BINS(c->s)..: 12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[BINS(s->c)..: 2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0]
@@ -317,9 +317,9 @@
detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443]
analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.162| 0.032| 0.044| 1964.919| 3.600]
- [PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.162| 0.032| 0.044| 1964.919| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200]
[BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
[BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1]
@@ -342,9 +342,9 @@
detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.277| 0.019| 0.049| 2449.644| 2.900]
- [PKTLEN......: 52.000| 1492.000| 370.200| 512.100| 262257.700| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.277| 0.019| 0.049| 2449.644| 2.900]
+ [PKTLEN......: 52.000| 1492.000| 370.200| 512.100| 262257.700| 3.900]
[BINS(c->s)..: 11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1]
@@ -352,9 +352,9 @@
[PKTLENS.....: 64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]
[ENTROPIES...: 4.4,5.3,4.9,5.6,7.1,7.3,5.0,5.0,7.5,4.9,7.6,7.5,4.9,6.3,6.3,7.6,5.6,5.9,5.0,4.9,5.4,5.7,5.0,7.5,5.0,5.2,7.8,6.2,5.2,5.6,5.0,7.8]
analyse: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 8.978| 0.329| 1.582| 2503841.415| 0.800]
- [PKTLEN......: 40.000| 1492.000| 339.200| 486.100| 236250.500| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 8.978| 0.329| 1.582| 2503841.415| 0.800]
+ [PKTLEN......: 40.000| 1492.000| 339.200| 486.100| 236250.500| 3.900]
[BINS(c->s)..: 10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1]
@@ -430,9 +430,9 @@
detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.567| 0.072| 0.275| 75449.426| 1.900]
- [PKTLEN......: 40.000| 1492.000| 256.900| 427.000| 182315.300| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.567| 0.072| 0.275| 75449.426| 1.900]
+ [PKTLEN......: 40.000| 1492.000| 256.900| 427.000| 182315.300| 3.700]
[BINS(c->s)..: 15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1]
@@ -445,9 +445,9 @@
new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6]
detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable]
analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.168| 0.160| 0.366| 133702.353| 2.700]
- [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700]
+ [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000]
[BINS(c->s)..: 0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/1kxun.pcap.out b/test/results/flow-info/default/1kxun.pcap.out
index 576df79d4..2b471b0ff 100644
--- a/test/results/flow-info/default/1kxun.pcap.out
+++ b/test/results/flow-info/default/1kxun.pcap.out
@@ -82,9 +82,9 @@
detected: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
detected: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
analyse: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.056| 0.011| 0.020| 413.706| 3.100]
- [PKTLEN......: 40.000| 1300.000| 821.900| 585.300| 342554.800| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.056| 0.011| 0.020| 413.706| 3.100]
+ [PKTLEN......: 40.000| 1300.000| 821.900| 585.300| 342554.800| 4.500]
[BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1]
@@ -92,9 +92,9 @@
[PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300]
[ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.2,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.9,7.8]
analyse: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.066| 0.012| 0.024| 579.055| 2.800]
- [PKTLEN......: 40.000| 1300.000| 743.100| 600.300| 360321.400| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.066| 0.012| 0.024| 579.055| 2.800]
+ [PKTLEN......: 40.000| 1300.000| 743.100| 600.300| 360321.400| 4.400]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0]
@@ -102,9 +102,9 @@
[PKTLENS.....: 52,52,52,40,40,399,399,46,359,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40]
[ENTROPIES...: 4.5,4.5,5.0,4.7,4.7,5.8,5.8,4.4,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8]
analyse: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.067| 0.012| 0.023| 544.113| 2.900]
- [PKTLEN......: 40.000| 1300.000| 743.200| 600.200| 360235.600| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.067| 0.012| 0.023| 544.113| 2.900]
+ [PKTLEN......: 40.000| 1300.000| 743.200| 600.200| 360235.600| 4.400]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1]
@@ -112,9 +112,9 @@
[PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300]
[ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,7.5,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8]
analyse: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.096| 0.013| 0.026| 693.255| 2.700]
- [PKTLEN......: 40.000| 1300.000| 833.000| 555.000| 308021.300| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.096| 0.013| 0.026| 693.255| 2.700]
+ [PKTLEN......: 40.000| 1300.000| 833.000| 555.000| 308021.300| 4.600]
[BINS(c->s)..: 6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0]
@@ -122,9 +122,9 @@
[PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409]
[ENTROPIES...: 4.5,4.5,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.7,5.8,5.8]
analyse: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.142| 0.016| 0.032| 1046.271| 2.800]
- [PKTLEN......: 40.000| 1300.000| 822.000| 585.200| 342449.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.142| 0.016| 0.032| 1046.271| 2.800]
+ [PKTLEN......: 40.000| 1300.000| 822.000| 585.200| 342449.500| 4.500]
[BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1]
@@ -141,9 +141,9 @@
detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi]
RISK: HTTP Susp User-Agent
analyse: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.147| 0.015| 0.033| 1100.854| 2.600]
- [PKTLEN......: 40.000| 1300.000| 693.600| 612.000| 374554.600| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.147| 0.015| 0.033| 1100.854| 2.600]
+ [PKTLEN......: 40.000| 1300.000| 693.600| 612.000| 374554.600| 4.300]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1]
@@ -182,9 +182,9 @@
RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80]
analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.399| 0.070| 0.104| 10878.943| 3.600]
- [PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.399| 0.070| 0.104| 10878.943| 3.600]
+ [PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100]
[BINS(c->s)..: 9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0]
@@ -358,9 +358,9 @@
update: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
update: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
analyse: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 45.001| 1.464| 7.949| 63183326.806| 0.100]
- [PKTLEN......: 40.000| 1300.000| 781.600| 593.200| 351838.700| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 45.001| 1.464| 7.949| 63183326.806| 0.100]
+ [PKTLEN......: 40.000| 1300.000| 781.600| 593.200| 351838.700| 4.400]
[BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0]
@@ -626,9 +626,9 @@
new: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [MIDSTREAM]
detected: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
analyse: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.895| 0.069| 0.184| 33990.969| 2.200]
- [PKTLEN......: 260.000|21652.000| 4534.200| 5608.100| 31450232.000| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.895| 0.069| 0.184| 33990.969| 2.200]
+ [PKTLEN......: 260.000| 21652.000| 4534.200| 5608.100| 31450232.000| 4.200]
[BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1]
@@ -654,9 +654,9 @@
new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM]
detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com]
analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.409| 0.085| 0.132| 17528.007| 3.300]
- [PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300]
+ [PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12]
[DIRECTIONS..: 0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -682,9 +682,9 @@
new: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [MIDSTREAM]
detected: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com]
analyse: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.887| 0.071| 0.171| 29312.068| 2.600]
- [PKTLEN......: 337.000|18772.000| 3143.800| 3724.000| 13867894.000| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.887| 0.071| 0.171| 29312.068| 2.600]
+ [PKTLEN......: 337.000| 18772.000| 3143.800| 3724.000| 13867894.000| 4.300]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1]
@@ -692,9 +692,9 @@
[PKTLENS.....: 566,2932,1492,1492,11572,1492,1492,2932,1492,1492,1492,7252,1492,1492,1492,1492,4372,1492,2932,4239,578,337,1492,8692,18772,1492,2932,1492,1492,5812,1492,1316]
[ENTROPIES...: 5.9,7.9,7.8,7.8,8.0,7.8,7.9,7.9,7.9,7.9,7.8,8.0,7.8,7.8,7.8,7.9,7.9,7.8,7.9,7.9,5.9,5.8,7.8,8.0,8.0,7.9,7.9,7.9,7.9,8.0,7.9,7.9]
analyse: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.900| 0.096| 0.189| 35619.967| 3.000]
- [PKTLEN......: 337.000|18772.000| 3651.900| 4182.900| 17496908.000| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.900| 0.096| 0.189| 35619.967| 3.000]
+ [PKTLEN......: 337.000| 18772.000| 3651.900| 4182.900| 17496908.000| 4.300]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1]
@@ -714,9 +714,9 @@
new: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [MIDSTREAM]
detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi]
analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 6.045| 1.047| 1.982| 3926937.043| 3.000]
- [PKTLEN......: 486.000|14452.000| 2813.500| 2993.900| 8963654.000| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 6.045| 1.047| 1.982| 3926937.043| 3.000]
+ [PKTLEN......: 486.000| 14452.000| 2813.500| 2993.900| 8963654.000| 4.400]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1]
diff --git a/test/results/flow-info/default/443-curl.pcap.out b/test/results/flow-info/default/443-curl.pcap.out
index 348de7848..7854bf3d6 100644
--- a/test/results/flow-info/default/443-curl.pcap.out
+++ b/test/results/flow-info/default/443-curl.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.784| 0.063| 0.190| 36203.258| 2.200]
- [PKTLEN......: 52.000| 1492.000| 397.200| 558.700| 312115.000| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.784| 0.063| 0.190| 36203.258| 2.200]
+ [PKTLEN......: 52.000| 1492.000| 397.200| 558.700| 312115.000| 3.800]
[BINS(c->s)..: 10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1]
diff --git a/test/results/flow-info/default/443-firefox.pcap.out b/test/results/flow-info/default/443-firefox.pcap.out
index 08863a62f..548980508 100644
--- a/test/results/flow-info/default/443-firefox.pcap.out
+++ b/test/results/flow-info/default/443-firefox.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.656| 0.130| 0.404| 163175.268| 2.000]
- [PKTLEN......: 52.000| 1492.000| 518.700| 610.400| 372566.000| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.656| 0.130| 0.404| 163175.268| 2.000]
+ [PKTLEN......: 52.000| 1492.000| 518.700| 610.400| 372566.000| 4.000]
[BINS(c->s)..: 11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1]
diff --git a/test/results/flow-info/default/443-git.pcap.out b/test/results/flow-info/default/443-git.pcap.out
index fb1765297..4d8e21b2e 100644
--- a/test/results/flow-info/default/443-git.pcap.out
+++ b/test/results/flow-info/default/443-git.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Github][Collaborative][Acceptable][github.com]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Github][Collaborative][Acceptable][github.com]
analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Github][Collaborative][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.144| 0.033| 0.053| 2832.982| 3.200]
- [PKTLEN......: 52.000| 1476.000| 337.800| 464.400| 215710.400| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.144| 0.033| 0.053| 2832.982| 3.200]
+ [PKTLEN......: 52.000| 1476.000| 337.800| 464.400| 215710.400| 4.000]
[BINS(c->s)..: 14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0]
diff --git a/test/results/flow-info/default/443-opvn.pcap.out b/test/results/flow-info/default/443-opvn.pcap.out
index 31e930897..3fcf4849d 100644
--- a/test/results/flow-info/default/443-opvn.pcap.out
+++ b/test/results/flow-info/default/443-opvn.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194]
detected: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][Unknown][VPN][Acceptable]
analyse: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.161| 0.158| 0.364| 132701.856| 2.700]
- [PKTLEN......: 52.000| 1492.000| 260.300| 407.400| 166005.600| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.161| 0.158| 0.364| 132701.856| 2.700]
+ [PKTLEN......: 52.000| 1492.000| 260.300| 407.400| 166005.600| 3.800]
[BINS(c->s)..: 7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1]
diff --git a/test/results/flow-info/default/443-safari.pcap.out b/test/results/flow-info/default/443-safari.pcap.out
index 7e46fe334..b3f715a17 100644
--- a/test/results/flow-info/default/443-safari.pcap.out
+++ b/test/results/flow-info/default/443-safari.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.696| 0.070| 0.175| 30530.335| 2.600]
- [PKTLEN......: 52.000| 1492.000| 384.700| 559.600| 313139.800| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.696| 0.070| 0.175| 30530.335| 2.600]
+ [PKTLEN......: 52.000| 1492.000| 384.700| 559.600| 313139.800| 3.800]
[BINS(c->s)..: 11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/6in4tunnel.pcap.out b/test/results/flow-info/default/6in4tunnel.pcap.out
index cb8930008..a9906e0c5 100644
--- a/test/results/flow-info/default/6in4tunnel.pcap.out
+++ b/test/results/flow-info/default/6in4tunnel.pcap.out
@@ -3,9 +3,9 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26]
analyse: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.005| 0.495| 0.455| 206990.442| 4.200]
- [PKTLEN......: 92.000| 1897.000| 236.400| 383.000| 146712.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.005| 0.495| 0.455| 206990.442| 4.200]
+ [PKTLEN......: 92.000| 1897.000| 236.400| 383.000| 146712.700| 4.100]
[BINS(c->s)..: 0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0]
diff --git a/test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index 2b281f6ea..ed3249628 100644
--- a/test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -10,9 +10,9 @@
new: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060]
detected: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] [SIP][Unknown][VoIP][Acceptable]
analyse: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.370| 1.692| 2.031| 4125948.903| 3.700]
- [PKTLEN......: 73.000| 400.000| 154.800| 98.900| 9786.300| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.370| 1.692| 2.031| 4125948.903| 3.700]
+ [PKTLEN......: 73.000| 400.000| 154.800| 98.900| 9786.300| 4.700]
[BINS(c->s)..: 0,15,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,0,7,0,0,0,7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1]
@@ -22,9 +22,9 @@
new: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756]
detected: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Unknown][Media][Acceptable]
analyse: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Unknown][Media][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 0.040| 0.020| 0.005| 23.656| 4.900]
- [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.001| 0.040| 0.020| 0.005| 23.656| 4.900]
+ [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -33,9 +33,9 @@
[ENTROPIES...: 1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,2.4,2.4,2.4,2.5,2.4,2.5,2.5,2.5,2.5,2.5,2.4,2.4,2.4,2.4,2.5,2.5,2.5,2.5,2.4,2.4,2.5]
update: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][Unknown][VoIP][Acceptable]
analyse: [.....3] [ip4][..udp] [....10.35.40.25][.5060] -> [...10.35.40.200][.5060] [SIP][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 27.628| 2.809| 6.896| 47549159.309| 2.500]
- [PKTLEN......: 290.000| 909.000| 591.300| 211.900| 44888.200| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 27.628| 2.809| 6.896| 47549159.309| 2.500]
+ [PKTLEN......: 290.000| 909.000| 591.300| 211.900| 44888.200| 4.900]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,2,4,2,0,0,0,0,0,0,0,0,0,2,0,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,2,0,2,0,0,4,2,0,2,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,1,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,1,1,1,1,0,0,0,0]
diff --git a/test/results/flow-info/default/KakaoTalk_chat.pcap.out b/test/results/flow-info/default/KakaoTalk_chat.pcap.out
index 0f17962bb..9c8f48f45 100644
--- a/test/results/flow-info/default/KakaoTalk_chat.pcap.out
+++ b/test/results/flow-info/default/KakaoTalk_chat.pcap.out
@@ -103,9 +103,9 @@
detected: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe]
RISK: Known Proto on Non Std Port
analyse: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.174| 0.038| 0.043| 1891.518| 4.000]
- [PKTLEN......: 40.000| 1320.000| 256.100| 386.900| 149674.200| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.174| 0.038| 0.043| 1891.518| 4.000]
+ [PKTLEN......: 40.000| 1320.000| 256.100| 386.900| 149674.200| 3.800]
[BINS(c->s)..: 10,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,3,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1]
@@ -119,9 +119,9 @@
detected: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
analyse: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.004| 3.803| 0.501| 0.832| 692202.045| 3.700]
- [PKTLEN......: 40.000| 1320.000| 209.000| 352.300| 124085.100| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.004| 3.803| 0.501| 0.832| 692202.045| 3.700]
+ [PKTLEN......: 40.000| 1320.000| 209.000| 352.300| 124085.100| 3.700]
[BINS(c->s)..: 11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0]
@@ -148,9 +148,9 @@
new: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM]
detected: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS][Google][Web][Safe]
analyse: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 27.031| 1.853| 6.601| 43576507.498| 1.500]
- [PKTLEN......: 40.000| 1320.000| 198.800| 348.100| 121165.000| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 27.031| 1.853| 6.601| 43576507.498| 1.500]
+ [PKTLEN......: 40.000| 1320.000| 198.800| 348.100| 121165.000| 3.700]
[BINS(c->s)..: 10,0,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,0,1,1]
diff --git a/test/results/flow-info/default/KakaoTalk_talk.pcap.out b/test/results/flow-info/default/KakaoTalk_talk.pcap.out
index f55e3f63a..65d33336d 100644
--- a/test/results/flow-info/default/KakaoTalk_talk.pcap.out
+++ b/test/results/flow-info/default/KakaoTalk_talk.pcap.out
@@ -31,9 +31,9 @@
new: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046]
detected: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Unknown][Media][Acceptable]
analyse: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Unknown][Media][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.389| 0.067| 0.073| 5302.569| 4.200]
- [PKTLEN......: 83.000| 176.000| 87.200| 16.700| 278.800| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.389| 0.067| 0.073| 5302.569| 4.200]
+ [PKTLEN......: 83.000| 176.000| 87.200| 16.700| 278.800| 5.000]
[BINS(c->s)..: 0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,9,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1]
@@ -41,9 +41,9 @@
[PKTLENS.....: 84,83,83,83,83,83,83,83,107,83,83,176,99,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83]
[ENTROPIES...: 6.0,5.9,5.8,5.8,5.9,5.8,5.9,5.9,6.2,6.0,5.8,6.7,6.2,5.9,5.9,5.9,5.8,6.0,5.9,5.9,5.9,5.9,6.0,5.9,5.8,6.0,6.0,5.9,6.0,5.9,5.9,6.0]
analyse: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Unknown][Media][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.004| 0.144| 0.063| 0.038| 1440.325| 4.700]
- [PKTLEN......: 83.000| 176.000| 90.600| 20.800| 434.500| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.004| 0.144| 0.063| 0.038| 1440.325| 4.700]
+ [PKTLEN......: 83.000| 176.000| 90.600| 20.800| 434.500| 5.000]
[BINS(c->s)..: 0,13,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,1,0,0,0,1]
@@ -55,9 +55,9 @@
new: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [MIDSTREAM]
new: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [MIDSTREAM]
analyse: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Unknown][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.002| 20.337| 1.801| 4.155| 17264411.673| 2.900]
- [PKTLEN......: 52.000| 904.000| 225.500| 230.000| 52885.800| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.002| 20.337| 1.801| 4.155| 17264411.673| 2.900]
+ [PKTLEN......: 52.000| 904.000| 225.500| 230.000| 52885.800| 4.400]
[BINS(c->s)..: 8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,0,0,1,1,0,0]
@@ -65,9 +65,9 @@
[PKTLENS.....: 60,60,52,194,52,904,52,378,286,798,558,52,766,52,222,350,52,52,222,52,238,52,222,52,350,52,222,222,52,64,238,238]
[ENTROPIES...: 4.7,5.2,5.2,5.3,5.1,7.4,5.1,7.2,7.1,7.7,7.6,5.1,7.7,5.1,7.0,7.3,5.2,5.1,7.0,5.2,7.0,5.1,6.9,5.1,7.3,5.2,6.9,6.9,5.1,5.1,7.1,7.1]
analyse: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Unknown][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 21.237| 2.444| 5.342| 28541506.814| 2.900]
- [PKTLEN......: 52.000| 904.000| 251.100| 266.400| 70953.500| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 21.237| 2.444| 5.342| 28541506.814| 2.900]
+ [PKTLEN......: 52.000| 904.000| 251.100| 266.400| 70953.500| 4.300]
[BINS(c->s)..: 9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/Oscar.pcap.out b/test/results/flow-info/default/Oscar.pcap.out
index 94605389c..cc61de9c3 100644
--- a/test/results/flow-info/default/Oscar.pcap.out
+++ b/test/results/flow-info/default/Oscar.pcap.out
@@ -3,9 +3,9 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443]
analyse: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 58.215| 3.883| 14.268| 203566836.875| 1.300]
- [PKTLEN......: 40.000| 1400.000| 172.500| 263.300| 69345.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 58.215| 3.883| 14.268| 203566836.875| 1.300]
+ [PKTLEN......: 40.000| 1400.000| 172.500| 263.300| 69345.600| 4.000]
[BINS(c->s)..: 11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0]
diff --git a/test/results/flow-info/default/WebattackXSS.pcap.out b/test/results/flow-info/default/WebattackXSS.pcap.out
index 69670ea80..b19201364 100644
--- a/test/results/flow-info/default/WebattackXSS.pcap.out
+++ b/test/results/flow-info/default/WebattackXSS.pcap.out
@@ -14,9 +14,9 @@
new: [.....7] [ip4][..tcp] [.....172.16.0.1][52220] -> [..192.168.10.50][...80]
new: [.....8] [ip4][..tcp] [.....172.16.0.1][52222] -> [..192.168.10.50][...80]
analyse: [.....5] [ip4][..tcp] [.....172.16.0.1][52200] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.805| 0.259| 0.699| 488344.093| 2.400]
- [PKTLEN......: 52.000| 7978.000| 572.000| 1374.100| 1888110.000| 3.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.805| 0.259| 0.699| 488344.093| 2.400]
+ [PKTLEN......: 52.000| 7978.000| 572.000| 1374.100| 1888110.000| 3.400]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1]
@@ -30,9 +30,9 @@
new: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80]
new: [....12] [ip4][..tcp] [.....172.16.0.1][52320] -> [..192.168.10.50][...80]
analyse: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.856| 0.080| 0.207| 42651.251| 2.700]
- [PKTLEN......: 52.000| 4396.000| 613.000| 1050.300| 1103191.500| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.856| 0.080| 0.207| 42651.251| 2.700]
+ [PKTLEN......: 52.000| 4396.000| 613.000| 1050.300| 1103191.500| 3.700]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0]
@@ -80,9 +80,9 @@
new: [....45] [ip4][..tcp] [.....172.16.0.1][52978] -> [..192.168.10.50][...80]
new: [....46] [ip4][..tcp] [.....172.16.0.1][53004] -> [..192.168.10.50][...80]
analyse: [....41] [ip4][..tcp] [.....172.16.0.1][52910] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.809| 0.610| 0.941| 885441.823| 3.700]
- [PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.809| 0.610| 0.941| 885441.823| 3.700]
+ [PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -146,9 +146,9 @@
new: [....83] [ip4][..tcp] [.....172.16.0.1][53678] -> [..192.168.10.50][...80]
new: [....84] [ip4][..tcp] [.....172.16.0.1][53692] -> [..192.168.10.50][...80]
analyse: [....78] [ip4][..tcp] [.....172.16.0.1][53584] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.899| 0.653| 1.186| 1406566.662| 3.500]
- [PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.899| 0.653| 1.186| 1406566.662| 3.500]
+ [PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -271,9 +271,9 @@
end: [....48] [ip4][..tcp] [.....172.16.0.1][53032] -> [..192.168.10.50][...80]
new: [...119] [ip4][..tcp] [.....172.16.0.1][54362] -> [..192.168.10.50][...80]
analyse: [...114] [ip4][..tcp] [.....172.16.0.1][54268] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.827| 0.609| 0.943| 889903.972| 3.700]
- [PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570947.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.827| 0.609| 0.943| 889903.972| 3.700]
+ [PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570947.800| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -391,9 +391,9 @@
new: [...156] [ip4][..tcp] [.....172.16.0.1][55024] -> [..192.168.10.50][...80]
new: [...157] [ip4][..tcp] [.....172.16.0.1][55038] -> [..192.168.10.50][...80]
analyse: [...152] [ip4][..tcp] [.....172.16.0.1][54956] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.643| 0.568| 0.904| 816455.025| 3.600]
- [PKTLEN......: 52.000| 1921.000| 713.700| 750.800| 563712.500| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.643| 0.568| 0.904| 816455.025| 3.600]
+ [PKTLEN......: 52.000| 1921.000| 713.700| 750.800| 563712.500| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -507,9 +507,9 @@
new: [...194] [ip4][..tcp] [.....172.16.0.1][55700] -> [..192.168.10.50][...80]
new: [...195] [ip4][..tcp] [.....172.16.0.1][55726] -> [..192.168.10.50][...80]
analyse: [...190] [ip4][..tcp] [.....172.16.0.1][55632] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.785| 0.602| 0.936| 875951.489| 3.700]
- [PKTLEN......: 52.000| 1921.000| 716.900| 755.900| 571323.500| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.785| 0.602| 0.936| 875951.489| 3.700]
+ [PKTLEN......: 52.000| 1921.000| 716.900| 755.900| 571323.500| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -640,9 +640,9 @@
guessed: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable][]
end: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80]
analyse: [...227] [ip4][..tcp] [.....172.16.0.1][56306] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.805| 0.635| 1.170| 1368332.173| 3.400]
- [PKTLEN......: 52.000| 1920.000| 695.600| 708.000| 501313.900| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.805| 0.635| 1.170| 1368332.173| 3.400]
+ [PKTLEN......: 52.000| 1920.000| 695.600| 708.000| 501313.900| 4.200]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,7]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,0,1]
@@ -763,9 +763,9 @@
new: [...270] [ip4][..tcp] [.....172.16.0.1][57076] -> [..192.168.10.50][...80]
new: [...271] [ip4][..tcp] [.....172.16.0.1][57090] -> [..192.168.10.50][...80]
analyse: [...265] [ip4][..tcp] [.....172.16.0.1][56994] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.819| 0.606| 0.944| 891595.915| 3.700]
- [PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.819| 0.606| 0.944| 891595.915| 3.700]
+ [PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -885,9 +885,9 @@
new: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80]
new: [...309] [ip4][..tcp] [.....172.16.0.1][57778] -> [..192.168.10.50][...80]
analyse: [...304] [ip4][..tcp] [.....172.16.0.1][57684] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.536| 0.567| 0.877| 769788.412| 3.700]
- [PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.536| 0.567| 0.877| 769788.412| 3.700]
+ [PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1021,9 +1021,9 @@
guessed: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable][]
end: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80]
analyse: [...342] [ip4][..tcp] [.....172.16.0.1][58360] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.810| 0.603| 0.941| 884966.883| 3.700]
- [PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571097.900| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.810| 0.603| 0.941| 884966.883| 3.700]
+ [PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571097.900| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1143,9 +1143,9 @@
end: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80]
new: [...385] [ip4][..tcp] [.....172.16.0.1][59124] -> [..192.168.10.50][...80]
analyse: [...380] [ip4][..tcp] [.....172.16.0.1][59042] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.823| 0.637| 1.173| 1374936.236| 3.400]
- [PKTLEN......: 52.000| 1921.000| 695.600| 759.800| 577334.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.823| 0.637| 1.173| 1374936.236| 3.400]
+ [PKTLEN......: 52.000| 1921.000| 695.600| 759.800| 577334.100| 4.100]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0]
@@ -1268,9 +1268,9 @@
new: [...423] [ip4][..tcp] [.....172.16.0.1][59812] -> [..192.168.10.50][...80]
new: [...424] [ip4][..tcp] [.....172.16.0.1][59826] -> [..192.168.10.50][...80]
analyse: [...419] [ip4][..tcp] [.....172.16.0.1][59732] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.767| 0.604| 0.933| 871184.138| 3.700]
- [PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.767| 0.604| 0.933| 871184.138| 3.700]
+ [PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1407,9 +1407,9 @@
end: [...389] [ip4][..tcp] [.....172.16.0.1][59192] -> [..192.168.10.50][...80]
new: [...463] [ip4][..tcp] [.....172.16.0.1][60558] -> [..192.168.10.50][...80]
analyse: [...458] [ip4][..tcp] [.....172.16.0.1][60464] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.582| 0.571| 0.887| 786468.045| 3.700]
- [PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.600| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.582| 0.571| 0.887| 786468.045| 3.700]
+ [PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.600| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1527,9 +1527,9 @@
new: [...500] [ip4][..tcp] [.....172.16.0.1][32988] -> [..192.168.10.50][...80]
new: [...501] [ip4][..tcp] [.....172.16.0.1][33002] -> [..192.168.10.50][...80]
analyse: [...495] [ip4][..tcp] [.....172.16.0.1][32906] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.862| 0.614| 0.953| 908128.223| 3.700]
- [PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570948.000| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.862| 0.614| 0.953| 908128.223| 3.700]
+ [PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570948.000| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1651,9 +1651,9 @@
new: [...536] [ip4][..tcp] [.....172.16.0.1][33648] -> [..192.168.10.50][...80]
new: [...537] [ip4][..tcp] [.....172.16.0.1][33674] -> [..192.168.10.50][...80]
analyse: [...532] [ip4][..tcp] [.....172.16.0.1][33580] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.841| 0.651| 1.171| 1372280.717| 3.500]
- [PKTLEN......: 52.000| 1921.000| 713.800| 751.000| 564013.300| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.841| 0.651| 1.171| 1372280.717| 3.500]
+ [PKTLEN......: 52.000| 1921.000| 713.800| 751.000| 564013.300| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1769,9 +1769,9 @@
new: [...572] [ip4][..tcp] [.....172.16.0.1][34332] -> [..192.168.10.50][...80]
new: [...573] [ip4][..tcp] [.....172.16.0.1][34346] -> [..192.168.10.50][...80]
analyse: [...569] [ip4][..tcp] [.....172.16.0.1][34278] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.588| 0.498| 0.689| 474371.129| 3.700]
- [PKTLEN......: 52.000| 1920.000| 704.700| 762.800| 581830.000| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.588| 0.498| 0.689| 474371.129| 3.700]
+ [PKTLEN......: 52.000| 1920.000| 704.700| 762.800| 581830.000| 4.100]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,1,0]
@@ -1904,9 +1904,9 @@
new: [...611] [ip4][..tcp] [.....172.16.0.1][35034] -> [..192.168.10.50][...80]
new: [...612] [ip4][..tcp] [.....172.16.0.1][35048] -> [..192.168.10.50][...80]
analyse: [...606] [ip4][..tcp] [.....172.16.0.1][34940] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.897| 0.655| 1.187| 1408178.323| 3.500]
- [PKTLEN......: 52.000| 1920.000| 713.800| 751.000| 564013.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.897| 0.655| 1.187| 1408178.323| 3.500]
+ [PKTLEN......: 52.000| 1920.000| 713.800| 751.000| 564013.200| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -2021,9 +2021,9 @@
new: [...648] [ip4][..tcp] [.....172.16.0.1][35696] -> [..192.168.10.50][...80]
new: [...649] [ip4][..tcp] [.....172.16.0.1][35722] -> [..192.168.10.50][...80]
analyse: [...643] [ip4][..tcp] [.....172.16.0.1][35626] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.954| 0.620| 0.972| 945707.024| 3.700]
- [PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.954| 0.620| 0.972| 945707.024| 3.700]
+ [PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
diff --git a/test/results/flow-info/default/alexa-app.pcapng.out b/test/results/flow-info/default/alexa-app.pcapng.out
index 899fb370e..a9798896f 100644
--- a/test/results/flow-info/default/alexa-app.pcapng.out
+++ b/test/results/flow-info/default/alexa-app.pcapng.out
@@ -122,9 +122,9 @@
detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
analyse: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.091| 0.022| 0.031| 964.249| 3.600]
- [PKTLEN......: 52.000| 1500.000| 580.300| 637.000| 405792.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.091| 0.022| 0.031| 964.249| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 580.300| 637.000| 405792.100| 4.100]
[BINS(c->s)..: 11,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,1,1,1,1,1,0,0,0]
@@ -138,9 +138,9 @@
detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
ERROR-EVENT: Unknown packet type [1/16]
analyse: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.016| 0.161| 0.286| 81844.249| 3.400]
- [PKTLEN......: 40.000| 1500.000| 366.200| 485.100| 235358.500| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.016| 0.161| 0.286| 81844.249| 3.400]
+ [PKTLEN......: 40.000| 1500.000| 366.200| 485.100| 235358.500| 3.900]
[BINS(c->s)..: 12,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0]
@@ -185,9 +185,9 @@
detection-update: [....45] [ip4][..tcp] [..172.16.42.216][49589] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
RISK: Error Code
analyse: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.836| 0.167| 0.244| 59552.047| 3.700]
- [PKTLEN......: 40.000| 1500.000| 387.000| 534.600| 285800.000| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.836| 0.167| 0.244| 59552.047| 3.700]
+ [PKTLEN......: 40.000| 1500.000| 387.000| 534.600| 285800.000| 3.900]
[BINS(c->s)..: 10,0,0,1,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,0,0,1,1,0,0,1,0]
@@ -216,9 +216,9 @@
detection-update: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
detection-update: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
analyse: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.352| 0.044| 0.079| 6215.196| 3.500]
- [PKTLEN......: 40.000| 1500.000| 643.200| 676.900| 458225.800| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.352| 0.044| 0.079| 6215.196| 3.500]
+ [PKTLEN......: 40.000| 1500.000| 643.200| 676.900| 458225.800| 4.100]
[BINS(c->s)..: 4,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,11,0,0]
[BINS(s->c)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,0]
@@ -266,9 +266,9 @@
detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][api.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.897| 0.237| 0.560| 313730.662| 2.800]
- [PKTLEN......: 52.000| 1500.000| 603.100| 665.400| 442821.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.897| 0.237| 0.560| 313730.662| 2.800]
+ [PKTLEN......: 52.000| 1500.000| 603.100| 665.400| 442821.700| 4.100]
[BINS(c->s)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0]
[BINS(s->c)..: 7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1]
@@ -276,9 +276,9 @@
[PKTLENS.....: 60,60,52,569,52,208,52,103,1500,1500,125,1500,1500,1481,52,52,52,52,1500,1500,1209,1209,1500,1500,1500,52,64,64,64,64,52,52]
[ENTROPIES...: 4.7,5.3,5.0,6.1,5.0,6.6,5.1,5.6,7.9,7.9,6.4,7.9,7.9,7.9,5.0,5.0,5.0,4.9,7.9,7.9,7.8,7.8,7.9,7.9,7.9,4.9,5.0,5.1,5.1,5.1,5.1,5.0]
analyse: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.486| 0.102| 0.138| 19130.661| 3.700]
- [PKTLEN......: 40.000| 1500.000| 686.300| 682.000| 465082.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.486| 0.102| 0.138| 19130.661| 3.700]
+ [PKTLEN......: 40.000| 1500.000| 686.300| 682.000| 465082.800| 4.200]
[BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 6,1,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -384,9 +384,9 @@
detected: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
detected: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
analyse: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.570| 0.289| 0.417| 173871.694| 3.700]
- [PKTLEN......: 40.000| 1500.000| 371.100| 516.000| 266233.000| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.570| 0.289| 0.417| 173871.694| 3.700]
+ [PKTLEN......: 40.000| 1500.000| 371.100| 516.000| 266233.000| 3.900]
[BINS(c->s)..: 8,1,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0]
@@ -411,9 +411,9 @@
new: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443]
detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
analyse: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.192| 0.160| 0.282| 79548.359| 3.500]
- [PKTLEN......: 40.000| 1500.000| 343.000| 486.700| 236894.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.192| 0.160| 0.282| 79548.359| 3.500]
+ [PKTLEN......: 40.000| 1500.000| 343.000| 486.700| 236894.100| 3.900]
[BINS(c->s)..: 4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[BINS(s->c)..: 10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1]
@@ -423,9 +423,9 @@
detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
analyse: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.080| 0.209| 0.303| 92031.574| 3.700]
- [PKTLEN......: 40.000| 1500.000| 360.500| 516.500| 266795.300| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.080| 0.209| 0.303| 92031.574| 3.700]
+ [PKTLEN......: 40.000| 1500.000| 360.500| 516.500| 266795.300| 3.800]
[BINS(c->s)..: 7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1]
@@ -477,9 +477,9 @@
detection-update: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][skills-store.amazon.com]
RISK: Weak TLS Cipher
analyse: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.326| 0.037| 0.075| 5555.152| 3.000]
- [PKTLEN......: 40.000| 1500.000| 545.400| 489.800| 239933.900| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.326| 0.037| 0.075| 5555.152| 3.000]
+ [PKTLEN......: 40.000| 1500.000| 545.400| 489.800| 239933.900| 4.400]
[BINS(c->s)..: 7,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,1]
@@ -487,9 +487,9 @@
[PKTLENS.....: 60,48,40,251,1500,1275,40,40,366,46,99,1500,270,46,1021,589,589,589,40,40,1500,1500,741,1101,589,589,589,589,589,589,40,589]
[ENTROPIES...: 4.6,5.2,4.8,5.6,7.3,7.3,4.9,4.9,7.3,4.6,6.1,7.9,7.2,4.6,7.8,7.7,7.6,7.6,4.9,4.8,7.9,7.9,7.7,7.8,7.6,7.6,7.7,7.6,7.6,7.6,4.9,7.7]
analyse: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.933| 0.089| 0.198| 39194.591| 3.000]
- [PKTLEN......: 40.000| 1500.000| 450.100| 541.500| 293230.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.933| 0.089| 0.198| 39194.591| 3.000]
+ [PKTLEN......: 40.000| 1500.000| 450.100| 541.500| 293230.800| 4.000]
[BINS(c->s)..: 11,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[BINS(s->c)..: 4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0]
@@ -497,9 +497,9 @@
[PKTLENS.....: 60,48,40,251,1500,1275,40,40,366,46,99,40,1500,254,46,1500,1500,46,1021,589,589,589,589,589,1469,77,40,40,40,40,40,40]
[ENTROPIES...: 4.7,5.2,4.8,5.6,7.2,7.3,4.8,4.8,7.3,4.7,6.1,4.9,7.9,7.2,4.5,7.9,7.9,4.7,7.8,7.6,7.7,7.7,7.6,7.6,7.9,5.7,4.8,4.8,4.9,4.8,4.9,4.9]
analyse: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 9.247| 1.357| 2.197| 4827473.510| 3.500]
- [PKTLEN......: 40.000| 1500.000| 425.800| 556.200| 309356.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 9.247| 1.357| 2.197| 4827473.510| 3.500]
+ [PKTLEN......: 40.000| 1500.000| 425.800| 556.200| 309356.400| 3.900]
[BINS(c->s)..: 9,1,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1]
@@ -507,9 +507,9 @@
[PKTLENS.....: 60,60,48,48,40,40,279,279,279,125,93,40,40,99,46,1500,1118,1500,1500,1500,46,1118,46,941,40,1500,222,46,845,40,40,46]
[ENTROPIES...: 4.7,4.7,5.2,5.1,4.9,4.9,5.8,5.8,5.8,6.0,5.9,4.7,4.8,6.0,4.6,7.9,7.8,7.9,7.9,7.9,4.6,7.8,4.6,7.8,4.7,7.9,6.9,4.7,7.7,4.9,4.9,4.5]
analyse: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 19.096| 0.770| 3.358| 11273140.961| 1.400]
- [PKTLEN......: 40.000| 1500.000| 267.500| 412.900| 170449.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 19.096| 0.770| 3.358| 11273140.961| 1.400]
+ [PKTLEN......: 40.000| 1500.000| 267.500| 412.900| 170449.200| 3.900]
[BINS(c->s)..: 7,0,1,1,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 8,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,0,0]
@@ -578,9 +578,9 @@
detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
analyse: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.295| 0.052| 0.098| 9533.209| 3.000]
- [PKTLEN......: 52.000| 1500.000| 597.000| 635.800| 404189.900| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.295| 0.052| 0.098| 9533.209| 3.000]
+ [PKTLEN......: 52.000| 1500.000| 597.000| 635.800| 404189.900| 4.100]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0]
@@ -592,9 +592,9 @@
detection-update: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][skills-store.amazon.com]
RISK: Weak TLS Cipher
analyse: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.107| 0.141| 0.257| 65864.266| 3.200]
- [PKTLEN......: 40.000| 1500.000| 430.000| 555.400| 308431.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.107| 0.141| 0.257| 65864.266| 3.200]
+ [PKTLEN......: 40.000| 1500.000| 430.000| 555.400| 308431.600| 4.000]
[BINS(c->s)..: 7,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[BINS(s->c)..: 6,2,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1]
@@ -614,9 +614,9 @@
detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
analyse: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.179| 0.023| 0.044| 1924.322| 3.100]
- [PKTLEN......: 52.000| 1500.000| 743.400| 681.300| 464196.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.179| 0.023| 0.044| 1924.322| 3.100]
+ [PKTLEN......: 52.000| 1500.000| 743.400| 681.300| 464196.800| 4.300]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0]
@@ -640,9 +640,9 @@
update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable]
update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable]
analyse: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.511| 0.042| 0.110| 12114.281| 2.500]
- [PKTLEN......: 52.000| 1500.000| 679.600| 671.900| 451493.000| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.511| 0.042| 0.110| 12114.281| 2.500]
+ [PKTLEN......: 52.000| 1500.000| 679.600| 671.900| 451493.000| 4.200]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1]
@@ -660,9 +660,9 @@
idle: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
idle: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2] [ICMPV6][Unknown][Network][Acceptable]
analyse: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 120.003| 3.968| 21.185| 448816230.695| 0.300]
- [PKTLEN......: 52.000| 1500.000| 436.500| 570.000| 324877.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 120.003| 3.968| 21.185| 448816230.695| 0.300]
+ [PKTLEN......: 52.000| 1500.000| 436.500| 570.000| 324877.800| 3.900]
[BINS(c->s)..: 9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0]
[BINS(s->c)..: 7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1]
@@ -783,9 +783,9 @@
detection-update: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
new: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443]
analyse: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 8.001| 0.664| 1.905| 3629965.115| 2.500]
- [PKTLEN......: 40.000| 1500.000| 424.700| 584.700| 341856.600| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 8.001| 0.664| 1.905| 3629965.115| 2.500]
+ [PKTLEN......: 40.000| 1500.000| 424.700| 584.700| 341856.600| 3.800]
[BINS(c->s)..: 9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0]
@@ -816,9 +816,9 @@
detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.106| 0.022| 0.031| 964.869| 3.600]
- [PKTLEN......: 52.000| 1500.000| 525.800| 600.400| 360465.600| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.106| 0.022| 0.031| 964.869| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 525.800| 600.400| 360465.600| 4.100]
[BINS(c->s)..: 9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0]
@@ -880,9 +880,9 @@
detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.241| 0.031| 0.057| 3274.655| 3.400]
- [PKTLEN......: 52.000| 1500.000| 620.400| 578.400| 334504.200| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.241| 0.031| 0.057| 3274.655| 3.400]
+ [PKTLEN......: 52.000| 1500.000| 620.400| 578.400| 334504.200| 4.300]
[BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -892,9 +892,9 @@
new: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53]
detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
analyse: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.264| 0.057| 0.086| 7393.244| 3.600]
- [PKTLEN......: 52.000| 1500.000| 532.200| 595.200| 354289.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.264| 0.057| 0.086| 7393.244| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 532.200| 595.200| 354289.100| 4.100]
[BINS(c->s)..: 12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0]
@@ -907,9 +907,9 @@
detected: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
new: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443]
analyse: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 7.471| 0.614| 1.478| 2183643.136| 2.800]
- [PKTLEN......: 40.000| 1500.000| 526.200| 637.500| 406420.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 7.471| 0.614| 1.478| 2183643.136| 2.800]
+ [PKTLEN......: 40.000| 1500.000| 526.200| 637.500| 406420.100| 3.900]
[BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1]
diff --git a/test/results/flow-info/default/amqp.pcap.out b/test/results/flow-info/default/amqp.pcap.out
index 75665e258..838eb859a 100644
--- a/test/results/flow-info/default/amqp.pcap.out
+++ b/test/results/flow-info/default/amqp.pcap.out
@@ -8,9 +8,9 @@
detected: [.....3] [ip4][..tcp] [......127.0.0.1][44206] -> [......127.0.1.1][.5672] [AMQP][Unknown][RPC][Acceptable]
detected: [.....2] [ip4][..tcp] [......127.0.1.1][.5672] -> [......127.0.0.1][44204] [AMQP][Unknown][RPC][Acceptable]
analyse: [.....1] [ip4][..tcp] [......127.0.0.1][44205] -> [......127.0.1.1][.5672] [AMQP][Unknown][RPC][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.002| 0.224| 0.537| 287986.745| 2.400]
- [PKTLEN......: 52.000| 381.000| 118.000| 99.500| 9895.700| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.002| 0.224| 0.537| 287986.745| 2.400]
+ [PKTLEN......: 52.000| 381.000| 118.000| 99.500| 9895.700| 4.600]
[BINS(c->s)..: 0,6,0,5,0,0,1,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/android.pcap.out b/test/results/flow-info/default/android.pcap.out
index e9a77f4a6..443fccef6 100644
--- a/test/results/flow-info/default/android.pcap.out
+++ b/test/results/flow-info/default/android.pcap.out
@@ -172,9 +172,9 @@
detected: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][android.googleapis.com]
detected: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Google][Web][Fun][proxy.googlezip.net]
analyse: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.405| 0.048| 0.104| 10866.215| 3.000]
- [PKTLEN......: 52.000| 1470.000| 416.500| 552.700| 305506.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.405| 0.048| 0.104| 10866.215| 3.000]
+ [PKTLEN......: 52.000| 1470.000| 416.500| 552.700| 305506.200| 3.900]
[BINS(c->s)..: 13,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,5,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/anyconnect-vpn.pcap.out b/test/results/flow-info/default/anyconnect-vpn.pcap.out
index 4e7fbbc0c..db5087883 100644
--- a/test/results/flow-info/default/anyconnect-vpn.pcap.out
+++ b/test/results/flow-info/default/anyconnect-vpn.pcap.out
@@ -44,9 +44,9 @@
detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][]
RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.072| 0.021| 0.022| 465.190| 4.000]
- [PKTLEN......: 52.000| 1500.000| 490.700| 597.200| 356597.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.072| 0.021| 0.022| 465.190| 4.000]
+ [PKTLEN......: 52.000| 1500.000| 490.700| 597.200| 356597.600| 4.000]
[BINS(c->s)..: 11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 6,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,0,0,0]
@@ -119,9 +119,9 @@
detection-update: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][lp-rkerur-osx.hsd1.ca.comcast.net]
RISK: Error Code
analyse: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.385| 0.079| 0.122| 14784.686| 3.700]
- [PKTLEN......: 52.000| 1420.000| 285.000| 416.200| 173206.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.385| 0.079| 0.122| 14784.686| 3.700]
+ [PKTLEN......: 52.000| 1420.000| 285.000| 416.200| 173206.900| 3.900]
[BINS(c->s)..: 9,2,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1]
@@ -137,9 +137,9 @@
detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][]
RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.138| 0.023| 0.032| 1035.918| 3.600]
- [PKTLEN......: 52.000| 1500.000| 517.300| 619.300| 383541.000| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.138| 0.023| 0.032| 1035.918| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 517.300| 619.300| 383541.000| 4.000]
[BINS(c->s)..: 12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0]
diff --git a/test/results/flow-info/default/anydesk.pcapng.out b/test/results/flow-info/default/anydesk.pcapng.out
index e7604637b..26d6ef703 100644
--- a/test/results/flow-info/default/anydesk.pcapng.out
+++ b/test/results/flow-info/default/anydesk.pcapng.out
@@ -12,9 +12,9 @@
detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][AnyDesk][RemoteAccess][Acceptable][]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing
analyse: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][AnyDesk][RemoteAccess][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.603| 0.177| 0.394| 155451.113| 2.800]
- [PKTLEN......: 40.000| 1500.000| 392.700| 555.200| 308238.000| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.603| 0.177| 0.394| 155451.113| 2.800]
+ [PKTLEN......: 40.000| 1500.000| 392.700| 555.200| 308238.000| 3.800]
[BINS(c->s)..: 8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1]
@@ -46,9 +46,9 @@
detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable][]
RISK: Known Proto on Non Std Port, Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing
analyse: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.022| 0.410| 0.826| 682181.919| 2.900]
- [PKTLEN......: 40.000| 3966.000| 306.300| 747.400| 558552.100| 3.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 3.022| 0.410| 0.826| 682181.919| 2.900]
+ [PKTLEN......: 40.000| 3966.000| 306.300| 747.400| 558552.100| 3.100]
[BINS(c->s)..: 6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1]
[BINS(s->c)..: 11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0]
@@ -65,9 +65,9 @@
detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable][]
RISK: Missing SNI TLS Extn, Desktop/File Sharing, Uncommon TLS ALPN
analyse: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 8.445| 0.583| 2.064| 4258557.067| 1.500]
- [PKTLEN......: 52.000| 1500.000| 328.900| 495.500| 245485.500| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 8.445| 0.583| 2.064| 4258557.067| 1.500]
+ [PKTLEN......: 52.000| 1500.000| 328.900| 495.500| 245485.500| 3.800]
[BINS(c->s)..: 8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1]
diff --git a/test/results/flow-info/default/bad-dns-traffic.pcap.out b/test/results/flow-info/default/bad-dns-traffic.pcap.out
index 301d636f7..7fef07c84 100644
--- a/test/results/flow-info/default/bad-dns-traffic.pcap.out
+++ b/test/results/flow-info/default/bad-dns-traffic.pcap.out
@@ -22,9 +22,9 @@
detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org]
RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name
analyse: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.063| 4.102| 1.074| 0.689| 474850.951| 4.700]
- [PKTLEN......: 81.000| 309.000| 115.200| 50.600| 2560.600| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.063| 4.102| 1.074| 0.689| 474850.951| 4.700]
+ [PKTLEN......: 81.000| 309.000| 115.200| 50.600| 2560.600| 4.900]
[BINS(c->s)..: 0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1]
diff --git a/test/results/flow-info/default/bets.pcapng.out b/test/results/flow-info/default/bets.pcapng.out
index 09f176f3a..6a07916db 100644
--- a/test/results/flow-info/default/bets.pcapng.out
+++ b/test/results/flow-info/default/bets.pcapng.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com]
detection-update: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com]
analyse: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.047| 0.011| 0.018| 331.618| 3.200]
- [PKTLEN......: 52.000| 1420.000| 286.800| 477.200| 227739.300| 3.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.047| 0.011| 0.018| 331.618| 3.200]
+ [PKTLEN......: 52.000| 1420.000| 286.800| 477.200| 227739.300| 3.600]
[BINS(c->s)..: 12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1]
diff --git a/test/results/flow-info/default/bitcoin.pcap.out b/test/results/flow-info/default/bitcoin.pcap.out
index a9733f30a..80f08d2bc 100644
--- a/test/results/flow-info/default/bitcoin.pcap.out
+++ b/test/results/flow-info/default/bitcoin.pcap.out
@@ -6,9 +6,9 @@
new: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [MIDSTREAM]
detected: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
analyse: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 141.657| 9.231| 28.185| 794377756.606| 1.900]
- [PKTLEN......: 72.000| 1500.000| 1182.700| 570.200| 325114.200| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 141.657| 9.231| 28.185| 794377756.606| 1.900]
+ [PKTLEN......: 72.000| 1500.000| 1182.700| 570.200| 325114.200| 4.800]
[BINS(c->s)..: 0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -18,9 +18,9 @@
new: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [MIDSTREAM]
detected: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
analyse: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 100.111| 6.495| 19.445| 378100231.700| 2.000]
- [PKTLEN......: 72.000| 1500.000| 1155.300| 597.200| 356626.800| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 100.111| 6.495| 19.445| 378100231.700| 2.000]
+ [PKTLEN......: 72.000| 1500.000| 1155.300| 597.200| 356626.800| 4.700]
[BINS(c->s)..: 0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -32,9 +32,9 @@
DAEMON-EVENT: [Processed: 214 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
analyse: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 134.322| 8.966| 25.482| 649325705.167| 2.200]
- [PKTLEN......: 72.000| 1500.000| 1075.600| 630.500| 397582.100| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 134.322| 8.966| 25.482| 649325705.167| 2.200]
+ [PKTLEN......: 72.000| 1500.000| 1075.600| 630.500| 397582.100| 4.700]
[BINS(c->s)..: 0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[BINS(s->c)..: 1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -44,9 +44,9 @@
new: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [MIDSTREAM]
detected: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
analyse: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 41.186| 2.780| 7.976| 63609669.419| 2.200]
- [PKTLEN......: 72.000| 1500.000| 1106.500| 621.500| 386298.000| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 41.186| 2.780| 7.976| 63609669.419| 2.200]
+ [PKTLEN......: 72.000| 1500.000| 1106.500| 621.500| 386298.000| 4.700]
[BINS(c->s)..: 0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0]
[BINS(s->c)..: 1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
diff --git a/test/results/flow-info/default/bittorrent.pcap.out b/test/results/flow-info/default/bittorrent.pcap.out
index a7d792b2a..d5eb9a750 100644
--- a/test/results/flow-info/default/bittorrent.pcap.out
+++ b/test/results/flow-info/default/bittorrent.pcap.out
@@ -64,9 +64,9 @@
detected: [....21] [ip4][..tcp] [....192.168.1.3][52922] -> [..95.237.193.34][11321] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....17] [ip4][..tcp] [....192.168.1.3][52915] -> [..198.100.146.9][60163] [BitTorrent][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.012| 0.920| 0.247| 0.229| 52345.696| 4.400]
- [PKTLEN......: 66.000| 1492.000| 722.400| 635.200| 403438.900| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.012| 0.920| 0.247| 0.229| 52345.696| 4.400]
+ [PKTLEN......: 66.000| 1492.000| 722.400| 635.200| 403438.900| 4.400]
[BINS(c->s)..: 5,1,1,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,0,0]
[DIRECTIONS..: 0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,0,1,1,1,1,0,1,1]
diff --git a/test/results/flow-info/default/bittorrent_tcp_miss.pcapng.out b/test/results/flow-info/default/bittorrent_tcp_miss.pcapng.out
index e29a42414..4eced6429 100644
--- a/test/results/flow-info/default/bittorrent_tcp_miss.pcapng.out
+++ b/test/results/flow-info/default/bittorrent_tcp_miss.pcapng.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [.192.168.122.34][48987] -> [...178.71.206.1][.6881] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..tcp] [.192.168.122.34][48987] -> [...178.71.206.1][.6881] [BitTorrent][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.065| 0.014| 0.017| 294.673| 3.800]
- [PKTLEN......: 40.000| 1480.000| 782.200| 666.400| 444053.700| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.065| 0.014| 0.017| 294.673| 3.800]
+ [PKTLEN......: 40.000| 1480.000| 782.200| 666.400| 444053.700| 4.400]
[BINS(c->s)..: 8,0,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,0]
diff --git a/test/results/flow-info/default/bittorrent_utp.pcap.out b/test/results/flow-info/default/bittorrent_utp.pcap.out
index 017cf2e80..651cc4685 100644
--- a/test/results/flow-info/default/bittorrent_utp.pcap.out
+++ b/test/results/flow-info/default/bittorrent_utp.pcap.out
@@ -9,9 +9,9 @@
detection-update: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 5.430| 0.412| 1.202| 1445669.503| 2.400]
- [PKTLEN......: 48.000| 1500.000| 497.200| 600.800| 360942.700| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 5.430| 0.412| 1.202| 1445669.503| 2.400]
+ [PKTLEN......: 48.000| 1500.000| 497.200| 600.800| 360942.700| 4.000]
[BINS(c->s)..: 3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0]
[BINS(s->c)..: 11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0]
diff --git a/test/results/flow-info/default/bot.pcap.out b/test/results/flow-info/default/bot.pcap.out
index 128e9ad5a..211d38866 100644
--- a/test/results/flow-info/default/bot.pcap.out
+++ b/test/results/flow-info/default/bot.pcap.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it]
RISK: Crawler/Bot
analyse: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.114| 0.014| 0.036| 1309.010| 2.200]
- [PKTLEN......: 46.000| 1480.000| 1086.500| 631.200| 398369.000| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.114| 0.014| 0.036| 1309.010| 2.200]
+ [PKTLEN......: 46.000| 1480.000| 1086.500| 631.200| 398369.000| 4.600]
[BINS(c->s)..: 6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1]
diff --git a/test/results/flow-info/default/capwap.pcap.out b/test/results/flow-info/default/capwap.pcap.out
index 47a3f134f..be9ea910d 100644
--- a/test/results/flow-info/default/capwap.pcap.out
+++ b/test/results/flow-info/default/capwap.pcap.out
@@ -17,9 +17,9 @@
detected: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable]
update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Unknown][Network][Acceptable]
analyse: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.093| 0.703| 2.456| 6029719.372| 1.600]
- [PKTLEN......: 92.000| 1485.000| 498.200| 485.400| 235625.000| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 10.093| 0.703| 2.456| 6029719.372| 1.600]
+ [PKTLEN......: 92.000| 1485.000| 498.200| 485.400| 235625.000| 4.400]
[BINS(c->s)..: 0,0,5,3,0,0,0,0,0,1,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0]
[BINS(s->c)..: 0,0,1,6,1,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0]
[DIRECTIONS..: 0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,1,0]
@@ -31,9 +31,9 @@
update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Unknown][Network][Acceptable]
ERROR-EVENT: Unknown packet type [1/16]
analyse: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.500| 4.000| 1.016| 0.875| 765810.835| 4.600]
- [PKTLEN......: 108.000| 311.000| 181.400| 58.400| 3415.700| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.500| 4.000| 1.016| 0.875| 765810.835| 4.600]
+ [PKTLEN......: 108.000| 311.000| 181.400| 58.400| 3415.700| 4.900]
[BINS(c->s)..: 0,0,6,7,2,9,2,5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/cassandra.pcap.out b/test/results/flow-info/default/cassandra.pcap.out
index 8ebd928cf..3e5e5d70c 100644
--- a/test/results/flow-info/default/cassandra.pcap.out
+++ b/test/results/flow-info/default/cassandra.pcap.out
@@ -6,9 +6,9 @@
new: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042]
detected: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable]
analyse: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 26.002| 1.755| 6.369| 40566842.720| 1.300]
- [PKTLEN......: 52.000|25200.000| 1937.600| 5902.900| 34844348.000| 2.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 26.002| 1.755| 6.369| 40566842.720| 1.300]
+ [PKTLEN......: 52.000| 25200.000| 1937.600| 5902.900| 34844348.000| 2.000]
[BINS(c->s)..: 9,2,3,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,2,2,1,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,0]
@@ -16,9 +16,9 @@
[PKTLENS.....: 60,60,52,61,52,113,52,83,61,110,61,153,168,179,11131,52,105,543,373,366,243,52,21802,25200,52,110,52,126,133,125,130,143]
[ENTROPIES...: 4.4,4.8,4.6,4.4,4.6,5.2,4.6,4.9,4.5,5.2,4.5,5.4,4.9,5.4,3.8,4.6,5.3,5.0,5.2,4.8,4.9,4.7,5.2,4.6,4.7,5.4,4.7,5.4,4.9,5.5,5.1,5.3]
analyse: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 25.937| 2.293| 6.507| 42345709.961| 2.000]
- [PKTLEN......: 52.000|11498.000| 452.300| 1984.700| 3939065.000| 1.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 25.937| 2.293| 6.507| 42345709.961| 2.000]
+ [PKTLEN......: 52.000| 11498.000| 452.300| 1984.700| 3939065.000| 1.700]
[BINS(c->s)..: 10,2,4,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0]
diff --git a/test/results/flow-info/default/check_mk_new.pcap.out b/test/results/flow-info/default/check_mk_new.pcap.out
index 2194b741a..18141c525 100644
--- a/test/results/flow-info/default/check_mk_new.pcap.out
+++ b/test/results/flow-info/default/check_mk_new.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556]
detected: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][Unknown][DataTransfer][Acceptable]
analyse: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][Unknown][DataTransfer][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.002| 0.001| 0.001| 0.660| 4.300]
- [PKTLEN......: 52.000| 554.000| 95.500| 116.800| 13650.400| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.002|< 0.001|< 0.001| 0.660| 4.300]
+ [PKTLEN......: 52.000| 554.000| 95.500| 116.800| 13650.400| 4.400]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/citrix.pcap.out b/test/results/flow-info/default/citrix.pcap.out
index aa6633db4..c122ff3b0 100644
--- a/test/results/flow-info/default/citrix.pcap.out
+++ b/test/results/flow-info/default/citrix.pcap.out
@@ -2,9 +2,9 @@
new: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494]
detected: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Unknown][Network][Acceptable]
analyse: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.056| 0.005| 0.012| 154.959| 2.600]
- [PKTLEN......: 50.000| 387.000| 100.300| 63.600| 4041.600| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.056| 0.005| 0.012| 154.959| 2.600]
+ [PKTLEN......: 50.000| 387.000| 100.300| 63.600| 4041.600| 4.800]
[BINS(c->s)..: 5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0]
diff --git a/test/results/flow-info/default/coap_mqtt.pcap.out b/test/results/flow-info/default/coap_mqtt.pcap.out
index 591bb31e6..090b33ec6 100644
--- a/test/results/flow-info/default/coap_mqtt.pcap.out
+++ b/test/results/flow-info/default/coap_mqtt.pcap.out
@@ -46,9 +46,9 @@
detected: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][Unknown][RPC][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....11] [ip4][..tcp] [...192.168.56.1][53528] -> [.192.168.56.101][17501] [MQTT][Unknown][RPC][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.439| 0.304| 1.061| 1125807.423| 1.600]
- [PKTLEN......: 40.000| 126.000| 62.300| 30.100| 907.000| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.439| 0.304| 1.061| 1125807.423| 1.600]
+ [PKTLEN......: 40.000| 126.000| 62.300| 30.100| 907.000| 4.900]
[BINS(c->s)..: 11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1]
@@ -56,9 +56,9 @@
[PKTLENS.....: 52,52,46,59,40,44,100,44,55,45,124,46,100,44,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40]
[ENTROPIES...: 4.5,4.8,4.4,5.1,4.6,4.5,5.5,4.6,5.0,4.7,5.7,4.4,5.5,4.6,4.3,5.6,4.5,4.6,5.5,4.7,4.7,5.6,4.4,4.6,4.6,5.5,4.6,4.6,5.6,4.3,4.6,4.7]
analyse: [.....9] [ip4][..tcp] [...192.168.56.1][53522] -> [.192.168.56.101][17501] [MQTT][Unknown][RPC][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 27.506| 1.802| 6.725| 45219399.598| 1.200]
- [PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 27.506| 1.802| 6.725| 45219399.598| 1.200]
+ [PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800]
[BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]
@@ -66,9 +66,9 @@
[PKTLENS.....: 46,42,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46]
[ENTROPIES...: 4.5,4.6,4.3,5.6,4.7,4.6,5.5,4.6,4.7,5.6,4.4,4.7,4.5,5.6,4.6,4.8,5.6,4.4,4.7,4.6,5.5,4.6,4.7,5.6,4.4,4.7,4.6,5.5,4.7,4.8,5.6,4.4]
analyse: [....10] [ip4][..tcp] [...192.168.56.1][53523] -> [.192.168.56.101][17501] [MQTT][Unknown][RPC][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 13.151| 0.876| 3.198| 10225378.656| 1.400]
- [PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 13.151| 0.876| 3.198| 10225378.656| 1.400]
+ [PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800]
[BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]
@@ -76,9 +76,9 @@
[PKTLENS.....: 46,42,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46]
[ENTROPIES...: 4.4,4.7,4.3,5.6,4.7,4.6,5.5,4.6,4.7,5.6,4.4,4.7,4.6,5.5,4.7,4.8,5.6,4.4,4.7,4.7,5.5,4.7,4.7,5.6,4.4,4.7,4.7,5.5,4.7,4.8,5.6,4.4]
analyse: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][Unknown][RPC][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.074| 0.031| 0.027| 714.536| 4.300]
- [PKTLEN......: 40.000| 126.000| 65.000| 33.200| 1105.200| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.074| 0.031| 0.027| 714.536| 4.300]
+ [PKTLEN......: 40.000| 126.000| 65.000| 33.200| 1105.200| 4.800]
[BINS(c->s)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1]
@@ -88,9 +88,9 @@
new: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500]
detected: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900]
- [PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900]
+ [PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800]
[BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -100,9 +100,9 @@
new: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500]
detected: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900]
- [PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900]
+ [PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900]
[BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -112,9 +112,9 @@
new: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500]
detected: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900]
- [PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900]
+ [PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900]
[BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -122,9 +122,9 @@
[PKTLENS.....: 125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49]
[ENTROPIES...: 5.5,5.1,5.6,5.2,5.6,5.0,5.6,5.1,5.7,5.1,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.2,5.6,5.0,5.7,5.2,5.6,5.1,5.6,5.1,5.6,5.2,5.6,5.1,5.6,5.0]
analyse: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900]
- [PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900]
+ [PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900]
[BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/collectd.pcap.out b/test/results/flow-info/default/collectd.pcap.out
index 66699c08b..f0d5e4fcd 100644
--- a/test/results/flow-info/default/collectd.pcap.out
+++ b/test/results/flow-info/default/collectd.pcap.out
@@ -34,9 +34,9 @@
update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable]
update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable]
analyse: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.000| 8.710| 3.352| 11236716.577| 4.800]
- [PKTLEN......: 1339.000| 1374.000| 1357.600| 10.800| 116.600| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 10.000| 8.710| 3.352| 11236716.577| 4.800]
+ [PKTLEN......: 1339.000| 1374.000| 1357.600| 10.800| 116.600| 5.000]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,26,4,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/custom_categories.pcapng.out b/test/results/flow-info/default/custom_categories.pcapng.out
index cc3f6efb6..3ad3846ee 100644
--- a/test/results/flow-info/default/custom_categories.pcapng.out
+++ b/test/results/flow-info/default/custom_categories.pcapng.out
@@ -9,9 +9,9 @@
detection-update: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.057| 0.386| 0.141| 0.077| 5894.261| 4.800]
- [PKTLEN......: 72.000| 640.000| 135.700| 113.000| 12766.000| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.057| 0.386| 0.141| 0.077| 5894.261| 4.800]
+ [PKTLEN......: 72.000| 640.000| 135.700| 113.000| 12766.000| 4.700]
[BINS(c->s)..: 12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/dnp3.pcap.out b/test/results/flow-info/default/dnp3.pcap.out
index 8b1077b27..c78ade135 100644
--- a/test/results/flow-info/default/dnp3.pcap.out
+++ b/test/results/flow-info/default/dnp3.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000]
detected: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 120.146| 4.080| 21.203| 449571977.167| 0.400]
- [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 120.146| 4.080| 21.203| 449571977.167| 0.400]
+ [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0]
@@ -18,9 +18,9 @@
new: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000]
detected: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 17.487| 1.644| 4.346| 18887919.796| 2.200]
- [PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 17.487| 1.644| 4.346| 18887919.796| 2.200]
+ [PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1]
@@ -33,9 +33,9 @@
detected: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
end: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 82.989| 2.758| 14.651| 214640269.197| 0.200]
- [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 82.989| 2.758| 14.651| 214640269.197| 0.200]
+ [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0]
@@ -47,9 +47,9 @@
new: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000]
detected: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 75.076| 7.136| 19.839| 393587648.889| 1.900]
- [PKTLEN......: 46.000| 63.000| 52.700| 5.900| 34.500| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 75.076| 7.136| 19.839| 393587648.889| 1.900]
+ [PKTLEN......: 46.000| 63.000| 52.700| 5.900| 34.500| 5.000]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1]
@@ -61,9 +61,9 @@
new: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000]
detected: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.639| 0.182| 0.626| 391724.270| 1.500]
- [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.100| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 2.639| 0.182| 0.626| 391724.270| 1.500]
+ [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.100| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0]
@@ -81,9 +81,9 @@
detected: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
idle: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 9.488| 0.797| 2.345| 5497481.069| 1.900]
- [PKTLEN......: 46.000| 64.000| 52.800| 7.000| 48.700| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 9.488| 0.797| 2.345| 5497481.069| 1.900]
+ [PKTLEN......: 46.000| 64.000| 52.800| 7.000| 48.700| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0]
@@ -95,9 +95,9 @@
new: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000]
detected: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.963| 0.497| 1.082| 1171729.023| 2.500]
- [PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 3.963| 0.497| 1.082| 1171729.023| 2.500]
+ [PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1]
diff --git a/test/results/flow-info/default/dns-tunnel-iodine.pcap.out b/test/results/flow-info/default/dns-tunnel-iodine.pcap.out
index f72a03799..98236f9da 100644
--- a/test/results/flow-info/default/dns-tunnel-iodine.pcap.out
+++ b/test/results/flow-info/default/dns-tunnel-iodine.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Unknown][Network][Acceptable][vaaaakardli.pirate.sea]
RISK: Susp DNS Traffic, Minor Issues
analyse: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.003| 0.162| 0.368| 135658.824| 2.400]
- [PKTLEN......: 68.000| 1462.000| 232.600| 286.600| 82112.700| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.003| 0.162| 0.368| 135658.824| 2.400]
+ [PKTLEN......: 68.000| 1462.000| 232.600| 286.600| 82112.700| 4.400]
[BINS(c->s)..: 0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/dns2tcp_tunnel.pcap.out b/test/results/flow-info/default/dns2tcp_tunnel.pcap.out
index 34487be18..9c1aec53f 100644
--- a/test/results/flow-info/default/dns2tcp_tunnel.pcap.out
+++ b/test/results/flow-info/default/dns2tcp_tunnel.pcap.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][]
RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.088| 0.311| 0.823| 676677.157| 2.200]
- [PKTLEN......: 40.000| 1628.000| 193.500| 364.600| 132965.600| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.088| 0.311| 0.823| 676677.157| 2.200]
+ [PKTLEN......: 40.000| 1628.000| 193.500| 364.600| 132965.600| 3.700]
[BINS(c->s)..: 9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0]
diff --git a/test/results/flow-info/default/dns_doh.pcap.out b/test/results/flow-info/default/dns_doh.pcap.out
index d9c07a1d7..de03e14d2 100644
--- a/test/results/flow-info/default/dns_doh.pcap.out
+++ b/test/results/flow-info/default/dns_doh.pcap.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable][mozilla.cloudflare-dns.com]
detection-update: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable][mozilla.cloudflare-dns.com]
analyse: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.535| 0.062| 0.130| 16944.855| 3.000]
- [PKTLEN......: 40.000| 1340.000| 216.900| 327.300| 107137.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.535| 0.062| 0.130| 16944.855| 3.000]
+ [PKTLEN......: 40.000| 1340.000| 216.900| 327.300| 107137.200| 3.900]
[BINS(c->s)..: 9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1]
diff --git a/test/results/flow-info/default/dns_exfiltration.pcap.out b/test/results/flow-info/default/dns_exfiltration.pcap.out
index 5cad6ddb7..ba753e832 100644
--- a/test/results/flow-info/default/dns_exfiltration.pcap.out
+++ b/test/results/flow-info/default/dns_exfiltration.pcap.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Unknown][Network][Acceptable][e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02]
RISK: Susp DGA Domain name, Risky Domain Name
analyse: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.004| 1.036| 0.914| 0.282| 79410.348| 4.800]
- [PKTLEN......: 87.000| 372.000| 132.400| 59.100| 3497.900| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.004| 1.036| 0.914| 0.282| 79410.348| 4.800]
+ [PKTLEN......: 87.000| 372.000| 132.400| 59.100| 3497.900| 4.900]
[BINS(c->s)..: 0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/doh.pcapng.out b/test/results/flow-info/default/doh.pcapng.out
index 696f20101..b17455d22 100644
--- a/test/results/flow-info/default/doh.pcapng.out
+++ b/test/results/flow-info/default/doh.pcapng.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][]
RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400]
- [PKTLEN......: 46.000| 1500.000| 174.800| 350.900| 123099.200| 3.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400]
+ [PKTLEN......: 46.000| 1500.000| 174.800| 350.900| 123099.200| 3.600]
[BINS(c->s)..: 12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0]
diff --git a/test/results/flow-info/default/doq_adguard.pcapng.out b/test/results/flow-info/default/doq_adguard.pcapng.out
index 80b392467..abeb8e11d 100644
--- a/test/results/flow-info/default/doq_adguard.pcapng.out
+++ b/test/results/flow-info/default/doq_adguard.pcapng.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784]
detected: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.adguard.com]
analyse: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.885| 0.161| 0.453| 205274.628| 2.400]
- [PKTLEN......: 59.000| 1280.000| 442.800| 522.900| 273444.500| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.885| 0.161| 0.453| 205274.628| 2.400]
+ [PKTLEN......: 59.000| 1280.000| 442.800| 522.900| 273444.500| 4.100]
[BINS(c->s)..: 4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1]
diff --git a/test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out b/test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out
index 953c2fbb1..0587e4a0f 100644
--- a/test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out
@@ -56,9 +56,9 @@
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
analyse: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][Unknown][System][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 96.434| 4.235| 17.262| 297969697.948| 1.500]
- [PKTLEN......: 96.000| 96.000| 96.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 96.434| 4.235| 17.262| 297969697.948| 1.500]
+ [PKTLEN......: 96.000| 96.000| 96.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/drda_db2.pcap.out b/test/results/flow-info/default/drda_db2.pcap.out
index 79d5dd5b9..dfe0402a0 100644
--- a/test/results/flow-info/default/drda_db2.pcap.out
+++ b/test/results/flow-info/default/drda_db2.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000]
detected: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Unknown][Database][Acceptable]
analyse: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Unknown][Database][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 17.986| 1.315| 4.366| 19063346.561| 1.800]
- [PKTLEN......: 40.000| 703.000| 183.000| 190.600| 36335.200| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 17.986| 1.315| 4.366| 19063346.561| 1.800]
+ [PKTLEN......: 40.000| 703.000| 183.000| 190.600| 36335.200| 4.300]
[BINS(c->s)..: 10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0]
diff --git a/test/results/flow-info/default/dropbox.pcap.out b/test/results/flow-info/default/dropbox.pcap.out
index b2a7ff2b3..fde76612b 100644
--- a/test/results/flow-info/default/dropbox.pcap.out
+++ b/test/results/flow-info/default/dropbox.pcap.out
@@ -6,9 +6,9 @@
new: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500]
detected: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900]
- [PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900]
+ [PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800]
[BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -18,9 +18,9 @@
new: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500]
detected: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900]
- [PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900]
+ [PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900]
[BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -30,9 +30,9 @@
new: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500]
detected: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900]
- [PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900]
+ [PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900]
[BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -40,9 +40,9 @@
[PKTLENS.....: 125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49]
[ENTROPIES...: 5.5,5.1,5.6,5.2,5.6,5.0,5.6,5.1,5.7,5.1,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.2,5.6,5.0,5.7,5.2,5.6,5.1,5.6,5.1,5.6,5.2,5.6,5.1,5.6,5.0]
analyse: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900]
- [PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900]
+ [PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900]
[BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/emotet.pcap.out b/test/results/flow-info/default/emotet.pcap.out
index b49c3201a..43d8d91f1 100644
--- a/test/results/flow-info/default/emotet.pcap.out
+++ b/test/results/flow-info/default/emotet.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587]
detected: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable][opmta1mto02nd1]
analyse: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.056| 0.539| 0.774| 599161.176| 3.700]
- [PKTLEN......: 40.000| 738.000| 80.800| 121.900| 14849.500| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.056| 0.539| 0.774| 599161.176| 3.700]
+ [PKTLEN......: 40.000| 738.000| 80.800| 121.900| 14849.500| 4.300]
[BINS(c->s)..: 8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0]
@@ -18,9 +18,9 @@
new: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80]
detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable][fkl.co.ke]
analyse: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.204| 0.029| 0.060| 3581.477| 2.700]
- [PKTLEN......: 40.000| 1401.000| 820.000| 663.100| 439751.800| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.204| 0.029| 0.060| 3581.477| 2.700]
+ [PKTLEN......: 40.000| 1401.000| 820.000| 663.100| 439751.800| 4.400]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0]
@@ -35,9 +35,9 @@
detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable][gandhitoday.org]
RISK: Binary App Transfer
analyse: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.261| 0.031| 0.066| 4320.020| 3.000]
- [PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.261| 0.031| 0.066| 4320.020| 3.000]
+ [PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100]
[BINS(c->s)..: 16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0]
@@ -53,9 +53,9 @@
detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable][filmmogzivota.rs]
RISK: Binary App Transfer, HTTP Susp User-Agent
analyse: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.292| 0.042| 0.080| 6342.811| 2.900]
- [PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.292| 0.042| 0.080| 6342.811| 2.900]
+ [PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500]
[BINS(c->s)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,18,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0]
@@ -70,9 +70,9 @@
detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700]
- [PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700]
+ [PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200]
[BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0,1,1]
diff --git a/test/results/flow-info/default/ethereum.pcap.out b/test/results/flow-info/default/ethereum.pcap.out
index 9195c369f..d27ecd6ad 100644
--- a/test/results/flow-info/default/ethereum.pcap.out
+++ b/test/results/flow-info/default/ethereum.pcap.out
@@ -42,9 +42,9 @@
new: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303]
detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.063| 0.008| 0.018| 335.828| 2.400]
- [PKTLEN......: 46.000| 547.000| 91.200| 114.100| 13011.400| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.063| 0.008| 0.018| 335.828| 2.400]
+ [PKTLEN......: 46.000| 547.000| 91.200| 114.100| 13011.400| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -54,9 +54,9 @@
new: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303]
detected: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable]
analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.063| 0.009| 0.019| 355.411| 2.700]
- [PKTLEN......: 52.000| 598.000| 107.800| 122.800| 15078.800| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.063| 0.009| 0.019| 355.411| 2.700]
+ [PKTLEN......: 52.000| 598.000| 107.800| 122.800| 15078.800| 4.400]
[BINS(c->s)..: 14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1]
@@ -71,9 +71,9 @@
new: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303]
detected: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.070| 0.011| 0.024| 583.849| 2.400]
- [PKTLEN......: 46.000| 564.000| 90.300| 111.300| 12394.700| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.070| 0.011| 0.024| 583.849| 2.400]
+ [PKTLEN......: 46.000| 564.000| 90.300| 111.300| 12394.700| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -87,9 +87,9 @@
detected: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
analyse: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.073| 0.008| 0.018| 321.083| 2.400]
- [PKTLEN......: 46.000| 473.000| 85.000| 93.300| 8701.200| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.073| 0.008| 0.018| 321.083| 2.400]
+ [PKTLEN......: 46.000| 473.000| 85.000| 93.300| 8701.200| 4.500]
[BINS(c->s)..: 15,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1]
@@ -107,9 +107,9 @@
detected: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
analyse: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.079| 0.012| 0.027| 705.641| 2.400]
- [PKTLEN......: 46.000| 531.000| 90.400| 111.100| 12335.600| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.079| 0.012| 0.027| 705.641| 2.400]
+ [PKTLEN......: 46.000| 531.000| 90.400| 111.100| 12335.600| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -117,9 +117,9 @@
[PKTLENS.....: 64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]
[ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,6.0,5.2,5.1,5.3,5.3,5.6,5.1,5.1,5.1,5.6,5.3,5.1,5.1,5.9,5.2,6.8,5.3,5.6,5.9,5.1,5.2,5.5,5.6,5.1,3.9,3.9]
analyse: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.077| 0.012| 0.026| 688.970| 2.400]
- [PKTLEN......: 46.000| 494.000| 87.100| 105.300| 11090.000| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.077| 0.012| 0.026| 688.970| 2.400]
+ [PKTLEN......: 46.000| 494.000| 87.100| 105.300| 11090.000| 4.400]
[BINS(c->s)..: 13,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1]
@@ -133,9 +133,9 @@
new: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303]
detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.164| 0.023| 0.053| 2778.035| 2.400]
- [PKTLEN......: 46.000| 522.000| 89.000| 105.000| 11031.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.164| 0.023| 0.053| 2778.035| 2.400]
+ [PKTLEN......: 46.000| 522.000| 89.000| 105.000| 11031.500| 4.500]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -148,9 +148,9 @@
new: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303]
new: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303]
analyse: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.043| 0.007| 0.014| 203.606| 2.800]
- [PKTLEN......: 52.000| 546.000| 106.000| 112.400| 12624.200| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.043| 0.007| 0.014| 203.606| 2.800]
+ [PKTLEN......: 52.000| 546.000| 106.000| 112.400| 12624.200| 4.500]
[BINS(c->s)..: 13,3,0,2,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1]
@@ -160,9 +160,9 @@
new: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303]
detected: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.158| 0.021| 0.049| 2374.200| 2.400]
- [PKTLEN......: 46.000| 483.000| 87.300| 103.800| 10779.300| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.158| 0.021| 0.049| 2374.200| 2.400]
+ [PKTLEN......: 46.000| 483.000| 87.300| 103.800| 10779.300| 4.400]
[BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
@@ -177,9 +177,9 @@
detected: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
new: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303]
analyse: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.202| 0.031| 0.071| 5088.628| 2.400]
- [PKTLEN......: 46.000| 542.000| 91.800| 115.500| 13350.200| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.202| 0.031| 0.071| 5088.628| 2.400]
+ [PKTLEN......: 46.000| 542.000| 91.800| 115.500| 13350.200| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -188,9 +188,9 @@
[ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.2,5.3,5.2,5.3,5.5,5.2,5.2,5.6,5.2,5.2,5.2,5.7,5.1,6.7,5.1,5.5,5.8,5.0,5.1,5.5,5.4,5.1,5.2,3.7]
detected: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.109| 0.018| 0.040| 1575.808| 2.400]
- [PKTLEN......: 46.000| 623.000| 95.600| 130.900| 17130.100| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.109| 0.018| 0.040| 1575.808| 2.400]
+ [PKTLEN......: 46.000| 623.000| 95.600| 130.900| 17130.100| 4.300]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1]
@@ -200,9 +200,9 @@
new: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303]
new: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303]
analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.049| 0.009| 0.018| 316.609| 2.700]
- [PKTLEN......: 52.000| 521.000| 92.900| 97.800| 9570.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.049| 0.009| 0.018| 316.609| 2.700]
+ [PKTLEN......: 52.000| 521.000| 92.900| 97.800| 9570.500| 4.500]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1]
@@ -215,9 +215,9 @@
new: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303]
detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
analyse: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.052| 0.010| 0.019| 354.234| 2.800]
- [PKTLEN......: 52.000| 462.000| 93.900| 97.700| 9536.300| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.052| 0.010| 0.019| 354.234| 2.800]
+ [PKTLEN......: 52.000| 462.000| 93.900| 97.700| 9536.300| 4.500]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1]
@@ -228,9 +228,9 @@
detected: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable]
analyse: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.262| 0.038| 0.087| 7588.779| 2.300]
- [PKTLEN......: 46.000| 505.000| 90.200| 109.100| 11904.300| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.262| 0.038| 0.087| 7588.779| 2.300]
+ [PKTLEN......: 46.000| 505.000| 90.200| 109.100| 11904.300| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -238,9 +238,9 @@
[PKTLENS.....: 64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]
[ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.6,5.8,5.2,5.1,5.1,5.1,5.3,5.6,5.1,5.1,5.7,5.2,5.1,5.1,5.7,5.1,6.9,5.1,5.5,5.8,5.1,5.2,5.5,5.5,5.0,5.2,3.8]
analyse: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.263| 0.038| 0.087| 7624.721| 2.300]
- [PKTLEN......: 46.000| 564.000| 92.100| 117.400| 13788.700| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.263| 0.038| 0.087| 7624.721| 2.300]
+ [PKTLEN......: 46.000| 564.000| 92.100| 117.400| 13788.700| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -251,9 +251,9 @@
new: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303]
new: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303]
analyse: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.037| 0.006| 0.012| 148.778| 2.600]
- [PKTLEN......: 46.000| 469.000| 84.100| 91.500| 8376.200| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.037| 0.006| 0.012| 148.778| 2.600]
+ [PKTLEN......: 46.000| 469.000| 84.100| 91.500| 8376.200| 4.500]
[BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
@@ -261,9 +261,9 @@
[PKTLENS.....: 64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46]
[ENTROPIES...: 4.5,5.4,5.1,7.6,5.3,7.4,5.1,6.0,5.1,5.7,5.2,5.7,5.1,6.0,5.2,6.8,5.3,5.6,5.9,5.2,5.3,5.6,5.6,5.2,5.3,3.7,3.7,3.7,3.7,3.7,3.7,3.7]
analyse: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.116| 0.012| 0.026| 687.065| 2.900]
- [PKTLEN......: 52.000| 526.000| 102.300| 108.500| 11769.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.116| 0.012| 0.026| 687.065| 2.900]
+ [PKTLEN......: 52.000| 526.000| 102.300| 108.500| 11769.500| 4.500]
[BINS(c->s)..: 14,4,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,1,1,1,1,1,0,0,1,0,0,0]
@@ -271,9 +271,9 @@
[PKTLENS.....: 64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64]
[ENTROPIES...: 4.4,5.3,5.0,7.6,5.1,7.4,5.1,5.9,5.1,6.8,5.1,5.5,7.2,5.1,5.8,5.1,5.9,5.5,5.2,5.5,5.2,5.2,5.2,5.2,7.1,5.2,5.0,5.7,5.2,5.1,5.2,5.3]
analyse: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.035| 0.006| 0.012| 149.558| 2.500]
- [PKTLEN......: 46.000| 583.000| 90.600| 116.900| 13676.100| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.035| 0.006| 0.012| 149.558| 2.500]
+ [PKTLEN......: 46.000| 583.000| 90.600| 116.900| 13676.100| 4.400]
[BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
@@ -285,9 +285,9 @@
new: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303]
new: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303]
analyse: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.159| 0.026| 0.057| 3248.179| 2.500]
- [PKTLEN......: 46.000| 465.000| 87.500| 99.100| 9815.100| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.159| 0.026| 0.057| 3248.179| 2.500]
+ [PKTLEN......: 46.000| 465.000| 87.500| 99.100| 9815.100| 4.500]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1]
@@ -295,9 +295,9 @@
[PKTLENS.....: 64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46]
[ENTROPIES...: 4.4,5.3,5.1,7.5,5.2,7.5,5.0,5.9,5.2,6.9,5.2,5.5,5.9,5.2,5.0,5.1,5.3,5.6,5.1,5.0,5.6,5.0,5.7,5.1,5.1,5.3,5.5,5.1,5.2,5.1,5.2,3.8]
analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.131| 0.020| 0.046| 2133.935| 2.400]
- [PKTLEN......: 46.000| 573.000| 93.000| 122.200| 14931.500| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.131| 0.020| 0.046| 2133.935| 2.400]
+ [PKTLEN......: 46.000| 573.000| 93.000| 122.200| 14931.500| 4.300]
[BINS(c->s)..: 16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1]
@@ -305,9 +305,9 @@
[PKTLENS.....: 64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46]
[ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.5,5.1,5.9,5.2,5.0,5.0,5.5,5.1,5.6,5.1,5.2,5.0,5.9,5.1,6.8,5.1,5.6,5.7,5.1,5.1,5.4,5.6,5.1,3.9,4.0,4.0,4.0]
analyse: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.057| 0.011| 0.022| 493.706| 2.800]
- [PKTLEN......: 52.000| 514.000| 100.400| 109.700| 12030.800| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.057| 0.011| 0.022| 493.706| 2.800]
+ [PKTLEN......: 52.000| 514.000| 100.400| 109.700| 12030.800| 4.500]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1]
@@ -315,9 +315,9 @@
[PKTLENS.....: 64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52]
[ENTROPIES...: 4.5,5.2,5.1,7.5,5.2,7.5,5.2,5.8,5.1,6.8,5.2,5.0,5.0,5.9,5.1,6.7,5.2,5.5,5.7,5.1,5.9,5.2,6.0,5.5,5.5,5.2,5.9,6.6,5.1,5.1,5.8,5.3]
analyse: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.300| 0.044| 0.100| 10075.352| 2.300]
- [PKTLEN......: 46.000| 583.000| 88.300| 106.200| 11275.500| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.300| 0.044| 0.100| 10075.352| 2.300]
+ [PKTLEN......: 46.000| 583.000| 88.300| 106.200| 11275.500| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -325,9 +325,9 @@
[PKTLENS.....: 64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]
[ENTROPIES...: 4.4,5.3,5.0,7.7,5.1,7.4,5.9,5.0,5.0,5.2,5.0,5.3,5.5,5.0,5.0,5.6,5.2,5.0,5.0,5.8,5.0,6.7,5.2,5.4,5.8,5.0,5.2,5.3,5.4,5.0,3.7,3.7]
analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.308| 0.045| 0.103| 10532.101| 2.400]
- [PKTLEN......: 46.000| 523.000| 89.800| 108.100| 11684.800| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.308| 0.045| 0.103| 10532.101| 2.400]
+ [PKTLEN......: 46.000| 523.000| 89.800| 108.100| 11684.800| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1]
@@ -339,9 +339,9 @@
detected: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.339| 0.050| 0.114| 12910.542| 2.400]
- [PKTLEN......: 46.000| 626.000| 92.100| 119.200| 14212.100| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.339| 0.050| 0.114| 12910.542| 2.400]
+ [PKTLEN......: 46.000| 626.000| 92.100| 119.200| 14212.100| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1]
@@ -354,9 +354,9 @@
detected: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.355| 0.054| 0.122| 14890.530| 2.400]
- [PKTLEN......: 46.000| 577.000| 92.400| 118.100| 13953.700| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.355| 0.054| 0.122| 14890.530| 2.400]
+ [PKTLEN......: 46.000| 577.000| 92.400| 118.100| 13953.700| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -373,9 +373,9 @@
detected: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.147| 0.028| 0.054| 2939.853| 2.800]
- [PKTLEN......: 52.000| 625.000| 100.200| 122.100| 14898.100| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.147| 0.028| 0.054| 2939.853| 2.800]
+ [PKTLEN......: 52.000| 625.000| 100.200| 122.100| 14898.100| 4.400]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1]
@@ -385,9 +385,9 @@
new: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303]
new: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303]
analyse: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.039| 0.010| 0.016| 256.751| 3.100]
- [PKTLEN......: 52.000| 592.000| 107.000| 118.700| 14100.300| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.039| 0.010| 0.016| 256.751| 3.100]
+ [PKTLEN......: 52.000| 592.000| 107.000| 118.700| 14100.300| 4.400]
[BINS(c->s)..: 17,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0]
@@ -400,9 +400,9 @@
detected: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable]
analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.184| 0.035| 0.071| 5044.452| 2.600]
- [PKTLEN......: 52.000| 635.000| 100.100| 121.000| 14650.900| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.184| 0.035| 0.071| 5044.452| 2.600]
+ [PKTLEN......: 52.000| 635.000| 100.100| 121.000| 14650.900| 4.400]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0]
@@ -412,9 +412,9 @@
detected: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
new: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303]
analyse: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.042| 0.007| 0.015| 228.263| 2.600]
- [PKTLEN......: 46.000| 438.000| 84.000| 90.700| 8221.200| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.042| 0.007| 0.015| 228.263| 2.600]
+ [PKTLEN......: 46.000| 438.000| 84.000| 90.700| 8221.200| 4.500]
[BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
@@ -423,9 +423,9 @@
[ENTROPIES...: 4.5,5.4,5.1,7.5,5.1,7.5,5.0,5.9,5.0,5.7,5.0,5.6,5.0,5.7,5.1,6.8,5.2,5.4,5.8,5.1,5.1,5.4,5.5,5.1,5.2,3.7,3.7,3.7,3.7,3.7,3.7,3.7]
new: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303]
analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.194| 0.037| 0.074| 5538.541| 2.700]
- [PKTLEN......: 52.000| 524.000| 100.200| 109.000| 11872.900| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.194| 0.037| 0.074| 5538.541| 2.700]
+ [PKTLEN......: 52.000| 524.000| 100.200| 109.000| 11872.900| 4.500]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0]
@@ -439,9 +439,9 @@
detected: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.075| 0.014| 0.028| 803.714| 2.700]
- [PKTLEN......: 52.000| 599.000| 105.000| 126.800| 16079.300| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.075| 0.014| 0.028| 803.714| 2.700]
+ [PKTLEN......: 52.000| 599.000| 105.000| 126.800| 16079.300| 4.400]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1]
@@ -450,9 +450,9 @@
[ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.8,5.0,5.0,6.9,5.0,5.5,5.0,5.7,5.1,6.8,5.1,5.5,5.9,5.2,6.1,5.6,5.5,5.2,5.2,5.8,5.0,6.4,5.9,5.0,5.0,5.1]
new: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303]
analyse: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.263| 0.042| 0.096| 9182.918| 2.400]
- [PKTLEN......: 46.000| 591.000| 91.400| 121.500| 14755.200| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.263| 0.042| 0.096| 9182.918| 2.400]
+ [PKTLEN......: 46.000| 591.000| 91.400| 121.500| 14755.200| 4.300]
[BINS(c->s)..: 13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1]
@@ -467,9 +467,9 @@
detected: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.286| 0.027| 0.065| 4262.303| 2.600]
- [PKTLEN......: 52.000| 619.000| 109.600| 120.400| 14503.600| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.286| 0.027| 0.065| 4262.303| 2.600]
+ [PKTLEN......: 52.000| 619.000| 109.600| 120.400| 14503.600| 4.500]
[BINS(c->s)..: 16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0]
diff --git a/test/results/flow-info/default/exe_download.pcap.out b/test/results/flow-info/default/exe_download.pcap.out
index aa96b3850..a2ebfa4bd 100644
--- a/test/results/flow-info/default/exe_download.pcap.out
+++ b/test/results/flow-info/default/exe_download.pcap.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable][144.91.69.195]
RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server
analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.320| 0.062| 0.115| 13236.602| 3.000]
- [PKTLEN......: 40.000| 1500.000| 854.500| 668.400| 446708.300| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.320| 0.062| 0.115| 13236.602| 3.000]
+ [PKTLEN......: 40.000| 1500.000| 854.500| 668.400| 446708.300| 4.400]
[BINS(c->s)..: 10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,2,0,0,8,0,0,7,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,1,1,0]
diff --git a/test/results/flow-info/default/exe_download_as_png.pcap.out b/test/results/flow-info/default/exe_download_as_png.pcap.out
index 8912cc4e7..5b64bcc92 100644
--- a/test/results/flow-info/default/exe_download_as_png.pcap.out
+++ b/test/results/flow-info/default/exe_download_as_png.pcap.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Unknown][Web][Acceptable][185.98.87.185]
RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server
analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.613| 0.094| 0.193| 37090.865| 2.700]
- [PKTLEN......: 40.000| 1500.000| 855.000| 664.600| 441668.300| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.613| 0.094| 0.193| 37090.865| 2.700]
+ [PKTLEN......: 40.000| 1500.000| 855.000| 664.600| 441668.300| 4.400]
[BINS(c->s)..: 10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1]
diff --git a/test/results/flow-info/default/facebook.pcap.out b/test/results/flow-info/default/facebook.pcap.out
index 040f3f7b7..273e70264 100644
--- a/test/results/flow-info/default/facebook.pcap.out
+++ b/test/results/flow-info/default/facebook.pcap.out
@@ -9,9 +9,9 @@
detected: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
detection-update: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
analyse: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.155| 0.037| 0.058| 3352.274| 3.300]
- [PKTLEN......: 52.000| 1440.000| 555.100| 613.300| 376153.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.155| 0.037| 0.058| 3352.274| 3.300]
+ [PKTLEN......: 52.000| 1440.000| 555.100| 613.300| 376153.100| 4.100]
[BINS(c->s)..: 10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0]
diff --git a/test/results/flow-info/default/fastcgi.pcap.out b/test/results/flow-info/default/fastcgi.pcap.out
index 91b788320..386c839ab 100644
--- a/test/results/flow-info/default/fastcgi.pcap.out
+++ b/test/results/flow-info/default/fastcgi.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000]
detected: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Unknown][Network][Safe]
analyse: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Unknown][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.020| 0.130| 0.496| 246254.469| 1.000]
- [PKTLEN......: 52.000| 1500.000| 539.200| 672.800| 452637.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.020| 0.130| 0.496| 246254.469| 1.000]
+ [PKTLEN......: 52.000| 1500.000| 539.200| 672.800| 452637.900| 3.900]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/fix.pcap.out b/test/results/flow-info/default/fix.pcap.out
index 7432f806e..d6d95f82b 100644
--- a/test/results/flow-info/default/fix.pcap.out
+++ b/test/results/flow-info/default/fix.pcap.out
@@ -14,9 +14,9 @@
new: [.....6] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47962] [MIDSTREAM]
detected: [.....6] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47962] [FIX][Unknown][RPC][Safe]
analyse: [.....3] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45578] [FIX][Unknown][RPC][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.315| 0.065| 0.068| 4636.039| 4.400]
- [PKTLEN......: 40.000| 497.000| 93.100| 87.500| 7658.200| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.315| 0.065| 0.068| 4636.039| 4.400]
+ [PKTLEN......: 40.000| 497.000| 93.100| 87.500| 7658.200| 4.600]
[BINS(c->s)..: 4,6,1,1,1,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -28,9 +28,9 @@
new: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [MIDSTREAM]
detected: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [FIX][Unknown][RPC][Safe]
analyse: [.....2] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47968] [FIX][Unknown][RPC][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.300| 0.091| 0.084| 7079.807| 4.200]
- [PKTLEN......: 52.000| 139.000| 72.000| 23.600| 558.300| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.300| 0.091| 0.084| 7079.807| 4.200]
+ [PKTLEN......: 52.000| 139.000| 72.000| 23.600| 558.300| 4.900]
[BINS(c->s)..: 6,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1]
@@ -40,9 +40,9 @@
new: [.....9] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38646] [MIDSTREAM]
detected: [.....9] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38646] [FIX][Unknown][RPC][Safe]
analyse: [.....1] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][43594] [FIX][Unknown][RPC][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.291| 0.178| 0.113| 12753.578| 4.500]
- [PKTLEN......: 52.000| 240.000| 95.700| 52.000| 2700.500| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.291| 0.178| 0.113| 12753.578| 4.500]
+ [PKTLEN......: 52.000| 240.000| 95.700| 52.000| 2700.500| 4.800]
[BINS(c->s)..: 2,4,3,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1]
@@ -56,9 +56,9 @@
new: [....12] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40928] [MIDSTREAM]
detected: [....12] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40928] [FIX][Unknown][RPC][Safe]
analyse: [.....5] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45584] [FIX][Unknown][RPC][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 5.507| 0.699| 1.281| 1640706.605| 3.700]
- [PKTLEN......: 40.000| 127.000| 63.600| 21.900| 481.200| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 5.507| 0.699| 1.281| 1640706.605| 3.700]
+ [PKTLEN......: 40.000| 127.000| 63.600| 21.900| 481.200| 4.900]
[BINS(c->s)..: 2,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1]
@@ -66,9 +66,9 @@
[PKTLENS.....: 75,46,75,46,79,46,127,40,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,79,46,126,40,75,46]
[ENTROPIES...: 4.9,4.4,5.2,4.4,5.2,4.5,6.5,4.7,5.0,4.5,5.2,4.5,5.2,4.5,5.0,4.5,5.1,4.5,5.2,4.5,5.2,4.5,5.2,4.5,5.0,4.5,5.2,4.5,6.4,4.7,5.0,4.5]
analyse: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [FIX][Unknown][RPC][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.175| 1.332| 1.132| 1282462.056| 4.400]
- [PKTLEN......: 52.000| 137.000| 77.700| 28.500| 811.200| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.175| 1.332| 1.132| 1282462.056| 4.400]
+ [PKTLEN......: 52.000| 137.000| 77.700| 28.500| 811.200| 4.900]
[BINS(c->s)..: 2,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/fix2.pcap.out b/test/results/flow-info/default/fix2.pcap.out
index b80097c53..20761c841 100644
--- a/test/results/flow-info/default/fix2.pcap.out
+++ b/test/results/flow-info/default/fix2.pcap.out
@@ -6,9 +6,9 @@
detected: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][Unknown][RPC][Safe]
detected: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][Unknown][RPC][Safe]
analyse: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][Unknown][RPC][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.025| 3.100]
- [PKTLEN......: 46.000| 160.000| 92.600| 46.700| 2179.900| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000|< 0.001|< 0.001|< 0.001| 0.025| 3.100]
+ [PKTLEN......: 46.000| 160.000| 92.600| 46.700| 2179.900| 4.800]
[BINS(c->s)..: 7,0,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,1,1,0,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1]
@@ -16,9 +16,9 @@
[PKTLENS.....: 48,48,46,125,48,46,133,130,46,138,130,138,132,46,46,133,46,46,46,138,46,160,143,160,46,46,46,46,143,133,146,138]
[ENTROPIES...: 3.9,4.5,3.8,5.1,4.5,3.8,5.2,5.3,4.0,5.4,5.3,5.4,5.2,4.0,4.0,5.2,3.8,4.0,3.8,5.4,3.8,5.3,5.3,5.3,3.8,4.0,4.0,4.0,5.3,5.2,5.4,5.4]
analyse: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][Unknown][RPC][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.019| 3.300]
- [PKTLEN......: 46.000| 160.000| 92.000| 46.100| 2122.500| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000|< 0.001|< 0.001|< 0.001| 0.019| 3.300]
+ [PKTLEN......: 46.000| 160.000| 92.000| 46.100| 2122.500| 4.800]
[BINS(c->s)..: 6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0]
diff --git a/test/results/flow-info/default/forticlient.pcap.out b/test/results/flow-info/default/forticlient.pcap.out
index 2071c9d09..d1ad83f5e 100644
--- a/test/results/flow-info/default/forticlient.pcap.out
+++ b/test/results/flow-info/default/forticlient.pcap.out
@@ -37,9 +37,9 @@
detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][Unknown][VPN][Safe][82.81.46.13]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
analyse: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][Unknown][VPN][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.495| 0.071| 0.112| 12454.003| 3.700]
- [PKTLEN......: 52.000| 1492.000| 253.000| 343.000| 117623.000| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.495| 0.071| 0.112| 12454.003| 3.700]
+ [PKTLEN......: 52.000| 1492.000| 253.000| 343.000| 117623.000| 4.100]
[BINS(c->s)..: 9,4,1,0,1,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,0,0,0,1,0,0,1,1]
diff --git a/test/results/flow-info/default/ftp-start-tls.pcap.out b/test/results/flow-info/default/ftp-start-tls.pcap.out
index b732fc9fc..50f461b1e 100644
--- a/test/results/flow-info/default/ftp-start-tls.pcap.out
+++ b/test/results/flow-info/default/ftp-start-tls.pcap.out
@@ -11,9 +11,9 @@
detection-update: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Unknown][Download][Unsafe]
RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Unsafe Protocol, Missing SNI TLS Extn
analyse: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Unknown][Download][Unsafe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.040| 0.005| 0.010| 91.331| 3.200]
- [PKTLEN......: 46.000| 552.000| 160.900| 164.200| 26956.400| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.040| 0.005| 0.010| 91.331| 3.200]
+ [PKTLEN......: 46.000| 552.000| 160.900| 164.200| 26956.400| 4.400]
[BINS(c->s)..: 4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1]
diff --git a/test/results/flow-info/default/ftp.pcap.out b/test/results/flow-info/default/ftp.pcap.out
index c60f23980..2ac1ba2f7 100644
--- a/test/results/flow-info/default/ftp.pcap.out
+++ b/test/results/flow-info/default/ftp.pcap.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Unknown][Download][Unsafe]
RISK: Unsafe Protocol, Clear-Text Credentials
analyse: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Unknown][Download][Unsafe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.090| 0.019| 0.021| 426.190| 4.100]
- [PKTLEN......: 52.000| 293.000| 71.900| 42.700| 1824.000| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.090| 0.019| 0.021| 426.190| 4.100]
+ [PKTLEN......: 52.000| 293.000| 71.900| 42.700| 1824.000| 4.800]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1]
@@ -19,9 +19,9 @@
RISK: Known Proto on Non Std Port
new: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523]
analyse: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.030| 0.006| 0.011| 123.407| 3.100]
- [PKTLEN......: 52.000| 1492.000| 818.000| 717.500| 514855.000| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.030| 0.006| 0.011| 123.407| 3.100]
+ [PKTLEN......: 52.000| 1492.000| 818.000| 717.500| 514855.000| 4.300]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,1,1,0,1,0,1,1]
diff --git a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out
index 11d285897..40b8df226 100644
--- a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out
@@ -622,9 +622,9 @@
detection-update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
analyse: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.742| 47.495| 20.018| 22.628| 512023754.441| 3.900]
- [PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.742| 47.495| 20.018| 22.628| 512023754.441| 3.900]
+ [PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -1157,9 +1157,9 @@
detected: [...165] [ip4][..udp] [....192.168.1.2][.2788] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2]
analyse: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.026| 279.042| 51.474| 59.389| 3527099352.613| 4.200]
- [PKTLEN......: 33.000| 1104.000| 367.000| 296.200| 87757.200| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.026| 279.042| 51.474| 59.389| 3527099352.613| 4.200]
+ [PKTLEN......: 33.000| 1104.000| 367.000| 296.200| 87757.200| 4.400]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,0,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1]
diff --git a/test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out b/test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out
index c1aa79d0e..bb75496f4 100644
--- a/test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out
@@ -73,9 +73,9 @@
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
idle: [.....5] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813] [Radius][Unknown][Network][Acceptable]
analyse: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.155| 612.411| 61.128| 140.850|19838793242.640| 2.700]
- [PKTLEN......: 165.000| 731.000| 492.200| 248.200| 61618.100| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.155| 612.411| 61.128| 140.850| 19838793242.640| 2.700]
+ [PKTLEN......: 165.000| 731.000| 492.200| 248.200| 61618.100| 4.800]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,4,3,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,1,0,1,0,0]
diff --git a/test/results/flow-info/default/geforcenow.pcapng.out b/test/results/flow-info/default/geforcenow.pcapng.out
index 583894ab5..4b878fa29 100644
--- a/test/results/flow-info/default/geforcenow.pcapng.out
+++ b/test/results/flow-info/default/geforcenow.pcapng.out
@@ -9,9 +9,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun][80-84-167-206.cloudmatchbeta.nvidiagrid.net]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.047| 0.015| 0.018| 312.463| 3.900]
- [PKTLEN......: 52.000| 2948.000| 1089.800| 1283.500| 1647314.500| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.047| 0.015| 0.018| 312.463| 3.900]
+ [PKTLEN......: 52.000| 2948.000| 1089.800| 1283.500| 1647314.500| 4.000]
[BINS(c->s)..: 10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,10]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,1,1,0,1,1,0,1,0,1,0,1,0,1]
@@ -32,9 +32,9 @@
detection-update: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun]
RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long
analyse: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.690| 0.065| 0.136| 18500.616| 3.200]
- [PKTLEN......: 53.000| 689.000| 156.400| 133.900| 17933.500| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.690| 0.065| 0.136| 18500.616| 3.200]
+ [PKTLEN......: 53.000| 689.000| 156.400| 133.900| 17933.500| 4.700]
[BINS(c->s)..: 0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1]
diff --git a/test/results/flow-info/default/git.pcap.out b/test/results/flow-info/default/git.pcap.out
index d24c3e915..8a756f837 100644
--- a/test/results/flow-info/default/git.pcap.out
+++ b/test/results/flow-info/default/git.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418]
detected: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Unknown][Collaborative][Safe]
analyse: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Unknown][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.100| 0.025| 0.029| 818.762| 3.800]
- [PKTLEN......: 52.000| 2932.000| 690.900| 773.900| 598945.800| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.100| 0.025| 0.029| 818.762| 3.800]
+ [PKTLEN......: 52.000| 2932.000| 690.900| 773.900| 598945.800| 4.100]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1]
diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out
index 43e9501b7..61a725470 100644
--- a/test/results/flow-info/default/gnutella.pcap.out
+++ b/test/results/flow-info/default/gnutella.pcap.out
@@ -805,9 +805,9 @@
detected: [...327] [ip4][..udp] [......10.0.2.15][28681] -> [...84.28.53.225][44859] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
analyse: [...239] [ip4][..tcp] [......10.0.2.15][50285] -> [..75.133.101.93][52367] [Gnutella][Unknown][Download][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 8.796| 0.767| 2.113| 4465727.373| 2.600]
- [PKTLEN......: 40.000| 1500.000| 409.200| 491.700| 241767.600| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 8.796| 0.767| 2.113| 4465727.373| 2.600]
+ [PKTLEN......: 40.000| 1500.000| 409.200| 491.700| 241767.600| 4.100]
[BINS(c->s)..: 9,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1]
@@ -815,9 +815,9 @@
[PKTLENS.....: 52,44,40,639,40,652,90,40,353,40,182,423,40,68,40,449,40,86,40,1500,1052,40,640,1488,40,1500,628,40,1500,628,40,640]
[ENTROPIES...: 4.6,4.8,4.7,5.8,4.6,5.7,5.6,4.7,7.1,4.6,6.7,7.4,4.7,5.3,4.6,7.4,4.8,5.6,4.6,7.8,7.8,4.7,7.6,7.9,4.7,7.9,7.6,4.7,7.9,7.6,4.7,7.7]
analyse: [...238] [ip4][..tcp] [......10.0.2.15][50284] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 8.218| 0.797| 1.971| 3884024.594| 2.900]
- [PKTLEN......: 40.000| 1064.000| 282.600| 381.800| 145784.600| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 8.218| 0.797| 1.971| 3884024.594| 2.900]
+ [PKTLEN......: 40.000| 1064.000| 282.600| 381.800| 145784.600| 3.900]
[BINS(c->s)..: 12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1]
@@ -825,9 +825,9 @@
[PKTLENS.....: 52,44,40,640,40,668,90,40,353,40,574,40,68,40,442,40,86,40,1064,40,1064,40,1064,40,1064,40,1064,40,55,40,50,40]
[ENTROPIES...: 4.7,4.7,4.6,5.8,4.5,5.7,5.6,4.6,7.2,4.6,7.5,4.7,5.4,4.6,7.3,4.7,5.7,4.6,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.7,4.9,4.6,4.9,4.6]
analyse: [...288] [ip4][..tcp] [......10.0.2.15][50312] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 8.692| 0.666| 2.111| 4456211.546| 1.900]
- [PKTLEN......: 40.000| 668.000| 121.800| 170.000| 28912.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 8.692| 0.666| 2.111| 4456211.546| 1.900]
+ [PKTLEN......: 40.000| 668.000| 121.800| 170.000| 28912.700| 4.100]
[BINS(c->s)..: 12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -876,9 +876,9 @@
detected: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
analyse: [...276] [ip4][..tcp] [......10.0.2.15][50300] -> [..188.61.52.183][11852] [Gnutella][Unknown][Download][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 13.802| 1.828| 3.934| 15478358.540| 2.800]
- [PKTLEN......: 40.000| 1500.000| 198.900| 294.000| 86413.100| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 13.802| 1.828| 3.934| 15478358.540| 2.800]
+ [PKTLEN......: 40.000| 1500.000| 198.900| 294.000| 86413.100| 4.000]
[BINS(c->s)..: 8,1,2,1,1,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,1,1,0,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0]
@@ -1175,9 +1175,9 @@
update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
analyse: [....93] [ip4][..tcp] [......10.0.2.15][50248] -> [109.214.154.216][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 22.685| 3.465| 6.256| 39132462.055| 3.300]
- [PKTLEN......: 40.000| 1064.000| 138.200| 217.400| 47264.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.001| 22.685| 3.465| 6.256| 39132462.055| 3.300]
+ [PKTLEN......: 40.000| 1064.000| 138.200| 217.400| 47264.800| 4.000]
[BINS(c->s)..: 9,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,2,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,1,1,0,0,1,0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1]
@@ -1624,9 +1624,9 @@
update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
analyse: [....94] [ip4][..tcp] [......10.0.2.15][50249] -> [.86.208.180.181][45883] [Gnutella][Unknown][Download][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 55.455| 7.491| 14.262| 203411798.622| 3.200]
- [PKTLEN......: 40.000| 1105.000| 156.900| 244.600| 59812.500| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 55.455| 7.491| 14.262| 203411798.622| 3.200]
+ [PKTLEN......: 40.000| 1105.000| 156.900| 244.600| 59812.500| 4.000]
[BINS(c->s)..: 11,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,0,0,1,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,0,0]
diff --git a/test/results/flow-info/default/googledns_android10.pcap.out b/test/results/flow-info/default/googledns_android10.pcap.out
index 0da214d5b..8d29f8eb9 100644
--- a/test/results/flow-info/default/googledns_android10.pcap.out
+++ b/test/results/flow-info/default/googledns_android10.pcap.out
@@ -24,9 +24,9 @@
detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.447| 0.072| 0.122| 14825.912| 3.500]
- [PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.447| 0.072| 0.122| 14825.912| 3.500]
+ [PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100]
[BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0]
@@ -43,9 +43,9 @@
detection-update: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.254| 0.185| 0.342| 116761.002| 3.200]
- [PKTLEN......: 52.000| 569.000| 198.200| 197.900| 39161.300| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.254| 0.185| 0.342| 116761.002| 3.200]
+ [PKTLEN......: 52.000| 569.000| 198.200| 197.900| 39161.300| 4.400]
[BINS(c->s)..: 8,1,0,0,6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,1]
@@ -72,9 +72,9 @@
detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 5.704| 0.390| 1.388| 1925240.193| 1.500]
- [PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 5.704| 0.390| 1.388| 1925240.193| 1.500]
+ [PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100]
[BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1]
diff --git a/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out b/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out
index ad0e39c70..e06f8f109 100644
--- a/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out
+++ b/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out
@@ -3,9 +3,9 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
analyse: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 28.648| 1.860| 7.030| 49424738.812| 1.100]
- [PKTLEN......: 42.000| 2960.000| 308.700| 576.000| 331721.900| 3.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 28.648| 1.860| 7.030| 49424738.812| 1.100]
+ [PKTLEN......: 42.000| 2960.000| 308.700| 576.000| 331721.900| 3.600]
[BINS(c->s)..: 6,2,1,2,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,3,1,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,1,0,0,0,1,1,1]
@@ -19,9 +19,9 @@
end: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
new: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
analyse: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.030| 0.007| 0.011| 122.098| 3.500]
- [PKTLEN......: 42.000| 2864.000| 672.800| 1000.300| 1000640.100| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.030| 0.007| 0.011| 122.098| 3.500]
+ [PKTLEN......: 42.000| 2864.000| 672.800| 1000.300| 1000640.100| 3.700]
[BINS(c->s)..: 11,1,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,1,1,0,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,6]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,1,1,1,1,0,1,1,0,0,1,0,1,0,1,0]
@@ -37,9 +37,9 @@
guessed: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443] [TLS][GoogleCloud][Web][Safe]
end: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
analyse: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 5.456| 0.293| 1.017| 1033283.961| 1.700]
- [PKTLEN......: 42.000| 2883.000| 385.900| 734.400| 539373.900| 3.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 5.456| 0.293| 1.017| 1033283.961| 1.700]
+ [PKTLEN......: 42.000| 2883.000| 385.900| 734.400| 539373.900| 3.400]
[BINS(c->s)..: 14,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2]
[DIRECTIONS..: 0,0,1,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0]
@@ -48,9 +48,9 @@
[ENTROPIES...: 4.5,4.5,4.8,4.8,4.8,4.8,4.8,4.8,7.1,7.1,4.6,4.6,7.2,7.2,7.5,7.5,4.7,4.7,4.7,4.7,6.3,6.3,7.1,7.1,4.8,4.8,7.1,7.1,4.7,4.7,5.2,5.2]
new: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443]
analyse: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.635| 0.323| 0.688| 472790.598| 2.800]
- [PKTLEN......: 42.000| 2960.000| 481.700| 697.200| 486142.700| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.635| 0.323| 0.688| 472790.598| 2.800]
+ [PKTLEN......: 42.000| 2960.000| 481.700| 697.200| 486142.700| 3.800]
[BINS(c->s)..: 8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,1]
[DIRECTIONS..: 0,1,1,0,0,0,1,1,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0]
diff --git a/test/results/flow-info/default/hots.pcapng.out b/test/results/flow-info/default/hots.pcapng.out
index 680a29d42..948245cda 100644
--- a/test/results/flow-info/default/hots.pcapng.out
+++ b/test/results/flow-info/default/hots.pcapng.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [...192.168.0.73][54598] -> [...24.105.56.13][.3724]
detected: [.....1] [ip4][..udp] [...192.168.0.73][54598] -> [...24.105.56.13][.3724] [Heroes_of_the_Storm][Starcraft][Game][Fun]
analyse: [.....1] [ip4][..udp] [...192.168.0.73][54598] -> [...24.105.56.13][.3724] [Heroes_of_the_Storm][Starcraft][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.004| 91.418| 2.995| 16.144| 260622725.939| 0.200]
- [PKTLEN......: 48.000| 60.000| 54.900| 5.000| 25.200| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.004| 91.418| 2.995| 16.144| 260622725.939| 0.200]
+ [PKTLEN......: 48.000| 60.000| 54.900| 5.000| 25.200| 5.000]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -24,9 +24,9 @@
new: [.....3] [ip4][..udp] [...24.105.57.16][.3724] -> [...192.168.0.73][50609]
detected: [.....3] [ip4][..udp] [...24.105.57.16][.3724] -> [...192.168.0.73][50609] [Heroes_of_the_Storm][Starcraft][Game][Fun]
analyse: [.....3] [ip4][..udp] [...24.105.57.16][.3724] -> [...192.168.0.73][50609] [Heroes_of_the_Storm][Starcraft][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 0.063| 0.033| 0.019| 353.907| 4.700]
- [PKTLEN......: 48.000| 150.000| 105.500| 33.500| 1124.400| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.001| 0.063| 0.033| 0.019| 353.907| 4.700]
+ [PKTLEN......: 48.000| 150.000| 105.500| 33.500| 1124.400| 4.900]
[BINS(c->s)..: 7,0,16,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/http_auth.pcap.out b/test/results/flow-info/default/http_auth.pcap.out
index 9ee4c195b..e8d44771e 100644
--- a/test/results/flow-info/default/http_auth.pcap.out
+++ b/test/results/flow-info/default/http_auth.pcap.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Unknown][Web][Acceptable][browserspy.dk]
RISK: Clear-Text Credentials, Error Code
analyse: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.862| 0.405| 1.194| 1424465.723| 2.200]
- [PKTLEN......: 52.000| 1500.000| 626.900| 665.600| 443042.200| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.862| 0.405| 1.194| 1424465.723| 2.200]
+ [PKTLEN......: 52.000| 1500.000| 626.900| 665.600| 443042.200| 4.100]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0]
diff --git a/test/results/flow-info/default/http_connect.pcap.out b/test/results/flow-info/default/http_connect.pcap.out
index 58c378062..51abef881 100644
--- a/test/results/flow-info/default/http_connect.pcap.out
+++ b/test/results/flow-info/default/http_connect.pcap.out
@@ -10,9 +10,9 @@
detected: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Unknown][Web][Safe][apache.org]
detection-update: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Unknown][Web][Safe][apache.org]
analyse: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.016| 0.003| 0.005| 23.691| 3.400]
- [PKTLEN......: 52.000| 1436.000| 549.000| 627.700| 394029.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.016| 0.003| 0.005| 23.691| 3.400]
+ [PKTLEN......: 52.000| 1436.000| 549.000| 627.700| 394029.600| 4.000]
[BINS(c->s)..: 13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -20,9 +20,9 @@
[PKTLENS.....: 60,60,52,569,52,1436,52,1436,52,1436,52,971,52,116,541,52,52,111,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436]
[ENTROPIES...: 4.7,5.1,5.1,5.3,5.1,7.8,5.1,7.9,5.1,7.9,5.1,7.8,5.1,6.1,7.6,5.0,5.0,6.1,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.0,7.9,5.1,7.9]
analyse: [.....1] [ip4][..tcp] [..192.168.1.103][.1714] -> [..192.168.1.146][.8080] [HTTP_Connect][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.053| 0.007| 0.013| 164.772| 3.400]
- [PKTLEN......: 40.000| 5576.000| 799.000| 1594.600| 2542806.000| 3.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.053| 0.007| 0.013| 164.772| 3.400]
+ [PKTLEN......: 40.000| 5576.000| 799.000| 1594.600| 2542806.000| 3.200]
[BINS(c->s)..: 7,0,2,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,4]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1]
diff --git a/test/results/flow-info/default/http_ipv6.pcap.out b/test/results/flow-info/default/http_ipv6.pcap.out
index a3b6c7740..9547ce50c 100644
--- a/test/results/flow-info/default/http_ipv6.pcap.out
+++ b/test/results/flow-info/default/http_ipv6.pcap.out
@@ -12,9 +12,9 @@
new: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [MIDSTREAM]
new: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443]
analyse: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.002| 6.009| 0.604| 1.486| 2208638.173| 2.800]
- [PKTLEN......: 77.000| 1398.000| 326.600| 376.200| 141514.900| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.002| 6.009| 0.604| 1.486| 2208638.173| 2.800]
+ [PKTLEN......: 77.000| 1398.000| 326.600| 376.200| 141514.900| 4.300]
[BINS(c->s)..: 0,9,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0]
[BINS(s->c)..: 2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0]
diff --git a/test/results/flow-info/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/flow-info/default/http_ua_splitted_in_two_pkts.pcapng.out
index e968036af..57b8ba16e 100644
--- a/test/results/flow-info/default/http_ua_splitted_in_two_pkts.pcapng.out
+++ b/test/results/flow-info/default/http_ua_splitted_in_two_pkts.pcapng.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [254.125.135.128][21359] -> [..66.152.103.45][...80] [HTTP][Unknown][Web][Acceptable][]
detection-update: [.....1] [ip4][..tcp] [254.125.135.128][21359] -> [..66.152.103.45][...80] [HTTP][Unknown][Web][Acceptable][va.origin.startappservice.com]
analyse: [.....1] [ip4][..tcp] [254.125.135.128][21359] -> [..66.152.103.45][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.002| 23.452| 4.562| 7.140| 50981941.281| 3.500]
- [PKTLEN......: 60.000| 1440.000| 626.300| 557.200| 310424.400| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.002| 23.452| 4.562| 7.140| 50981941.281| 3.500]
+ [PKTLEN......: 60.000| 1440.000| 626.300| 557.200| 310424.400| 4.500]
[BINS(c->s)..: 1,0,0,0,0,0,5,0,3,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1]
diff --git a/test/results/flow-info/default/iax.pcap.out b/test/results/flow-info/default/iax.pcap.out
index 0c948d0bb..a31fb15b8 100644
--- a/test/results/flow-info/default/iax.pcap.out
+++ b/test/results/flow-info/default/iax.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566]
detected: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][Unknown][VoIP][Acceptable]
analyse: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 0.051| 0.019| 0.011| 120.322| 4.700]
- [PKTLEN......: 40.000| 200.000| 161.500| 59.500| 3538.200| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.051| 0.019| 0.011| 120.322| 4.700]
+ [PKTLEN......: 40.000| 200.000| 161.500| 59.500| 3538.200| 4.900]
[BINS(c->s)..: 3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/icmp-tunnel.pcap.out b/test/results/flow-info/default/icmp-tunnel.pcap.out
index 5c8158798..35c7c8d39 100644
--- a/test/results/flow-info/default/icmp-tunnel.pcap.out
+++ b/test/results/flow-info/default/icmp-tunnel.pcap.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Unknown][Network][Acceptable]
RISK: Malformed Packet
analyse: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.999| 13.999| 1.420| 2.297| 5274800.751| 4.200]
- [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.999| 13.999| 1.420| 2.297| 5274800.751| 4.200]
+ [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/iec60780-5-104.pcap.out b/test/results/flow-info/default/iec60780-5-104.pcap.out
index 2980e70ec..9dfe11152 100644
--- a/test/results/flow-info/default/iec60780-5-104.pcap.out
+++ b/test/results/flow-info/default/iec60780-5-104.pcap.out
@@ -21,9 +21,9 @@
end: [.....4] [ip4][..tcp] [.172.27.248.109][.1572] -> [..172.27.248.79][.2404] [IEC60870][Unknown][IoT-Scada][Acceptable]
end: [.....5] [ip4][..tcp] [.172.27.248.109][.1577] -> [..172.27.248.79][.2404] [IEC60870][Unknown][IoT-Scada][Acceptable]
analyse: [.....6] [ip4][..tcp] [.172.27.248.109][.1578] -> [..172.27.248.79][.2404] [IEC60870][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 32.516| 11.085| 10.877| 118310385.484| 4.100]
- [PKTLEN......: 40.000| 104.000| 51.600| 11.500| 132.400| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 32.516| 11.085| 10.877| 118310385.484| 4.100]
+ [PKTLEN......: 40.000| 104.000| 51.600| 11.500| 132.400| 5.000]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1]
diff --git a/test/results/flow-info/default/imap-starttls.pcap.out b/test/results/flow-info/default/imap-starttls.pcap.out
index 63fa7a136..4ab4f6cfd 100644
--- a/test/results/flow-info/default/imap-starttls.pcap.out
+++ b/test/results/flow-info/default/imap-starttls.pcap.out
@@ -11,9 +11,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Unknown][Email][Safe]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Unknown][Email][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.678| 0.188| 0.378| 143010.873| 3.300]
- [PKTLEN......: 40.000| 1500.000| 235.200| 424.600| 180326.200| 3.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.678| 0.188| 0.378| 143010.873| 3.300]
+ [PKTLEN......: 40.000| 1500.000| 235.200| 424.600| 180326.200| 3.600]
[BINS(c->s)..: 15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1]
diff --git a/test/results/flow-info/default/imap.pcap.out b/test/results/flow-info/default/imap.pcap.out
index df8bfa860..f0e65a64d 100644
--- a/test/results/flow-info/default/imap.pcap.out
+++ b/test/results/flow-info/default/imap.pcap.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Unknown][Email][Unsafe]
RISK: Unsafe Protocol, Clear-Text Credentials
analyse: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Unknown][Email][Unsafe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.331| 0.295| 1.060| 1123749.069| 1.400]
- [PKTLEN......: 52.000| 748.000| 101.900| 125.900| 15857.500| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.331| 0.295| 1.060| 1123749.069| 1.400]
+ [PKTLEN......: 52.000| 748.000| 101.900| 125.900| 15857.500| 4.400]
[BINS(c->s)..: 18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1]
diff --git a/test/results/flow-info/default/imo.pcap.out b/test/results/flow-info/default/imo.pcap.out
index 28d29ef4c..cbe0a0e52 100644
--- a/test/results/flow-info/default/imo.pcap.out
+++ b/test/results/flow-info/default/imo.pcap.out
@@ -6,9 +6,9 @@
new: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604]
detected: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][Unknown][VoIP][Acceptable]
analyse: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.464| 0.060| 0.120| 14499.616| 3.200]
- [PKTLEN......: 29.000| 135.000| 43.000| 23.000| 529.800| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.464| 0.060| 0.120| 14499.616| 3.200]
+ [PKTLEN......: 29.000| 135.000| 43.000| 23.000| 529.800| 4.900]
[BINS(c->s)..: 15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0]
@@ -16,9 +16,9 @@
[PKTLENS.....: 29,29,135,38,38,38,38,38,38,38,38,38,38,29,128,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38]
[ENTROPIES...: 4.4,4.5,6.6,4.3,4.3,4.3,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.4,6.4,4.5,4.5,4.5,4.5,4.5,4.4,4.4,4.4,4.5,4.5,4.5,4.4,4.5,4.4,4.5,4.5,4.3]
analyse: [.....1] [ip4][..udp] [.192.168.12.169][49207] -> [.185.155.137.30][36535] [IMO][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.003| 0.138| 0.306| 93428.728| 2.800]
- [PKTLEN......: 38.000| 1252.000| 419.400| 488.900| 239046.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.003| 0.138| 0.306| 93428.728| 2.800]
+ [PKTLEN......: 38.000| 1252.000| 419.400| 488.900| 239046.100| 4.100]
[BINS(c->s)..: 0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/instagram.pcap.out b/test/results/flow-info/default/instagram.pcap.out
index 69471bf9f..b2f0a707c 100644
--- a/test/results/flow-info/default/instagram.pcap.out
+++ b/test/results/flow-info/default/instagram.pcap.out
@@ -9,9 +9,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun][telegraph-ash.instagram.com]
RISK: Obsolete TLS (v1.1 or older)
analyse: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.572| 0.136| 0.382| 146017.665| 2.200]
- [PKTLEN......: 52.000| 1450.000| 668.500| 663.900| 440818.000| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.572| 0.136| 0.382| 146017.665| 2.200]
+ [PKTLEN......: 52.000| 1450.000| 668.500| 663.900| 440818.000| 4.200]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,11,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -28,9 +28,9 @@
new: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [MIDSTREAM]
detected: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun][photos-f.ak.instagram.com]
analyse: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.033| 0.003| 0.008| 64.366| 2.900]
- [PKTLEN......: 52.000| 1470.000| 1212.200| 538.200| 289645.800| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.033| 0.003| 0.008| 64.366| 2.900]
+ [PKTLEN......: 52.000| 1470.000| 1212.200| 538.200| 289645.800| 4.800]
[BINS(c->s)..: 5,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,1,1,1,1,1,0,1]
@@ -38,9 +38,9 @@
[PKTLENS.....: 312,1470,52,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,52,1470,52,1470,52,1470,1470,1470,1470,1470,1470,52,1470]
[ENTROPIES...: 5.9,7.3,5.1,7.7,7.7,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.7,7.7,7.8,7.7,5.1,7.8,5.1,7.6,5.1,7.8,7.8,7.7,7.7,7.8,7.5,5.1,7.8]
analyse: [.....4] [ip4][..tcp] [..192.168.0.103][57936] -> [...82.85.26.162][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.112| 0.011| 0.030| 883.414| 2.300]
- [PKTLEN......: 52.000| 1470.000| 771.400| 697.700| 486813.200| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.112| 0.011| 0.030| 883.414| 2.300]
+ [PKTLEN......: 52.000| 1470.000| 771.400| 697.700| 486813.200| 4.300]
[BINS(c->s)..: 14,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,15,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,1,0,1,0,1]
@@ -49,9 +49,9 @@
[ENTROPIES...: 5.8,6.9,5.0,7.6,5.0,7.8,5.0,7.8,5.0,7.8,5.1,7.8,5.0,6.5,5.0,6.9,5.0,7.5,5.0,7.8,5.0,7.8,7.8,5.1,5.1,7.8,7.8,7.8,5.1,7.8,5.1,7.8]
new: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [MIDSTREAM]
analyse: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.372| 0.037| 0.093| 8582.227| 2.300]
- [PKTLEN......: 52.000| 1470.000| 826.400| 686.900| 471900.100| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.372| 0.037| 0.093| 8582.227| 2.300]
+ [PKTLEN......: 52.000| 1470.000| 826.400| 686.900| 471900.100| 4.400]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1]
@@ -75,9 +75,9 @@
detected: [....15] [ip4][..tcp] [..192.168.0.103][33763] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe]
new: [....16] [ip4][..tcp] [..192.168.0.103][38817] -> [...46.33.70.160][...80] [MIDSTREAM]
analyse: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 7.322| 0.237| 1.293| 1672842.314| 0.100]
- [PKTLEN......: 52.000| 1470.000| 889.300| 693.100| 480370.200| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 7.322| 0.237| 1.293| 1672842.314| 0.100]
+ [PKTLEN......: 52.000| 1470.000| 889.300| 693.100| 480370.200| 4.400]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,18,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,0,0]
@@ -128,9 +128,9 @@
new: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [MIDSTREAM]
detected: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun][photos-g.ak.instagram.com]
analyse: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.062| 0.005| 0.015| 225.668| 2.000]
- [PKTLEN......: 52.000| 1470.000| 779.200| 693.800| 481326.300| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.062| 0.005| 0.015| 225.668| 2.000]
+ [PKTLEN......: 52.000| 1470.000| 779.200| 693.800| 481326.300| 4.300]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0]
[DIRECTIONS..: 0,1,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,0,0,1,0,0,1,0,1,0,1,1,1]
@@ -139,9 +139,9 @@
[ENTROPIES...: 5.9,7.4,7.8,7.9,5.0,5.0,5.0,7.8,5.0,7.9,5.0,7.8,7.8,7.8,5.0,5.0,5.0,7.8,7.9,7.8,5.0,5.0,7.8,5.0,5.0,7.7,5.0,7.8,5.0,7.4,7.7,7.7]
new: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [MIDSTREAM]
analyse: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.002| 0.001| 0.001| 0.353| 4.600]
- [PKTLEN......: 52.000| 1450.000| 969.400| 664.000| 440886.100| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.002|< 0.001|< 0.001| 0.353| 4.600]
+ [PKTLEN......: 52.000| 1450.000| 969.400| 664.000| 440886.100| 4.500]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0]
[BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0]
@@ -155,9 +155,9 @@
new: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53]
detected: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][photos-b.ak.instagram.com]
analyse: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.004| 0.001| 0.001| 1.362| 4.300]
- [PKTLEN......: 52.000| 1470.000| 805.300| 707.600| 500717.400| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.004| 0.001| 0.001| 1.362| 4.300]
+ [PKTLEN......: 52.000| 1470.000| 805.300| 707.600| 500717.400| 4.300]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0]
[BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0]
@@ -234,9 +234,9 @@
detection-update: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com]
detection-update: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com]
analyse: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.470| 0.692| 2.561| 6557671.096| 1.200]
- [PKTLEN......: 52.000| 1440.000| 460.700| 528.600| 279392.300| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 10.470| 0.692| 2.561| 6557671.096| 1.200]
+ [PKTLEN......: 52.000| 1440.000| 460.700| 528.600| 279392.300| 4.100]
[BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1]
diff --git a/test/results/flow-info/default/iphone.pcap.out b/test/results/flow-info/default/iphone.pcap.out
index aa0846c88..db40cc79d 100644
--- a/test/results/flow-info/default/iphone.pcap.out
+++ b/test/results/flow-info/default/iphone.pcap.out
@@ -134,9 +134,9 @@
detected: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
detection-update: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
analyse: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.686| 0.087| 0.170| 29013.449| 3.100]
- [PKTLEN......: 52.000| 1492.000| 310.700| 443.900| 197074.700| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.686| 0.087| 0.170| 29013.449| 3.100]
+ [PKTLEN......: 52.000| 1492.000| 310.700| 443.900| 197074.700| 3.900]
[BINS(c->s)..: 8,4,1,0,1,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,0]
@@ -147,9 +147,9 @@
detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com]
detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com]
analyse: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.655| 0.067| 0.146| 21410.738| 2.900]
- [PKTLEN......: 40.000| 1492.000| 299.400| 449.800| 202280.400| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.655| 0.067| 0.146| 21410.738| 2.900]
+ [PKTLEN......: 40.000| 1492.000| 299.400| 449.800| 202280.400| 3.800]
[BINS(c->s)..: 9,5,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1]
@@ -157,9 +157,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52]
[ENTROPIES...: 4.4,5.2,5.1,4.5,5.1,6.7,7.5,7.5,7.3,4.9,5.0,6.0,5.7,6.0,5.0,5.0,5.7,5.8,5.5,7.8,5.5,7.4,5.5,4.9,5.5,5.0,5.0,4.9,7.7,5.0,4.5,5.1]
analyse: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.147| 0.026| 0.045| 1989.449| 3.200]
- [PKTLEN......: 52.000| 1492.000| 322.100| 461.100| 212650.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.147| 0.026| 0.045| 1989.449| 3.200]
+ [PKTLEN......: 52.000| 1492.000| 322.100| 461.100| 212650.100| 3.900]
[BINS(c->s)..: 10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1]
@@ -167,9 +167,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52]
[ENTROPIES...: 4.5,5.3,5.1,4.5,5.2,7.8,7.9,7.8,7.5,5.1,5.2,5.1,6.2,7.4,7.3,6.1,6.0,5.9,7.9,7.6,7.7,5.2,5.2,5.1,6.2,5.1,5.1,5.8,5.1,5.9,5.1,5.1]
analyse: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.804| 0.109| 0.185| 34306.707| 3.400]
- [PKTLEN......: 52.000| 1492.000| 721.000| 667.300| 445284.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.804| 0.109| 0.185| 34306.707| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 721.000| 667.300| 445284.800| 4.300]
[BINS(c->s)..: 8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0]
[BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0]
diff --git a/test/results/flow-info/default/ipp.pcap.out b/test/results/flow-info/default/ipp.pcap.out
index 732bb0ae5..4306d5c98 100644
--- a/test/results/flow-info/default/ipp.pcap.out
+++ b/test/results/flow-info/default/ipp.pcap.out
@@ -8,9 +8,9 @@
detected: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable][10.10.10.251]
RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
analyse: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.009| 0.004| 0.004| 12.440| 4.200]
- [PKTLEN......: 52.000| 2948.000| 883.700| 882.800| 779357.900| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.009| 0.004| 0.004| 12.440| 4.200]
+ [PKTLEN......: 52.000| 2948.000| 883.700| 882.800| 779357.900| 4.200]
[BINS(c->s)..: 3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,1,1,1,0,1,0,9]
[BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1]
diff --git a/test/results/flow-info/default/ipsec_isakmp_esp.pcap.out b/test/results/flow-info/default/ipsec_isakmp_esp.pcap.out
index eae372270..15991b75f 100644
--- a/test/results/flow-info/default/ipsec_isakmp_esp.pcap.out
+++ b/test/results/flow-info/default/ipsec_isakmp_esp.pcap.out
@@ -12,9 +12,9 @@
update: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][Unknown][VPN][Safe]
update: [.....2] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.193][..500] [IPSec][Unknown][VPN][Safe]
analyse: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][Unknown][VPN][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 662.067| 70.207| 185.660|34469670203.425| 2.000]
- [PKTLEN......: 108.000| 1360.000| 528.100| 468.700| 219671.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 662.067| 70.207| 185.660| 34469670203.425| 2.000]
+ [PKTLEN......: 108.000| 1360.000| 528.100| 468.700| 219671.500| 4.500]
[BINS(c->s)..: 0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,3,0,7,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1]
@@ -119,9 +119,9 @@
new: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500]
detected: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] [IPSec][Unknown][VPN][Safe]
analyse: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] [IPSec][Unknown][VPN][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
- [PKTLEN......: 108.000| 1360.000| 493.000| 453.900| 206039.000| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
+ [PKTLEN......: 108.000| 1360.000| 493.000| 453.900| 206039.000| 4.400]
[BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,4,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1]
@@ -129,9 +129,9 @@
[PKTLENS.....: 844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236]
[ENTROPIES...: 7.7,6.9,6.3,5.9,6.1,7.4,7.9,7.9,7.8,6.7,6.6,6.5,7.8,6.7,5.8,7.7,6.9,6.3,5.7,6.1,7.5,7.9,7.9,7.8,6.6,6.6,6.6,7.8,6.5,5.7,7.7,6.8]
analyse: [....23] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.227][..500] [IPSec][Unknown][VPN][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
- [PKTLEN......: 80.000| 828.000| 507.000| 320.200| 102515.000| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
+ [PKTLEN......: 80.000| 828.000| 507.000| 320.200| 102515.000| 4.700]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -147,9 +147,9 @@
new: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500]
detected: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][Unknown][VPN][Safe]
analyse: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][Unknown][VPN][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
- [PKTLEN......: 108.000| 1360.000| 651.200| 511.600| 261688.400| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
+ [PKTLEN......: 108.000| 1360.000| 651.200| 511.600| 261688.400| 4.500]
[BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,2,0,4,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,4,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1]
@@ -173,9 +173,9 @@
new: [....36] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.195][..500]
detected: [....36] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.195][..500] [IPSec][Unknown][VPN][Safe]
analyse: [....34] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.195][.4500] [IPSec][Unknown][VPN][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
- [PKTLEN......: 108.000| 1360.000| 570.200| 486.800| 236933.900| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
+ [PKTLEN......: 108.000| 1360.000| 570.200| 486.800| 236933.900| 4.500]
[BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,2,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1]
@@ -183,9 +183,9 @@
[PKTLENS.....: 844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236]
[ENTROPIES...: 7.7,6.9,6.3,5.7,6.2,7.5,7.9,7.8,7.8,6.7,6.7,6.7,7.8,6.5,7.8,7.7,6.9,6.3,5.8,6.1,7.4,7.9,7.9,7.8,6.5,6.5,6.6,7.8,6.7,7.8,7.7,6.9]
analyse: [....18] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.225][.4500] [IPSec][Unknown][VPN][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
- [PKTLEN......: 108.000| 1360.000| 531.600| 472.200| 222978.400| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
+ [PKTLEN......: 108.000| 1360.000| 531.600| 472.200| 222978.400| 4.400]
[BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,3,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1]
diff --git a/test/results/flow-info/default/jabber.pcap.out b/test/results/flow-info/default/jabber.pcap.out
index 3fd29400b..bf1585c0e 100644
--- a/test/results/flow-info/default/jabber.pcap.out
+++ b/test/results/flow-info/default/jabber.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222]
detected: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
analyse: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.338| 0.039| 0.084| 7085.730| 3.000]
- [PKTLEN......: 52.000| 431.000| 128.100| 104.500| 10930.100| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.338| 0.039| 0.084| 7085.730| 3.000]
+ [PKTLEN......: 52.000| 431.000| 128.100| 104.500| 10930.100| 4.600]
[BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0]
@@ -16,9 +16,9 @@
new: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222]
detected: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
analyse: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.337| 0.038| 0.085| 7210.629| 2.800]
- [PKTLEN......: 52.000| 431.000| 128.000| 104.500| 10917.300| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.337| 0.038| 0.085| 7210.629| 2.800]
+ [PKTLEN......: 52.000| 431.000| 128.000| 104.500| 10917.300| 4.600]
[BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0]
@@ -40,9 +40,9 @@
DAEMON-EVENT: [Processed: 243 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
analyse: [.....6] [ip4][..tcp] [....172.16.0.62][57149] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 600.488| 42.007| 147.105|21639823353.709| 1.400]
- [PKTLEN......: 52.000| 515.000| 150.800| 117.900| 13893.800| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 600.488| 42.007| 147.105| 21639823353.709| 1.400]
+ [PKTLEN......: 52.000| 515.000| 150.800| 117.900| 13893.800| 4.600]
[BINS(c->s)..: 9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1]
diff --git a/test/results/flow-info/default/kismet.pcap.out b/test/results/flow-info/default/kismet.pcap.out
index 4dcacd8fe..8014a7e45 100644
--- a/test/results/flow-info/default/kismet.pcap.out
+++ b/test/results/flow-info/default/kismet.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501]
detected: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Unknown][Network][Acceptable]
analyse: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.100| 0.836| 0.406| 165002.641| 4.700]
- [PKTLEN......: 40.000| 1085.000| 128.900| 184.200| 33913.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.100| 0.836| 0.406| 165002.641| 4.700]
+ [PKTLEN......: 40.000| 1085.000| 128.900| 184.200| 33913.200| 4.200]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/kontiki.pcap.out b/test/results/flow-info/default/kontiki.pcap.out
index c477ed9d8..d80aaf2ef 100644
--- a/test/results/flow-info/default/kontiki.pcap.out
+++ b/test/results/flow-info/default/kontiki.pcap.out
@@ -18,9 +18,9 @@
new: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59]
detected: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59] [ICMP][Unknown][Network][Acceptable]
analyse: [.....3] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.86][.8888] [Kontiki][Unknown][Media][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.608| 0.045| 0.118| 13931.400| 2.600]
- [PKTLEN......: 32.000| 1269.000| 804.400| 568.000| 322604.600| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.608| 0.045| 0.118| 13931.400| 2.600]
+ [PKTLEN......: 32.000| 1269.000| 804.400| 568.000| 322604.600| 4.500]
[BINS(c->s)..: 7,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,0,1,0,1,0,1,1,1,1,0,1,1,1,1,1,0,1,1,1,1,1,1,0,1,1,1,1]
diff --git a/test/results/flow-info/default/line.pcap.out b/test/results/flow-info/default/line.pcap.out
index ce1adff37..9e5377626 100644
--- a/test/results/flow-info/default/line.pcap.out
+++ b/test/results/flow-info/default/line.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610]
detected: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable]
analyse: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.602| 0.105| 0.182| 33194.353| 3.400]
- [PKTLEN......: 58.000| 900.000| 171.300| 234.500| 54984.500| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.602| 0.105| 0.182| 33194.353| 3.400]
+ [PKTLEN......: 58.000| 900.000| 171.300| 234.500| 54984.500| 4.100]
[BINS(c->s)..: 1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0]
@@ -25,9 +25,9 @@
detection-update: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable][uts-front.line-apps.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....2] [ip4][..tcp] [...10.200.3.125][57841] -> [.147.92.165.194][..443] [TLS][Line][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.007| 2.533| 0.220| 0.601| 361429.959| 2.800]
- [PKTLEN......: 40.000| 374.000| 118.100| 90.900| 8262.100| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.007| 2.533| 0.220| 0.601| 361429.959| 2.800]
+ [PKTLEN......: 40.000| 374.000| 118.100| 90.900| 8262.100| 4.600]
[BINS(c->s)..: 1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0]
@@ -35,9 +35,9 @@
[PKTLENS.....: 100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]
[ENTROPIES...: 5.9,4.7,6.3,4.7,6.6,6.0,4.7,6.6,4.7,7.4,6.0,4.7,6.5,4.7,6.4,5.9,4.7,6.7,4.7,7.0,5.9,6.3,6.0,4.7,6.0,4.7,7.3,4.7,7.1,4.8,7.4,5.9]
analyse: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 7.306| 0.634| 1.725| 2976235.913| 2.700]
- [PKTLEN......: 40.000| 1500.000| 272.500| 367.300| 134881.600| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 7.306| 0.634| 1.725| 2976235.913| 2.700]
+ [PKTLEN......: 40.000| 1500.000| 272.500| 367.300| 134881.600| 4.100]
[BINS(c->s)..: 6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]
@@ -48,9 +48,9 @@
new: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070]
detected: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
analyse: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.225| 0.016| 0.051| 2613.605| 1.500]
- [PKTLEN......: 59.000| 881.000| 540.400| 131.000| 17170.000| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.225| 0.016| 0.051| 2613.605| 1.500]
+ [PKTLEN......: 59.000| 881.000| 540.400| 131.000| 17170.000| 4.900]
[BINS(c->s)..: 1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1]
diff --git a/test/results/flow-info/default/log4j-webapp-exploit.pcap.out b/test/results/flow-info/default/log4j-webapp-exploit.pcap.out
index 493ca5aa4..f43a9009a 100644
--- a/test/results/flow-info/default/log4j-webapp-exploit.pcap.out
+++ b/test/results/flow-info/default/log4j-webapp-exploit.pcap.out
@@ -18,9 +18,9 @@
ERROR-EVENT: Unknown L3 protocol [3/16]
ERROR-EVENT: Unknown L3 protocol [4/16]
analyse: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 7.289| 0.474| 1.790| 3202664.366| 1.100]
- [PKTLEN......: 52.000| 60.000| 53.500| 2.200| 4.600| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 7.289| 0.474| 1.790| 3202664.366| 1.100]
+ [PKTLEN......: 52.000| 60.000| 53.500| 2.200| 4.600| 5.000]
[BINS(c->s)..: 17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
diff --git a/test/results/flow-info/default/long_tls_certificate.pcap.out b/test/results/flow-info/default/long_tls_certificate.pcap.out
index be4814b75..15c9d3771 100644
--- a/test/results/flow-info/default/long_tls_certificate.pcap.out
+++ b/test/results/flow-info/default/long_tls_certificate.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable][beacon-api.aliyuncs.com]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable][beacon-api.aliyuncs.com]
analyse: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.371| 0.087| 0.130| 17024.252| 3.400]
- [PKTLEN......: 40.000| 1492.000| 370.700| 546.600| 298744.200| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.371| 0.087| 0.130| 17024.252| 3.400]
+ [PKTLEN......: 40.000| 1492.000| 370.700| 546.600| 298744.200| 3.700]
[BINS(c->s)..: 10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1]
diff --git a/test/results/flow-info/default/malware.pcap.out b/test/results/flow-info/default/malware.pcap.out
index 0d3a63ccd..de5a1132b 100644
--- a/test/results/flow-info/default/malware.pcap.out
+++ b/test/results/flow-info/default/malware.pcap.out
@@ -27,9 +27,9 @@
detected: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe][hobbeach.com]
detection-update: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe][hobbeach.com]
analyse: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.111| 0.021| 0.035| 1237.078| 3.200]
- [PKTLEN......: 40.000| 1492.000| 579.600| 653.500| 427088.100| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.111| 0.021| 0.035| 1237.078| 3.200]
+ [PKTLEN......: 40.000| 1492.000| 579.600| 653.500| 427088.100| 4.000]
[BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,0,1,1]
diff --git a/test/results/flow-info/default/merakicloud.pcapng.out b/test/results/flow-info/default/merakicloud.pcapng.out
index 7cf748ec0..5bea0df22 100644
--- a/test/results/flow-info/default/merakicloud.pcapng.out
+++ b/test/results/flow-info/default/merakicloud.pcapng.out
@@ -8,9 +8,9 @@
update: [.....1] [ip4][..udp] [...2.36.234.133][47301] -> [..209.206.59.34][.7351] [MerakiCloud][Unknown][Network][Acceptable]
update: [.....1] [ip4][..udp] [...2.36.234.133][47301] -> [..209.206.59.34][.7351] [MerakiCloud][Unknown][Network][Acceptable]
analyse: [.....1] [ip4][..udp] [...2.36.234.133][47301] -> [..209.206.59.34][.7351] [MerakiCloud][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.185| 25.011| 16.136| 11.214| 125752330.682| 4.400]
- [PKTLEN......: 74.000| 183.000| 129.700| 43.400| 1881.800| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.185| 25.011| 16.136| 11.214| 125752330.682| 4.400]
+ [PKTLEN......: 74.000| 183.000| 129.700| 43.400| 1881.800| 4.900]
[BINS(c->s)..: 0,0,0,11,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1]
diff --git a/test/results/flow-info/default/modbus.pcap.out b/test/results/flow-info/default/modbus.pcap.out
index 731bf11d8..53459e5a0 100644
--- a/test/results/flow-info/default/modbus.pcap.out
+++ b/test/results/flow-info/default/modbus.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [MIDSTREAM]
detected: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][Unknown][IoT-Scada][Acceptable]
analyse: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 1.014| 0.452| 0.497| 247304.159| 3.800]
- [PKTLEN......: 51.000| 52.000| 51.500| 0.500| 0.200| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.014| 0.452| 0.497| 247304.159| 3.800]
+ [PKTLEN......: 51.000| 52.000| 51.500| 0.500| 0.200| 5.000]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/monero.pcap.out b/test/results/flow-info/default/monero.pcap.out
index d17b2ee1e..42fc32249 100644
--- a/test/results/flow-info/default/monero.pcap.out
+++ b/test/results/flow-info/default/monero.pcap.out
@@ -8,9 +8,9 @@
detected: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
RISK: Unsafe Protocol
analyse: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 71.693| 7.500| 18.614| 346464978.993| 2.400]
- [PKTLEN......: 52.000| 1500.000| 358.800| 549.100| 301531.900| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 71.693| 7.500| 18.614| 346464978.993| 2.400]
+ [PKTLEN......: 52.000| 1500.000| 358.800| 549.100| 301531.900| 3.700]
[BINS(c->s)..: 8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0]
[BINS(s->c)..: 10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1]
@@ -18,9 +18,9 @@
[PKTLENS.....: 60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]
[ENTROPIES...: 4.7,5.3,5.1,5.8,5.3,5.7,5.3,6.1,5.7,5.9,5.1,5.8,5.3,5.0,5.2,4.5,4.3,5.3,5.3,5.7,5.2,4.5,4.3,5.4,5.7,5.2,4.9,5.2,4.5,4.3,5.4,5.7]
analyse: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 170.525| 32.857| 51.784| 2681624034.542| 3.400]
- [PKTLEN......: 40.000| 1484.000| 223.600| 347.600| 120860.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 170.525| 32.857| 51.784| 2681624034.542| 3.400]
+ [PKTLEN......: 40.000| 1484.000| 223.600| 347.600| 120860.400| 3.900]
[BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0]
[BINS(s->c)..: 4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1]
diff --git a/test/results/flow-info/default/nest_log_sink.pcap.out b/test/results/flow-info/default/nest_log_sink.pcap.out
index a76bf74a3..ea3b570c7 100644
--- a/test/results/flow-info/default/nest_log_sink.pcap.out
+++ b/test/results/flow-info/default/nest_log_sink.pcap.out
@@ -5,9 +5,9 @@
DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
analyse: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.061| 60.122| 38.821| 28.558| 815563555.209| 4.300]
- [PKTLEN......: 40.000| 46.000| 43.000| 3.000| 9.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.061| 60.122| 38.821| 28.558| 815563555.209| 4.300]
+ [PKTLEN......: 40.000| 46.000| 43.000| 3.000| 9.000| 5.000]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1]
@@ -24,9 +24,9 @@
new: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095]
detected: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
analyse: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.491| 0.199| 0.354| 125081.829| 3.700]
- [PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48330.300| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.491| 0.199| 0.354| 125081.829| 3.700]
+ [PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48330.300| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0]
@@ -39,9 +39,9 @@
detected: [.....5] [ip4][..tcp] [.192.168.242.15][63344] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
update: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
analyse: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.007| 60.078| 8.258| 19.898| 395938807.939| 2.400]
- [PKTLEN......: 40.000| 717.000| 167.000| 184.800| 34140.600| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.007| 60.078| 8.258| 19.898| 395938807.939| 2.400]
+ [PKTLEN......: 40.000| 717.000| 167.000| 184.800| 34140.600| 4.300]
[BINS(c->s)..: 9,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1]
@@ -65,9 +65,9 @@
new: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095]
detected: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
analyse: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.478| 0.186| 0.338| 114146.574| 3.600]
- [PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.478| 0.186| 0.338| 114146.574| 3.600]
+ [PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0]
@@ -84,9 +84,9 @@
end: [.....9] [ip4][..tcp] [.192.168.242.15][63347] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
update: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
analyse: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.007| 60.066| 10.038| 21.842| 477077551.710| 2.600]
- [PKTLEN......: 40.000| 717.000| 162.200| 185.800| 34538.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.007| 60.066| 10.038| 21.842| 477077551.710| 2.600]
+ [PKTLEN......: 40.000| 717.000| 162.200| 185.800| 34538.800| 4.300]
[BINS(c->s)..: 10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0]
@@ -106,9 +106,9 @@
new: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095]
detected: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
analyse: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.475| 0.185| 0.337| 113653.596| 3.600]
- [PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.475| 0.185| 0.337| 113653.596| 3.600]
+ [PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0]
@@ -123,9 +123,9 @@
update: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
idle: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
analyse: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.004| 60.116| 15.667| 26.142| 683403720.524| 3.100]
- [PKTLEN......: 40.000| 718.000| 145.100| 181.000| 32752.900| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.004| 60.116| 15.667| 26.142| 683403720.524| 3.100]
+ [PKTLEN......: 40.000| 718.000| 145.100| 181.000| 32752.900| 4.200]
[BINS(c->s)..: 10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1]
@@ -143,9 +143,9 @@
new: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095]
detected: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
analyse: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.484| 0.189| 0.353| 124509.217| 3.600]
- [PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48309.800| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.484| 0.189| 0.353| 124509.217| 3.600]
+ [PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48309.800| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0]
@@ -154,9 +154,9 @@
[ENTROPIES...: 4.3,5.0,4.4,7.0,5.0,7.1,4.5,5.5,5.0,5.8,4.9,5.6,7.6,5.8,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.6,5.7,7.5,5.7,4.3,7.5,5.7,7.5]
new: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095]
analyse: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 60.156| 9.910| 20.689| 428051338.887| 2.700]
- [PKTLEN......: 40.000| 717.000| 147.100| 180.100| 32452.700| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.001| 60.156| 9.910| 20.689| 428051338.887| 2.700]
+ [PKTLEN......: 40.000| 717.000| 147.100| 180.100| 32452.700| 4.200]
[BINS(c->s)..: 10,2,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1]
@@ -172,9 +172,9 @@
end: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
update: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
analyse: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.005| 60.173| 10.045| 21.954| 481957439.865| 2.600]
- [PKTLEN......: 40.000| 716.000| 162.200| 185.800| 34529.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.005| 60.173| 10.045| 21.954| 481957439.865| 2.600]
+ [PKTLEN......: 40.000| 716.000| 162.200| 185.800| 34529.800| 4.300]
[BINS(c->s)..: 10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0]
diff --git a/test/results/flow-info/default/netbios.pcap.out b/test/results/flow-info/default/netbios.pcap.out
index b9ccd0936..00c5cc89f 100644
--- a/test/results/flow-info/default/netbios.pcap.out
+++ b/test/results/flow-info/default/netbios.pcap.out
@@ -10,9 +10,9 @@
RISK: Unsafe Protocol
new: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [MIDSTREAM]
analyse: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.014| 0.750| 0.325| 0.215| 46083.158| 4.600]
- [PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.014| 0.750| 0.325| 0.215| 46083.158| 4.600]
+ [PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -41,9 +41,9 @@
new: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137]
detected: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][guru]
analyse: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.749| 1.516| 0.995| 0.356| 126784.610| 4.900]
- [PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.749| 1.516| 0.995| 0.356| 126784.610| 4.900]
+ [PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/netflix.pcap.out b/test/results/flow-info/default/netflix.pcap.out
index 2f75626d8..abeadd9ed 100644
--- a/test/results/flow-info/default/netflix.pcap.out
+++ b/test/results/flow-info/default/netflix.pcap.out
@@ -35,9 +35,9 @@
detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.364| 0.040| 0.082| 6699.630| 3.200]
- [PKTLEN......: 52.000| 1500.000| 265.200| 396.800| 157454.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.364| 0.040| 0.082| 6699.630| 3.200]
+ [PKTLEN......: 52.000| 1500.000| 265.200| 396.800| 157454.800| 3.900]
[BINS(c->s)..: 11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0]
@@ -79,9 +79,9 @@
detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.350| 0.041| 0.077| 5966.970| 3.500]
- [PKTLEN......: 52.000| 1500.000| 530.200| 630.500| 397553.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.350| 0.041| 0.077| 5966.970| 3.500]
+ [PKTLEN......: 52.000| 1500.000| 530.200| 630.500| 397553.600| 4.000]
[BINS(c->s)..: 11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0]
@@ -98,9 +98,9 @@
detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net]
detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net]
analyse: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 7.508| 0.502| 1.826| 3335198.867| 1.400]
- [PKTLEN......: 52.000| 1500.000| 358.800| 520.700| 271128.800| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 7.508| 0.502| 1.826| 3335198.867| 1.400]
+ [PKTLEN......: 52.000| 1500.000| 358.800| 520.700| 271128.800| 3.800]
[BINS(c->s)..: 10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1]
@@ -124,9 +124,9 @@
new: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80]
detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com]
analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.187| 0.029| 0.042| 1791.215| 4.000]
- [PKTLEN......: 52.000| 1500.000| 812.300| 674.900| 455511.900| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.187| 0.029| 0.042| 1791.215| 4.000]
+ [PKTLEN......: 52.000| 1500.000| 812.300| 674.900| 455511.900| 4.400]
[BINS(c->s)..: 9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0]
[DIRECTIONS..: 0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0]
@@ -140,9 +140,9 @@
new: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53]
detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 6.031| 0.428| 1.232| 1516791.529| 2.300]
- [PKTLEN......: 52.000| 1500.000| 795.600| 706.600| 499284.200| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 6.031| 0.428| 1.232| 1516791.529| 2.300]
+ [PKTLEN......: 52.000| 1500.000| 795.600| 706.600| 499284.200| 4.300]
[BINS(c->s)..: 12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1]
@@ -168,9 +168,9 @@
detection-update: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.145]
RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
analyse: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.004| 0.651| 0.082| 0.154| 23582.077| 3.600]
- [PKTLEN......: 52.000| 1500.000| 940.800| 683.500| 467159.100| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.004| 0.651| 0.082| 0.154| 23582.077| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 940.800| 683.500| 467159.100| 4.500]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1]
@@ -188,9 +188,9 @@
detection-update: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable][23.246.3.140]
RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
analyse: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.002| 0.044| 0.018| 0.010| 100.655| 4.700]
- [PKTLEN......: 52.000| 1500.000| 984.900| 672.700| 452466.100| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.002| 0.044| 0.018| 0.010| 100.655| 4.700]
+ [PKTLEN......: 52.000| 1500.000| 984.900| 672.700| 452466.100| 4.500]
[BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1]
@@ -253,9 +253,9 @@
detection-update: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
analyse: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.098| 0.201| 0.403| 162731.114| 3.600]
- [PKTLEN......: 52.000| 1500.000| 493.700| 638.100| 407212.300| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.098| 0.201| 0.403| 162731.114| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 493.700| 638.100| 407212.300| 3.900]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1]
@@ -263,9 +263,9 @@
[PKTLENS.....: 64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500]
[ENTROPIES...: 4.6,5.3,5.0,6.3,5.8,4.4,5.1,5.2,5.2,5.3,5.3,5.4,5.3,5.2,5.2,5.2,4.8,5.2,4.8,5.1,4.8,4.8,5.2,4.8,5.0,4.8,5.2,5.2,5.2,4.6,5.0,4.6]
analyse: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.047| 0.281| 0.301| 90549.584| 4.200]
- [PKTLEN......: 52.000| 1500.000| 490.100| 638.900| 408170.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.047| 0.281| 0.301| 90549.584| 4.200]
+ [PKTLEN......: 52.000| 1500.000| 490.100| 638.900| 408170.900| 3.900]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1]
@@ -273,9 +273,9 @@
[PKTLENS.....: 64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500]
[ENTROPIES...: 4.5,5.3,5.0,6.4,5.8,4.4,5.1,5.3,5.2,5.1,5.2,5.1,5.1,4.9,4.3,5.2,5.2,5.1,4.9,4.9,5.0,5.1,5.1,4.9,5.0,5.0,4.8,5.0,4.6,4.7,5.1,4.8]
analyse: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 1.636| 0.284| 0.363| 131453.321| 4.000]
- [PKTLEN......: 52.000| 1500.000| 536.600| 657.900| 432827.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.636| 0.284| 0.363| 131453.321| 4.000]
+ [PKTLEN......: 52.000| 1500.000| 536.600| 657.900| 432827.800| 3.900]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1]
@@ -283,9 +283,9 @@
[PKTLENS.....: 64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500]
[ENTROPIES...: 4.5,5.3,5.1,6.4,5.8,4.5,5.1,5.3,5.4,5.4,5.2,5.2,5.2,5.2,3.8,4.4,5.2,5.1,5.2,4.4,4.4,5.2,5.2,4.4,4.4,5.2,5.2,4.3,5.0,4.4,5.2,4.6]
analyse: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.005| 1.397| 0.291| 0.314| 98805.531| 4.200]
- [PKTLEN......: 52.000| 1500.000| 716.200| 699.000| 488561.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.005| 1.397| 0.291| 0.314| 98805.531| 4.200]
+ [PKTLEN......: 52.000| 1500.000| 716.200| 699.000| 488561.800| 4.200]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1]
@@ -293,9 +293,9 @@
[PKTLENS.....: 64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500]
[ENTROPIES...: 4.6,5.3,5.0,6.4,5.8,4.5,5.0,4.2,5.0,5.3,5.3,4.4,5.3,4.4,5.2,4.3,4.5,4.3,5.1,4.3,5.1,4.3,5.1,5.2,4.5,5.0,4.7,4.7,5.1,4.7,5.2,4.7]
analyse: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.716| 0.300| 0.539| 290723.889| 3.600]
- [PKTLEN......: 52.000| 1500.000| 492.600| 638.800| 408052.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.716| 0.300| 0.539| 290723.889| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 492.600| 638.800| 408052.900| 3.900]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0]
@@ -303,9 +303,9 @@
[PKTLENS.....: 64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52]
[ENTROPIES...: 4.6,5.4,5.1,6.4,5.8,4.4,5.2,5.3,5.4,5.3,5.4,5.3,5.3,5.3,5.3,5.2,5.0,4.6,4.5,5.1,4.6,5.0,4.5,5.0,4.6,5.2,5.1,4.3,5.0,4.4,4.5,5.1]
analyse: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.094| 0.303| 0.556| 309287.715| 3.700]
- [PKTLEN......: 52.000| 1500.000| 447.800| 616.500| 380048.700| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.094| 0.303| 0.556| 309287.715| 3.700]
+ [PKTLEN......: 52.000| 1500.000| 447.800| 616.500| 380048.700| 3.800]
[BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0]
@@ -313,9 +313,9 @@
[PKTLENS.....: 64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52]
[ENTROPIES...: 4.5,5.3,5.1,6.4,5.8,4.4,5.1,5.3,5.4,5.4,5.2,5.3,5.2,5.3,5.3,5.3,5.1,4.7,5.2,5.2,4.7,4.7,5.1,4.7,5.1,4.6,5.2,5.3,4.4,5.3,4.5,5.2]
analyse: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.609| 0.294| 0.529| 280024.056| 3.500]
- [PKTLEN......: 52.000| 1500.000| 449.200| 615.600| 378913.200| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.609| 0.294| 0.529| 280024.056| 3.500]
+ [PKTLEN......: 52.000| 1500.000| 449.200| 615.600| 378913.200| 3.800]
[BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0]
@@ -323,9 +323,9 @@
[PKTLENS.....: 64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72]
[ENTROPIES...: 4.6,5.3,5.1,6.4,5.8,4.4,5.1,5.4,5.3,5.3,5.3,5.3,5.2,5.2,5.2,5.2,5.2,5.0,5.0,5.2,5.0,5.0,5.0,5.0,5.2,5.0,5.0,5.1,5.0,4.7,5.2,5.3]
analyse: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.064| 0.322| 0.577| 332375.130| 3.600]
- [PKTLEN......: 52.000| 1500.000| 495.000| 637.200| 406023.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.064| 0.322| 0.577| 332375.130| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 495.000| 637.200| 406023.800| 3.900]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1]
@@ -333,9 +333,9 @@
[PKTLENS.....: 64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500]
[ENTROPIES...: 4.5,5.2,5.0,6.3,5.8,4.5,4.2,5.1,5.0,3.8,5.0,5.1,5.1,5.2,5.2,5.2,5.1,5.2,4.3,5.2,4.2,5.0,4.3,5.1,5.1,5.1,5.1,5.1,4.5,5.1,4.5,4.5]
analyse: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.546| 0.356| 0.683| 466078.499| 3.500]
- [PKTLEN......: 52.000| 1500.000| 493.200| 638.400| 407523.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.546| 0.356| 0.683| 466078.499| 3.500]
+ [PKTLEN......: 52.000| 1500.000| 493.200| 638.400| 407523.400| 3.900]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1]
@@ -343,9 +343,9 @@
[PKTLENS.....: 64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500]
[ENTROPIES...: 4.5,5.3,5.0,6.4,5.8,4.5,5.1,5.4,5.4,5.4,5.3,5.4,5.4,5.3,5.3,5.3,5.3,4.4,5.2,4.5,5.0,4.5,4.5,5.2,4.5,5.1,4.5,5.3,5.2,5.0,4.4,4.4]
analyse: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.457| 0.415| 0.811| 658300.731| 3.600]
- [PKTLEN......: 52.000| 1500.000| 538.100| 656.800| 431419.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.457| 0.415| 0.811| 658300.731| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 538.100| 656.800| 431419.800| 3.900]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1]
@@ -353,9 +353,9 @@
[PKTLENS.....: 64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500]
[ENTROPIES...: 4.5,5.3,5.0,6.4,5.8,4.4,5.1,5.3,5.4,5.4,5.4,5.4,5.3,5.3,5.2,5.2,4.4,4.5,5.1,5.2,4.4,4.5,5.2,4.4,5.1,4.5,5.2,4.3,4.3,5.2,5.2,4.4]
analyse: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 4.432| 0.435| 0.814| 663375.512| 3.600]
- [PKTLEN......: 52.000| 1500.000| 404.200| 589.200| 347103.400| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.432| 0.435| 0.814| 663375.512| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 404.200| 589.200| 347103.400| 3.700]
[BINS(c->s)..: 22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1]
@@ -363,9 +363,9 @@
[PKTLENS.....: 64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500]
[ENTROPIES...: 4.6,5.2,5.0,6.4,5.8,4.5,5.1,5.3,5.3,5.4,5.4,5.3,5.4,5.3,5.3,5.1,5.3,5.3,5.2,4.3,5.0,4.3,5.2,5.2,4.4,5.2,5.2,5.2,4.3,4.3,5.2,4.4]
analyse: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 30.086| 1.958| 7.380| 54461959.504| 1.100]
- [PKTLEN......: 52.000| 1500.000| 380.000| 556.900| 310128.200| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 30.086| 1.958| 7.380| 54461959.504| 1.100]
+ [PKTLEN......: 52.000| 1500.000| 380.000| 556.900| 310128.200| 3.800]
[BINS(c->s)..: 9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
[BINS(s->c)..: 9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1]
@@ -390,9 +390,9 @@
detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.geo.netflix.com]
new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443]
analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 30.431| 1.003| 5.373| 28867930.620| 0.200]
- [PKTLEN......: 52.000| 1500.000| 379.500| 557.000| 310204.400| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 30.431| 1.003| 5.373| 28867930.620| 0.200]
+ [PKTLEN......: 52.000| 1500.000| 379.500| 557.000| 310204.400| 3.800]
[BINS(c->s)..: 10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
[BINS(s->c)..: 7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0]
@@ -416,9 +416,9 @@
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
analyse: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.282| 0.053| 0.058| 3383.537| 4.200]
- [PKTLEN......: 52.000| 1500.000| 552.500| 629.700| 396553.700| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.282| 0.053| 0.058| 3383.537| 4.200]
+ [PKTLEN......: 52.000| 1500.000| 552.500| 629.700| 396553.700| 4.000]
[BINS(c->s)..: 10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0]
@@ -428,9 +428,9 @@
detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.333| 0.059| 0.083| 6944.879| 3.800]
- [PKTLEN......: 52.000| 1500.000| 746.100| 703.800| 495333.000| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.333| 0.059| 0.083| 6944.879| 3.800]
+ [PKTLEN......: 52.000| 1500.000| 746.100| 703.800| 495333.000| 4.200]
[BINS(c->s)..: 6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0]
[BINS(s->c)..: 6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0]
@@ -439,9 +439,9 @@
[ENTROPIES...: 4.6,5.3,5.2,5.8,5.1,7.2,7.3,5.2,6.9,5.2,6.2,5.1,6.1,5.2,6.0,5.2,7.9,7.9,7.9,5.2,7.9,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9]
detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
analyse: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.005| 0.731| 0.102| 0.156| 24231.225| 4.000]
- [PKTLEN......: 52.000| 1500.000| 648.300| 653.400| 426995.300| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.005| 0.731| 0.102| 0.156| 24231.225| 4.000]
+ [PKTLEN......: 52.000| 1500.000| 648.300| 653.400| 426995.300| 4.200]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0]
@@ -504,9 +504,9 @@
detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.141| 0.020| 0.029| 838.464| 3.900]
- [PKTLEN......: 52.000| 1500.000| 420.800| 506.400| 256458.000| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.141| 0.020| 0.029| 838.464| 3.900]
+ [PKTLEN......: 52.000| 1500.000| 420.800| 506.400| 256458.000| 4.100]
[BINS(c->s)..: 12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -521,9 +521,9 @@
detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net]
detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net]
analyse: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.501| 0.064| 0.122| 14766.799| 3.300]
- [PKTLEN......: 52.000| 1500.000| 442.800| 552.300| 305076.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.501| 0.064| 0.122| 14766.799| 3.300]
+ [PKTLEN......: 52.000| 1500.000| 442.800| 552.300| 305076.800| 4.000]
[BINS(c->s)..: 10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1]
@@ -532,9 +532,9 @@
[ENTROPIES...: 4.6,5.3,5.2,4.1,5.0,7.3,7.3,5.2,7.0,5.2,6.3,5.1,6.0,5.1,6.0,5.2,7.9,7.8,5.2,7.9,7.5,5.2,7.6,5.1,7.7,5.2,6.0,5.2,7.9,7.7,5.0,7.9]
detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 0.100| 0.036| 0.022| 464.586| 4.700]
- [PKTLEN......: 52.000| 1500.000| 1146.700| 613.300| 376142.500| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.100| 0.036| 0.022| 464.586| 4.700]
+ [PKTLEN......: 52.000| 1500.000| 1146.700| 613.300| 376142.500| 4.700]
[BINS(c->s)..: 5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -542,9 +542,9 @@
[PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]
[ENTROPIES...: 4.5,5.2,5.2,5.9,5.3,7.0,7.5,5.1,7.7,5.1,7.7,5.2,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.9,7.8,7.9,7.9,7.8,7.8]
analyse: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.416| 0.126| 0.341| 116136.157| 2.600]
- [PKTLEN......: 52.000| 1500.000| 767.500| 698.900| 488505.900| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.416| 0.126| 0.341| 116136.157| 2.600]
+ [PKTLEN......: 52.000| 1500.000| 767.500| 698.900| 488505.900| 4.300]
[BINS(c->s)..: 12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0]
diff --git a/test/results/flow-info/default/nfsv2.pcap.out b/test/results/flow-info/default/nfsv2.pcap.out
index b86aac8f5..644f07db2 100644
--- a/test/results/flow-info/default/nfsv2.pcap.out
+++ b/test/results/flow-info/default/nfsv2.pcap.out
@@ -15,9 +15,9 @@
new: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049]
detected: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] [NFS][Unknown][DataTransfer][Acceptable]
analyse: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] [NFS][Unknown][DataTransfer][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.040| 0.006| 0.010| 101.769| 3.300]
- [PKTLEN......: 56.000| 200.000| 133.500| 43.100| 1860.800| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.040| 0.006| 0.010| 101.769| 3.300]
+ [PKTLEN......: 56.000| 200.000| 133.500| 43.100| 1860.800| 4.900]
[BINS(c->s)..: 0,0,0,5,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,0,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/nfsv3.pcap.out b/test/results/flow-info/default/nfsv3.pcap.out
index e7116be3c..8002d8f9b 100644
--- a/test/results/flow-info/default/nfsv3.pcap.out
+++ b/test/results/flow-info/default/nfsv3.pcap.out
@@ -18,9 +18,9 @@
new: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049]
detected: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][Unknown][DataTransfer][Acceptable]
analyse: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][Unknown][DataTransfer][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.050| 0.006| 0.012| 151.925| 3.200]
- [PKTLEN......: 60.000| 300.000| 162.400| 63.400| 4021.900| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.050| 0.006| 0.012| 151.925| 3.200]
+ [PKTLEN......: 60.000| 300.000| 162.400| 63.400| 4021.900| 4.900]
[BINS(c->s)..: 0,0,0,0,13,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,6,0,2,2,2,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/nintendo.pcap.out b/test/results/flow-info/default/nintendo.pcap.out
index d48b2c74b..6ae46c3c5 100644
--- a/test/results/flow-info/default/nintendo.pcap.out
+++ b/test/results/flow-info/default/nintendo.pcap.out
@@ -12,9 +12,9 @@
new: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335]
detected: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][AmazonAWS][Game][Fun]
analyse: [.....1] [ip4][..udp] [.192.168.12.114][52119] -> [....91.8.243.35][49432] [Nintendo][Unknown][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.730| 0.194| 0.332| 110172.324| 3.600]
- [PKTLEN......: 88.000| 840.000| 153.000| 179.500| 32207.000| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.730| 0.194| 0.332| 110172.324| 3.600]
+ [PKTLEN......: 88.000| 840.000| 153.000| 179.500| 32207.000| 4.500]
[BINS(c->s)..: 0,7,7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,4,8,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1]
@@ -53,9 +53,9 @@
detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS][AmazonAWS][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 14.019| 1.263| 3.443| 11853821.379| 2.400]
- [PKTLEN......: 52.000| 457.000| 120.200| 98.400| 9678.600| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 14.019| 1.263| 3.443| 11853821.379| 2.400]
+ [PKTLEN......: 52.000| 457.000| 120.200| 98.400| 9678.600| 4.600]
[BINS(c->s)..: 8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1]
@@ -73,9 +73,9 @@
new: [....21] [ip4][.icmp] [...151.6.184.98] -> [.192.168.12.114]
detected: [....21] [ip4][.icmp] [...151.6.184.98] -> [.192.168.12.114] [ICMP][Unknown][Network][Acceptable]
analyse: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] [Nintendo][Unknown][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.754| 0.078| 0.153| 23284.658| 3.200]
- [PKTLEN......: 88.000| 872.000| 154.000| 186.200| 34652.000| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.754| 0.078| 0.153| 23284.658| 3.200]
+ [PKTLEN......: 88.000| 872.000| 154.000| 186.200| 34652.000| 4.500]
[BINS(c->s)..: 0,2,18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,1,1,1,0,0,1,0,0,1,1,1]
@@ -83,9 +83,9 @@
[PKTLENS.....: 104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,88,104,104,104,104,872,88,872,104,104,88]
[ENTROPIES...: 6.0,6.2,6.0,6.0,6.0,6.0,6.0,6.1,6.0,6.0,6.1,6.1,6.1,6.2,6.0,6.1,6.6,5.9,6.1,6.1,6.7,6.1,6.2,6.3,6.0,6.1,5.6,5.9,5.6,6.1,6.2,5.9]
analyse: [....19] [ip4][..udp] [.192.168.12.114][55915] -> [.93.237.131.235][56066] [Nintendo][Unknown][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.758| 0.106| 0.188| 35487.695| 3.400]
- [PKTLEN......: 88.000| 872.000| 207.000| 231.800| 53743.000| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.758| 0.106| 0.188| 35487.695| 3.400]
+ [PKTLEN......: 88.000| 872.000| 207.000| 231.800| 53743.000| 4.400]
[BINS(c->s)..: 0,3,13,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,0,1,1,1,0,0,0,0,0]
@@ -93,9 +93,9 @@
[PKTLENS.....: 104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,168,88,872,88,872,88,104,104,88,344,840,472,472]
[ENTROPIES...: 6.0,6.1,6.0,6.0,6.1,6.0,6.1,6.1,6.1,6.2,6.2,6.1,6.1,6.1,6.2,6.2,6.1,6.7,6.0,6.7,5.9,5.6,6.0,5.6,5.8,6.2,6.2,6.0,7.3,5.8,6.2,6.2]
analyse: [....20] [ip4][..udp] [.192.168.12.114][55915] -> [..81.61.158.138][51769] [Nintendo][Unknown][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.649| 0.099| 0.184| 33766.533| 3.200]
- [PKTLEN......: 88.000| 872.000| 153.500| 186.300| 34709.800| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.649| 0.099| 0.184| 33766.533| 3.200]
+ [PKTLEN......: 88.000| 872.000| 153.500| 186.300| 34709.800| 4.400]
[BINS(c->s)..: 0,3,15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0]
diff --git a/test/results/flow-info/default/nntp.pcap.out b/test/results/flow-info/default/nntp.pcap.out
index 2144fb147..ef37877f1 100644
--- a/test/results/flow-info/default/nntp.pcap.out
+++ b/test/results/flow-info/default/nntp.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119]
detected: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Unknown][Web][Acceptable]
analyse: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 25.684| 4.346| 7.782| 60565611.348| 3.100]
- [PKTLEN......: 40.000| 1500.000| 205.900| 397.400| 157950.100| 3.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 25.684| 4.346| 7.782| 60565611.348| 3.100]
+ [PKTLEN......: 40.000| 1500.000| 205.900| 397.400| 157950.100| 3.600]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0]
diff --git a/test/results/flow-info/default/no_sni.pcap.out b/test/results/flow-info/default/no_sni.pcap.out
index 47176edfa..50a67b2c5 100644
--- a/test/results/flow-info/default/no_sni.pcap.out
+++ b/test/results/flow-info/default/no_sni.pcap.out
@@ -11,9 +11,9 @@
detection-update: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable][mozilla.cloudflare-dns.com]
new: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443]
analyse: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.180| 0.028| 0.054| 2913.211| 3.000]
- [PKTLEN......: 40.000| 722.000| 127.200| 163.800| 26828.900| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.180| 0.028| 0.054| 2913.211| 3.000]
+ [PKTLEN......: 40.000| 722.000| 127.200| 163.800| 26828.900| 4.200]
[BINS(c->s)..: 10,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0]
@@ -23,9 +23,9 @@
detected: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe][]
detection-update: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe][]
analyse: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.473| 0.050| 0.107| 11455.737| 3.000]
- [PKTLEN......: 40.000| 1500.000| 367.000| 489.400| 239474.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.473| 0.050| 0.107| 11455.737| 3.000]
+ [PKTLEN......: 40.000| 1500.000| 367.000| 489.400| 239474.400| 3.900]
[BINS(c->s)..: 12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0]
@@ -48,9 +48,9 @@
detection-update: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][]
detection-update: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][]
analyse: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.144| 0.032| 0.043| 1852.691| 3.800]
- [PKTLEN......: 40.000| 1500.000| 271.300| 409.400| 167573.600| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.144| 0.032| 0.043| 1852.691| 3.800]
+ [PKTLEN......: 40.000| 1500.000| 271.300| 409.400| 167573.600| 3.800]
[BINS(c->s)..: 12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0]
diff --git a/test/results/flow-info/default/ocs.pcap.out b/test/results/flow-info/default/ocs.pcap.out
index 8bc55e4d6..eaca52aaa 100644
--- a/test/results/flow-info/default/ocs.pcap.out
+++ b/test/results/flow-info/default/ocs.pcap.out
@@ -37,9 +37,9 @@
detected: [....15] [ip4][..tcp] [..192.168.180.2][36680] -> [.178.248.208.54][..443] [TLS.OCS][OCS][Media][Fun][ocs.labgency.ws]
RISK: Obsolete TLS (v1.1 or older), Unidirectional Traffic
analyse: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] [HTTP.OCS][OCS][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.929| 0.088| 0.173| 29794.175| 3.500]
- [PKTLEN......: 52.000| 715.000| 83.100| 113.800| 12942.200| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.929| 0.088| 0.173| 29794.175| 3.500]
+ [PKTLEN......: 52.000| 715.000| 83.100| 113.800| 12942.200| 4.500]
[BINS(c->s)..: 31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -66,9 +66,9 @@
detected: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][OCS][Media][Fun][www.ocs.fr]
RISK: HTTP Susp User-Agent, Unidirectional Traffic
analyse: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][OCS][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.079| 0.027| 0.030| 875.550| 4.000]
- [PKTLEN......: 52.000| 204.000| 63.900| 26.300| 690.500| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.079| 0.027| 0.030| 875.550| 4.000]
+ [PKTLEN......: 52.000| 204.000| 63.900| 26.300| 690.500| 4.900]
[BINS(c->s)..: 31,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/ocsp.pcapng.out b/test/results/flow-info/default/ocsp.pcapng.out
index 721691795..84d0c6872 100644
--- a/test/results/flow-info/default/ocsp.pcapng.out
+++ b/test/results/flow-info/default/ocsp.pcapng.out
@@ -11,9 +11,9 @@
new: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80]
detected: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe][r3.o.lencr.org]
analyse: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Google][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.243| 7.287| 4.408| 19431782.613| 4.500]
- [PKTLEN......: 104.000| 806.000| 173.000| 189.100| 35745.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 10.243| 7.287| 4.408| 19431782.613| 4.500]
+ [PKTLEN......: 104.000| 806.000| 173.000| 189.100| 35745.500| 4.500]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0]
@@ -21,9 +21,9 @@
[PKTLENS.....: 112,112,104,498,104,806,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,498,104,806,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.9,4.3,4.0,6.2,4.4,7.1,4.5,4.4,4.3,4.3,4.4,4.4,4.3,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,6.2,4.4,7.0,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4]
analyse: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.244| 7.440| 4.399| 19348030.751| 4.500]
- [PKTLEN......: 104.000| 993.000| 184.200| 228.700| 52281.300| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 10.244| 7.440| 4.399| 19348030.751| 4.500]
+ [PKTLEN......: 104.000| 993.000| 184.200| 228.700| 52281.300| 4.400]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -43,9 +43,9 @@
end: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe]
end: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe]
analyse: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Edgecast][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.240| 6.308| 4.932| 24328020.165| 4.300]
- [PKTLEN......: 104.000| 903.000| 215.700| 247.800| 61420.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 10.240| 6.308| 4.932| 24328020.165| 4.300]
+ [PKTLEN......: 104.000| 903.000| 215.700| 247.800| 61420.800| 4.300]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0]
@@ -60,9 +60,9 @@
detected: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.globalsign.com]
end: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Edgecast][Network][Safe]
analyse: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Unknown][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.241| 7.345| 4.533| 20543650.660| 4.500]
- [PKTLEN......: 104.000| 1448.000| 179.500| 263.000| 69147.600| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 10.241| 7.345| 4.533| 20543650.660| 4.500]
+ [PKTLEN......: 104.000| 1448.000| 179.500| 263.000| 69147.600| 4.200]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -70,9 +70,9 @@
[PKTLENS.....: 112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.8,4.2,4.1,6.2,4.4,6.9,7.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4]
analyse: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AmazonAWS][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.241| 7.462| 4.365| 19049033.499| 4.600]
- [PKTLEN......: 104.000| 1110.000| 148.300| 185.900| 34567.000| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 10.241| 7.462| 4.365| 19049033.499| 4.600]
+ [PKTLEN......: 104.000| 1110.000| 148.300| 185.900| 34567.000| 4.500]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -89,9 +89,9 @@
detected: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.entrust.net]
end: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Unknown][Network][Safe]
analyse: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.241| 3.776| 4.797| 23012529.144| 3.600]
- [PKTLEN......: 104.000| 1552.000| 324.200| 431.700| 186386.900| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 10.241| 3.776| 4.797| 23012529.144| 3.600]
+ [PKTLEN......: 104.000| 1552.000| 324.200| 431.700| 186386.900| 4.100]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0]
diff --git a/test/results/flow-info/default/openvpn.pcap.out b/test/results/flow-info/default/openvpn.pcap.out
index 4d32222f8..ede367ca0 100644
--- a/test/results/flow-info/default/openvpn.pcap.out
+++ b/test/results/flow-info/default/openvpn.pcap.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.998| 0.088| 0.234| 54526.591| 2.700]
- [PKTLEN......: 52.000| 357.000| 140.300| 75.300| 5671.500| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.998| 0.088| 0.234| 54526.591| 2.700]
+ [PKTLEN......: 52.000| 357.000| 140.300| 75.300| 5671.500| 4.800]
[BINS(c->s)..: 6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1]
@@ -20,9 +20,9 @@
detected: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.196| 0.045| 0.060| 3547.546| 3.900]
- [PKTLEN......: 70.000| 331.000| 126.400| 58.600| 3436.100| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.196| 0.045| 0.060| 3547.546| 3.900]
+ [PKTLEN......: 70.000| 331.000| 126.400| 58.600| 3436.100| 4.900]
[BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -37,9 +37,9 @@
detected: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.242| 0.188| 0.537| 288658.031| 2.400]
- [PKTLEN......: 70.000| 331.000| 123.300| 58.900| 3466.400| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.242| 0.188| 0.537| 288658.031| 2.400]
+ [PKTLEN......: 70.000| 331.000| 123.300| 58.900| 3466.400| 4.900]
[BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
diff --git a/test/results/flow-info/default/opera-vpn.pcapng.out b/test/results/flow-info/default/opera-vpn.pcapng.out
index a4fbafa35..ae52b246c 100644
--- a/test/results/flow-info/default/opera-vpn.pcapng.out
+++ b/test/results/flow-info/default/opera-vpn.pcapng.out
@@ -88,9 +88,9 @@
new: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443]
detection-update: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.035| 0.008| 0.013| 162.243| 3.300]
- [PKTLEN......: 52.000| 1492.000| 436.200| 558.200| 311541.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.035| 0.008| 0.013| 162.243| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 436.200| 558.200| 311541.900| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0]
@@ -100,9 +100,9 @@
detected: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.034| 0.008| 0.013| 161.460| 3.300]
- [PKTLEN......: 52.000| 1492.000| 405.900| 517.200| 267501.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.034| 0.008| 0.013| 161.460| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 405.900| 517.200| 267501.900| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,0]
@@ -110,9 +110,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,1308,52,1098,764,52,52]
[ENTROPIES...: 4.2,5.1,4.6,4.4,5.0,7.8,4.7,7.8,4.7,5.8,7.9,4.9,5.0,5.9,4.7,6.0,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.8,7.7,4.7,4.7]
analyse: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.037| 0.008| 0.013| 178.814| 3.300]
- [PKTLEN......: 52.000| 1492.000| 395.100| 500.800| 250764.700| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.037| 0.008| 0.013| 178.814| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 395.100| 500.800| 250764.700| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1]
@@ -120,9 +120,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,1098,52,262,52,1098,52,401]
[ENTROPIES...: 4.1,5.3,4.7,4.4,4.9,7.8,4.7,7.8,4.6,5.8,7.9,4.9,5.0,5.9,4.8,5.9,5.6,4.8,7.6,5.0,7.8,4.7,7.9,4.8,7.7,7.8,4.7,7.1,4.8,7.8,4.7,7.4]
analyse: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.037| 0.008| 0.014| 182.825| 3.300]
- [PKTLEN......: 52.000| 1492.000| 368.800| 501.900| 251883.600| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.037| 0.008| 0.014| 182.825| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 368.800| 501.900| 251883.600| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0]
@@ -131,9 +131,9 @@
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,4.8,6.0,4.8,5.6,4.8,7.6,5.1,7.8,4.8,7.2,4.8,7.8,4.8,7.8,4.8,7.9,7.0,4.8]
detected: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.046| 0.009| 0.013| 176.947| 3.400]
- [PKTLEN......: 52.000| 1492.000| 420.800| 536.500| 287782.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.046| 0.009| 0.013| 176.947| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 420.800| 536.500| 287782.900| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0]
@@ -141,9 +141,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,93,52,76,52,591,52,1098,52,1492,52,704,52,1492,52,1318,751,52,138]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.9,6.1,4.7,5.6,4.7,7.6,5.1,7.8,4.7,7.8,4.8,7.7,4.8,7.9,4.8,7.8,7.8,4.7,6.3]
analyse: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.048| 0.009| 0.014| 188.006| 3.300]
- [PKTLEN......: 52.000| 1492.000| 409.500| 521.500| 271995.400| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.048| 0.009| 0.014| 188.006| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 409.500| 521.500| 271995.400| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,0]
@@ -151,9 +151,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,1492,272,469,52]
[ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.9,4.7,5.9,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.8,7.1,7.5,4.7]
analyse: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.039| 0.009| 0.014| 196.546| 3.300]
- [PKTLEN......: 52.000| 1492.000| 365.500| 491.400| 241507.300| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.039| 0.009| 0.014| 196.546| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 365.500| 491.400| 241507.300| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0]
@@ -161,9 +161,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1485,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,626,52,1098,52,134,52]
[ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.9,4.8,7.9,4.7,5.8,7.9,5.0,4.9,5.8,4.7,5.8,4.7,5.4,4.7,7.6,5.0,7.8,4.8,7.9,7.7,4.8,7.6,4.7,7.8,4.8,6.4,4.8]
analyse: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.046| 0.009| 0.014| 204.413| 3.300]
- [PKTLEN......: 52.000| 1492.000| 390.400| 502.900| 252956.000| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.046| 0.009| 0.014| 204.413| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 390.400| 502.900| 252956.000| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1]
@@ -172,9 +172,9 @@
[ENTROPIES...: 4.1,5.1,4.6,4.4,5.0,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.1,5.0,5.9,5.9,4.7,4.7,5.5,4.8,7.6,5.1,7.8,4.8,7.5,4.8,7.8,4.8,7.8,4.8,7.9,7.7]
detection-update: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.058| 0.009| 0.015| 228.299| 3.300]
- [PKTLEN......: 52.000| 1492.000| 397.300| 525.300| 275956.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.058| 0.009| 0.015| 228.299| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 397.300| 525.300| 275956.200| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0]
@@ -182,9 +182,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,294,52]
[ENTROPIES...: 4.2,5.3,4.8,4.5,5.1,7.9,4.8,7.8,4.8,5.8,7.9,5.1,5.1,5.8,4.7,5.9,4.7,5.7,4.7,7.7,5.1,7.8,4.7,7.8,4.7,7.9,4.8,7.7,4.7,7.9,7.2,4.7]
analyse: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.033| 0.010| 0.013| 175.212| 3.500]
- [PKTLEN......: 52.000| 1492.000| 303.800| 468.300| 219308.000| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.033| 0.010| 0.013| 175.212| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 303.800| 468.300| 219308.000| 3.800]
[BINS(c->s)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 9,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,0,1,1,0,1]
@@ -192,9 +192,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,52,91,93,52,52,76,52,591,52,1098,52,1492,58,52,138,52,253,52,148]
[ENTROPIES...: 4.1,5.1,4.7,4.4,4.8,7.9,4.6,7.8,4.6,5.9,7.9,4.8,4.8,4.9,5.9,5.9,4.7,4.7,5.6,4.7,7.7,5.0,7.8,4.7,7.9,5.1,4.7,6.3,4.9,7.2,4.7,6.5]
analyse: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.048| 0.010| 0.015| 220.945| 3.400]
- [PKTLEN......: 52.000| 1492.000| 397.100| 521.500| 271947.300| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.048| 0.010| 0.015| 220.945| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 397.100| 521.500| 271947.300| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,3,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1]
@@ -202,9 +202,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,52,76,52,591,52,1098,52,1492,84,52,1492,488,52,1098,52,478]
[ENTROPIES...: 4.2,5.3,4.7,4.5,5.0,7.9,4.8,7.8,4.8,6.0,7.9,5.0,5.0,6.0,4.7,5.8,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.9,5.7,4.7,7.9,7.5,4.7,7.8,4.7,7.5]
analyse: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.043| 0.010| 0.015| 219.628| 3.400]
- [PKTLEN......: 52.000| 1492.000| 378.900| 495.600| 245645.300| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.043| 0.010| 0.015| 219.628| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 378.900| 495.600| 245645.300| 3.900]
[BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,1,0,0]
@@ -212,9 +212,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,52,498,52,1098,52,1492,280,52,1031,52,154]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.9,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.7,7.6,4.8,7.8,4.6,7.9,7.2,4.8,7.8,4.8,6.4]
analyse: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.035| 0.010| 0.013| 178.858| 3.600]
- [PKTLEN......: 52.000| 1492.000| 304.800| 439.800| 193461.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.035| 0.010| 0.013| 178.858| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 304.800| 439.800| 193461.100| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0]
@@ -222,9 +222,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,1098,52,475,52,138,52,256,52,160,52]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.0,5.1,5.9,4.8,5.9,4.7,5.5,4.7,7.7,4.9,7.8,7.8,4.8,7.6,4.8,6.3,5.1,7.1,4.8,6.6,4.7]
analyse: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.049| 0.010| 0.016| 255.568| 3.300]
- [PKTLEN......: 52.000| 1492.000| 418.400| 525.000| 275583.300| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.049| 0.010| 0.016| 255.568| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 418.400| 525.000| 275583.300| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1]
@@ -232,9 +232,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1473,52,52,91,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,272,52,751]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.7,7.9,4.7,5.8,7.8,5.0,5.0,5.8,5.9,4.7,5.5,4.7,7.7,5.0,7.8,4.8,7.8,4.7,7.9,4.7,7.7,4.8,7.9,7.2,4.8,7.7]
analyse: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.051| 0.010| 0.016| 247.288| 3.300]
- [PKTLEN......: 52.000| 1492.000| 397.700| 512.500| 262691.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.051| 0.010| 0.016| 247.288| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 397.700| 512.500| 262691.900| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0]
@@ -242,9 +242,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1481,52,52,91,52,93,76,52,591,52,1098,52,1492,704,52,1308,52,1098,52,401,52,138]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.0,5.9,4.8,6.0,5.6,4.8,7.7,5.1,7.8,4.8,7.9,7.7,4.8,7.8,4.8,7.8,4.8,7.5,4.8,6.4]
analyse: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.054| 0.010| 0.016| 241.175| 3.400]
- [PKTLEN......: 52.000| 1492.000| 346.900| 471.500| 222289.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.054| 0.010| 0.016| 241.175| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 346.900| 471.500| 222289.800| 3.900]
[BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0]
@@ -252,9 +252,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,52,91,52,93,76,52,591,52,1098,52,1098,52,922,52,1098,52,149,52,200]
[ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,4.8,7.8,4.8,5.9,7.9,5.0,5.0,5.0,5.7,4.7,5.9,5.5,4.8,7.6,5.0,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.8,6.6,4.8,6.8]
analyse: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.036| 0.009| 0.014| 184.863| 3.500]
- [PKTLEN......: 52.000| 1492.000| 402.200| 504.900| 254904.000| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.036| 0.009| 0.014| 184.863| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 402.200| 504.900| 254904.000| 4.000]
[BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1]
@@ -263,9 +263,9 @@
[ENTROPIES...: 4.2,5.3,4.7,4.4,5.0,7.8,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.8,4.8,6.0,4.8,5.6,4.7,7.6,5.0,7.8,4.8,7.8,4.8,7.9,7.7,4.8,7.7,4.7,6.3,7.8]
detection-update: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.040| 0.011| 0.014| 199.830| 3.700]
- [PKTLEN......: 52.000| 1492.000| 405.900| 519.400| 269778.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.040| 0.011| 0.014| 199.830| 3.700]
+ [PKTLEN......: 52.000| 1492.000| 405.900| 519.400| 269778.800| 4.000]
[BINS(c->s)..: 8,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,1,1,1,1,0,0,1,1,1,0,1,1,0,1,1,0,0,1,1,0]
@@ -273,9 +273,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,1128,52,116,1477,64,116,52,91,93,76,52,591,64,52,1098,52,1492,704,52,1492,437,52,148,52,1044,52]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,7.8,4.7,5.8,7.9,5.1,5.9,5.1,5.8,5.9,5.6,4.8,7.6,5.0,5.0,7.8,4.7,7.9,7.7,4.7,7.9,7.5,4.7,6.4,4.9,7.8,4.7]
analyse: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.042| 0.011| 0.015| 224.118| 3.600]
- [PKTLEN......: 52.000| 1492.000| 344.000| 469.500| 220464.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.042| 0.011| 0.015| 224.118| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 344.000| 469.500| 220464.400| 3.900]
[BINS(c->s)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0]
@@ -283,9 +283,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,52,93,76,52,591,52,1098,52,1304,258,52,1098,408,52,138,52,220,52]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,6.0,4.8,6.0,5.7,4.8,7.7,5.0,7.8,4.7,7.8,7.1,4.7,7.8,7.5,4.8,6.3,5.1,6.9,4.8]
analyse: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.037| 0.011| 0.015| 234.608| 3.600]
- [PKTLEN......: 52.000| 1492.000| 339.700| 452.700| 204941.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.037| 0.011| 0.015| 234.608| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 339.700| 452.700| 204941.100| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0]
@@ -293,9 +293,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,831,52,138,52,696,52]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,6.0,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.7,7.5,4.8,7.8,4.8,7.8,4.8,6.3,5.1,7.7,4.8]
analyse: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.043| 0.012| 0.016| 240.534| 3.600]
- [PKTLEN......: 52.000| 1492.000| 355.800| 507.100| 257111.100| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.043| 0.012| 0.016| 240.534| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 355.800| 507.100| 257111.100| 3.800]
[BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0]
@@ -303,9 +303,9 @@
[PKTLENS.....: 64,60,52,569,1492,52,1129,52,116,1469,52,52,52,91,93,52,76,52,591,52,1098,52,1492,104,52,1492,191,52,167,52,364,52]
[ENTROPIES...: 4.2,5.2,4.7,4.4,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.1,5.8,5.9,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.8,6.0,4.7,7.9,6.9,4.7,6.5,5.1,7.4,4.7]
analyse: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.042| 0.012| 0.017| 274.646| 3.500]
- [PKTLEN......: 52.000| 1492.000| 304.800| 467.200| 218265.100| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.042| 0.012| 0.017| 274.646| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 304.800| 467.200| 218265.100| 3.800]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,0]
@@ -313,9 +313,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,52,591,52,1098,52,1492,81,52,138,52,256,52,160,52]
[ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.8,4.6,7.8,4.7,5.9,7.9,4.9,4.9,5.7,4.7,5.8,5.6,4.7,4.7,7.7,4.8,7.8,4.7,7.9,5.7,4.7,6.2,5.0,7.1,4.7,6.6,4.7]
analyse: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.050| 0.009| 0.014| 196.097| 3.300]
- [PKTLEN......: 52.000| 1492.000| 424.800| 534.600| 285801.500| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.050| 0.009| 0.014| 196.097| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 424.800| 534.600| 285801.500| 4.000]
[BINS(c->s)..: 10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,1,0,1,0,1,1,0,0,0]
@@ -324,9 +324,9 @@
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.7,6.0,7.9,5.0,5.0,5.9,5.9,5.6,4.6,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.8,7.7,4.8,6.2,6.5]
new: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443]
analyse: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.044| 0.012| 0.015| 228.764| 3.700]
- [PKTLEN......: 52.000| 1492.000| 340.500| 468.200| 219238.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.044| 0.012| 0.015| 228.764| 3.700]
+ [PKTLEN......: 52.000| 1492.000| 340.500| 468.200| 219238.800| 3.900]
[BINS(c->s)..: 9,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,0,1,1,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,1,1]
@@ -334,9 +334,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1487,64,116,52,91,93,52,76,52,591,64,52,1098,52,1492,528,52,627,52,200,52,314]
[ENTROPIES...: 4.2,5.2,4.8,4.5,5.1,7.8,4.8,7.8,4.7,6.0,7.9,5.0,5.9,5.1,5.8,5.9,4.7,5.5,4.7,7.6,5.1,5.1,7.8,4.8,7.9,7.6,4.8,7.7,4.8,6.9,5.1,7.3]
analyse: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.039| 0.010| 0.013| 167.910| 3.600]
- [PKTLEN......: 52.000| 1492.000| 287.100| 439.400| 193071.900| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.039| 0.010| 0.013| 167.910| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 287.100| 439.400| 193071.900| 3.800]
[BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[BINS(s->c)..: 8,2,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0,0]
@@ -344,9 +344,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1457,52,52,91,52,93,76,52,638,52,322,52,138,172,1444,52,52,329,52,166,52,105]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.0,5.0,5.9,4.7,5.9,5.6,4.8,7.6,5.0,7.3,4.6,6.3,6.7,7.8,5.0,4.9,7.3,4.7,6.6,4.7,5.9]
analyse: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.033| 0.009| 0.012| 153.174| 3.500]
- [PKTLEN......: 52.000| 1492.000| 342.200| 472.200| 222950.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.033| 0.009| 0.012| 153.174| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 342.200| 472.200| 222950.100| 3.900]
[BINS(c->s)..: 8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 9,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,1,1,1]
@@ -354,9 +354,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1459,52,52,52,91,93,52,76,52,591,52,1098,52,1492,84,759,52,154,623,52,52,274]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.6,7.8,4.8,5.8,7.9,5.0,5.0,5.1,5.9,5.9,4.7,5.6,4.7,7.7,5.0,7.8,4.7,7.9,5.8,7.7,4.6,6.6,7.6,5.0,5.0,7.1]
analyse: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.046| 0.009| 0.014| 185.505| 3.300]
- [PKTLEN......: 52.000| 1492.000| 406.800| 492.900| 242924.900| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.046| 0.009| 0.014| 185.505| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 406.800| 492.900| 242924.900| 4.000]
[BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,1,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,0,1,1,0,1,1,1]
@@ -370,9 +370,9 @@
new: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443]
detected: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.108| 0.020| 0.028| 811.176| 3.500]
- [PKTLEN......: 52.000| 1492.000| 324.200| 448.200| 200860.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.108| 0.020| 0.028| 811.176| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 324.200| 448.200| 200860.400| 3.900]
[BINS(c->s)..: 10,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1]
@@ -381,9 +381,9 @@
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.7,7.8,4.8,5.8,7.9,5.1,5.0,5.8,5.1,5.9,4.8,5.9,4.8,5.5,4.8,7.6,5.0,7.8,4.8,7.5,7.8,4.7,7.7,4.8,6.9,5.0]
detection-update: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.037| 0.009| 0.014| 195.258| 3.400]
- [PKTLEN......: 52.000| 1492.000| 433.800| 539.400| 290977.100| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.037| 0.009| 0.014| 195.258| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 433.800| 539.400| 290977.100| 4.000]
[BINS(c->s)..: 10,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0,0]
@@ -391,9 +391,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1113,52,116,1324,52,52,91,93,76,52,591,52,1098,52,1492,704,52,1492,52,1492,52,950,52,138,252]
[ENTROPIES...: 4.1,5.2,4.7,4.2,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.0,5.9,6.0,5.5,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.6,7.9,4.5,7.9,4.6,7.8,4.6,6.3,7.0]
analyse: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.031| 0.008| 0.012| 151.638| 3.300]
- [PKTLEN......: 52.000| 1492.000| 406.100| 507.800| 257847.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.031| 0.008| 0.012| 151.638| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 406.100| 507.800| 257847.600| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1]
@@ -401,9 +401,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1098,52,1308,52,1098,52,770]
[ENTROPIES...: 4.1,5.3,4.7,4.5,4.9,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.1,5.0,5.9,5.8,5.5,4.7,4.7,7.7,5.0,7.8,4.7,7.8,4.7,7.8,4.7,7.9,4.7,7.8,4.7,7.7]
analyse: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.180| 0.027| 0.054| 2903.055| 2.900]
- [PKTLEN......: 52.000| 1492.000| 452.000| 548.400| 300791.000| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.180| 0.027| 0.054| 2903.055| 2.900]
+ [PKTLEN......: 52.000| 1492.000| 452.000| 548.400| 300791.000| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0]
@@ -421,9 +421,9 @@
detected: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.028| 0.074| 0.247| 61210.599| 1.800]
- [PKTLEN......: 52.000| 1492.000| 351.000| 482.300| 232616.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.028| 0.074| 0.247| 61210.599| 1.800]
+ [PKTLEN......: 52.000| 1492.000| 351.000| 482.300| 232616.900| 3.900]
[BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,0,1,1]
@@ -438,9 +438,9 @@
detected: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detected: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.029| 0.007| 0.012| 137.076| 3.300]
- [PKTLEN......: 52.000| 1492.000| 397.000| 481.500| 231822.500| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.029| 0.007| 0.012| 137.076| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 397.000| 481.500| 231822.500| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,1]
@@ -449,9 +449,9 @@
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,4.7,7.8,4.8,5.9,7.9,5.1,5.1,5.9,4.8,5.9,5.7,4.8,7.6,5.0,7.8,7.5,4.7,4.7,7.8,4.7,7.8,4.7,7.7,7.8,4.7,7.5]
detection-update: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.058| 0.009| 0.015| 225.527| 3.300]
- [PKTLEN......: 52.000| 1492.000| 408.200| 535.400| 286624.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.058| 0.009| 0.015| 225.527| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 408.200| 535.400| 286624.800| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1]
@@ -461,9 +461,9 @@
detection-update: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.039| 0.008| 0.012| 156.003| 3.400]
- [PKTLEN......: 52.000| 1492.000| 410.500| 518.800| 269178.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.039| 0.008| 0.012| 156.003| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 410.500| 518.800| 269178.600| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1]
@@ -474,9 +474,9 @@
detected: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.032| 0.009| 0.013| 159.388| 3.500]
- [PKTLEN......: 52.000| 1492.000| 374.000| 504.400| 254392.600| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.032| 0.009| 0.013| 159.388| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 374.000| 504.400| 254392.600| 3.900]
[BINS(c->s)..: 9,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 7,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,1,0,0,1,1]
@@ -484,9 +484,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1457,52,52,91,52,93,76,52,591,52,1098,52,1492,104,52,1492,280,367,52,138,52,584]
[ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,4.7,7.9,4.7,5.9,7.8,5.0,4.9,5.9,4.7,5.9,5.5,4.7,7.6,5.0,7.8,4.8,7.9,6.0,4.8,7.9,7.2,7.3,4.8,6.3,5.0,7.6]
analyse: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.036| 0.009| 0.013| 161.218| 3.500]
- [PKTLEN......: 52.000| 1492.000| 330.400| 469.300| 220240.500| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.036| 0.009| 0.013| 161.218| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 330.400| 469.300| 220240.500| 3.900]
[BINS(c->s)..: 9,0,1,2,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,1,1]
@@ -494,9 +494,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,93,52,76,52,591,52,1098,52,1492,704,132,52,52,154,172,338,52,52]
[ENTROPIES...: 4.2,5.1,4.7,4.5,5.0,7.9,4.8,7.8,4.8,5.8,7.9,5.0,5.1,5.8,5.9,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.9,7.7,6.5,4.7,4.8,6.5,6.6,7.3,5.0,5.0]
analyse: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.122| 0.019| 0.034| 1173.117| 3.100]
- [PKTLEN......: 52.000| 1492.000| 390.500| 496.900| 246958.900| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.122| 0.019| 0.034| 1173.117| 3.100]
+ [PKTLEN......: 52.000| 1492.000| 390.500| 496.900| 246958.900| 4.000]
[BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1]
@@ -504,9 +504,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,591,52,1098,478,52,52,1098,52,1492,488,52,1098,52,271]
[ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.8,4.7,7.8,4.6,5.9,7.9,4.8,4.8,4.9,5.7,5.8,5.6,4.7,7.6,5.0,7.8,7.5,4.8,4.8,7.8,4.8,7.9,7.5,4.8,7.8,4.8,7.1]
analyse: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.126| 0.020| 0.036| 1286.879| 3.200]
- [PKTLEN......: 52.000| 1492.000| 386.500| 502.300| 252311.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.126| 0.020| 0.036| 1286.879| 3.200]
+ [PKTLEN......: 52.000| 1492.000| 386.500| 502.300| 252311.900| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1,1,0,1]
@@ -517,9 +517,9 @@
detected: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.125| 0.019| 0.036| 1295.429| 3.100]
- [PKTLEN......: 52.000| 1492.000| 390.500| 500.100| 250056.100| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.125| 0.019| 0.036| 1295.429| 3.100]
+ [PKTLEN......: 52.000| 1492.000| 390.500| 500.100| 250056.100| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,1,1,0]
@@ -536,9 +536,9 @@
detection-update: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.042| 0.008| 0.013| 169.929| 3.400]
- [PKTLEN......: 52.000| 1492.000| 425.100| 548.500| 300824.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.042| 0.008| 0.013| 169.929| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 425.100| 548.500| 300824.400| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0]
@@ -546,9 +546,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,52,91,93,52,52,76,52,660,52,1098,52,1492,704,52,1492,52,1492,726,52]
[ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.8,4.8,7.8,4.7,5.9,7.9,5.0,5.0,5.0,6.0,6.0,4.8,4.8,5.7,4.8,7.6,5.0,7.8,4.8,7.9,7.7,4.8,7.9,4.8,7.9,7.8,4.8]
analyse: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.099| 0.017| 0.025| 636.110| 3.600]
- [PKTLEN......: 52.000| 1492.000| 288.800| 419.800| 176233.300| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.099| 0.017| 0.025| 636.110| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 288.800| 419.800| 176233.300| 3.900]
[BINS(c->s)..: 8,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,1,0,0,1]
@@ -559,9 +559,9 @@
new: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443]
new: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443]
analyse: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.207| 0.028| 0.058| 3307.776| 2.900]
- [PKTLEN......: 52.000| 1492.000| 468.700| 574.100| 329541.200| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.207| 0.028| 0.058| 3307.776| 2.900]
+ [PKTLEN......: 52.000| 1492.000| 468.700| 574.100| 329541.200| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -581,9 +581,9 @@
detection-update: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.032| 0.009| 0.012| 154.797| 3.600]
- [PKTLEN......: 52.000| 1492.000| 341.300| 465.200| 216385.700| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.032| 0.009| 0.012| 154.797| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 341.300| 465.200| 216385.700| 3.900]
[BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0]
@@ -591,9 +591,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1185,52,154,595,52,52,274,52]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.8,4.8,7.8,4.7,5.8,7.9,4.9,4.9,5.9,4.8,5.9,5.7,4.8,7.6,4.9,7.8,4.7,7.8,4.7,7.8,4.7,6.3,7.6,5.0,5.1,7.2,4.8]
analyse: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.034| 0.008| 0.012| 146.948| 3.400]
- [PKTLEN......: 52.000| 1492.000| 259.000| 395.400| 156313.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.034| 0.008| 0.012| 146.948| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 259.000| 395.400| 156313.400| 3.900]
[BINS(c->s)..: 7,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1]
@@ -601,9 +601,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1461,52,52,52,91,93,52,76,52,608,52,527,52,138,172,603,155,156,52,52,52,52]
[ENTROPIES...: 4.2,5.1,4.7,4.4,4.9,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.1,5.9,5.8,4.7,5.5,4.7,7.7,5.1,7.6,4.7,6.2,6.7,7.6,6.5,6.5,5.0,4.9,5.0,4.9]
analyse: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.034| 0.009| 0.013| 163.660| 3.600]
- [PKTLEN......: 52.000| 1492.000| 255.100| 395.400| 156328.100| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.034| 0.009| 0.013| 163.660| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 255.100| 395.400| 156328.100| 3.800]
[BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0]
@@ -614,9 +614,9 @@
detected: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.178| 0.027| 0.054| 2913.054| 2.900]
- [PKTLEN......: 52.000| 1492.000| 434.600| 557.900| 311277.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.178| 0.027| 0.054| 2913.054| 2.900]
+ [PKTLEN......: 52.000| 1492.000| 434.600| 557.900| 311277.200| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0]
@@ -632,9 +632,9 @@
new: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443]
new: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443]
analyse: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.028| 0.204| 0.738| 545057.276| 1.400]
- [PKTLEN......: 52.000| 1492.000| 304.700| 439.900| 193493.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 3.028| 0.204| 0.738| 545057.276| 1.400]
+ [PKTLEN......: 52.000| 1492.000| 304.700| 439.900| 193493.400| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1]
@@ -643,9 +643,9 @@
[ENTROPIES...: 4.2,5.2,4.8,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.0,4.9,5.9,5.9,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.8,7.6,4.7,6.3,7.1,4.8,6.6,4.7,4.6,5.6]
new: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443]
analyse: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.029| 0.007| 0.012| 139.021| 3.300]
- [PKTLEN......: 52.000| 1492.000| 382.700| 493.600| 243675.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.029| 0.007| 0.012| 139.021| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 382.700| 493.600| 243675.800| 4.000]
[BINS(c->s)..: 10,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,1,0,0,0]
@@ -653,9 +653,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1467,52,52,91,52,93,76,52,591,52,1098,498,52,1098,52,1492,280,52,1031,52,154,172]
[ENTROPIES...: 4.1,5.1,4.6,4.4,5.0,7.8,4.6,7.8,4.7,5.9,7.9,5.0,5.0,5.8,4.6,6.0,5.6,4.6,7.7,5.0,7.8,7.5,4.6,7.8,4.7,7.9,7.1,4.7,7.8,4.6,6.5,6.6]
analyse: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.189| 0.028| 0.055| 3044.153| 3.000]
- [PKTLEN......: 52.000| 1492.000| 416.200| 521.000| 271438.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.189| 0.028| 0.055| 3044.153| 3.000]
+ [PKTLEN......: 52.000| 1492.000| 416.200| 521.000| 271438.600| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1,0]
@@ -666,9 +666,9 @@
detected: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.040| 0.010| 0.014| 190.700| 3.500]
- [PKTLEN......: 52.000| 1492.000| 336.200| 468.300| 219266.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.040| 0.010| 0.014| 190.700| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 336.200| 468.300| 219266.800| 3.900]
[BINS(c->s)..: 10,0,1,2,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,0,0,0,1]
@@ -677,9 +677,9 @@
[ENTROPIES...: 4.2,5.3,4.8,4.4,5.1,7.8,4.8,7.8,4.8,6.0,7.9,5.0,5.1,5.1,6.0,5.8,4.8,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.8,4.8,7.8,4.7,6.4,6.7,7.5,5.1]
detection-update: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.169| 0.025| 0.051| 2565.544| 2.900]
- [PKTLEN......: 52.000| 1492.000| 435.800| 558.300| 311649.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.169| 0.025| 0.051| 2565.544| 2.900]
+ [PKTLEN......: 52.000| 1492.000| 435.800| 558.300| 311649.100| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1]
@@ -687,9 +687,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,1127,52,52,116,1471,52,52,52,91,93,76,52,52,52,629,52,1098,52,1098,52,1492,704,52,1492,52,1492]
[ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,7.8,4.8,4.8,5.9,7.9,5.0,5.0,5.0,5.8,6.0,5.6,4.8,4.8,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.9]
analyse: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.179| 0.027| 0.054| 2949.282| 2.900]
- [PKTLEN......: 52.000| 1492.000| 461.800| 572.200| 327423.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.179| 0.027| 0.054| 2949.282| 2.900]
+ [PKTLEN......: 52.000| 1492.000| 461.800| 572.200| 327423.800| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1]
@@ -697,9 +697,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,93,52,76,52,591,52,1098,52,1492,528,52,1492,52,704,52,1492,52,1492]
[ENTROPIES...: 4.1,5.2,4.8,4.3,5.1,7.8,4.8,7.8,4.8,5.8,7.9,5.0,5.0,5.9,5.9,4.7,5.6,4.7,7.5,5.0,7.8,4.7,7.8,7.5,4.7,7.9,4.7,7.7,4.7,7.9,4.7,7.9]
analyse: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.604| 0.075| 0.151| 22860.368| 3.100]
- [PKTLEN......: 52.000| 1492.000| 384.700| 500.500| 250468.600| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.604| 0.075| 0.151| 22860.368| 3.100]
+ [PKTLEN......: 52.000| 1492.000| 384.700| 500.500| 250468.600| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,1,0,1,0,1]
@@ -710,9 +710,9 @@
detected: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.188| 0.020| 0.046| 2094.229| 2.900]
- [PKTLEN......: 52.000| 1492.000| 356.800| 487.600| 237730.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.188| 0.020| 0.046| 2094.229| 2.900]
+ [PKTLEN......: 52.000| 1492.000| 356.800| 487.600| 237730.200| 3.900]
[BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,0,1,0,0]
@@ -723,9 +723,9 @@
detected: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.034| 0.008| 0.012| 144.514| 3.500]
- [PKTLEN......: 52.000| 1492.000| 397.200| 485.100| 235309.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.034| 0.008| 0.012| 144.514| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 397.200| 485.100| 235309.800| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1,0,1,1,0]
@@ -736,9 +736,9 @@
detected: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.033| 0.008| 0.012| 145.944| 3.400]
- [PKTLEN......: 52.000| 1492.000| 372.100| 488.600| 238772.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.033| 0.008| 0.012| 145.944| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 372.100| 488.600| 238772.900| 3.900]
[BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,1,1,0,0,0]
@@ -755,9 +755,9 @@
detection-update: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.034| 0.008| 0.012| 142.779| 3.400]
- [PKTLEN......: 52.000| 1492.000| 385.300| 506.900| 256960.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.034| 0.008| 0.012| 142.779| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 385.300| 506.900| 256960.200| 3.900]
[BINS(c->s)..: 10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0]
@@ -765,9 +765,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,52,1492,271,52,138,172,539]
[ENTROPIES...: 4.2,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,6.0,4.8,5.9,5.6,4.8,7.6,4.9,7.8,4.6,7.9,4.6,7.7,4.6,7.9,7.2,4.6,6.3,6.5,7.6]
analyse: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.032| 0.009| 0.013| 162.784| 3.500]
- [PKTLEN......: 52.000| 1492.000| 403.100| 505.200| 255231.400| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.032| 0.009| 0.013| 162.784| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 403.100| 505.200| 255231.400| 4.000]
[BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1]
@@ -775,9 +775,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,830,52,148,52,1044]
[ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,6.0,7.9,5.0,4.9,5.9,4.7,6.0,5.7,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.8,4.7,6.3,5.0,7.8]
analyse: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.031| 0.009| 0.012| 155.373| 3.600]
- [PKTLEN......: 52.000| 1492.000| 343.300| 466.300| 217422.700| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.031| 0.009| 0.012| 155.373| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 343.300| 466.300| 217422.700| 3.900]
[BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0]
diff --git a/test/results/flow-info/default/pgm.pcap.out b/test/results/flow-info/default/pgm.pcap.out
index 9baed44bd..77dde6952 100644
--- a/test/results/flow-info/default/pgm.pcap.out
+++ b/test/results/flow-info/default/pgm.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47]
detected: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Unknown][Network][Acceptable]
analyse: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.841| 0.063| 0.156| 24250.839| 2.900]
- [PKTLEN......: 56.000| 1330.000| 189.200| 214.800| 46132.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.841| 0.063| 0.156| 24250.839| 2.900]
+ [PKTLEN......: 56.000| 1330.000| 189.200| 214.800| 46132.500| 4.500]
[BINS(c->s)..: 0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/pinterest.pcap.out b/test/results/flow-info/default/pinterest.pcap.out
index f10804089..2046e48c2 100644
--- a/test/results/flow-info/default/pinterest.pcap.out
+++ b/test/results/flow-info/default/pinterest.pcap.out
@@ -8,9 +8,9 @@
detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][www.pinterest.fr]
detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][www.pinterest.fr]
analyse: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.172| 0.013| 0.032| 1054.860| 2.700]
- [PKTLEN......: 72.000| 1120.000| 364.100| 421.400| 177613.600| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.172| 0.013| 0.032| 1054.860| 2.700]
+ [PKTLEN......: 72.000| 1120.000| 364.100| 421.400| 177613.600| 4.200]
[BINS(c->s)..: 10,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1]
@@ -46,9 +46,9 @@
new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] [MIDSTREAM]
new: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][34626] -> [.....................64:ff9b::acd9:13e2][..443] [MIDSTREAM]
analyse: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.054| 0.008| 0.015| 217.895| 3.000]
- [PKTLEN......: 72.000| 1460.000| 381.000| 486.900| 237029.200| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.054| 0.008| 0.015| 217.895| 3.000]
+ [PKTLEN......: 72.000| 1460.000| 381.000| 486.900| 237029.200| 4.100]
[BINS(c->s)..: 9,1,1,1,0,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,1,0,0,1,0]
@@ -64,9 +64,9 @@
detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com]
detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com]
analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.044| 0.009| 0.014| 192.210| 3.400]
- [PKTLEN......: 72.000| 1280.000| 251.000| 327.800| 107441.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.044| 0.009| 0.014| 192.210| 3.400]
+ [PKTLEN......: 72.000| 1280.000| 251.000| 327.800| 107441.100| 4.100]
[BINS(c->s)..: 12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1]
@@ -77,9 +77,9 @@
detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com]
new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443]
analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.133| 0.015| 0.030| 874.849| 3.100]
- [PKTLEN......: 72.000| 1280.000| 309.400| 401.100| 160869.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.133| 0.015| 0.030| 874.849| 3.100]
+ [PKTLEN......: 72.000| 1280.000| 309.400| 401.100| 160869.700| 4.100]
[BINS(c->s)..: 11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0]
@@ -90,9 +90,9 @@
detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Web][Safe][images.unsplash.com]
detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe][images.unsplash.com]
analyse: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.090| 0.014| 0.022| 502.919| 3.300]
- [PKTLEN......: 72.000| 1120.000| 300.800| 374.800| 140490.000| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.090| 0.014| 0.022| 502.919| 3.300]
+ [PKTLEN......: 72.000| 1120.000| 300.800| 374.800| 140490.000| 4.100]
[BINS(c->s)..: 11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0]
@@ -101,9 +101,9 @@
[ENTROPIES...: 4.8,5.1,5.1,4.6,5.0,6.8,4.4,5.2,5.1,6.6,7.1,5.2,5.2,7.6,6.2,5.2,5.2,6.1,6.3,7.3,5.0,5.0,5.0,7.0,6.2,5.2,5.2,5.6,5.0,7.5,6.9,5.2]
detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com]
analyse: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.050| 0.008| 0.015| 236.626| 2.900]
- [PKTLEN......: 72.000| 1460.000| 498.700| 595.900| 355070.700| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.050| 0.008| 0.015| 236.626| 2.900]
+ [PKTLEN......: 72.000| 1460.000| 498.700| 595.900| 355070.700| 4.000]
[BINS(c->s)..: 12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1]
@@ -121,9 +121,9 @@
detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com]
detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][connect.facebook.net]
analyse: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.093| 0.011| 0.022| 473.126| 3.000]
- [PKTLEN......: 72.000| 1452.000| 271.000| 368.400| 135732.300| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.093| 0.011| 0.022| 473.126| 3.000]
+ [PKTLEN......: 72.000| 1452.000| 271.000| 368.400| 135732.300| 4.100]
[BINS(c->s)..: 12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0]
@@ -142,9 +142,9 @@
RISK: Unidirectional Traffic
detection-update: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe]
analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.029| 0.002| 0.006| 41.161| 1.800]
- [PKTLEN......: 72.000| 1280.000| 738.800| 578.200| 334348.700| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.029| 0.002| 0.006| 41.161| 1.800]
+ [PKTLEN......: 72.000| 1280.000| 738.800| 578.200| 334348.700| 4.500]
[BINS(c->s)..: 7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1]
@@ -155,9 +155,9 @@
detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com]
detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com]
analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.486| 0.062| 0.261| 67965.321| 1.600]
- [PKTLEN......: 72.000| 1280.000| 238.100| 317.700| 100919.600| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 1.486| 0.062| 0.261| 67965.321| 1.600]
+ [PKTLEN......: 72.000| 1280.000| 238.100| 317.700| 100919.600| 4.100]
[BINS(c->s)..: 11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0]
@@ -165,9 +165,9 @@
[PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237]
[ENTROPIES...: 4.8,5.2,5.1,4.7,5.0,7.8,7.8,5.2,5.2,7.6,5.2,6.1,6.5,7.5,5.1,5.1,5.1,7.6,5.2,5.8,5.7,5.2,7.5,6.2,5.2,5.2,5.9,5.1,5.2,6.0,5.1,6.9]
analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.043| 0.009| 0.013| 168.080| 3.500]
- [PKTLEN......: 72.000| 1280.000| 418.800| 492.400| 242485.900| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.043| 0.009| 0.013| 168.080| 3.500]
+ [PKTLEN......: 72.000| 1280.000| 418.800| 492.400| 242485.900| 4.100]
[BINS(c->s)..: 12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0]
@@ -193,9 +193,9 @@
detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][assets.pinterest.com]
detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable][www.google-analytics.com]
analyse: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.157| 0.016| 0.035| 1243.837| 2.700]
- [PKTLEN......: 72.000| 1280.000| 413.000| 486.700| 236885.800| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.157| 0.016| 0.035| 1243.837| 2.700]
+ [PKTLEN......: 72.000| 1280.000| 413.000| 486.700| 236885.800| 4.100]
[BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0]
@@ -203,9 +203,9 @@
[PKTLENS.....: 80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72]
[ENTROPIES...: 4.9,5.3,5.1,4.6,5.1,7.8,7.8,7.5,5.1,5.1,5.2,6.1,6.6,7.3,5.0,5.1,5.1,7.6,7.5,7.8,5.1,5.1,5.1,5.8,7.8,7.9,7.8,7.9,5.1,5.2,5.1,5.2]
analyse: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.136| 0.023| 0.040| 1569.290| 3.200]
- [PKTLEN......: 72.000| 1460.000| 430.600| 544.300| 296293.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.136| 0.023| 0.040| 1569.290| 3.200]
+ [PKTLEN......: 72.000| 1460.000| 430.600| 544.300| 296293.800| 4.000]
[BINS(c->s)..: 9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1]
@@ -218,9 +218,9 @@
detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][js-agent.newrelic.com]
detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][js-agent.newrelic.com]
analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.045| 0.007| 0.012| 147.627| 3.200]
- [PKTLEN......: 72.000| 1120.000| 377.700| 441.200| 194656.500| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.045| 0.007| 0.012| 147.627| 3.200]
+ [PKTLEN......: 72.000| 1120.000| 377.700| 441.200| 194656.500| 4.100]
[BINS(c->s)..: 11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1]
diff --git a/test/results/flow-info/default/pop3.pcap.out b/test/results/flow-info/default/pop3.pcap.out
index edd53540c..4e34b48ca 100644
--- a/test/results/flow-info/default/pop3.pcap.out
+++ b/test/results/flow-info/default/pop3.pcap.out
@@ -24,9 +24,9 @@
detected: [.....6] [ip4][..tcp] [....192.168.0.4][26383] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
analyse: [.....6] [ip4][..tcp] [....192.168.0.4][26383] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.112| 0.063| 0.038| 1429.214| 4.600]
- [PKTLEN......: 40.000| 1500.000| 324.900| 545.200| 297234.100| 3.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.112| 0.063| 0.038| 1429.214| 4.600]
+ [PKTLEN......: 40.000| 1500.000| 324.900| 545.200| 297234.100| 3.500]
[BINS(c->s)..: 13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1]
diff --git a/test/results/flow-info/default/pop3_stls.pcap.out b/test/results/flow-info/default/pop3_stls.pcap.out
index 7a9c4d6be..4299af780 100644
--- a/test/results/flow-info/default/pop3_stls.pcap.out
+++ b/test/results/flow-info/default/pop3_stls.pcap.out
@@ -11,9 +11,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Unknown][Email][Safe]
RISK: Obsolete TLS (v1.1 or older), Unsafe Protocol
analyse: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Unknown][Email][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.072| 0.263| 0.525| 275477.529| 3.300]
- [PKTLEN......: 40.000| 1500.000| 234.500| 417.000| 173868.900| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.072| 0.263| 0.525| 275477.529| 3.300]
+ [PKTLEN......: 40.000| 1500.000| 234.500| 417.000| 173868.900| 3.700]
[BINS(c->s)..: 9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1]
diff --git a/test/results/flow-info/default/pps.pcap.out b/test/results/flow-info/default/pps.pcap.out
index 25b7e09fc..327cca8f9 100644
--- a/test/results/flow-info/default/pps.pcap.out
+++ b/test/results/flow-info/default/pps.pcap.out
@@ -9,9 +9,9 @@
new: [.....6] [ip4][..udp] [..192.168.115.8][22793] -> [.111.249.53.196][32443]
new: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250]
analyse: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.014| 0.003| 0.004| 16.289| 3.700]
- [PKTLEN......: 65.000| 1093.000| 386.200| 476.500| 227043.400| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.014| 0.003| 0.004| 16.289| 3.700]
+ [PKTLEN......: 65.000| 1093.000| 386.200| 476.500| 227043.400| 4.000]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1]
@@ -19,9 +19,9 @@
[PKTLENS.....: 1093,65,65,1093,1093,65,65,65,65,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65]
[ENTROPIES...: 7.8,5.1,5.1,7.8,7.8,5.2,5.1,5.2,5.1,5.2,5.2,7.8,5.1,5.1,7.8,5.2,5.2,7.8,5.1,5.1,7.8,5.2,5.2,7.8,5.1,5.1,7.6,5.2,5.2,7.8,5.2,5.2]
analyse: [.....3] [ip4][..udp] [..192.168.115.8][22793] -> [...114.42.0.158][.7716]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.013| 0.002| 0.004| 13.731| 3.800]
- [PKTLEN......: 65.000| 1093.000| 386.200| 476.500| 227043.400| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.013| 0.002| 0.004| 13.731| 3.800]
+ [PKTLEN......: 65.000| 1093.000| 386.200| 476.500| 227043.400| 4.000]
[BINS(c->s)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -30,9 +30,9 @@
[ENTROPIES...: 5.1,5.1,7.8,5.2,5.2,7.7,5.0,5.0,7.8,5.2,5.2,7.8,5.1,5.1,7.8,5.1,5.1,7.8,5.1,5.1,7.8,5.1,5.1,7.8,5.1,5.1,7.8,5.2,5.2,7.8,5.2,5.2]
new: [.....8] [ip4][..udp] [.183.228.182.44][13913] -> [..192.168.115.8][22793]
analyse: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.027| 0.009| 0.008| 71.240| 4.100]
- [PKTLEN......: 65.000| 1093.000| 386.200| 476.500| 227043.400| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.027| 0.009| 0.008| 71.240| 4.100]
+ [PKTLEN......: 65.000| 1093.000| 386.200| 476.500| 227043.400| 4.000]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,1,0,1,1,0]
@@ -42,9 +42,9 @@
new: [.....9] [ip4][..tcp] [..192.168.115.8][50462] -> [.202.108.14.236][...80] [MIDSTREAM]
new: [....10] [ip4][..tcp] [...192.168.5.15][65125] -> [.68.233.253.133][...80] [MIDSTREAM]
analyse: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.070| 0.024| 0.021| 457.568| 4.200]
- [PKTLEN......: 65.000| 1093.000| 322.000| 445.100| 198147.000| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.070| 0.024| 0.021| 457.568| 4.200]
+ [PKTLEN......: 65.000| 1093.000| 322.000| 445.100| 198147.000| 3.900]
[BINS(c->s)..: 0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0]
@@ -83,9 +83,9 @@
new: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788]
detected: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] [PPStream][Unknown][Streaming][Fun]
analyse: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.108| 0.029| 0.031| 941.853| 4.000]
- [PKTLEN......: 47.000| 1093.000| 289.300| 425.300| 180865.500| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.108| 0.029| 0.031| 941.853| 4.000]
+ [PKTLEN......: 47.000| 1093.000| 289.300| 425.300| 180865.500| 3.800]
[BINS(c->s)..: 0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1]
diff --git a/test/results/flow-info/default/psiphon3.pcap.out b/test/results/flow-info/default/psiphon3.pcap.out
index 73dfb710f..f300a8205 100644
--- a/test/results/flow-info/default/psiphon3.pcap.out
+++ b/test/results/flow-info/default/psiphon3.pcap.out
@@ -9,9 +9,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable][]
RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.046| 0.007| 0.011| 114.161| 3.600]
- [PKTLEN......: 40.000| 1500.000| 277.500| 421.900| 177964.300| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.046| 0.007| 0.011| 114.161| 3.600]
+ [PKTLEN......: 40.000| 1500.000| 277.500| 421.900| 177964.300| 3.800]
[BINS(c->s)..: 10,1,3,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/quic-28.pcap.out b/test/results/flow-info/default/quic-28.pcap.out
index 5d01558ba..570966c8d 100644
--- a/test/results/flow-info/default/quic-28.pcap.out
+++ b/test/results/flow-info/default/quic-28.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443]
detected: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC][Cloudflare][Web][Acceptable][www.wireshark.org]
analyse: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC][Cloudflare][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.021| 0.006| 0.007| 51.479| 3.900]
- [PKTLEN......: 71.000| 1228.000| 329.800| 425.600| 181138.200| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.021| 0.006| 0.007| 51.479| 3.900]
+ [PKTLEN......: 71.000| 1228.000| 329.800| 425.600| 181138.200| 4.000]
[BINS(c->s)..: 0,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,9,3,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,0,1,1,0,0,1,1,0,0,1]
diff --git a/test/results/flow-info/default/quic-mvfst-22.pcap.out b/test/results/flow-info/default/quic-mvfst-22.pcap.out
index 994ca621d..b249a2e03 100644
--- a/test/results/flow-info/default/quic-mvfst-22.pcap.out
+++ b/test/results/flow-info/default/quic-mvfst-22.pcap.out
@@ -2,9 +2,9 @@
new: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443]
detected: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com]
analyse: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][Facebook][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.091| 0.163| 0.507| 257127.612| 2.100]
- [PKTLEN......: 52.000| 1280.000| 616.500| 577.000| 332915.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 2.091| 0.163| 0.507| 257127.612| 2.100]
+ [PKTLEN......: 52.000| 1280.000| 616.500| 577.000| 332915.800| 4.300]
[BINS(c->s)..: 1,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,3,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,1,0,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,1,1,1,1]
diff --git a/test/results/flow-info/default/quic.pcap.out b/test/results/flow-info/default/quic.pcap.out
index 723f9b860..d4d6faf0c 100644
--- a/test/results/flow-info/default/quic.pcap.out
+++ b/test/results/flow-info/default/quic.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443]
detected: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Google][Email][Acceptable][mail.google.com]
analyse: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Google][Email][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.198| 0.584| 0.964| 929164.558| 3.400]
- [PKTLEN......: 47.000| 1378.000| 309.100| 382.900| 146578.800| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.198| 0.584| 0.964| 929164.558| 3.400]
+ [PKTLEN......: 47.000| 1378.000| 309.100| 382.900| 146578.800| 4.100]
[BINS(c->s)..: 0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0]
[BINS(s->c)..: 4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0]
@@ -41,9 +41,9 @@
new: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443]
detected: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Google][Media][Fun][www.youtube.com]
analyse: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Google][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.829| 0.062| 0.199| 39440.069| 2.000]
- [PKTLEN......: 61.000| 1378.000| 857.800| 620.800| 385421.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.829| 0.062| 0.199| 39440.069| 2.000]
+ [PKTLEN......: 61.000| 1378.000| 857.800| 620.800| 385421.500| 4.500]
[BINS(c->s)..: 0,8,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
[BINS(s->c)..: 0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,0,1,1,1,0,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,1,1]
diff --git a/test/results/flow-info/default/quic046.pcap.out b/test/results/flow-info/default/quic046.pcap.out
index 7d45d30c4..ed72f8cd2 100644
--- a/test/results/flow-info/default/quic046.pcap.out
+++ b/test/results/flow-info/default/quic046.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443]
detected: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Google][Media][Fun][i.ytimg.com]
analyse: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Google][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.029| 0.002| 0.006| 39.230| 2.600]
- [PKTLEN......: 48.000| 1378.000| 893.100| 591.600| 350034.900| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.029| 0.002| 0.006| 39.230| 2.600]
+ [PKTLEN......: 48.000| 1378.000| 893.100| 591.600| 350034.900| 4.600]
[BINS(c->s)..: 2,0,1,0,5,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1]
diff --git a/test/results/flow-info/default/quic_q39.pcap.out b/test/results/flow-info/default/quic_q39.pcap.out
index d0585a941..0118cb7f0 100644
--- a/test/results/flow-info/default/quic_q39.pcap.out
+++ b/test/results/flow-info/default/quic_q39.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443]
detected: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Unknown][Media][Fun][s.youtube.com]
analyse: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Unknown][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 6.515| 0.578| 1.532| 2346988.339| 2.700]
- [PKTLEN......: 46.000| 1378.000| 542.200| 603.700| 364512.400| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 6.515| 0.578| 1.532| 2346988.339| 2.700]
+ [PKTLEN......: 46.000| 1378.000| 542.200| 603.700| 364512.400| 4.100]
[BINS(c->s)..: 0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,9,0,0,0,0,0]
[BINS(s->c)..: 4,10,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,1,1,1,0]
diff --git a/test/results/flow-info/default/quickplay.pcap.out b/test/results/flow-info/default/quickplay.pcap.out
index 7870da8e6..3244ce908 100644
--- a/test/results/flow-info/default/quickplay.pcap.out
+++ b/test/results/flow-info/default/quickplay.pcap.out
@@ -50,9 +50,9 @@
detection-update: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkextshort.weixin.qq.com]
RISK: Binary App Transfer, Known Proto on Non Std Port
analyse: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [HTTP][Unknown][Streaming][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.183| 5.871| 2.460| 1.331| 1772261.736| 4.700]
- [PKTLEN......: 60.000| 1440.000| 640.400| 347.900| 121006.600| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.183| 5.871| 2.460| 1.331| 1772261.736| 4.700]
+ [PKTLEN......: 60.000| 1440.000| 640.400| 347.900| 121006.600| 4.800]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,13,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,1,2,0,0,0,0,0,2,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
diff --git a/test/results/flow-info/default/reasm_crash_anon.pcapng.out b/test/results/flow-info/default/reasm_crash_anon.pcapng.out
index 0c0b8bb38..08dd1ea64 100644
--- a/test/results/flow-info/default/reasm_crash_anon.pcapng.out
+++ b/test/results/flow-info/default/reasm_crash_anon.pcapng.out
@@ -3,9 +3,9 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [192.168.145.147][51218] -> [...10.209.8.148][21999] [MIDSTREAM]
analyse: [.....1] [ip4][..tcp] [192.168.145.147][51218] -> [...10.209.8.148][21999]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 30.166| 9.710| 14.065| 197823744.180| 3.300]
- [PKTLEN......: 52.000| 777.000| 155.000| 234.800| 55144.500| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 30.166| 9.710| 14.065| 197823744.180| 3.300]
+ [PKTLEN......: 52.000| 777.000| 155.000| 234.800| 55144.500| 4.000]
[BINS(c->s)..: 23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0]
diff --git a/test/results/flow-info/default/reasm_segv_anon.pcapng.out b/test/results/flow-info/default/reasm_segv_anon.pcapng.out
index 4d4635808..3860931c0 100644
--- a/test/results/flow-info/default/reasm_segv_anon.pcapng.out
+++ b/test/results/flow-info/default/reasm_segv_anon.pcapng.out
@@ -13,9 +13,9 @@
ERROR-EVENT: Captured packet size is smaller than expected packet size [8/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [9/16]
analyse: [.....1] [ip4][..udp] [...145.76.2.236][.2152] -> [...187.96.52.85][.2152] [GTP.GTP_U][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.859| 0.305| 0.564| 318078.976| 3.100]
- [PKTLEN......: 76.000| 1476.000| 920.200| 651.300| 424215.900| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.859| 0.305| 0.564| 318078.976| 3.100]
+ [PKTLEN......: 76.000| 1476.000| 920.200| 651.300| 424215.900| 4.500]
[BINS(c->s)..: 0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,17,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,1,0,0,0,1,1,1,0,1,1]
diff --git a/test/results/flow-info/default/reddit.pcap.out b/test/results/flow-info/default/reddit.pcap.out
index 91ed3673a..b1ea3f106 100644
--- a/test/results/flow-info/default/reddit.pcap.out
+++ b/test/results/flow-info/default/reddit.pcap.out
@@ -16,9 +16,9 @@
detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com]
detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com]
analyse: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.076| 0.013| 0.023| 533.820| 3.200]
- [PKTLEN......: 72.000| 1280.000| 281.100| 342.100| 117045.100| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.076| 0.013| 0.023| 533.820| 3.200]
+ [PKTLEN......: 72.000| 1280.000| 281.100| 342.100| 117045.100| 4.200]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0]
@@ -90,9 +90,9 @@
detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][emoji.redditmedia.com]
detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][emoji.redditmedia.com]
analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.052| 0.010| 0.019| 355.472| 2.800]
- [PKTLEN......: 72.000| 1120.000| 363.000| 422.800| 178733.300| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.052| 0.010| 0.019| 355.472| 2.800]
+ [PKTLEN......: 72.000| 1120.000| 363.000| 422.800| 178733.300| 4.100]
[BINS(c->s)..: 11,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,1,0,1]
@@ -105,9 +105,9 @@
detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][b.thumbs.redditmedia.com]
detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][b.thumbs.redditmedia.com]
analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.092| 0.011| 0.022| 490.869| 2.800]
- [PKTLEN......: 72.000| 1120.000| 363.300| 424.000| 179781.300| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.092| 0.011| 0.022| 490.869| 2.800]
+ [PKTLEN......: 72.000| 1120.000| 363.300| 424.000| 179781.300| 4.100]
[BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0]
@@ -125,9 +125,9 @@
detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable][c.amazon-adsystem.com]
detection-update: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Unknown][Web][Safe][c.aaxads.com]
analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.044| 0.008| 0.014| 200.596| 3.100]
- [PKTLEN......: 72.000| 1280.000| 422.500| 490.000| 240053.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.044| 0.008| 0.014| 200.596| 3.100]
+ [PKTLEN......: 72.000| 1280.000| 422.500| 490.000| 240053.700| 4.100]
[BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1]
@@ -135,9 +135,9 @@
[PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,533,72,136,164,333,72,72,652,72,103,72,103,72,778,72,1280,72,1280,1280,72,72,1280,1280]
[ENTROPIES...: 4.8,5.3,5.1,4.6,5.2,7.8,7.8,5.2,5.2,7.6,5.2,6.2,6.5,7.2,5.1,5.1,7.6,5.2,5.8,5.2,5.9,5.2,7.7,5.2,7.8,5.2,7.8,7.8,5.2,5.2,7.8,7.8]
analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.051| 0.008| 0.015| 226.995| 3.000]
- [PKTLEN......: 72.000| 1460.000| 461.600| 586.500| 343946.100| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.051| 0.008| 0.015| 226.995| 3.000]
+ [PKTLEN......: 72.000| 1460.000| 461.600| 586.500| 343946.100| 4.000]
[BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,1,1,0,0,0,0]
@@ -157,9 +157,9 @@
detection-update: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagmanager.com]
new: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443]
analyse: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.044| 0.008| 0.014| 205.550| 3.200]
- [PKTLEN......: 72.000| 1280.000| 415.800| 486.500| 236643.500| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.044| 0.008| 0.014| 205.550| 3.200]
+ [PKTLEN......: 72.000| 1280.000| 415.800| 486.500| 236643.500| 4.100]
[BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1]
@@ -186,9 +186,9 @@
detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][syndication.twitter.com]
detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][syndication.twitter.com]
analyse: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.180| 0.021| 0.039| 1506.599| 3.300]
- [PKTLEN......: 72.000| 1460.000| 446.900| 554.600| 307585.900| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.180| 0.021| 0.039| 1506.599| 3.300]
+ [PKTLEN......: 72.000| 1460.000| 446.900| 554.600| 307585.900| 4.000]
[BINS(c->s)..: 10,1,0,2,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1]
@@ -206,9 +206,9 @@
detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable][ad.doubleclick.net]
detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AmazonAWS][Web][Safe][rules.quantcount.com]
analyse: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.043| 0.011| 0.015| 223.794| 3.600]
- [PKTLEN......: 72.000| 1460.000| 250.000| 362.600| 131502.000| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.043| 0.011| 0.015| 223.794| 3.600]
+ [PKTLEN......: 72.000| 1460.000| 250.000| 362.600| 131502.000| 4.000]
[BINS(c->s)..: 11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1]
@@ -216,9 +216,9 @@
[PKTLENS.....: 80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72]
[ENTROPIES...: 4.9,5.3,5.3,4.5,5.1,7.8,5.3,7.9,6.5,5.3,5.3,6.1,6.5,7.4,5.2,7.6,5.1,5.3,5.9,5.1,5.8,5.3,7.7,5.7,6.0,5.3,5.3,5.3,6.1,5.9,7.1,5.2]
analyse: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.217| 0.047| 0.068| 4568.099| 3.600]
- [PKTLEN......: 72.000| 1460.000| 258.400| 353.400| 124913.600| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.217| 0.047| 0.068| 4568.099| 3.600]
+ [PKTLEN......: 72.000| 1460.000| 258.400| 353.400| 124913.600| 4.100]
[BINS(c->s)..: 9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1]
@@ -234,9 +234,9 @@
detected: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Google][Advertisement][Acceptable][static.doubleclick.net]
detected: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com]
analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.051| 0.012| 0.018| 319.203| 3.500]
- [PKTLEN......: 72.000| 1280.000| 307.800| 396.400| 157103.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.051| 0.012| 0.018| 319.203| 3.500]
+ [PKTLEN......: 72.000| 1280.000| 307.800| 396.400| 157103.100| 4.100]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1]
@@ -253,9 +253,9 @@
detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com]
detected: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun][yt3.ggpht.com]
analyse: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.062| 0.009| 0.018| 308.294| 3.000]
- [PKTLEN......: 72.000| 1280.000| 412.800| 483.300| 233579.900| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.062| 0.009| 0.018| 308.294| 3.000]
+ [PKTLEN......: 72.000| 1280.000| 412.800| 483.300| 233579.900| 4.100]
[BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,0,1,1]
@@ -268,9 +268,9 @@
detection-update: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com]
detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com]
analyse: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.069| 0.011| 0.023| 518.376| 2.800]
- [PKTLEN......: 72.000| 1280.000| 385.700| 459.200| 210886.500| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.069| 0.011| 0.023| 518.376| 2.800]
+ [PKTLEN......: 72.000| 1280.000| 385.700| 459.200| 210886.500| 4.100]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1]
@@ -282,9 +282,9 @@
detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][gateway.reddit.com]
detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][gateway.reddit.com]
analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.144| 0.016| 0.036| 1331.147| 2.700]
- [PKTLEN......: 72.000| 1120.000| 263.200| 320.800| 102914.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.144| 0.016| 0.036| 1331.147| 2.700]
+ [PKTLEN......: 72.000| 1120.000| 263.200| 320.800| 102914.800| 4.200]
[BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,1,1,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1]
@@ -306,9 +306,9 @@
detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Unknown][Web][Acceptable][aax-eu.amazon-adsystem.com]
detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Unknown][Web][Acceptable][aax-eu.amazon-adsystem.com]
analyse: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.046| 0.008| 0.012| 155.374| 3.400]
- [PKTLEN......: 72.000| 1280.000| 280.100| 371.700| 138197.800| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.046| 0.008| 0.012| 155.374| 3.400]
+ [PKTLEN......: 72.000| 1280.000| 280.100| 371.700| 138197.800| 4.100]
[BINS(c->s)..: 12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1]
@@ -316,9 +316,9 @@
[PKTLENS.....: 80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72]
[ENTROPIES...: 4.8,5.3,5.2,4.6,5.1,7.8,7.8,7.8,7.0,5.2,5.2,5.2,5.2,6.3,6.6,7.3,5.1,5.1,5.1,7.6,5.7,5.3,5.3,5.9,7.7,7.6,5.9,5.2,5.2,5.2,6.0,5.0]
analyse: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.034| 0.007| 0.011| 127.134| 3.400]
- [PKTLEN......: 72.000| 1280.000| 323.800| 408.200| 166632.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.034| 0.007| 0.011| 127.134| 3.400]
+ [PKTLEN......: 72.000| 1280.000| 323.800| 408.200| 166632.700| 4.100]
[BINS(c->s)..: 13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0]
@@ -357,9 +357,9 @@
detection-update: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com]
detection-update: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com]
analyse: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.046| 0.009| 0.014| 200.064| 3.400]
- [PKTLEN......: 72.000| 1280.000| 320.900| 398.400| 158685.900| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.046| 0.009| 0.014| 200.064| 3.400]
+ [PKTLEN......: 72.000| 1280.000| 320.900| 398.400| 158685.900| 4.100]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1]
@@ -367,9 +367,9 @@
[PKTLENS.....: 80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280]
[ENTROPIES...: 4.9,5.3,5.2,4.6,5.1,7.8,7.9,7.2,5.2,5.2,5.1,6.1,6.5,7.4,7.3,5.0,7.7,5.2,5.8,5.1,5.8,5.0,5.0,5.1,7.6,7.4,6.7,5.2,5.2,5.1,7.8,7.8]
analyse: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.044| 0.010| 0.013| 181.589| 3.600]
- [PKTLEN......: 72.000| 1280.000| 270.100| 336.600| 113301.500| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.044| 0.010| 0.013| 181.589| 3.600]
+ [PKTLEN......: 72.000| 1280.000| 270.100| 336.600| 113301.500| 4.200]
[BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1]
diff --git a/test/results/flow-info/default/roblox.pcapng.out b/test/results/flow-info/default/roblox.pcapng.out
index c6c89746f..1c0b2706b 100644
--- a/test/results/flow-info/default/roblox.pcapng.out
+++ b/test/results/flow-info/default/roblox.pcapng.out
@@ -7,9 +7,9 @@
detected: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] [TLS.Roblox][Roblox][Game][Fun][assetgame.roblox.com]
detection-update: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] [TLS.Roblox][Roblox][Game][Fun][assetgame.roblox.com]
analyse: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] [TLS.Roblox][Roblox][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.786| 0.747| 2.538| 6441959.162| 1.700]
- [PKTLEN......: 40.000| 1500.000| 357.700| 487.700| 237869.300| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 10.786| 0.747| 2.538| 6441959.162| 1.700]
+ [PKTLEN......: 40.000| 1500.000| 357.700| 487.700| 237869.300| 3.900]
[BINS(c->s)..: 13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0,0,1]
diff --git a/test/results/flow-info/default/rtsp.pcap.out b/test/results/flow-info/default/rtsp.pcap.out
index 3d1ac6712..49ea21ac9 100644
--- a/test/results/flow-info/default/rtsp.pcap.out
+++ b/test/results/flow-info/default/rtsp.pcap.out
@@ -8,9 +8,9 @@
detected: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.021| 0.002| 0.006| 34.529| 2.200]
- [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.021| 0.002| 0.006| 34.529| 2.200]
+ [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
@@ -21,9 +21,9 @@
detected: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.021| 0.002| 0.005| 29.923| 2.200]
- [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.021| 0.002| 0.005| 29.923| 2.200]
+ [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
@@ -34,9 +34,9 @@
detected: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.021| 0.002| 0.005| 26.106| 2.200]
- [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.021| 0.002| 0.005| 26.106| 2.200]
+ [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
@@ -47,9 +47,9 @@
detected: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.505| 0.033| 0.124| 15344.430| 1.200]
- [PKTLEN......: 40.000| 165.000| 76.300| 48.800| 2380.700| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.505| 0.033| 0.124| 15344.430| 1.200]
+ [PKTLEN......: 40.000| 165.000| 76.300| 48.800| 2380.700| 4.700]
[BINS(c->s)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
@@ -62,9 +62,9 @@
detected: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.024| 0.002| 0.006| 34.195| 2.400]
- [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.024| 0.002| 0.006| 34.195| 2.400]
+ [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
@@ -77,9 +77,9 @@
detected: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] [RTSP][Unknown][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.021| 0.002| 0.005| 26.978| 2.200]
- [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.021| 0.002| 0.005| 26.978| 2.200]
+ [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
diff --git a/test/results/flow-info/default/rx.pcap.out b/test/results/flow-info/default/rx.pcap.out
index 93f040347..292fdb73d 100644
--- a/test/results/flow-info/default/rx.pcap.out
+++ b/test/results/flow-info/default/rx.pcap.out
@@ -12,9 +12,9 @@
new: [.....5] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.124][.7000]
detected: [.....5] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.124][.7000] [RX][Unknown][RPC][Acceptable]
analyse: [.....4] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.241][.7000] [RX][Unknown][RPC][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.105| 0.029| 0.034| 1128.030| 4.000]
- [PKTLEN......: 56.000| 768.000| 162.700| 165.900| 27529.200| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.105| 0.029| 0.034| 1128.030| 4.000]
+ [PKTLEN......: 56.000| 768.000| 162.700| 165.900| 27529.200| 4.500]
[BINS(c->s)..: 1,4,7,0,1,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,6,5,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1]
diff --git a/test/results/flow-info/default/s7comm.pcap.out b/test/results/flow-info/default/s7comm.pcap.out
index 44758355b..456007b46 100644
--- a/test/results/flow-info/default/s7comm.pcap.out
+++ b/test/results/flow-info/default/s7comm.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [MIDSTREAM]
detected: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Unknown][Network][Acceptable]
analyse: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.009| 0.005| 0.003| 11.033| 4.500]
- [PKTLEN......: 47.000| 261.000| 77.200| 40.300| 1625.500| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.009| 0.005| 0.003| 11.033| 4.500]
+ [PKTLEN......: 47.000| 261.000| 77.200| 40.300| 1625.500| 4.900]
[BINS(c->s)..: 17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,5,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0]
diff --git a/test/results/flow-info/default/safari.pcap.out b/test/results/flow-info/default/safari.pcap.out
index 71fe08b20..ad29f2403 100644
--- a/test/results/flow-info/default/safari.pcap.out
+++ b/test/results/flow-info/default/safari.pcap.out
@@ -31,9 +31,9 @@
detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Unknown][Web][Safe][www.iit.cnr.it]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.119| 0.018| 0.029| 823.374| 3.500]
- [PKTLEN......: 52.000| 1492.000| 618.000| 660.500| 436248.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.119| 0.018| 0.029| 823.374| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 618.000| 660.500| 436248.100| 4.100]
[BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,0,0,1,1]
diff --git a/test/results/flow-info/default/signal.pcap.out b/test/results/flow-info/default/signal.pcap.out
index 5c5565465..f570cceff 100644
--- a/test/results/flow-info/default/signal.pcap.out
+++ b/test/results/flow-info/default/signal.pcap.out
@@ -19,9 +19,9 @@
detected: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Fun][textsecure-service.whispersystems.org]
detected: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][AmazonAWS][Chat][Fun][textsecure-service.whispersystems.org]
analyse: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.052| 0.012| 0.020| 399.390| 3.200]
- [PKTLEN......: 52.000| 1492.000| 413.300| 522.500| 272968.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.052| 0.012| 0.020| 399.390| 3.200]
+ [PKTLEN......: 52.000| 1492.000| 413.300| 522.500| 272968.600| 4.000]
[BINS(c->s)..: 10,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,1]
@@ -62,9 +62,9 @@
detected: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Fun][textsecure-service.whispersystems.org]
detected: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Fun][textsecure-service.whispersystems.org]
analyse: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.101| 0.015| 0.025| 625.062| 3.300]
- [PKTLEN......: 52.000| 1492.000| 431.700| 520.400| 270842.400| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.101| 0.015| 0.025| 625.062| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 431.700| 520.400| 270842.400| 4.100]
[BINS(c->s)..: 9,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1]
@@ -86,9 +86,9 @@
detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Fun][textsecure-service.whispersystems.org]
detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Fun][textsecure-service.whispersystems.org]
analyse: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.115| 0.033| 0.050| 2490.513| 3.300]
- [PKTLEN......: 52.000| 1492.000| 519.200| 606.200| 367455.800| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.115| 0.033| 0.050| 2490.513| 3.300]
+ [PKTLEN......: 52.000| 1492.000| 519.200| 606.200| 367455.800| 4.100]
[BINS(c->s)..: 4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
[BINS(s->c)..: 7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1]
@@ -105,9 +105,9 @@
detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Fun][cdn.signal.org]
detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Fun][cdn.signal.org]
analyse: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.043| 0.012| 0.016| 257.340| 3.700]
- [PKTLEN......: 52.000| 1492.000| 498.200| 608.000| 369644.200| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.043| 0.012| 0.016| 257.340| 3.700]
+ [PKTLEN......: 52.000| 1492.000| 498.200| 608.000| 369644.200| 4.000]
[BINS(c->s)..: 5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
[BINS(s->c)..: 7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1]
diff --git a/test/results/flow-info/default/simple-dnscrypt.pcap.out b/test/results/flow-info/default/simple-dnscrypt.pcap.out
index 00637ed60..1dfe2adab 100644
--- a/test/results/flow-info/default/simple-dnscrypt.pcap.out
+++ b/test/results/flow-info/default/simple-dnscrypt.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS][Unknown][Web][Safe][simplednscrypt.org]
detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable][simplednscrypt.org]
analyse: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.222| 0.042| 0.052| 2741.004| 3.900]
- [PKTLEN......: 40.000| 1350.000| 383.400| 516.900| 267229.700| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.222| 0.042| 0.052| 2741.004| 3.900]
+ [PKTLEN......: 40.000| 1350.000| 383.400| 516.900| 267229.700| 3.900]
[BINS(c->s)..: 7,4,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1]
@@ -29,9 +29,9 @@
detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable][simplednscrypt.org]
detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable][simplednscrypt.org]
analyse: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.106| 0.025| 0.036| 1289.953| 3.600]
- [PKTLEN......: 40.000| 1350.000| 319.100| 456.800| 208637.000| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.106| 0.025| 0.036| 1289.953| 3.600]
+ [PKTLEN......: 40.000| 1350.000| 319.100| 456.800| 208637.000| 3.900]
[BINS(c->s)..: 7,4,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,0,1,1,1,0]
diff --git a/test/results/flow-info/default/sip.pcap.out b/test/results/flow-info/default/sip.pcap.out
index ce8ac34a8..f5d249ce5 100644
--- a/test/results/flow-info/default/sip.pcap.out
+++ b/test/results/flow-info/default/sip.pcap.out
@@ -19,9 +19,9 @@
update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable]
update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable]
analyse: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.026| 279.042| 42.751| 57.874| 3349363405.357| 4.000]
- [PKTLEN......: 33.000| 853.000| 415.300| 273.000| 74531.700| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.026| 279.042| 42.751| 57.874| 3349363405.357| 4.000]
+ [PKTLEN......: 33.000| 853.000| 415.300| 273.000| 74531.700| 4.600]
[BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0]
diff --git a/test/results/flow-info/default/sites.pcapng.out b/test/results/flow-info/default/sites.pcapng.out
index 9c42fd3d2..53efbbef8 100644
--- a/test/results/flow-info/default/sites.pcapng.out
+++ b/test/results/flow-info/default/sites.pcapng.out
@@ -23,9 +23,9 @@
detected: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Unknown][Web][Safe][upload.wikimedia.org]
detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Unknown][Web][Safe][upload.wikimedia.org]
analyse: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.053| 0.010| 0.020| 390.951| 2.800]
- [PKTLEN......: 52.000| 1500.000| 599.800| 646.400| 417856.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.053| 0.010| 0.020| 390.951| 2.800]
+ [PKTLEN......: 52.000| 1500.000| 599.800| 646.400| 417856.700| 4.100]
[BINS(c->s)..: 10,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0]
@@ -39,9 +39,9 @@
new: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80]
detected: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][Unknown][SocialNetwork][Fun][videosnap.like.video]
analyse: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.031| 0.071| 0.245| 60093.178| 1.600]
- [PKTLEN......: 46.000| 1500.000| 645.100| 701.200| 491744.000| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 1.031| 0.071| 0.245| 60093.178| 1.600]
+ [PKTLEN......: 46.000| 1500.000| 645.100| 701.200| 491744.000| 4.000]
[BINS(c->s)..: 15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0]
diff --git a/test/results/flow-info/default/skinny.pcap.out b/test/results/flow-info/default/skinny.pcap.out
index 987c76adc..076d97d36 100644
--- a/test/results/flow-info/default/skinny.pcap.out
+++ b/test/results/flow-info/default/skinny.pcap.out
@@ -6,9 +6,9 @@
new: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [MIDSTREAM]
detected: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [CiscoSkinny][Unknown][VoIP][Acceptable]
analyse: [.....1] [ip4][..tcp] [.192.168.195.58][49399] -> [.192.168.193.12][.2000] [CiscoSkinny][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.610| 0.245| 0.877| 769437.794| 1.500]
- [PKTLEN......: 46.000| 364.000| 100.200| 74.300| 5521.700| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.610| 0.245| 0.877| 769437.794| 1.500]
+ [PKTLEN......: 46.000| 364.000| 100.200| 74.300| 5521.700| 4.700]
[BINS(c->s)..: 9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,2,0,0,5,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,0,1,1,1,1,0,1,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,0,1,0]
@@ -26,9 +26,9 @@
detected: [.....6] [ip4][..udp] [.192.168.195.58][32152] -> [.192.168.193.24][.9396] [RTP][Unknown][Media][Acceptable]
detected: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] [RTP][Unknown][Media][Acceptable]
analyse: [.....4] [ip4][..udp] [.192.168.195.58][32144] -> [.192.168.195.50][17718] [RTP][Unknown][Media][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.026| 0.010| 0.010| 104.356| 3.900]
- [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.026| 0.010| 0.010| 104.356| 3.900]
+ [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0]
@@ -36,9 +36,9 @@
[PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200]
[ENTROPIES...: 4.2,4.2,4.8,4.8,4.4,4.4,5.1,5.1,4.4,4.4,4.9,4.9,5.5,5.5,5.1,5.1,5.2,5.2,5.1,5.1,5.3,5.3,5.2,5.2,5.6,5.6,5.8,5.8,5.2,5.2,5.2,5.2]
analyse: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] [RTP][Unknown][Media][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 5.000]
- [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.020| 0.020| 0.020|< 0.001| 0.001| 5.000]
+ [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -46,9 +46,9 @@
[PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200]
[ENTROPIES...: 4.3,4.8,5.1,4.9,5.1,5.1,5.2,5.9,5.3,4.8,5.1,5.2,4.8,4.8,4.9,4.7,4.5,4.6,4.6,4.5,4.5,4.3,4.4,4.6,4.4,4.4,4.5,4.8,4.7,4.8,3.9,4.3]
analyse: [.....5] [ip4][..udp] [.192.168.195.50][17726] -> [.192.168.193.24][.9399] [RTP][Unknown][Media][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 5.000]
- [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.020| 0.020| 0.020|< 0.001|< 0.001| 5.000]
+ [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -56,9 +56,9 @@
[PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200]
[ENTROPIES...: 4.4,4.4,5.6,5.2,5.4,5.6,5.3,5.1,4.8,4.5,4.8,4.4,4.1,3.9,3.8,3.3,3.4,3.4,3.6,4.3,4.6,4.8,4.8,4.6,4.4,6.2,4.9,6.3,6.5,6.2,6.5,6.5]
analyse: [.....6] [ip4][..udp] [.192.168.195.58][32152] -> [.192.168.193.24][.9396] [RTP][Unknown][Media][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.019| 0.021| 0.020| 0.000| 0.020| 5.000]
- [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.019| 0.021| 0.020|< 0.001| 0.020| 5.000]
+ [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -66,9 +66,9 @@
[PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200]
[ENTROPIES...: 4.4,4.4,5.6,5.2,5.4,5.7,5.3,5.1,4.8,4.4,4.8,4.4,4.1,3.8,3.8,3.2,3.4,3.4,3.5,4.3,4.6,4.8,4.8,4.5,4.4,6.2,4.9,6.4,6.4,6.2,6.5,6.5]
analyse: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] [RTP][Unknown][Media][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 5.000]
- [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.020| 0.020| 0.020|< 0.001| 0.001| 5.000]
+ [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -78,9 +78,9 @@
new: [.....8] [ip4][..tcp] [.192.168.195.58][50917] -> [.....10.16.2.25][.2000] [MIDSTREAM]
detected: [.....8] [ip4][..tcp] [.192.168.195.58][50917] -> [.....10.16.2.25][.2000] [CiscoSkinny][Unknown][VoIP][Acceptable]
analyse: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [CiscoSkinny][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 7.046| 0.705| 1.877| 3523893.789| 2.200]
- [PKTLEN......: 46.000| 532.000| 96.900| 93.800| 8793.000| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 7.046| 0.705| 1.877| 3523893.789| 2.200]
+ [PKTLEN......: 46.000| 532.000| 96.900| 93.800| 8793.000| 4.600]
[BINS(c->s)..: 10,2,0,0,4,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,0,1,1,1,0,0,0,0,1,0,1,0,0,1,0,1,1,0,1,1,1,0,1,0,0,0,0,1]
diff --git a/test/results/flow-info/default/skype-conference-call.pcap.out b/test/results/flow-info/default/skype-conference-call.pcap.out
index 2f58f6218..9397f5c52 100644
--- a/test/results/flow-info/default/skype-conference-call.pcap.out
+++ b/test/results/flow-info/default/skype-conference-call.pcap.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.100| 0.011| 0.022| 503.840| 3.000]
- [PKTLEN......: 63.000| 943.000| 285.500| 317.000| 100457.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.100| 0.011| 0.022| 503.840| 3.000]
+ [PKTLEN......: 63.000| 943.000| 285.500| 317.000| 100457.800| 4.300]
[BINS(c->s)..: 0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/skype.pcap.out b/test/results/flow-info/default/skype.pcap.out
index 5201b8cbc..986aa14d8 100644
--- a/test/results/flow-info/default/skype.pcap.out
+++ b/test/results/flow-info/default/skype.pcap.out
@@ -65,9 +65,9 @@
detection-update: [....13] [ip4][..udp] [...192.168.1.34][49990] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][335.0.7.7.3.rst6.r.skype.net]
RISK: Unidirectional Traffic
analyse: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS.Skype_Teams][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.301| 0.083| 0.084| 7113.901| 4.200]
- [PKTLEN......: 52.000| 1492.000| 357.800| 468.900| 219872.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.301| 0.083| 0.084| 7113.901| 4.200]
+ [PKTLEN......: 52.000| 1492.000| 357.800| 468.900| 219872.600| 4.000]
[BINS(c->s)..: 10,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,1,0,0,0,1,0,1,1,0]
@@ -500,9 +500,9 @@
new: [...225] [ip4][..tcp] [...192.168.1.34][50102] -> [...65.55.223.15][..443]
new: [...226] [ip4][..tcp] [...192.168.1.34][50103] -> [....64.4.23.166][..443]
analyse: [....22] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.015| 19.851| 1.938| 5.863| 34377878.733| 1.700]
- [PKTLEN......: 313.000| 391.000| 358.000| 29.200| 851.500| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.015| 19.851| 1.938| 5.863| 34377878.733| 1.700]
+ [PKTLEN......: 313.000| 391.000| 358.000| 29.200| 851.500| 5.000]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,3,10,6,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -576,9 +576,9 @@
detection-update: [...230] [ip4][..udp] [...192.168.1.34][54067] -> [....192.168.1.1][.5351] [NAT-PMP][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
analyse: [...227] [ip4][..tcp] [...192.168.1.34][50108] -> [...157.56.52.28][40009]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.965| 0.176| 0.204| 41803.604| 4.200]
- [PKTLEN......: 52.000| 1492.000| 164.600| 286.000| 81813.500| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.965| 0.176| 0.204| 41803.604| 4.200]
+ [PKTLEN......: 52.000| 1492.000| 164.600| 286.000| 81813.500| 3.900]
[BINS(c->s)..: 10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,1]
@@ -614,9 +614,9 @@
new: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639]
new: [...252] [ip4][..tcp] [...192.168.1.34][50122] -> [..81.133.19.185][44431]
analyse: [...250] [ip4][..tcp] [...192.168.1.34][50119] -> [....86.31.35.30][59621]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.200| 0.063| 0.061| 3703.968| 4.200]
- [PKTLEN......: 52.000| 1235.000| 159.800| 252.000| 63524.500| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.200| 0.063| 0.061| 3703.968| 4.200]
+ [PKTLEN......: 52.000| 1235.000| 159.800| 252.000| 63524.500| 4.000]
[BINS(c->s)..: 14,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,1,1,1,0,0,0,1,1,0,0]
@@ -641,9 +641,9 @@
RISK: TLS (probably) Not Carrying HTTPS
new: [...261] [ip4][..tcp] [...192.168.1.34][50129] -> [.91.190.218.125][12350]
analyse: [...260] [ip4][..tcp] [...192.168.1.34][50128] -> [..17.172.100.36][..443] [TLS.AppleiCloud][Apple][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.605| 0.068| 0.136| 18472.737| 3.000]
- [PKTLEN......: 40.000| 1480.000| 234.900| 350.900| 123149.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.605| 0.068| 0.136| 18472.737| 3.000]
+ [PKTLEN......: 40.000| 1480.000| 234.900| 350.900| 123149.100| 3.900]
[BINS(c->s)..: 9,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,3,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1]
@@ -691,9 +691,9 @@
new: [...263] [ip4][..udp] [...192.168.1.34][56387] -> [....192.168.1.1][...53]
detected: [...263] [ip4][..udp] [...192.168.1.34][56387] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][335.0.7.7.3.rst5.r.skype.net]
analyse: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.782| 0.325| 0.510| 259840.393| 3.600]
- [PKTLEN......: 52.000| 1176.000| 143.300| 243.100| 59118.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.782| 0.325| 0.510| 259840.393| 3.600]
+ [PKTLEN......: 52.000| 1176.000| 143.300| 243.100| 59118.200| 3.900]
[BINS(c->s)..: 14,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,1,0]
@@ -816,9 +816,9 @@
RISK: Unidirectional Traffic
update: [...206] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.145][40027] [Skype_Teams.Skype_TeamsCall][Unknown][VoIP][Acceptable]
analyse: [...248] [ip4][..tcp] [...192.168.1.34][50117] -> [...71.238.7.203][18767]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 25.524| 1.927| 6.197| 38401982.071| 2.000]
- [PKTLEN......: 52.000| 1076.000| 142.500| 232.300| 53983.100| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 25.524| 1.927| 6.197| 38401982.071| 2.000]
+ [PKTLEN......: 52.000| 1076.000| 142.500| 232.300| 53983.100| 4.000]
[BINS(c->s)..: 14,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,1,0]
@@ -1105,9 +1105,9 @@
update: [....25] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.155][40020] [Skype_Teams.Skype_TeamsCall][Unknown][VoIP][Acceptable]
update: [....32] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.235.176][40022] [Skype_Teams.Skype_TeamsCall][Unknown][VoIP][Acceptable]
analyse: [...283] [ip4][..tcp] [...192.168.1.34][50138] -> [...71.238.7.203][18767]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 30.126| 1.349| 5.301| 28102044.418| 1.900]
- [PKTLEN......: 52.000| 1076.000| 141.400| 232.500| 54056.900| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 30.126| 1.349| 5.301| 28102044.418| 1.900]
+ [PKTLEN......: 52.000| 1076.000| 141.400| 232.500| 54056.900| 4.000]
[BINS(c->s)..: 15,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,0,1,1,0,1,0,0]
diff --git a/test/results/flow-info/default/skype_no_unknown.pcap.out b/test/results/flow-info/default/skype_no_unknown.pcap.out
index 3e75b6649..07b6342b5 100644
--- a/test/results/flow-info/default/skype_no_unknown.pcap.out
+++ b/test/results/flow-info/default/skype_no_unknown.pcap.out
@@ -66,9 +66,9 @@
detected: [....19] [ip4][..tcp] [.17.143.160.149][.5223] -> [...192.168.1.34][50407] [TLS][Apple][Web][Safe]
RISK: Known Proto on Non Std Port
analyse: [....13] [ip4][..tcp] [...192.168.1.34][51230] -> [.157.56.126.211][..443] [TLS.Skype_Teams][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.302| 0.085| 0.091| 8331.101| 4.100]
- [PKTLEN......: 52.000| 1492.000| 357.800| 468.900| 219872.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.302| 0.085| 0.091| 8331.101| 4.100]
+ [PKTLEN......: 52.000| 1492.000| 357.800| 468.900| 219872.600| 4.000]
[BINS(c->s)..: 9,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,1]
@@ -92,9 +92,9 @@
detection-update: [....20] [ip4][..udp] [...192.168.1.34][50055] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][pipe.prd.skypedata.akadns.net]
RISK: Unidirectional Traffic
analyse: [....23] [ip4][..tcp] [...192.168.1.34][51227] -> [..17.172.100.36][..443] [TLS][Apple][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.077| 0.148| 0.323| 104108.532| 2.700]
- [PKTLEN......: 40.000| 666.000| 224.900| 252.700| 63877.700| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 1.077| 0.148| 0.323| 104108.532| 2.700]
+ [PKTLEN......: 40.000| 666.000| 224.900| 252.700| 63877.700| 4.200]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,3,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0]
@@ -522,9 +522,9 @@
RISK: Unidirectional Traffic
new: [...228] [ip4][..tcp] [...192.168.1.34][51285] -> [.91.190.218.125][12350]
analyse: [...210] [ip4][..tcp] [...192.168.1.34][51279] -> [..111.221.74.48][40008]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.297| 0.245| 0.278| 77244.252| 4.100]
- [PKTLEN......: 52.000| 1492.000| 166.600| 288.600| 83264.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.297| 0.245| 0.278| 77244.252| 4.100]
+ [PKTLEN......: 52.000| 1492.000| 166.600| 288.600| 83264.900| 3.900]
[BINS(c->s)..: 11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0]
@@ -589,9 +589,9 @@
new: [...251] [ip4][..tcp] [...192.168.1.34][51302] -> [.91.190.216.125][..443]
new: [...252] [ip4][..tcp] [...192.168.1.34][51303] -> [...80.121.84.93][62381]
analyse: [...242] [ip4][..tcp] [...192.168.1.34][51294] -> [...81.83.77.141][17639]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.004| 0.281| 0.501| 251090.993| 3.500]
- [PKTLEN......: 52.000| 1176.000| 143.200| 243.000| 59065.600| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.004| 0.281| 0.501| 251090.993| 3.500]
+ [PKTLEN......: 52.000| 1176.000| 143.200| 243.000| 59065.600| 3.900]
[BINS(c->s)..: 13,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1]
@@ -677,9 +677,9 @@
new: [...266] [ip4][..udp] [...192.168.1.34][13021] -> [..133.236.67.25][49195]
detected: [...266] [ip4][..udp] [...192.168.1.34][13021] -> [..133.236.67.25][49195] [Skype_Teams.Skype_TeamsCall][Unknown][VoIP][Acceptable]
analyse: [....49] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 19.857| 1.935| 5.865| 34398418.239| 1.700]
- [PKTLEN......: 313.000| 391.000| 356.700| 29.100| 844.300| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 19.857| 1.935| 5.865| 34398418.239| 1.700]
+ [PKTLEN......: 313.000| 391.000| 356.700| 29.100| 844.300| 5.000]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,4,9,7,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/smb_deletefile.pcap.out b/test/results/flow-info/default/smb_deletefile.pcap.out
index e5a73608b..8d42bf982 100644
--- a/test/results/flow-info/default/smb_deletefile.pcap.out
+++ b/test/results/flow-info/default/smb_deletefile.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [MIDSTREAM]
detected: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][Unknown][System][Acceptable][]
analyse: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][Unknown][System][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.158| 0.143| 0.529| 280112.169| 1.200]
- [PKTLEN......: 40.000| 540.000| 252.600| 190.900| 36432.900| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.158| 0.143| 0.529| 280112.169| 1.200]
+ [PKTLEN......: 40.000| 540.000| 252.600| 190.900| 36432.900| 4.500]
[BINS(c->s)..: 10,0,0,2,0,0,0,1,0,0,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,1,2,0,0,0,0,0,1,0,1,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1]
diff --git a/test/results/flow-info/default/smtp-starttls.pcap.out b/test/results/flow-info/default/smtp-starttls.pcap.out
index a15a625ff..46240223a 100644
--- a/test/results/flow-info/default/smtp-starttls.pcap.out
+++ b/test/results/flow-info/default/smtp-starttls.pcap.out
@@ -11,9 +11,9 @@
detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Google][Email][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
analyse: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Google][Email][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.157| 0.030| 0.035| 1204.841| 4.200]
- [PKTLEN......: 52.000| 1470.000| 240.300| 368.100| 135468.500| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.157| 0.030| 0.035| 1204.841| 4.200]
+ [PKTLEN......: 52.000| 1470.000| 240.300| 368.100| 135468.500| 4.000]
[BINS(c->s)..: 9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1]
@@ -29,9 +29,9 @@
detection-update: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Unknown][Email][Safe]
RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, TLS Susp Extn
analyse: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Unknown][Email][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.203| 0.019| 0.049| 2372.381| 2.800]
- [PKTLEN......: 60.000| 1200.000| 180.500| 257.100| 66086.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.203| 0.019| 0.049| 2372.381| 2.800]
+ [PKTLEN......: 60.000| 1200.000| 180.500| 257.100| 66086.800| 4.200]
[BINS(c->s)..: 7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0]
diff --git a/test/results/flow-info/default/smtp.pcap.out b/test/results/flow-info/default/smtp.pcap.out
index 954c37560..6ff458601 100644
--- a/test/results/flow-info/default/smtp.pcap.out
+++ b/test/results/flow-info/default/smtp.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25]
detected: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Unknown][Email][Acceptable][pigeon.eyrie.af.mil]
analyse: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Unknown][Email][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.055| 0.006| 0.012| 143.094| 3.200]
- [PKTLEN......: 46.000| 124.000| 73.600| 15.200| 230.100| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.055| 0.006| 0.012| 143.094| 3.200]
+ [PKTLEN......: 46.000| 124.000| 73.600| 15.200| 230.100| 5.000]
[BINS(c->s)..: 5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/snapchat_call.pcapng.out b/test/results/flow-info/default/snapchat_call.pcapng.out
index b54683abf..f5be6eec3 100644
--- a/test/results/flow-info/default/snapchat_call.pcapng.out
+++ b/test/results/flow-info/default/snapchat_call.pcapng.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable]
RISK: Missing SNI TLS Extn
analyse: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.447| 0.221| 0.397| 157833.134| 3.200]
- [PKTLEN......: 48.000| 1378.000| 331.900| 468.500| 219532.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.447| 0.221| 0.397| 157833.134| 3.200]
+ [PKTLEN......: 48.000| 1378.000| 331.900| 468.500| 219532.900| 3.900]
[BINS(c->s)..: 4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
[BINS(s->c)..: 4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1]
diff --git a/test/results/flow-info/default/snapchat_call_v1.pcapng.out b/test/results/flow-info/default/snapchat_call_v1.pcapng.out
index f5d8bc752..0c4f7e09e 100644
--- a/test/results/flow-info/default/snapchat_call_v1.pcapng.out
+++ b/test/results/flow-info/default/snapchat_call_v1.pcapng.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.Snapchat][AmazonAWS][SocialNetwork][Fun][str1-euwest1-34-246-231-140.addlive.io]
detection-update: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable][str1-euwest1-34-246-231-140.addlive.io]
analyse: [.....1] [ip4][..udp] [.192.168.12.169][47520] -> [.34.246.231.140][..443] [QUIC.SnapchatCall][AmazonAWS][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.284| 0.040| 0.070| 4893.651| 3.500]
- [PKTLEN......: 53.000| 1228.000| 476.600| 428.300| 183471.500| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.284| 0.040| 0.070| 4893.651| 3.500]
+ [PKTLEN......: 53.000| 1228.000| 476.600| 428.300| 183471.500| 4.400]
[BINS(c->s)..: 0,6,1,0,0,1,0,0,0,0,0,0,0,0,0,6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,1,2,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,0,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,0,0]
diff --git a/test/results/flow-info/default/softether.pcap.out b/test/results/flow-info/default/softether.pcap.out
index cec8edd93..1cadc7830 100644
--- a/test/results/flow-info/default/softether.pcap.out
+++ b/test/results/flow-info/default/softether.pcap.out
@@ -71,9 +71,9 @@
DAEMON-EVENT: [Processed: 130 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 29]
analyse: [.....6] [ip4][..udp] [..192.168.2.100][51381] -> [..130.158.6.113][.5004] [Softether][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.257|143300.001| 9319.382| 0.000| 0.000| 1.100]
- [PKTLEN......: 29.000| 508.000| 90.300| 132.500| 17556.200| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.257| 143300.001| 9319.382| 0.000| 0.000| 1.100]
+ [PKTLEN......: 29.000| 508.000| 90.300| 132.500| 17556.200| 4.100]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1]
diff --git a/test/results/flow-info/default/ssh.pcap.out b/test/results/flow-info/default/ssh.pcap.out
index 17732fb82..cfe50d010 100644
--- a/test/results/flow-info/default/ssh.pcap.out
+++ b/test/results/flow-info/default/ssh.pcap.out
@@ -13,9 +13,9 @@
detection-update: [.....1] [ip4][..tcp] [...172.16.238.1][58395] -> [.172.16.238.168][...22] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher
analyse: [.....1] [ip4][..tcp] [...172.16.238.1][58395] -> [.172.16.238.168][...22] [SSH][Unknown][RemoteAccess][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.907| 0.395| 0.889| 789856.780| 2.500]
- [PKTLEN......: 52.000| 956.000| 158.700| 230.100| 52961.800| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.907| 0.395| 0.889| 789856.780| 2.500]
+ [PKTLEN......: 52.000| 956.000| 158.700| 230.100| 52961.800| 4.100]
[BINS(c->s)..: 12,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,1,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0]
diff --git a/test/results/flow-info/default/starcraft_battle.pcap.out b/test/results/flow-info/default/starcraft_battle.pcap.out
index da8388ada..0063aa839 100644
--- a/test/results/flow-info/default/starcraft_battle.pcap.out
+++ b/test/results/flow-info/default/starcraft_battle.pcap.out
@@ -49,9 +49,9 @@
detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com]
RISK: Binary App Transfer, Susp DGA Domain name
analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.072| 0.012| 0.024| 562.008| 2.800]
- [PKTLEN......: 40.000| 1500.000| 685.500| 719.000| 516967.300| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.072| 0.012| 0.024| 562.008| 2.800]
+ [PKTLEN......: 40.000| 1500.000| 685.500| 719.000| 516967.300| 4.100]
[BINS(c->s)..: 15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -99,9 +99,9 @@
detected: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun]
detected: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
analyse: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.166| 0.038| 0.053| 2837.592| 3.600]
- [PKTLEN......: 40.000| 783.000| 102.400| 136.000| 18494.500| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.166| 0.038| 0.053| 2837.592| 3.600]
+ [PKTLEN......: 40.000| 783.000| 102.400| 136.000| 18494.500| 4.300]
[BINS(c->s)..: 23,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -145,9 +145,9 @@
detected: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
detected: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
analyse: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.034| 0.007| 0.013| 169.003| 2.900]
- [PKTLEN......: 40.000| 1500.000| 866.800| 718.400| 516058.300| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.034| 0.007| 0.013| 169.003| 2.900]
+ [PKTLEN......: 40.000| 1500.000| 866.800| 718.400| 516058.300| 4.300]
[BINS(c->s)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0]
diff --git a/test/results/flow-info/default/stun.pcap.out b/test/results/flow-info/default/stun.pcap.out
index ac88606a3..86fd9977e 100644
--- a/test/results/flow-info/default/stun.pcap.out
+++ b/test/results/flow-info/default/stun.pcap.out
@@ -23,9 +23,9 @@
update: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable]
update: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable]
analyse: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.003| 10.359| 9.105| 2.980| 8880623.976| 4.800]
- [PKTLEN......: 68.000| 92.000| 80.000| 12.000| 144.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.003| 10.359| 9.105| 2.980| 8880623.976| 4.800]
+ [PKTLEN......: 68.000| 92.000| 80.000| 12.000| 144.000| 5.000]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -41,9 +41,9 @@
detection-update: [.....5] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable][turner.facebook]
RISK: Known Proto on Non Std Port
analyse: [.....5] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 6.004| 0.447| 1.463| 2139022.033| 1.900]
- [PKTLEN......: 56.000| 168.000| 139.600| 32.100| 1033.400| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 6.004| 0.447| 1.463| 2139022.033| 1.900]
+ [PKTLEN......: 56.000| 168.000| 139.600| 32.100| 1033.400| 5.000]
[BINS(c->s)..: 1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1]
@@ -63,9 +63,9 @@
new: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478]
detected: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][]
analyse: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.836| 0.131| 0.227| 51553.292| 3.400]
- [PKTLEN......: 62.000| 1226.000| 179.200| 221.300| 48965.100| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.836| 0.131| 0.227| 51553.292| 3.400]
+ [PKTLEN......: 62.000| 1226.000| 179.200| 221.300| 48965.100| 4.400]
[BINS(c->s)..: 0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0]
diff --git a/test/results/flow-info/default/stun_google_meet.pcapng.out b/test/results/flow-info/default/stun_google_meet.pcapng.out
index 91da428d4..7ba3086b6 100644
--- a/test/results/flow-info/default/stun_google_meet.pcapng.out
+++ b/test/results/flow-info/default/stun_google_meet.pcapng.out
@@ -14,9 +14,9 @@
detected: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.164| 0.015| 0.039| 1549.851| 2.400]
- [PKTLEN......: 65.000| 1231.000| 290.000| 203.200| 41279.000| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.164| 0.015| 0.039| 1549.851| 2.400]
+ [PKTLEN......: 65.000| 1231.000| 290.000| 203.200| 41279.000| 4.700]
[BINS(c->s)..: 0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1]
@@ -28,9 +28,9 @@
new: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478]
detected: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][]
analyse: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.000| 0.179| 0.232| 53990.769| 4.000]
- [PKTLEN......: 68.000| 565.000| 110.700| 85.700| 7337.900| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.000| 0.179| 0.232| 53990.769| 4.000]
+ [PKTLEN......: 68.000| 565.000| 110.700| 85.700| 7337.900| 4.800]
[BINS(c->s)..: 0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0]
@@ -42,9 +42,9 @@
detection-update: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.030| 8.438| 2.374| 2.514| 6318722.646| 4.300]
- [PKTLEN......: 92.000| 152.000| 118.200| 26.300| 690.900| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.030| 8.438| 2.374| 2.514| 6318722.646| 4.300]
+ [PKTLEN......: 92.000| 152.000| 118.200| 26.300| 690.900| 5.000]
[BINS(c->s)..: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/stun_signal.pcapng.out b/test/results/flow-info/default/stun_signal.pcapng.out
index 4219c2f2c..c8d3ea1fa 100644
--- a/test/results/flow-info/default/stun_signal.pcapng.out
+++ b/test/results/flow-info/default/stun_signal.pcapng.out
@@ -53,9 +53,9 @@
detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.679| 0.149| 0.201| 40331.911| 3.900]
- [PKTLEN......: 56.000| 132.000| 91.900| 24.900| 621.500| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.679| 0.149| 0.201| 40331.911| 3.900]
+ [PKTLEN......: 56.000| 132.000| 91.900| 24.900| 621.500| 4.900]
[BINS(c->s)..: 4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1]
@@ -64,9 +64,9 @@
[ENTROPIES...: 5.8,5.8,5.9,5.8,5.7,5.6,5.9,5.9,5.8,5.8,5.9,5.8,5.7,5.1,5.8,5.3,5.9,5.8,5.8,5.7,5.9,5.8,5.1,5.8,5.2,5.2,5.1,5.8,5.8,5.6,5.1,5.8]
update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable]
analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 17.079| 1.597| 3.547| 12584568.750| 2.800]
- [PKTLEN......: 76.000| 124.000| 81.500| 11.600| 133.800| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 17.079| 1.597| 3.547| 12584568.750| 2.800]
+ [PKTLEN......: 76.000| 124.000| 81.500| 11.600| 133.800| 5.000]
[BINS(c->s)..: 0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -108,9 +108,9 @@
detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.665| 0.153| 0.189| 35784.253| 4.000]
- [PKTLEN......: 56.000| 132.000| 94.200| 24.600| 605.900| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.665| 0.153| 0.189| 35784.253| 4.000]
+ [PKTLEN......: 56.000| 132.000| 94.200| 24.600| 605.900| 4.900]
[BINS(c->s)..: 3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0]
diff --git a/test/results/flow-info/default/stun_wa_call.pcapng.out b/test/results/flow-info/default/stun_wa_call.pcapng.out
index 0ccc80598..f845edbc3 100644
--- a/test/results/flow-info/default/stun_wa_call.pcapng.out
+++ b/test/results/flow-info/default/stun_wa_call.pcapng.out
@@ -12,9 +12,9 @@
new: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478]
detected: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
analyse: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.505| 0.249| 0.601| 361608.839| 2.900]
- [PKTLEN......: 48.000| 300.000| 146.400| 92.200| 8492.200| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.505| 0.249| 0.601| 361608.839| 2.900]
+ [PKTLEN......: 48.000| 300.000| 146.400| 92.200| 8492.200| 4.700]
[BINS(c->s)..: 2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1]
@@ -32,9 +32,9 @@
new: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478]
detected: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
analyse: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.025| 0.011| 0.005| 24.788| 4.800]
- [PKTLEN......: 48.000| 540.000| 284.500| 217.500| 47305.800| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.025| 0.011| 0.005| 24.788| 4.800]
+ [PKTLEN......: 48.000| 540.000| 284.500| 217.500| 47305.800| 4.600]
[BINS(c->s)..: 1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/stun_zoom.pcapng.out b/test/results/flow-info/default/stun_zoom.pcapng.out
index 396e027d3..f25bb1a62 100644
--- a/test/results/flow-info/default/stun_zoom.pcapng.out
+++ b/test/results/flow-info/default/stun_zoom.pcapng.out
@@ -22,9 +22,9 @@
detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.194| 0.048| 0.051| 2615.352| 4.100]
- [PKTLEN......: 42.000| 1080.000| 270.100| 313.100| 98043.500| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.194| 0.048| 0.051| 2615.352| 4.100]
+ [PKTLEN......: 42.000| 1080.000| 270.100| 313.100| 98043.500| 4.300]
[BINS(c->s)..: 0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/tailscale.pcap.out b/test/results/flow-info/default/tailscale.pcap.out
index a225f0241..1fd2d926a 100644
--- a/test/results/flow-info/default/tailscale.pcap.out
+++ b/test/results/flow-info/default/tailscale.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641]
detected: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641] [Tailscale][AmazonAWS][VPN][Acceptable]
analyse: [.....1] [ip4][..udp] [...192.168.88.3][41641] -> [..18.196.71.179][41641] [Tailscale][AmazonAWS][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.000| 0.610| 0.605| 366311.899| 4.200]
- [PKTLEN......: 120.000| 156.000| 140.200| 15.400| 237.900| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.000| 0.610| 0.605| 366311.899| 4.200]
+ [PKTLEN......: 120.000| 156.000| 140.200| 15.400| 237.900| 5.000]
[BINS(c->s)..: 0,0,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,6,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,1,1,1,0,1,0,1,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1]
diff --git a/test/results/flow-info/default/teams.pcap.out b/test/results/flow-info/default/teams.pcap.out
index 5fbd73a71..9ebd658bc 100644
--- a/test/results/flow-info/default/teams.pcap.out
+++ b/test/results/flow-info/default/teams.pcap.out
@@ -20,9 +20,9 @@
detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.030| 0.006| 0.009| 77.930| 3.700]
- [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700]
+ [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900]
[BINS(c->s)..: 10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0]
@@ -37,9 +37,9 @@
detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com]
detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com]
analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.221| 0.032| 0.054| 2931.592| 3.400]
- [PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.221| 0.032| 0.054| 2931.592| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400]
[BINS(c->s)..: 5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0]
[BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0]
@@ -55,9 +55,9 @@
detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.050| 0.018| 0.021| 449.200| 3.900]
- [PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900]
+ [PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200]
[BINS(c->s)..: 7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0]
@@ -139,9 +139,9 @@
detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.153| 0.028| 0.040| 1626.047| 3.600]
- [PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.153| 0.028| 0.040| 1626.047| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300]
[BINS(c->s)..: 5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0]
@@ -156,9 +156,9 @@
detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
RISK: Known Proto on Non Std Port
analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.201| 0.025| 0.047| 2215.159| 3.200]
- [PKTLEN......: 40.000| 1492.000| 340.200| 510.300| 260451.700| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.201| 0.025| 0.047| 2215.159| 3.200]
+ [PKTLEN......: 40.000| 1492.000| 340.200| 510.300| 260451.700| 3.800]
[BINS(c->s)..: 11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1]
@@ -176,9 +176,9 @@
detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.115| 0.021| 0.031| 968.681| 3.500]
- [PKTLEN......: 52.000| 1492.000| 377.200| 521.700| 272149.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.115| 0.021| 0.031| 968.681| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 377.200| 521.700| 272149.200| 3.900]
[BINS(c->s)..: 11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1]
@@ -192,9 +192,9 @@
detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.010| 0.146| 0.490| 239614.050| 1.700]
- [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700]
+ [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800]
[BINS(c->s)..: 9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1]
@@ -203,9 +203,9 @@
[ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3]
detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.540| 0.024| 0.095| 8949.939| 1.900]
- [PKTLEN......: 40.000| 1492.000| 331.500| 473.500| 224192.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.540| 0.024| 0.095| 8949.939| 1.900]
+ [PKTLEN......: 40.000| 1492.000| 331.500| 473.500| 224192.200| 3.900]
[BINS(c->s)..: 9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0]
@@ -256,9 +256,9 @@
detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.154| 0.015| 0.036| 1274.324| 2.800]
- [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800]
+ [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000]
[BINS(c->s)..: 10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1]
@@ -278,9 +278,9 @@
detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.053| 0.020| 0.022| 492.470| 3.900]
- [PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.053| 0.020| 0.022| 492.470| 3.900]
+ [PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100]
[BINS(c->s)..: 9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0]
@@ -303,9 +303,9 @@
detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.126| 0.019| 0.032| 1006.354| 3.400]
- [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900]
[BINS(c->s)..: 12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[BINS(s->c)..: 2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0]
@@ -317,9 +317,9 @@
detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443]
analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.162| 0.032| 0.044| 1964.919| 3.600]
- [PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.162| 0.032| 0.044| 1964.919| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200]
[BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
[BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1]
@@ -342,9 +342,9 @@
detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.277| 0.019| 0.049| 2449.644| 2.900]
- [PKTLEN......: 52.000| 1492.000| 370.200| 512.100| 262257.700| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.277| 0.019| 0.049| 2449.644| 2.900]
+ [PKTLEN......: 52.000| 1492.000| 370.200| 512.100| 262257.700| 3.900]
[BINS(c->s)..: 11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1]
@@ -352,9 +352,9 @@
[PKTLENS.....: 64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]
[ENTROPIES...: 4.4,5.3,4.9,5.6,7.1,7.3,5.0,5.0,7.5,4.9,7.6,7.5,4.9,6.3,6.3,7.6,5.6,5.9,5.0,4.9,5.4,5.7,5.0,7.5,5.0,5.2,7.8,6.2,5.2,5.6,5.0,7.8]
analyse: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 8.978| 0.329| 1.582| 2503841.415| 0.800]
- [PKTLEN......: 40.000| 1492.000| 339.200| 486.100| 236250.500| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 8.978| 0.329| 1.582| 2503841.415| 0.800]
+ [PKTLEN......: 40.000| 1492.000| 339.200| 486.100| 236250.500| 3.900]
[BINS(c->s)..: 10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1]
@@ -430,9 +430,9 @@
detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.567| 0.072| 0.275| 75449.426| 1.900]
- [PKTLEN......: 40.000| 1492.000| 256.900| 427.000| 182315.300| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.567| 0.072| 0.275| 75449.426| 1.900]
+ [PKTLEN......: 40.000| 1492.000| 256.900| 427.000| 182315.300| 3.700]
[BINS(c->s)..: 15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1]
@@ -445,9 +445,9 @@
new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6]
detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable]
analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.168| 0.160| 0.366| 133702.353| 2.700]
- [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700]
+ [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000]
[BINS(c->s)..: 0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/teamspeak3.pcap.out b/test/results/flow-info/default/teamspeak3.pcap.out
index 28a1451f3..131375359 100644
--- a/test/results/flow-info/default/teamspeak3.pcap.out
+++ b/test/results/flow-info/default/teamspeak3.pcap.out
@@ -23,9 +23,9 @@
DAEMON-EVENT: [Processed: 41 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 6]
analyse: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.005| 600.181| 270.994| 298.615|89170865459.036| 3.800]
- [PKTLEN......: 32.000| 44.000| 40.000| 4.700| 22.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.005| 600.181| 270.994| 298.615| 89170865459.036| 3.800]
+ [PKTLEN......: 32.000| 44.000| 40.000| 4.700| 22.000| 5.000]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/teamviewer.pcap.out b/test/results/flow-info/default/teamviewer.pcap.out
index 641510f2b..7390c5e5e 100644
--- a/test/results/flow-info/default/teamviewer.pcap.out
+++ b/test/results/flow-info/default/teamviewer.pcap.out
@@ -2,9 +2,9 @@
new: [.....1] [ip4][..tcp] [......10.0.2.15][35732] -> [..162.250.2.170][.5938]
detected: [.....1] [ip4][..tcp] [......10.0.2.15][35732] -> [..162.250.2.170][.5938] [TeamViewer][Unknown][RemoteAccess][Acceptable]
analyse: [.....1] [ip4][..tcp] [......10.0.2.15][35732] -> [..162.250.2.170][.5938] [TeamViewer][Unknown][RemoteAccess][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.274| 0.067| 0.088| 7794.386| 3.800]
- [PKTLEN......: 40.000| 1500.000| 369.000| 516.400| 266637.300| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.274| 0.067| 0.088| 7794.386| 3.800]
+ [PKTLEN......: 40.000| 1500.000| 369.000| 516.400| 266637.300| 3.800]
[BINS(c->s)..: 5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1]
@@ -15,9 +15,9 @@
detected: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] [TeamViewer][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port, Desktop/File Sharing
analyse: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] [TeamViewer][Unknown][RemoteAccess][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.443| 0.037| 0.097| 9363.771| 2.600]
- [PKTLEN......: 44.000| 1052.000| 438.800| 450.400| 202865.500| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.443| 0.037| 0.097| 9363.771| 2.600]
+ [PKTLEN......: 44.000| 1052.000| 438.800| 450.400| 202865.500| 4.200]
[BINS(c->s)..: 0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,7,4,1,2,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
diff --git a/test/results/flow-info/default/telegram.pcap.out b/test/results/flow-info/default/telegram.pcap.out
index 38bf42fce..9bcd689a8 100644
--- a/test/results/flow-info/default/telegram.pcap.out
+++ b/test/results/flow-info/default/telegram.pcap.out
@@ -28,9 +28,9 @@
new: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353]
detected: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] [MDNS][Unknown][Network][Acceptable][_companion-link._tcp.local]
analyse: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.089| 0.260| 0.238| 56779.682| 4.400]
- [PKTLEN......: 128.000| 294.000| 184.700| 56.400| 3176.800| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.089| 0.260| 0.238| 56779.682| 4.400]
+ [PKTLEN......: 128.000| 294.000| 184.700| 56.400| 3176.800| 4.900]
[BINS(c->s)..: 0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -38,9 +38,9 @@
[PKTLENS.....: 128,219,294,155,139,155,139,197,170,294,139,153,261,128,219,294,155,139,155,139,197,170,294,139,153,197,153,128,219,294,155,139]
[ENTROPIES...: 5.1,5.4,5.2,5.2,4.7,5.2,4.7,5.2,5.2,5.2,4.7,4.8,5.1,5.1,5.4,5.2,5.2,4.7,5.2,4.7,5.2,5.2,5.2,4.7,4.8,5.2,4.7,5.1,5.4,5.2,5.2,4.7]
analyse: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.089| 0.260| 0.238| 56762.626| 4.400]
- [PKTLEN......: 148.000| 314.000| 204.700| 56.400| 3176.800| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.089| 0.260| 0.238| 56762.626| 4.400]
+ [PKTLEN......: 148.000| 314.000| 204.700| 56.400| 3176.800| 4.900]
[BINS(c->s)..: 0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -80,9 +80,9 @@
detected: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] [OpenVPN][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521] [Telegram][Telegram][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 0.501| 0.118| 0.112| 12556.351| 4.400]
- [PKTLEN......: 60.000| 220.000| 144.000| 57.300| 3288.000| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.501| 0.118| 0.112| 12556.351| 4.400]
+ [PKTLEN......: 60.000| 220.000| 144.000| 57.300| 3288.000| 4.900]
[BINS(c->s)..: 0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,4,4,0,8,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,1,0,1,1,1,1,1,1,0,1]
@@ -94,9 +94,9 @@
detection-update: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][www.googletagservices.com]
RISK: Minor Issues
analyse: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.042| 1.999| 0.261| 0.473| 223426.380| 3.600]
- [PKTLEN......: 76.000| 268.000| 191.500| 54.500| 2971.800| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.042| 1.999| 0.261| 0.473| 223426.380| 3.600]
+ [PKTLEN......: 76.000| 268.000| 191.500| 54.500| 2971.800| 4.900]
[BINS(c->s)..: 0,1,2,0,0,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,3,0,0,5,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,0,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -145,9 +145,9 @@
new: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900]
detected: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
analyse: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] [Telegram][Telegram][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.008| 0.505| 0.099| 0.138| 18965.475| 4.000]
- [PKTLEN......: 60.000| 220.000| 144.000| 55.400| 3064.000| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.008| 0.505| 0.099| 0.138| 18965.475| 4.000]
+ [PKTLEN......: 60.000| 220.000| 144.000| 55.400| 3064.000| 4.900]
[BINS(c->s)..: 0,5,0,4,0,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1]
@@ -156,9 +156,9 @@
[ENTROPIES...: 4.8,5.0,4.8,6.4,4.9,6.5,6.5,4.5,7.0,6.9,6.9,7.0,6.9,4.9,6.5,6.5,7.0,5.0,6.4,6.9,5.1,6.9,6.9,6.8,7.0,6.8,6.8,7.0,4.9,6.4,6.5,5.0]
new: [....44] [ip4][..udp] [...192.168.1.77][28150] -> [..87.11.205.195][59772]
analyse: [....40] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.1][..533] [Telegram][Telegram][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.007| 0.505| 0.113| 0.151| 22855.887| 4.100]
- [PKTLEN......: 60.000| 204.000| 143.000| 54.200| 2943.000| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.007| 0.505| 0.113| 0.151| 22855.887| 4.100]
+ [PKTLEN......: 60.000| 204.000| 143.000| 54.200| 2943.000| 4.900]
[BINS(c->s)..: 0,5,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,4,5,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,1]
diff --git a/test/results/flow-info/default/telegram_videocall.pcapng.out b/test/results/flow-info/default/telegram_videocall.pcapng.out
index 228fa0b49..a226ced83 100644
--- a/test/results/flow-info/default/telegram_videocall.pcapng.out
+++ b/test/results/flow-info/default/telegram_videocall.pcapng.out
@@ -10,9 +10,9 @@
new: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443]
new: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443]
analyse: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.127| 0.025| 0.031| 963.939| 3.900]
- [PKTLEN......: 52.000| 1280.000| 541.900| 516.100| 266324.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.127| 0.025| 0.031| 963.939| 3.900]
+ [PKTLEN......: 52.000| 1280.000| 541.900| 516.100| 266324.800| 4.300]
[BINS(c->s)..: 6,0,0,1,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,1,1,1,0,0,1,1,1,1,1]
@@ -23,9 +23,9 @@
new: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443]
new: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443]
analyse: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.047| 0.009| 0.015| 220.392| 3.200]
- [PKTLEN......: 52.000| 1280.000| 644.300| 571.900| 327061.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.047| 0.009| 0.015| 220.392| 3.200]
+ [PKTLEN......: 52.000| 1280.000| 644.300| 571.900| 327061.800| 4.300]
[BINS(c->s)..: 9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1]
@@ -98,9 +98,9 @@
new: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2]
detected: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.475| 0.052| 0.095| 9109.989| 3.600]
- [PKTLEN......: 49.000| 265.000| 106.200| 48.900| 2396.000| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.475| 0.052| 0.095| 9109.989| 3.600]
+ [PKTLEN......: 49.000| 265.000| 106.200| 48.900| 2396.000| 4.900]
[BINS(c->s)..: 3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0]
@@ -124,9 +124,9 @@
RISK: Known Proto on Non Std Port
update: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
analyse: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 25.078| 1.818| 6.147| 37780767.900| 1.500]
- [PKTLEN......: 52.000| 1280.000| 482.700| 530.000| 280877.200| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 25.078| 1.818| 6.147| 37780767.900| 1.500]
+ [PKTLEN......: 52.000| 1280.000| 482.700| 530.000| 280877.200| 4.100]
[BINS(c->s)..: 14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1]
diff --git a/test/results/flow-info/default/telnet.pcap.out b/test/results/flow-info/default/telnet.pcap.out
index 2ec9af369..d73c4881f 100644
--- a/test/results/flow-info/default/telnet.pcap.out
+++ b/test/results/flow-info/default/telnet.pcap.out
@@ -9,9 +9,9 @@
detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][Unknown][RemoteAccess][Unsafe]
RISK: Unsafe Protocol
analyse: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][Unknown][RemoteAccess][Unsafe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.233| 0.125| 0.337| 113396.253| 2.200]
- [PKTLEN......: 52.000| 137.000| 63.200| 18.800| 354.000| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.233| 0.125| 0.337| 113396.253| 2.200]
+ [PKTLEN......: 52.000| 137.000| 63.200| 18.800| 354.000| 4.900]
[BINS(c->s)..: 15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0]
diff --git a/test/results/flow-info/default/tftp.pcap.out b/test/results/flow-info/default/tftp.pcap.out
index b5587917a..d6626aa9e 100644
--- a/test/results/flow-info/default/tftp.pcap.out
+++ b/test/results/flow-info/default/tftp.pcap.out
@@ -9,9 +9,9 @@
detected: [.....4] [ip4][..udp] [...192.168.0.10][.3445] -> [..192.168.0.253][50618] [TFTP][Unknown][DataTransfer][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....4] [ip4][..udp] [...192.168.0.10][.3445] -> [..192.168.0.253][50618] [TFTP][Unknown][DataTransfer][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
- [PKTLEN......: 46.000| 544.000| 295.000| 249.000| 62001.000| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
+ [PKTLEN......: 46.000| 544.000| 295.000| 249.000| 62001.000| 4.400]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/thrift.pcap.out b/test/results/flow-info/default/thrift.pcap.out
index 3100c6c17..5c31ef344 100644
--- a/test/results/flow-info/default/thrift.pcap.out
+++ b/test/results/flow-info/default/thrift.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [.169.254.59.247][53387] -> [...169.254.46.4][11010]
detected: [.....1] [ip4][..tcp] [.169.254.59.247][53387] -> [...169.254.46.4][11010] [Thrift][Unknown][RPC][Acceptable]
analyse: [.....1] [ip4][..tcp] [.169.254.59.247][53387] -> [...169.254.46.4][11010] [Thrift][Unknown][RPC][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.002| 4.800]
- [PKTLEN......: 40.000| 2960.000| 375.200| 637.800| 406764.600| 3.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001|< 0.001|< 0.001|< 0.001| 0.002| 4.800]
+ [PKTLEN......: 40.000| 2960.000| 375.200| 637.800| 406764.600| 3.600]
[BINS(c->s)..: 5,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
[BINS(s->c)..: 6,3,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0]
diff --git a/test/results/flow-info/default/tinc.pcap.out b/test/results/flow-info/default/tinc.pcap.out
index 41189fd24..b664aa86b 100644
--- a/test/results/flow-info/default/tinc.pcap.out
+++ b/test/results/flow-info/default/tinc.pcap.out
@@ -14,9 +14,9 @@
detected: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656] [TINC][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....3] [ip4][..udp] [.131.114.168.27][55655] -> [.185.83.218.112][55655] [TINC][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.070| 0.172| 0.377| 142420.984| 2.500]
- [PKTLEN......: 176.000| 1496.000| 1135.200| 450.400| 202833.500| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.070| 0.172| 0.377| 142420.984| 2.500]
+ [PKTLEN......: 176.000| 1496.000| 1135.200| 450.400| 202833.500| 4.900]
[BINS(c->s)..: 0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,2,6,0,0]
[BINS(s->c)..: 0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,6,0,0]
[DIRECTIONS..: 0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,0,0]
@@ -24,9 +24,9 @@
[PKTLENS.....: 672,720,224,1472,768,216,1256,176,1296,1464,760,672,720,1264,176,1296,1344,1464,1360,1472,1488,1472,1480,1344,1472,1360,1488,1488,1488,1480,1496,1480]
[ENTROPIES...: 7.7,7.7,7.1,7.8,7.8,6.9,7.9,6.8,7.9,7.8,7.7,7.7,7.7,7.9,6.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9]
analyse: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656] [TINC][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.412| 0.291| 0.559| 312123.949| 2.900]
- [PKTLEN......: 104.000| 1480.000| 1011.000| 450.300| 202783.000| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.412| 0.291| 0.559| 312123.949| 2.900]
+ [PKTLEN......: 104.000| 1480.000| 1011.000| 450.300| 202783.000| 4.800]
[BINS(c->s)..: 0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,2,1,0,0,1,0,0]
[BINS(s->c)..: 0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,2,2,2,0,0,2,3,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,0]
diff --git a/test/results/flow-info/default/tls-appdata.pcap.out b/test/results/flow-info/default/tls-appdata.pcap.out
index f20d780e0..109222e93 100644
--- a/test/results/flow-info/default/tls-appdata.pcap.out
+++ b/test/results/flow-info/default/tls-appdata.pcap.out
@@ -14,9 +14,9 @@
detection-update: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] [TLS][Twitch][Web][Safe]
end: [.....1] [ip4][..tcp] [.179.60.195.173][..443] -> [..192.168.2.100][60636] [TLS][Facebook][Web][Safe]
analyse: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] [TLS][Twitch][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 15.956| 1.031| 3.918| 15346982.453| 1.000]
- [PKTLEN......: 40.000| 2944.000| 1129.200| 1252.100| 1567845.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 15.956| 1.031| 3.918| 15346982.453| 1.000]
+ [PKTLEN......: 40.000| 2944.000| 1129.200| 1252.100| 1567845.600| 4.000]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,9]
[DIRECTIONS..: 0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0]
diff --git a/test/results/flow-info/default/tls_certificate_too_long.pcap.out b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
index 77867b5b2..17a213acd 100644
--- a/test/results/flow-info/default/tls_certificate_too_long.pcap.out
+++ b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
@@ -81,9 +81,9 @@
detection-update: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
detection-update: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
analyse: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.067| 0.004| 0.014| 198.149| 1.700]
- [PKTLEN......: 40.000| 1488.000| 409.600| 443.800| 196953.100| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.067| 0.004| 0.014| 198.149| 1.700]
+ [PKTLEN......: 40.000| 1488.000| 409.600| 443.800| 196953.100| 4.300]
[BINS(c->s)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[BINS(s->c)..: 2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1]
@@ -91,9 +91,9 @@
[PKTLENS.....: 1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82]
[ENTROPIES...: 7.8,7.8,7.8,7.9,7.8,4.9,4.9,7.9,6.6,5.9,7.1,7.1,7.1,7.1,7.1,7.1,7.1,7.1,7.2,7.0,7.1,7.1,7.1,7.0,7.0,5.9,4.7,4.7,7.0,7.1,7.3,5.7]
analyse: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.048| 0.009| 0.014| 206.122| 3.300]
- [PKTLEN......: 40.000| 1488.000| 439.200| 490.600| 240677.500| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.048| 0.009| 0.014| 206.122| 3.300]
+ [PKTLEN......: 40.000| 1488.000| 439.200| 490.600| 240677.500| 4.200]
[BINS(c->s)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1]
diff --git a/test/results/flow-info/default/tls_long_cert.pcap.out b/test/results/flow-info/default/tls_long_cert.pcap.out
index a9b84f232..1371ede58 100644
--- a/test/results/flow-info/default/tls_long_cert.pcap.out
+++ b/test/results/flow-info/default/tls_long_cert.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Unknown][Web][Safe][www.repubblica.it]
detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Unknown][Web][Safe][www.repubblica.it]
analyse: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.034| 0.008| 0.011| 130.013| 3.600]
- [PKTLEN......: 52.000| 1500.000| 532.900| 584.900| 342142.300| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.034| 0.008| 0.011| 130.013| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 532.900| 584.900| 342142.300| 4.100]
[BINS(c->s)..: 11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1]
diff --git a/test/results/flow-info/default/tls_verylong_certificate.pcap.out b/test/results/flow-info/default/tls_verylong_certificate.pcap.out
index 86c3bcdae..781f329b5 100644
--- a/test/results/flow-info/default/tls_verylong_certificate.pcap.out
+++ b/test/results/flow-info/default/tls_verylong_certificate.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch]
detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch]
analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.022| 0.005| 0.007| 43.853| 3.500]
- [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.022| 0.005| 0.007| 43.853| 3.500]
+ [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000]
[BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1]
diff --git a/test/results/flow-info/default/tor.pcap.out b/test/results/flow-info/default/tor.pcap.out
index 38f3672cd..3b4833a1d 100644
--- a/test/results/flow-info/default/tor.pcap.out
+++ b/test/results/flow-info/default/tor.pcap.out
@@ -38,9 +38,9 @@
detected: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][endian-pc]
RISK: Unsafe Protocol
analyse: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 31.166| 2.329| 7.550| 56997495.964| 1.900]
- [PKTLEN......: 40.000| 1500.000| 355.800| 354.900| 125974.500| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 31.166| 2.329| 7.550| 56997495.964| 1.900]
+ [PKTLEN......: 40.000| 1500.000| 355.800| 354.900| 125974.500| 4.300]
[BINS(c->s)..: 4,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1]
@@ -48,9 +48,9 @@
[PKTLENS.....: 52,52,46,264,40,969,238,99,114,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]
[ENTROPIES...: 4.5,4.8,4.4,5.4,4.8,7.6,6.9,5.9,6.1,7.9,6.5,4.3,7.7,4.8,7.7,4.8,7.6,7.7,4.7,7.7,7.6,4.8,7.7,4.3,7.6,4.6,7.6,7.7,4.8,7.6,7.6,4.7]
analyse: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 37.996| 2.549| 9.274| 86002509.021| 1.400]
- [PKTLEN......: 40.000| 1500.000| 448.800| 476.200| 226793.400| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 37.996| 2.549| 9.274| 86002509.021| 1.400]
+ [PKTLEN......: 40.000| 1500.000| 448.800| 476.200| 226793.400| 4.200]
[BINS(c->s)..: 5,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,0,1,0,1,1,1,0,1,1]
@@ -62,9 +62,9 @@
update: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous]
RISK: Unsafe Protocol
analyse: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 71.328| 4.658| 14.789| 218716025.389| 1.800]
- [PKTLEN......: 40.000| 1500.000| 330.600| 347.100| 120444.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 71.328| 4.658| 14.789| 218716025.389| 1.800]
+ [PKTLEN......: 40.000| 1500.000| 330.600| 347.100| 120444.200| 4.200]
[BINS(c->s)..: 6,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0,0]
@@ -91,9 +91,9 @@
detection-update: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe][www.jmts2id.com]
RISK: Obsolete TLS (v1.1 or older)
analyse: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.991| 0.147| 0.220| 48576.569| 3.900]
- [PKTLEN......: 40.000| 1500.000| 348.200| 347.100| 120448.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.991| 0.147| 0.220| 48576.569| 3.900]
+ [PKTLEN......: 40.000| 1500.000| 348.200| 347.100| 120448.800| 4.300]
[BINS(c->s)..: 4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1]
@@ -134,9 +134,9 @@
DAEMON-EVENT: [Processed: 337 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 7 / 11|skipped: 0|!detected: 0|guessed: 1|detection-updates: 7|updates: 5]
analyse: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 72.890| 8.727| 22.569| 509351076.823| 2.100]
- [PKTLEN......: 40.000| 1500.000| 312.000| 345.900| 119666.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 72.890| 8.727| 22.569| 509351076.823| 2.100]
+ [PKTLEN......: 40.000| 1500.000| 312.000| 345.900| 119666.800| 4.200]
[BINS(c->s)..: 9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0]
diff --git a/test/results/flow-info/default/tplink_shp.pcap.out b/test/results/flow-info/default/tplink_shp.pcap.out
index a2926f1b6..aa6424f1c 100644
--- a/test/results/flow-info/default/tplink_shp.pcap.out
+++ b/test/results/flow-info/default/tplink_shp.pcap.out
@@ -265,9 +265,9 @@
update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
analyse: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 59.941| 60.059| 60.014| 0.029| 831.284| 5.000]
- [PKTLEN......: 57.000| 57.000| 57.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 59.941| 60.059| 60.014| 0.029| 831.284| 5.000]
+ [PKTLEN......: 57.000| 57.000| 57.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -275,9 +275,9 @@
[PKTLENS.....: 57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57]
[ENTROPIES...: 5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0]
analyse: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 58.158| 62.682| 60.014| 0.762| 579959.128| 5.000]
- [PKTLEN......: 57.000| 57.000| 57.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 58.158| 62.682| 60.014| 0.762| 579959.128| 5.000]
+ [PKTLEN......: 57.000| 57.000| 57.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -285,9 +285,9 @@
[PKTLENS.....: 57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57]
[ENTROPIES...: 5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0]
analyse: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 59.882| 60.106| 60.000| 0.033| 1108.379| 5.000]
- [PKTLEN......: 57.000| 57.000| 57.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 59.882| 60.106| 60.000| 0.033| 1108.379| 5.000]
+ [PKTLEN......: 57.000| 57.000| 57.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/trickbot.pcap.out b/test/results/flow-info/default/trickbot.pcap.out
index f40521b37..aaf0f2bcb 100644
--- a/test/results/flow-info/default/trickbot.pcap.out
+++ b/test/results/flow-info/default/trickbot.pcap.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Unknown][Web][Acceptable][82.118.225.196]
RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Susp Content
analyse: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.931| 0.157| 0.258| 66793.452| 3.300]
- [PKTLEN......: 40.000| 1500.000| 930.000| 662.500| 438885.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.931| 0.157| 0.258| 66793.452| 3.300]
+ [PKTLEN......: 40.000| 1500.000| 930.000| 662.500| 438885.500| 4.500]
[BINS(c->s)..: 7,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,3,0,0,14,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1]
diff --git a/test/results/flow-info/default/tumblr.pcap.out b/test/results/flow-info/default/tumblr.pcap.out
index 3ebaed4e9..55bcbd32c 100644
--- a/test/results/flow-info/default/tumblr.pcap.out
+++ b/test/results/flow-info/default/tumblr.pcap.out
@@ -21,9 +21,9 @@
detection-update: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42908] -> [.....................64:ff9b::98c7:1593][..443] [TLS][Unknown][Web][Safe]
new: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [MIDSTREAM]
analyse: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42908] -> [.....................64:ff9b::98c7:1593][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.701| 0.084| 0.189| 35694.846| 2.600]
- [PKTLEN......: 72.000| 1472.000| 449.500| 576.400| 332266.900| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.701| 0.084| 0.189| 35694.846| 2.600]
+ [PKTLEN......: 72.000| 1472.000| 449.500| 576.400| 332266.900| 4.000]
[BINS(c->s)..: 11,3,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,1,0,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0]
@@ -43,9 +43,9 @@
detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Unknown][Web][Safe]
detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com]
analyse: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.045| 0.004| 0.009| 88.667| 2.800]
- [PKTLEN......: 72.000| 1472.000| 608.300| 669.700| 448506.000| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.045| 0.004| 0.009| 88.667| 2.800]
+ [PKTLEN......: 72.000| 1472.000| 608.300| 669.700| 448506.000| 4.100]
[BINS(c->s)..: 12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0]
@@ -58,9 +58,9 @@
detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com]
detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com]
analyse: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.048| 0.010| 0.016| 259.261| 3.200]
- [PKTLEN......: 72.000| 1280.000| 300.700| 381.900| 145812.800| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.048| 0.010| 0.016| 259.261| 3.200]
+ [PKTLEN......: 72.000| 1280.000| 300.700| 381.900| 145812.800| 4.100]
[BINS(c->s)..: 10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0]
@@ -78,9 +78,9 @@
RISK: Unidirectional Traffic
detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Unknown][Web][Safe]
analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.037| 0.003| 0.009| 73.545| 2.400]
- [PKTLEN......: 72.000| 1472.000| 435.700| 586.000| 343353.700| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.037| 0.003| 0.009| 73.545| 2.400]
+ [PKTLEN......: 72.000| 1472.000| 435.700| 586.000| 343353.700| 3.900]
[BINS(c->s)..: 8,2,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,1,1,1,1,1,1,0,1,0,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0]
@@ -127,9 +127,9 @@
detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun][catasters.tumblr.com]
detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun][catasters.tumblr.com]
analyse: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.189| 0.028| 0.050| 2454.248| 3.200]
- [PKTLEN......: 72.000| 1472.000| 454.000| 568.300| 322990.400| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.189| 0.028| 0.050| 2454.248| 3.200]
+ [PKTLEN......: 72.000| 1472.000| 454.000| 568.300| 322990.400| 4.000]
[BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,6,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1]
@@ -144,9 +144,9 @@
new: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443]
detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe]
analyse: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 19.514| 1.259| 4.789| 22930555.666| 1.000]
- [PKTLEN......: 72.000| 1120.000| 600.100| 520.100| 270533.200| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 19.514| 1.259| 4.789| 22930555.666| 1.000]
+ [PKTLEN......: 72.000| 1120.000| 600.100| 520.100| 270533.200| 4.400]
[BINS(c->s)..: 13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1]
@@ -158,9 +158,9 @@
detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com]
detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][ajax.googleapis.com]
analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.067| 0.011| 0.020| 396.007| 3.200]
- [PKTLEN......: 72.000| 1280.000| 378.400| 464.300| 215557.600| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.067| 0.011| 0.020| 396.007| 3.200]
+ [PKTLEN......: 72.000| 1280.000| 378.400| 464.300| 215557.600| 4.100]
[BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0]
@@ -168,9 +168,9 @@
[PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72]
[ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,7.8,7.8,5.3,5.2,7.5,5.2,6.2,6.5,7.3,5.0,7.7,5.2,5.9,5.0,5.8,5.1,5.2,7.5,7.8,5.1,5.1,7.8,7.8,7.8,5.2,5.1,5.2]
analyse: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.083| 0.014| 0.021| 424.643| 3.600]
- [PKTLEN......: 72.000| 1280.000| 384.200| 474.800| 225406.500| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.083| 0.014| 0.021| 424.643| 3.600]
+ [PKTLEN......: 72.000| 1280.000| 384.200| 474.800| 225406.500| 4.100]
[BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1]
@@ -184,9 +184,9 @@
new: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] [MIDSTREAM]
detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][sb.scorecardresearch.com]
analyse: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 16.589| 1.119| 4.059| 16477581.214| 1.400]
- [PKTLEN......: 72.000| 1351.000| 350.400| 367.900| 135349.600| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 16.589| 1.119| 4.059| 16477581.214| 1.400]
+ [PKTLEN......: 72.000| 1351.000| 350.400| 367.900| 135349.600| 4.300]
[BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,1,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0]
diff --git a/test/results/flow-info/default/tunnelbear.pcap.out b/test/results/flow-info/default/tunnelbear.pcap.out
index bcc494e60..520cba44a 100644
--- a/test/results/flow-info/default/tunnelbear.pcap.out
+++ b/test/results/flow-info/default/tunnelbear.pcap.out
@@ -20,9 +20,9 @@
detected: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][mobile-collector.newrelic.com]
detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][mobile-collector.newrelic.com]
analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.266| 0.037| 0.060| 3626.297| 3.500]
- [PKTLEN......: 40.000| 3697.000| 426.000| 812.300| 659832.900| 3.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.266| 0.037| 0.060| 3626.297| 3.500]
+ [PKTLEN......: 40.000| 3697.000| 426.000| 812.300| 659832.900| 3.500]
[BINS(c->s)..: 7,1,1,1,0,0,0,0,1,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1]
@@ -36,9 +36,9 @@
detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
analyse: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.234| 0.036| 0.055| 3015.001| 3.600]
- [PKTLEN......: 40.000| 789.000| 149.700| 198.300| 39337.400| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.234| 0.036| 0.055| 3015.001| 3.600]
+ [PKTLEN......: 40.000| 789.000| 149.700| 198.300| 39337.400| 4.100]
[BINS(c->s)..: 9,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0]
@@ -94,9 +94,9 @@
detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.tunnelbear.com]
detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][mobile-collector.newrelic.com]
analyse: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.340| 0.040| 0.084| 7024.527| 3.000]
- [PKTLEN......: 40.000| 2940.000| 240.400| 516.400| 266681.900| 3.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.340| 0.040| 0.084| 7024.527| 3.000]
+ [PKTLEN......: 40.000| 2940.000| 240.400| 516.400| 266681.900| 3.500]
[BINS(c->s)..: 3,3,1,2,0,0,0,0,0,0,2,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,0,1,0,1,1]
diff --git a/test/results/flow-info/default/ultrasurf.pcap.out b/test/results/flow-info/default/ultrasurf.pcap.out
index 2beb7390e..9d2351f75 100644
--- a/test/results/flow-info/default/ultrasurf.pcap.out
+++ b/test/results/flow-info/default/ultrasurf.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [MIDSTREAM]
detected: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable]
analyse: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.150| 0.021| 0.036| 1271.455| 3.600]
- [PKTLEN......: 80.000| 2628.000| 1348.500| 1007.200| 1014474.800| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.150| 0.021| 0.036| 1271.455| 3.600]
+ [PKTLEN......: 80.000| 2628.000| 1348.500| 1007.200| 1014474.800| 4.500]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,10]
[BINS(s->c)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,0,0,0,0]
@@ -19,9 +19,9 @@
detection-update: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.271| 0.063| 0.099| 9897.855| 3.400]
- [PKTLEN......: 52.000| 1400.000| 349.300| 449.600| 202163.000| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.271| 0.063| 0.099| 9897.855| 3.400]
+ [PKTLEN......: 52.000| 1400.000| 349.300| 449.600| 202163.000| 4.000]
[BINS(c->s)..: 7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0]
[BINS(s->c)..: 4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1]
@@ -34,9 +34,9 @@
detection-update: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.269| 0.059| 0.101| 10170.351| 3.100]
- [PKTLEN......: 52.000| 1400.000| 385.600| 479.700| 230117.000| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.269| 0.059| 0.101| 10170.351| 3.100]
+ [PKTLEN......: 52.000| 1400.000| 385.600| 479.700| 230117.000| 4.100]
[BINS(c->s)..: 7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
[BINS(s->c)..: 3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
diff --git a/test/results/flow-info/default/viber.pcap.out b/test/results/flow-info/default/viber.pcap.out
index 90fb7922c..425179c1c 100644
--- a/test/results/flow-info/default/viber.pcap.out
+++ b/test/results/flow-info/default/viber.pcap.out
@@ -33,9 +33,9 @@
detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com]
detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com]
analyse: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.048| 0.009| 0.015| 217.133| 3.300]
- [PKTLEN......: 52.000| 1500.000| 714.100| 673.400| 453425.200| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.048| 0.009| 0.015| 217.133| 3.300]
+ [PKTLEN......: 52.000| 1500.000| 714.100| 673.400| 453425.200| 4.300]
[BINS(c->s)..: 11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0]
@@ -61,9 +61,9 @@
detected: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Unknown][Web][Safe][venetia.iad.appboy.com]
detection-update: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Unknown][Web][Safe][venetia.iad.appboy.com]
analyse: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.702| 1.934| 2.902| 8424002.683| 3.500]
- [PKTLEN......: 52.000| 582.000| 141.700| 133.200| 17739.800| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 10.702| 1.934| 2.902| 8424002.683| 3.500]
+ [PKTLEN......: 52.000| 582.000| 141.700| 133.200| 17739.800| 4.500]
[BINS(c->s)..: 4,1,6,2,0,0,0,0,0,0,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,1,1,0,1,0]
@@ -80,9 +80,9 @@
detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AmazonAWS][Web][Safe][brahe.apptimize.com]
detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AmazonAWS][Web][Safe][brahe.apptimize.com]
analyse: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][AmazonAWS][VoIP][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.525| 0.329| 0.210| 44226.417| 4.600]
- [PKTLEN......: 48.000| 285.000| 149.200| 100.400| 10086.100| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.525| 0.329| 0.210| 44226.417| 4.600]
+ [PKTLEN......: 48.000| 285.000| 149.200| 100.400| 10086.100| 4.700]
[BINS(c->s)..: 6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -96,9 +96,9 @@
detected: [....24] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7987] [Viber][AmazonAWS][VoIP][Fun]
update: [....15] [ip6][icmp6] [..............fe80::3207:4dff:fea3:5fa7] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
analyse: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][AmazonAWS][VoIP][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.531| 0.262| 0.245| 59968.385| 4.100]
- [PKTLEN......: 40.000| 285.000| 129.800| 99.700| 9932.100| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.531| 0.262| 0.245| 59968.385| 4.100]
+ [PKTLEN......: 40.000| 285.000| 129.800| 99.700| 9932.100| 4.600]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0]
diff --git a/test/results/flow-info/default/vk.pcapng.out b/test/results/flow-info/default/vk.pcapng.out
index 7b314a3a8..a628ea051 100644
--- a/test/results/flow-info/default/vk.pcapng.out
+++ b/test/results/flow-info/default/vk.pcapng.out
@@ -14,9 +14,9 @@
detection-update: [.....3] [ip4][..tcp] [..192.168.1.249][60436] -> [..87.240.132.78][..443] [TLS][VK][Web][Safe]
RISK: Unidirectional Traffic
analyse: [.....3] [ip4][..tcp] [..192.168.1.249][60436] -> [..87.240.132.78][..443] [TLS][VK][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.010| 0.043| 0.181| 32751.438| 1.300]
- [PKTLEN......: 52.000| 758.000| 125.300| 191.100| 36507.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.010| 0.043| 0.181| 32751.438| 1.300]
+ [PKTLEN......: 52.000| 758.000| 125.300| 191.100| 36507.600| 4.000]
[BINS(c->s)..: 28,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -36,9 +36,9 @@
detection-update: [.....6] [ip4][..tcp] [..192.168.1.249][56504] -> [.87.240.129.135][..443] [TLS][VK][Web][Safe]
RISK: Unidirectional Traffic
analyse: [.....2] [ip4][..tcp] [..192.168.1.249][40344] -> [.87.240.129.140][..443] [TLS][VK][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.007| 0.151| 0.451| 203470.717| 2.100]
- [PKTLEN......: 52.000| 1017.000| 241.000| 249.500| 62251.300| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.007| 0.151| 0.451| 203470.717| 2.100]
+ [PKTLEN......: 52.000| 1017.000| 241.000| 249.500| 62251.300| 4.300]
[BINS(c->s)..: 17,0,0,0,0,2,2,0,3,0,1,1,0,0,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/vnc.pcap.out b/test/results/flow-info/default/vnc.pcap.out
index 103280e15..b25585ed5 100644
--- a/test/results/flow-info/default/vnc.pcap.out
+++ b/test/results/flow-info/default/vnc.pcap.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [..95.237.48.208][59791] -> [..192.168.2.110][.6900] [VNC][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port, Desktop/File Sharing
analyse: [.....1] [ip4][..tcp] [..95.237.48.208][59791] -> [..192.168.2.110][.6900] [VNC][Unknown][RemoteAccess][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.545| 0.058| 0.113| 12857.595| 3.200]
- [PKTLEN......: 40.000| 75.000| 56.600| 12.800| 163.200| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.545| 0.058| 0.113| 12857.595| 3.200]
+ [PKTLEN......: 40.000| 75.000| 56.600| 12.800| 163.200| 5.000]
[BINS(c->s)..: 12,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,1,1,1,0,0,0,1]
@@ -18,9 +18,9 @@
detected: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] [VNC][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port, Desktop/File Sharing
analyse: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] [VNC][Unknown][RemoteAccess][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.539| 0.054| 0.125| 15641.482| 3.000]
- [PKTLEN......: 40.000| 75.000| 56.800| 12.600| 158.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.539| 0.054| 0.125| 15641.482| 3.000]
+ [PKTLEN......: 40.000| 75.000| 56.800| 12.600| 158.000| 5.000]
[BINS(c->s)..: 13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0]
diff --git a/test/results/flow-info/default/vxlan.pcap.out b/test/results/flow-info/default/vxlan.pcap.out
index 9b818baa0..21686884b 100644
--- a/test/results/flow-info/default/vxlan.pcap.out
+++ b/test/results/flow-info/default/vxlan.pcap.out
@@ -20,9 +20,9 @@
new: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789]
detected: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
analyse: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.141| 0.010| 0.031| 963.930| 2.200]
- [PKTLEN......: 102.000| 1482.000| 1151.700| 546.600| 298767.600| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.141| 0.010| 0.031| 963.930| 2.200]
+ [PKTLEN......: 102.000| 1482.000| 1151.700| 546.600| 298767.600| 4.800]
[BINS(c->s)..: 0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -30,9 +30,9 @@
[PKTLENS.....: 110,102,1482,1482,570,102,271,102,554,102,1482,1482,856,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482]
[ENTROPIES...: 5.6,5.7,7.8,7.9,7.6,5.6,7.1,5.6,7.6,5.6,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9]
analyse: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.151| 0.011| 0.030| 901.957| 2.500]
- [PKTLEN......: 102.000| 420.000| 125.100| 68.200| 4655.600| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.151| 0.011| 0.030| 901.957| 2.500]
+ [PKTLEN......: 102.000| 420.000| 125.100| 68.200| 4655.600| 4.800]
[BINS(c->s)..: 0,0,28,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/wa_video.pcap.out b/test/results/flow-info/default/wa_video.pcap.out
index 1207919c0..739d9683b 100644
--- a/test/results/flow-info/default/wa_video.pcap.out
+++ b/test/results/flow-info/default/wa_video.pcap.out
@@ -17,9 +17,9 @@
new: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900]
detected: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
analyse: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.404| 0.176| 0.474| 224629.621| 2.400]
- [PKTLEN......: 52.000| 1440.000| 268.400| 335.200| 112371.900| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 2.404| 0.176| 0.474| 224629.621| 2.400]
+ [PKTLEN......: 52.000| 1440.000| 268.400| 335.200| 112371.900| 4.200]
[BINS(c->s)..: 11,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,1,1,4,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0]
@@ -27,9 +27,9 @@
[PKTLENS.....: 600,52,1440,155,508,508,332,189,225,1440,52,52,64,52,52,52,64,228,228,52,52,228,52,404,52,214,212,206,206,206,206,206]
[ENTROPIES...: 7.6,5.1,7.9,6.7,7.6,7.6,7.3,6.7,7.0,7.9,5.0,5.1,5.1,5.1,5.1,5.1,5.2,7.0,7.0,5.1,5.1,7.0,5.1,7.5,5.1,6.9,6.9,6.9,6.9,6.9,6.8,7.0]
analyse: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.550| 0.064| 0.136| 18373.693| 3.100]
- [PKTLEN......: 30.000| 500.000| 331.600| 205.800| 42355.100| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.550| 0.064| 0.136| 18373.693| 3.100]
+ [PKTLEN......: 30.000| 500.000| 331.600| 205.800| 42355.100| 4.700]
[BINS(c->s)..: 3,0,0,4,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,4,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0]
@@ -45,9 +45,9 @@
detected: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.979| 0.150| 0.383| 146861.081| 2.700]
- [PKTLEN......: 72.000| 1146.000| 523.500| 432.000| 186635.800| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.979| 0.150| 0.383| 146861.081| 2.700]
+ [PKTLEN......: 72.000| 1146.000| 523.500| 432.000| 186635.800| 4.500]
[BINS(c->s)..: 0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1]
diff --git a/test/results/flow-info/default/wa_voice.pcap.out b/test/results/flow-info/default/wa_voice.pcap.out
index 05d0b1b12..d014bfd75 100644
--- a/test/results/flow-info/default/wa_voice.pcap.out
+++ b/test/results/flow-info/default/wa_voice.pcap.out
@@ -14,9 +14,9 @@
new: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222]
detected: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable]
analyse: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.304| 0.044| 0.076| 5836.115| 3.200]
- [PKTLEN......: 52.000| 1440.000| 295.400| 467.500| 218553.500| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.304| 0.044| 0.076| 5836.115| 3.200]
+ [PKTLEN......: 52.000| 1440.000| 295.400| 467.500| 218553.500| 3.800]
[BINS(c->s)..: 11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1]
@@ -30,9 +30,9 @@
detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net]
detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net]
analyse: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.163| 0.020| 0.047| 2203.182| 2.500]
- [PKTLEN......: 52.000| 1440.000| 343.600| 489.700| 239839.300| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.163| 0.020| 0.047| 2203.182| 2.500]
+ [PKTLEN......: 52.000| 1440.000| 343.600| 489.700| 239839.300| 3.900]
[BINS(c->s)..: 10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0]
@@ -70,9 +70,9 @@
detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net]
detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net]
analyse: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.129| 0.020| 0.031| 949.768| 3.500]
- [PKTLEN......: 52.000| 1440.000| 374.400| 526.300| 277041.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.129| 0.020| 0.031| 949.768| 3.500]
+ [PKTLEN......: 52.000| 1440.000| 374.400| 526.300| 277041.400| 3.900]
[BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1]
@@ -85,9 +85,9 @@
detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 12.196| 1.588| 3.050| 9304956.469| 3.200]
- [PKTLEN......: 30.000| 306.000| 110.000| 87.200| 7598.900| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 12.196| 1.588| 3.050| 9304956.469| 3.200]
+ [PKTLEN......: 30.000| 306.000| 110.000| 87.200| 7598.900| 4.600]
[BINS(c->s)..: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1]
@@ -98,9 +98,9 @@
detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.204| 0.182| 0.229| 52393.320| 4.200]
- [PKTLEN......: 54.000| 301.000| 144.900| 51.700| 2672.500| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.204| 0.182| 0.229| 52393.320| 4.200]
+ [PKTLEN......: 54.000| 301.000| 144.900| 51.700| 2672.500| 4.900]
[BINS(c->s)..: 1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1]
diff --git a/test/results/flow-info/default/waze.pcap.out b/test/results/flow-info/default/waze.pcap.out
index 9645f3526..fb8d61969 100644
--- a/test/results/flow-info/default/waze.pcap.out
+++ b/test/results/flow-info/default/waze.pcap.out
@@ -58,9 +58,9 @@
new: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80]
detected: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com]
analyse: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.002| 3.681| 0.340| 0.885| 782653.260| 2.800]
- [PKTLEN......: 40.000|11819.000| 1952.700| 3090.500| 9551440.000| 3.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.002| 3.681| 0.340| 0.885| 782653.260| 2.800]
+ [PKTLEN......: 40.000| 11819.000| 1952.700| 3090.500| 9551440.000| 3.500]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -68,9 +68,9 @@
[PKTLENS.....: 60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40]
[ENTROPIES...: 4.4,4.7,4.7,5.5,4.6,7.0,4.6,6.9,4.6,5.6,4.7,6.8,4.7,7.0,4.6,3.0,4.6,7.0,4.7,6.2,4.7,6.6,4.7,1.7,4.7,1.7,4.7,1.4,4.6,1.7,4.7,4.7]
analyse: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.659| 0.289| 0.505| 255075.107| 3.300]
- [PKTLEN......: 40.000| 5501.000| 553.800| 1270.800| 1615041.000| 3.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.659| 0.289| 0.505| 255075.107| 3.300]
+ [PKTLEN......: 40.000| 5501.000| 553.800| 1270.800| 1615041.000| 3.000]
[BINS(c->s)..: 5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1]
@@ -123,9 +123,9 @@
new: [....29] [ip4][..tcp] [.......10.8.0.1][43089] -> [..200.160.4.198][..443] [MIDSTREAM]
new: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [MIDSTREAM]
analyse: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.416| 0.170| 0.135| 18249.146| 4.400]
- [PKTLEN......: 40.000|21928.000| 1824.800| 4660.800| 21723256.000| 2.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.416| 0.170| 0.135| 18249.146| 4.400]
+ [PKTLEN......: 40.000| 21928.000| 1824.800| 4660.800| 21723256.000| 2.600]
[BINS(c->s)..: 12,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,1]
@@ -133,9 +133,9 @@
[PKTLENS.....: 60,40,40,222,40,1408,40,2163,40,174,40,274,40,189,40,576,40,63,40,1408,40,12352,40,5512,40,21928,40,11345,40,40,40,40]
[ENTROPIES...: 4.4,4.8,4.7,5.3,4.7,7.2,4.7,7.6,4.7,6.5,4.8,7.1,4.7,6.9,4.8,7.6,4.7,5.6,4.7,7.9,4.7,8.0,4.7,8.0,4.6,8.0,4.7,8.0,4.7,4.7,4.7,4.7]
analyse: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.449| 0.192| 0.280| 78147.936| 3.800]
- [PKTLEN......: 40.000|11172.000| 1380.300| 2994.000| 8963944.000| 2.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.449| 0.192| 0.280| 78147.936| 3.800]
+ [PKTLEN......: 40.000| 11172.000| 1380.300| 2994.000| 8963944.000| 2.900]
[BINS(c->s)..: 12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0]
@@ -145,9 +145,9 @@
detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][]
RISK: Obsolete TLS (v1.1 or older)
analyse: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 5.891| 1.026| 1.779| 3164212.036| 3.400]
- [PKTLEN......: 40.000| 3646.000| 352.100| 731.900| 535720.000| 3.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 5.891| 1.026| 1.779| 3164212.036| 3.400]
+ [PKTLEN......: 40.000| 3646.000| 352.100| 731.900| 535720.000| 3.400]
[BINS(c->s)..: 10,0,0,0,1,2,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1]
diff --git a/test/results/flow-info/default/webex.pcap.out b/test/results/flow-info/default/webex.pcap.out
index 2041598f0..d9accedc8 100644
--- a/test/results/flow-info/default/webex.pcap.out
+++ b/test/results/flow-info/default/webex.pcap.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.557| 0.113| 0.156| 24421.341| 3.700]
- [PKTLEN......: 40.000| 2760.000| 387.900| 588.900| 346810.600| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.557| 0.113| 0.156| 24421.341| 3.700]
+ [PKTLEN......: 40.000| 2760.000| 387.900| 588.900| 346810.600| 3.800]
[BINS(c->s)..: 9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0]
@@ -34,9 +34,9 @@
detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.455| 0.115| 0.126| 15828.845| 4.100]
- [PKTLEN......: 40.000|18006.000| 1574.700| 3700.100| 13691057.000| 2.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.455| 0.115| 0.126| 15828.845| 4.100]
+ [PKTLEN......: 40.000| 18006.000| 1574.700| 3700.100| 13691057.000| 2.900]
[BINS(c->s)..: 10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -61,9 +61,9 @@
detection-update: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
analyse: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.031| 0.154| 0.247| 61096.366| 3.800]
- [PKTLEN......: 40.000| 8887.000| 1108.500| 2294.900| 5266403.500| 3.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.031| 0.154| 0.247| 61096.366| 3.800]
+ [PKTLEN......: 40.000| 8887.000| 1108.500| 2294.900| 5266403.500| 3.100]
[BINS(c->s)..: 12,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,4]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -195,9 +195,9 @@
detected: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS][Webex][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
analyse: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.215| 0.340| 0.548| 300050.219| 3.700]
- [PKTLEN......: 40.000|10567.000| 619.600| 1915.700| 3669828.500| 2.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.215| 0.340| 0.548| 300050.219| 3.700]
+ [PKTLEN......: 40.000| 10567.000| 619.600| 1915.700| 3669828.500| 2.500]
[BINS(c->s)..: 13,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,1,1,0,1,1,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -207,9 +207,9 @@
detection-update: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][Webex][VoIP][Acceptable][]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
analyse: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.270| 0.347| 0.598| 357673.959| 3.300]
- [PKTLEN......: 40.000| 3947.000| 310.600| 685.400| 469733.500| 3.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.270| 0.347| 0.598| 357673.959| 3.300]
+ [PKTLEN......: 40.000| 3947.000| 310.600| 685.400| 469733.500| 3.500]
[BINS(c->s)..: 3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -281,9 +281,9 @@
new: [....53] [ip4][..udp] [.......10.8.0.1][51772] -> [.62.109.229.158][.9000]
new: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443]
analyse: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][Webex][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.367| 0.190| 0.352| 124124.103| 3.400]
- [PKTLEN......: 40.000| 3947.000| 234.000| 677.200| 458632.100| 3.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.367| 0.190| 0.352| 124124.103| 3.400]
+ [PKTLEN......: 40.000| 3947.000| 234.000| 677.200| 458632.100| 3.100]
[BINS(c->s)..: 7,0,2,3,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,2,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,1]
diff --git a/test/results/flow-info/default/wechat.pcap.out b/test/results/flow-info/default/wechat.pcap.out
index c72d396b7..52bfd3a29 100644
--- a/test/results/flow-info/default/wechat.pcap.out
+++ b/test/results/flow-info/default/wechat.pcap.out
@@ -41,9 +41,9 @@
detection-update: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
detected: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
analyse: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.411| 0.155| 0.181| 32640.860| 3.800]
- [PKTLEN......: 52.000| 5878.000| 715.500| 1101.200| 1212669.600| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.411| 0.155| 0.181| 32640.860| 3.800]
+ [PKTLEN......: 52.000| 5878.000| 715.500| 1101.200| 1212669.600| 3.900]
[BINS(c->s)..: 9,0,0,1,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,1,0,1,0]
@@ -74,9 +74,9 @@
detection-update: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
new: [....25] [ip4][..tcp] [..192.168.1.103][40740] -> [203.205.151.211][..443] [MIDSTREAM]
analyse: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 4.544| 0.482| 1.044| 1090167.570| 3.200]
- [PKTLEN......: 52.000| 1740.000| 523.200| 556.000| 309130.700| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 4.544| 0.482| 1.044| 1090167.570| 3.200]
+ [PKTLEN......: 52.000| 1740.000| 523.200| 556.000| 309130.700| 4.200]
[BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0]
@@ -84,9 +84,9 @@
[PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1480,221,52,1225,429,52,250,1292,527,52,988,52,1292,527,52,989,52,1220]
[ENTROPIES...: 4.6,5.1,5.0,5.9,5.1,6.8,5.1,7.6,5.0,6.3,6.0,7.8,7.5,5.2,7.9,7.1,5.1,7.8,7.4,5.2,7.1,7.8,7.5,5.2,7.8,5.0,7.9,7.6,5.2,7.8,5.0,7.9]
analyse: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.384| 0.466| 0.827| 684250.497| 3.400]
- [PKTLEN......: 52.000| 8277.000| 746.100| 1463.300| 2141136.500| 3.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.384| 0.466| 0.827| 684250.497| 3.400]
+ [PKTLEN......: 52.000| 8277.000| 746.100| 1463.300| 2141136.500| 3.600]
[BINS(c->s)..: 9,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,0,0,0]
@@ -94,9 +94,9 @@
[PKTLENS.....: 60,60,52,290,60,52,52,1480,52,1480,52,312,52,178,103,1139,1480,1480,52,8277,52,1292,527,52,1363,1225,429,52,250,52,1292,527]
[ENTROPIES...: 4.7,5.2,5.0,5.9,5.2,5.0,5.2,6.8,5.0,7.5,5.0,7.2,5.0,6.4,6.0,7.8,7.9,7.9,5.0,8.0,5.0,7.8,7.6,5.1,7.9,7.8,7.5,5.1,7.0,5.0,7.8,7.5]
analyse: [....13] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54058] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 11.774| 2.195| 3.338| 11139408.724| 3.800]
- [PKTLEN......: 52.000| 1240.000| 398.500| 492.500| 242574.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 11.774| 2.195| 3.338| 11139408.724| 3.800]
+ [PKTLEN......: 52.000| 1240.000| 398.500| 492.500| 242574.800| 4.000]
[BINS(c->s)..: 8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0]
@@ -120,9 +120,9 @@
detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
analyse: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 6.862| 1.014| 1.948| 3793749.017| 3.100]
- [PKTLEN......: 52.000| 1740.000| 496.000| 523.800| 274414.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 6.862| 1.014| 1.948| 3793749.017| 3.100]
+ [PKTLEN......: 52.000| 1740.000| 496.000| 523.800| 274414.800| 4.200]
[BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0]
@@ -130,9 +130,9 @@
[PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1220,521,52,283,1292,527,52,988,52,1220,511,52,283,52,1292,527,52,989,52,1220,516]
[ENTROPIES...: 4.7,5.2,5.1,5.9,5.1,6.8,5.0,7.6,4.9,6.4,6.0,7.8,7.6,5.1,7.2,7.8,7.6,5.0,7.8,5.1,7.8,7.5,4.9,7.2,5.0,7.8,7.6,5.2,7.8,5.0,7.8,7.5]
analyse: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.001| 6.095| 1.335| 2.042| 4168801.845| 3.500]
- [PKTLEN......: 52.000| 1740.000| 437.700| 521.000| 271486.500| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 6.095| 1.335| 2.042| 4168801.845| 3.500]
+ [PKTLEN......: 52.000| 1740.000| 437.700| 521.000| 271486.500| 4.100]
[BINS(c->s)..: 9,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1]
@@ -140,9 +140,9 @@
[PKTLENS.....: 60,60,52,290,60,52,52,1480,52,1740,52,178,103,52,1292,527,52,989,52,1220,508,52,283,52,1292,527,52,989,52,1220,513,52]
[ENTROPIES...: 4.8,5.2,5.0,5.9,5.3,5.1,5.1,6.8,5.0,7.6,4.9,6.4,5.9,5.0,7.8,7.6,5.0,7.8,5.0,7.8,7.6,5.1,7.2,5.1,7.8,7.5,5.1,7.8,5.1,7.8,7.6,5.1]
analyse: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Google][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 45.056| 5.827| 15.097| 227916113.773| 2.000]
- [PKTLEN......: 52.000| 1470.000| 253.200| 422.200| 178253.900| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 45.056| 5.827| 15.097| 227916113.773| 2.000]
+ [PKTLEN......: 52.000| 1470.000| 253.200| 422.200| 178253.900| 3.700]
[BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1]
@@ -183,9 +183,9 @@
detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
new: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443]
analyse: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.469| 0.183| 0.190| 36094.243| 4.000]
- [PKTLEN......: 52.000| 1740.000| 591.500| 612.000| 374517.100| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.469| 0.183| 0.190| 36094.243| 4.000]
+ [PKTLEN......: 52.000| 1740.000| 591.500| 612.000| 374517.100| 4.200]
[BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,1,1,0,1,1,0]
@@ -196,9 +196,9 @@
detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
analyse: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.647| 0.130| 0.182| 33080.510| 3.500]
- [PKTLEN......: 52.000| 3120.000| 817.600| 861.600| 742326.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.647| 0.130| 0.182| 33080.510| 3.500]
+ [PKTLEN......: 52.000| 3120.000| 817.600| 861.600| 742326.200| 4.200]
[BINS(c->s)..: 11,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,2]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1]
@@ -207,9 +207,9 @@
[ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,6.8,5.1,7.5,5.0,7.3,5.0,6.4,5.8,7.9,7.9,7.9,5.1,7.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8,7.9,7.9,5.0,7.9,7.9,5.1,7.9]
detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
analyse: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.952| 0.213| 0.233| 54375.543| 4.000]
- [PKTLEN......: 52.000| 1740.000| 543.300| 599.100| 358890.200| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.952| 0.213| 0.233| 54375.543| 4.000]
+ [PKTLEN......: 52.000| 1740.000| 543.300| 599.100| 358890.200| 4.100]
[BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,1,0,0,1,0,1,0,1]
@@ -272,9 +272,9 @@
new: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443]
detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun][res.wx.qq.com]
analyse: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 6.615| 0.560| 1.552| 2408711.979| 2.600]
- [PKTLEN......: 52.000| 1480.000| 478.200| 547.100| 299293.400| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 6.615| 0.560| 1.552| 2408711.979| 2.600]
+ [PKTLEN......: 52.000| 1480.000| 478.200| 547.100| 299293.400| 4.100]
[BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,1,1,0,0,1,1]
@@ -307,9 +307,9 @@
update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable]
update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable]
analyse: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 7.807| 0.648| 1.839| 3381034.746| 2.500]
- [PKTLEN......: 52.000| 1480.000| 445.300| 494.600| 244586.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 7.807| 0.648| 1.839| 3381034.746| 2.500]
+ [PKTLEN......: 52.000| 1480.000| 445.300| 494.600| 244586.200| 4.200]
[BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0]
@@ -317,9 +317,9 @@
[PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1220,524,52,283,1292,527,52,988,52,1220,519,52,283,52,1292,527,52,989,52]
[ENTROPIES...: 4.7,5.2,4.9,5.8,5.1,6.8,5.0,7.5,5.1,7.2,5.0,6.4,5.9,7.8,7.5,5.1,7.2,7.8,7.6,5.1,7.8,5.0,7.8,7.5,5.1,7.1,5.1,7.8,7.5,5.1,7.8,5.0]
analyse: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 183.801| 12.094| 33.303| 1109122757.951| 2.600]
- [PKTLEN......: 68.000| 68.000| 68.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 183.801| 12.094| 33.303| 1109122757.951| 2.600]
+ [PKTLEN......: 68.000| 68.000| 68.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -327,9 +327,9 @@
[PKTLENS.....: 68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68]
[ENTROPIES...: 4.3,4.3,4.3,4.2,4.3,4.3,4.3,4.3,4.3,4.3,4.3,4.3,4.2,4.2,4.2,4.3,4.3,4.3,4.2,4.3,4.3,4.2,4.2,4.3,4.3,4.3,4.3,4.3,4.3,4.3,4.2,4.2]
analyse: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 183.800| 12.094| 33.303| 1109120811.794| 2.600]
- [PKTLEN......: 88.000| 88.000| 88.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 183.800| 12.094| 33.303| 1109120811.794| 2.600]
+ [PKTLEN......: 88.000| 88.000| 88.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -349,9 +349,9 @@
RISK: Unsafe Protocol
update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
analyse: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 7.133| 0.619| 1.664| 2769657.004| 2.700]
- [PKTLEN......: 52.000| 1480.000| 478.200| 547.100| 299307.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 7.133| 0.619| 1.664| 2769657.004| 2.700]
+ [PKTLEN......: 52.000| 1480.000| 478.200| 547.100| 299307.700| 4.100]
[BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,1,1,0]
@@ -382,9 +382,9 @@
detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com]
detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com]
analyse: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.509| 0.286| 0.565| 319614.583| 3.400]
- [PKTLEN......: 52.000| 1740.000| 537.900| 561.400| 315202.600| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.509| 0.286| 0.565| 319614.583| 3.400]
+ [PKTLEN......: 52.000| 1740.000| 537.900| 561.400| 315202.600| 4.200]
[BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0]
@@ -462,9 +462,9 @@
detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com]
detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com]
analyse: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.577| 0.182| 0.352| 123851.137| 3.200]
- [PKTLEN......: 52.000| 1480.000| 545.600| 599.000| 358844.300| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.577| 0.182| 0.352| 123851.137| 3.200]
+ [PKTLEN......: 52.000| 1480.000| 545.600| 599.000| 358844.300| 4.100]
[BINS(c->s)..: 7,0,0,1,0,0,0,1,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,5,0,0,0]
[BINS(s->c)..: 6,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,0,0]
diff --git a/test/results/flow-info/default/weibo.pcap.out b/test/results/flow-info/default/weibo.pcap.out
index 8a2212c85..c25cf10dc 100644
--- a/test/results/flow-info/default/weibo.pcap.out
+++ b/test/results/flow-info/default/weibo.pcap.out
@@ -22,9 +22,9 @@
new: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [MIDSTREAM]
new: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [MIDSTREAM]
analyse: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.482| 0.042| 0.114| 12948.299| 2.500]
- [PKTLEN......: 52.000| 2924.000| 448.100| 693.400| 480801.900| 3.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.482| 0.042| 0.114| 12948.299| 2.500]
+ [PKTLEN......: 52.000| 2924.000| 448.100| 693.400| 480801.900| 3.700]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -44,9 +44,9 @@
new: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53]
detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][js.t.sinajs.cn]
analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.314| 0.038| 0.072| 5116.345| 3.500]
- [PKTLEN......: 52.000| 2924.000| 696.700| 831.300| 691142.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.314| 0.038| 0.072| 5116.345| 3.500]
+ [PKTLEN......: 52.000| 2924.000| 696.700| 831.300| 691142.800| 4.000]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,2]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -54,9 +54,9 @@
[PKTLENS.....: 60,60,52,484,52,566,52,1488,52,2924,52,1488,52,1064,64,1488,52,879,52,566,64,2924,64,1488,64,1488,64,1488,64,1488,64,1488]
[ENTROPIES...: 4.6,5.2,5.0,5.9,5.2,5.7,4.9,7.8,4.9,7.9,5.0,7.9,4.9,7.8,5.0,7.9,4.9,7.7,5.0,5.7,5.0,7.9,5.0,7.8,5.1,7.9,5.1,7.9,5.1,7.9,5.0,7.9]
analyse: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.401| 0.041| 0.093| 8612.838| 3.200]
- [PKTLEN......: 52.000| 4360.000| 833.800| 1162.900| 1352437.000| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.401| 0.041| 0.093| 8612.838| 3.200]
+ [PKTLEN......: 52.000| 4360.000| 833.800| 1162.900| 1352437.000| 3.800]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,3]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -111,9 +111,9 @@
new: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443]
new: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443]
analyse: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.439| 0.087| 0.119| 14239.990| 3.800]
- [PKTLEN......: 52.000| 1488.000| 514.000| 578.700| 334896.400| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.439| 0.087| 0.119| 14239.990| 3.800]
+ [PKTLEN......: 52.000| 1488.000| 514.000| 578.700| 334896.400| 4.100]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -121,9 +121,9 @@
[PKTLENS.....: 60,60,52,462,52,563,52,1012,52,563,64,1012,64,511,52,480,52,1488,52,480,64,1488,52,1488,52,1488,52,1488,64,1488,52,1488]
[ENTROPIES...: 4.7,5.1,5.0,5.9,5.0,5.8,5.0,7.8,5.0,5.7,5.0,7.8,5.0,5.9,5.1,5.8,5.0,6.4,5.1,5.8,5.1,7.7,5.1,7.7,5.1,7.7,5.1,7.7,5.2,7.7,5.1,7.7]
analyse: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.184| 0.031| 0.055| 2983.622| 3.400]
- [PKTLEN......: 52.000| 1488.000| 633.200| 674.000| 454231.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.184| 0.031| 0.055| 2983.622| 3.400]
+ [PKTLEN......: 52.000| 1488.000| 633.200| 674.000| 454231.700| 4.100]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -131,9 +131,9 @@
[PKTLENS.....: 60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488]
[ENTROPIES...: 4.7,5.2,5.0,5.8,5.1,5.8,5.0,7.8,5.0,7.8,5.1,7.7,5.1,7.7,5.1,7.8,5.0,7.6,5.1,7.9,5.1,7.8,5.1,7.9,5.0,7.8,5.1,5.8,5.1,7.9,5.0,7.8]
analyse: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.252| 0.036| 0.056| 3089.619| 3.800]
- [PKTLEN......: 52.000| 1488.000| 633.700| 673.800| 454044.400| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.252| 0.036| 0.056| 3089.619| 3.800]
+ [PKTLEN......: 52.000| 1488.000| 633.700| 673.800| 454044.400| 4.100]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
diff --git a/test/results/flow-info/default/whatsapp_login_call.pcap.out b/test/results/flow-info/default/whatsapp_login_call.pcap.out
index 13c30c1bd..b9df754f8 100644
--- a/test/results/flow-info/default/whatsapp_login_call.pcap.out
+++ b/test/results/flow-info/default/whatsapp_login_call.pcap.out
@@ -32,9 +32,9 @@
detected: [....16] [ip4][..tcp] [....192.168.2.4][49193] -> [..17.110.229.14][.5223] [ApplePush][Apple][Cloud][Acceptable]
detected: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Unknown][Chat][Acceptable]
analyse: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Apple][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.712| 0.120| 0.179| 32210.293| 3.400]
- [PKTLEN......: 40.000| 1480.000| 432.900| 595.100| 354099.200| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.712| 0.120| 0.179| 32210.293| 3.400]
+ [PKTLEN......: 40.000| 1480.000| 432.900| 595.100| 354099.200| 3.800]
[BINS(c->s)..: 9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1]
@@ -45,9 +45,9 @@
RISK: TLS (probably) Not Carrying HTTPS
new: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443]
analyse: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Unknown][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.709| 0.193| 0.172| 29610.717| 4.400]
- [PKTLEN......: 52.000| 253.000| 102.800| 60.800| 3698.600| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.709| 0.193| 0.172| 29610.717| 4.400]
+ [PKTLEN......: 52.000| 253.000| 102.800| 60.800| 3698.600| 4.800]
[BINS(c->s)..: 9,0,2,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,1,0]
@@ -59,9 +59,9 @@
detection-update: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe][p53-buy.itunes.apple.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.246| 0.057| 0.089| 7910.915| 3.400]
- [PKTLEN......: 40.000| 1480.000| 289.300| 408.500| 166890.900| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.246| 0.057| 0.089| 7910.915| 3.400]
+ [PKTLEN......: 40.000| 1480.000| 289.300| 408.500| 166890.900| 3.900]
[BINS(c->s)..: 9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0]
@@ -105,9 +105,9 @@
detected: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.352| 0.131| 0.070| 4931.355| 4.700]
- [PKTLEN......: 50.000| 337.000| 199.000| 98.800| 9763.600| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.352| 0.131| 0.070| 4931.355| 4.700]
+ [PKTLEN......: 50.000| 337.000| 199.000| 98.800| 9763.600| 4.800]
[BINS(c->s)..: 1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -165,9 +165,9 @@
detected: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.307| 0.114| 0.086| 7398.241| 4.500]
- [PKTLEN......: 54.000| 306.000| 141.000| 58.800| 3453.300| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.307| 0.114| 0.086| 7398.241| 4.500]
+ [PKTLEN......: 54.000| 306.000| 141.000| 58.800| 3453.300| 4.900]
[BINS(c->s)..: 1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0]
@@ -201,9 +201,9 @@
detection-update: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe][p53-buy.itunes.apple.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.272| 0.058| 0.092| 8444.798| 3.300]
- [PKTLEN......: 40.000| 1480.000| 289.300| 408.500| 166876.700| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.272| 0.058| 0.092| 8444.798| 3.300]
+ [PKTLEN......: 40.000| 1480.000| 289.300| 408.500| 166876.700| 3.900]
[BINS(c->s)..: 9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0]
diff --git a/test/results/flow-info/default/whatsapp_login_chat.pcap.out b/test/results/flow-info/default/whatsapp_login_chat.pcap.out
index 3da7a6517..75e08d30e 100644
--- a/test/results/flow-info/default/whatsapp_login_chat.pcap.out
+++ b/test/results/flow-info/default/whatsapp_login_chat.pcap.out
@@ -13,9 +13,9 @@
RISK: Unidirectional Traffic
detection-update: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS][Apple][Web][Safe]
analyse: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS][Apple][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.031| 0.229| 0.711| 505750.847| 2.000]
- [PKTLEN......: 40.000| 1480.000| 515.600| 518.700| 269058.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.031| 0.229| 0.711| 505750.847| 2.000]
+ [PKTLEN......: 40.000| 1480.000| 515.600| 518.700| 269058.200| 4.200]
[BINS(c->s)..: 4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0]
[BINS(s->c)..: 9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0]
diff --git a/test/results/flow-info/default/whatsapp_voice_and_message.pcap.out b/test/results/flow-info/default/whatsapp_voice_and_message.pcap.out
index 75952471c..fd15255d9 100644
--- a/test/results/flow-info/default/whatsapp_voice_and_message.pcap.out
+++ b/test/results/flow-info/default/whatsapp_voice_and_message.pcap.out
@@ -20,9 +20,9 @@
new: [.....9] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.73.48][.3478]
detected: [.....9] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.73.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][35480] -> [.184.173.179.46][..443] [WhatsApp][Unknown][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 10.749| 0.839| 2.600| 6759456.965| 2.200]
- [PKTLEN......: 40.000| 455.000| 93.400| 97.600| 9526.400| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 10.749| 0.839| 2.600| 6759456.965| 2.200]
+ [PKTLEN......: 40.000| 455.000| 93.400| 97.600| 9526.400| 4.500]
[BINS(c->s)..: 9,2,4,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,0,1,0]
@@ -34,9 +34,9 @@
new: [....11] [ip4][..tcp] [.......10.8.0.1][42241] -> [173.192.222.189][.5222]
detected: [....11] [ip4][..tcp] [.......10.8.0.1][42241] -> [173.192.222.189][.5222] [WhatsApp][Unknown][Chat][Acceptable]
analyse: [....11] [ip4][..tcp] [.......10.8.0.1][42241] -> [173.192.222.189][.5222] [WhatsApp][Unknown][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.458| 0.064| 0.104| 10787.211| 3.700]
- [PKTLEN......: 40.000| 545.000| 88.200| 100.300| 10067.600| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.458| 0.064| 0.104| 10787.211| 3.700]
+ [PKTLEN......: 40.000| 545.000| 88.200| 100.300| 10067.600| 4.400]
[BINS(c->s)..: 10,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,0]
@@ -54,9 +54,9 @@
new: [....12] [ip4][..tcp] [.......10.8.0.1][49721] -> [..158.85.58.109][.5222]
detected: [....12] [ip4][..tcp] [.......10.8.0.1][49721] -> [..158.85.58.109][.5222] [WhatsApp][Unknown][Chat][Acceptable]
analyse: [....12] [ip4][..tcp] [.......10.8.0.1][49721] -> [..158.85.58.109][.5222] [WhatsApp][Unknown][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.768| 0.148| 0.316| 100094.116| 3.400]
- [PKTLEN......: 40.000| 294.000| 85.100| 70.400| 4957.000| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.768| 0.148| 0.316| 100094.116| 3.400]
+ [PKTLEN......: 40.000| 294.000| 85.100| 70.400| 4957.000| 4.600]
[BINS(c->s)..: 11,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,1,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0]
diff --git a/test/results/flow-info/default/whatsappfiles.pcap.out b/test/results/flow-info/default/whatsappfiles.pcap.out
index bd411d693..9938451e9 100644
--- a/test/results/flow-info/default/whatsappfiles.pcap.out
+++ b/test/results/flow-info/default/whatsappfiles.pcap.out
@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][mmg-fna.whatsapp.net]
detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][mmg-fna.whatsapp.net]
analyse: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 24.640| 0.846| 4.345| 18880535.724| 0.500]
- [PKTLEN......: 52.000| 1450.000| 329.100| 491.800| 241822.200| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 24.640| 0.846| 4.345| 18880535.724| 0.500]
+ [PKTLEN......: 52.000| 1450.000| 329.100| 491.800| 241822.200| 3.800]
[BINS(c->s)..: 9,4,0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0]
[BINS(s->c)..: 5,1,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,0,0]
@@ -19,9 +19,9 @@
detected: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][mmg-fna.whatsapp.net]
detection-update: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][mmg-fna.whatsapp.net]
analyse: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.108| 0.019| 0.031| 953.946| 3.300]
- [PKTLEN......: 52.000| 1450.000| 485.400| 599.200| 359069.100| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.108| 0.019| 0.031| 953.946| 3.300]
+ [PKTLEN......: 52.000| 1450.000| 485.400| 599.200| 359069.100| 4.000]
[BINS(c->s)..: 6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1]
diff --git a/test/results/flow-info/default/youtube_quic.pcap.out b/test/results/flow-info/default/youtube_quic.pcap.out
index 7b35b932f..50f662788 100644
--- a/test/results/flow-info/default/youtube_quic.pcap.out
+++ b/test/results/flow-info/default/youtube_quic.pcap.out
@@ -6,9 +6,9 @@
new: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443]
detected: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Google][Media][Fun][yt3.ggpht.com]
analyse: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Google][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.047| 0.007| 0.013| 177.503| 3.300]
- [PKTLEN......: 59.000| 1378.000| 851.500| 620.100| 384534.200| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.047| 0.007| 0.013| 177.503| 3.300]
+ [PKTLEN......: 59.000| 1378.000| 851.500| 620.100| 384534.200| 4.500]
[BINS(c->s)..: 0,8,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
[BINS(s->c)..: 1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1]
diff --git a/test/results/flow-info/default/youtubeupload.pcap.out b/test/results/flow-info/default/youtubeupload.pcap.out
index 961d9bab1..9afd4446d 100644
--- a/test/results/flow-info/default/youtubeupload.pcap.out
+++ b/test/results/flow-info/default/youtubeupload.pcap.out
@@ -10,9 +10,9 @@
new: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443]
detected: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Google][Media][Fun][upload.youtube.com]
analyse: [.....1] [ip4][..udp] [...192.168.2.27][51925] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Google][Media][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.883| 0.207| 0.510| 259988.193| 2.400]
- [PKTLEN......: 44.000| 1378.000| 767.800| 621.300| 386013.800| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.883| 0.207| 0.510| 259988.193| 2.400]
+ [PKTLEN......: 44.000| 1378.000| 767.800| 621.300| 386013.800| 4.400]
[BINS(c->s)..: 0,6,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,0,1,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/default/zcash.pcap.out b/test/results/flow-info/default/zcash.pcap.out
index 3f16615a3..e6763839e 100644
--- a/test/results/flow-info/default/zcash.pcap.out
+++ b/test/results/flow-info/default/zcash.pcap.out
@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe]
RISK: Unsafe Protocol
analyse: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 50.191| 6.014| 12.034| 144808530.149| 3.200]
- [PKTLEN......: 52.000| 355.000| 142.600| 98.900| 9779.100| 4.700]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 50.191| 6.014| 12.034| 144808530.149| 3.200]
+ [PKTLEN......: 52.000| 355.000| 142.600| 98.900| 9779.100| 4.700]
[BINS(c->s)..: 9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1]
diff --git a/test/results/flow-info/default/zoom.pcap.out b/test/results/flow-info/default/zoom.pcap.out
index 9cdf50b3c..1a3feed97 100644
--- a/test/results/flow-info/default/zoom.pcap.out
+++ b/test/results/flow-info/default/zoom.pcap.out
@@ -63,9 +63,9 @@
detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Zoom][Video][Acceptable][www3.zoom.us]
detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Zoom][Video][Acceptable][www3.zoom.us]
analyse: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Zoom][Video][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.211| 0.038| 0.059| 3527.760| 3.300]
- [PKTLEN......: 40.000| 1492.000| 663.000| 660.100| 435695.100| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.211| 0.038| 0.059| 3527.760| 3.300]
+ [PKTLEN......: 40.000| 1492.000| 663.000| 660.100| 435695.100| 4.200]
[BINS(c->s)..: 11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0]
@@ -122,9 +122,9 @@
detection-update: [.....4] [ip4][..tcp] [..192.168.1.117][54341] -> [.62.149.152.153][..993] [IMAPS][Unknown][Email][Safe]
RISK: Unidirectional Traffic
analyse: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Unknown][Video][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.156| 0.028| 0.040| 1628.090| 3.800]
- [PKTLEN......: 52.000| 1492.000| 420.500| 552.400| 305116.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.156| 0.028| 0.040| 1628.090| 3.800]
+ [PKTLEN......: 52.000| 1492.000| 420.500| 552.400| 305116.100| 3.900]
[BINS(c->s)..: 10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0]
@@ -137,9 +137,9 @@
new: [....32] [ip4][..udp] [..192.168.1.117][60620] -> [..109.94.160.99][.8801]
detected: [....32] [ip4][..udp] [..192.168.1.117][60620] -> [..109.94.160.99][.8801] [Zoom][Unknown][Video][Acceptable]
analyse: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] [Zoom][Unknown][Video][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.036| 0.010| 0.009| 72.691| 4.500]
- [PKTLEN......: 41.000| 1057.000| 872.800| 383.700| 147246.200| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.036| 0.010| 0.009| 72.691| 4.500]
+ [PKTLEN......: 41.000| 1057.000| 872.800| 383.700| 147246.200| 4.800]
[BINS(c->s)..: 1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
diff --git a/test/results/flow-info/default/zoom2.pcap.out b/test/results/flow-info/default/zoom2.pcap.out
index 4739595b2..d0ce50a73 100644
--- a/test/results/flow-info/default/zoom2.pcap.out
+++ b/test/results/flow-info/default/zoom2.pcap.out
@@ -11,9 +11,9 @@
new: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801]
detected: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
analyse: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.167| 0.025| 0.040| 1639.456| 3.600]
- [PKTLEN......: 46.000| 1064.000| 704.700| 464.600| 215864.300| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.167| 0.025| 0.040| 1639.456| 3.600]
+ [PKTLEN......: 46.000| 1064.000| 704.700| 464.600| 215864.300| 4.600]
[BINS(c->s)..: 0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -25,9 +25,9 @@
detected: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
detected: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
analyse: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.176| 0.043| 0.049| 2389.122| 4.100]
- [PKTLEN......: 46.000| 189.000| 129.000| 35.800| 1279.800| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.176| 0.043| 0.049| 2389.122| 4.100]
+ [PKTLEN......: 46.000| 189.000| 129.000| 35.800| 1279.800| 4.900]
[BINS(c->s)..: 0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1]
@@ -35,9 +35,9 @@
[PKTLENS.....: 151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116]
[ENTROPIES...: 5.8,5.8,4.9,4.4,5.6,5.6,4.8,4.4,5.5,4.7,4.7,6.0,6.0,5.9,5.8,5.7,5.1,4.7,5.8,4.7,5.7,5.7,5.6,5.6,6.0,6.2,5.3,5.7,5.7,5.7,5.7,5.2]
analyse: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.188| 0.047| 0.043| 1844.784| 4.300]
- [PKTLEN......: 46.000| 171.000| 91.100| 44.600| 1993.400| 4.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.188| 0.047| 0.043| 1844.784| 4.300]
+ [PKTLEN......: 46.000| 171.000| 91.100| 44.600| 1993.400| 4.800]
[BINS(c->s)..: 7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0]
diff --git a/test/results/flow-info/default/zoom_p2p.pcapng.out b/test/results/flow-info/default/zoom_p2p.pcapng.out
index 59ecfde05..99a03c91a 100644
--- a/test/results/flow-info/default/zoom_p2p.pcapng.out
+++ b/test/results/flow-info/default/zoom_p2p.pcapng.out
@@ -21,9 +21,9 @@
update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
new: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757]
analyse: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.089| 0.026| 0.021| 430.173| 4.500]
- [PKTLEN......: 113.000| 1277.000| 673.700| 485.600| 235788.400| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.089| 0.026| 0.021| 430.173| 4.500]
+ [PKTLEN......: 113.000| 1277.000| 673.700| 485.600| 235788.400| 4.500]
[BINS(c->s)..: 0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,0,0,0,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,1,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0]
@@ -67,9 +67,9 @@
detected: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.031| 0.974| 1.005| 1010541.658| 3.900]
- [PKTLEN......: 100.000| 100.000| 100.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.031| 0.974| 1.005| 1010541.658| 3.900]
+ [PKTLEN......: 100.000| 100.000| 100.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -80,9 +80,9 @@
new: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586]
update: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
analyse: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.052| 0.013| 0.016| 253.890| 4.000]
- [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.052| 0.013| 0.016| 253.890| 4.000]
+ [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -90,9 +90,9 @@
[PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112]
[ENTROPIES...: 5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0]
analyse: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.055| 0.027| 0.014| 209.331| 4.700]
- [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.055| 0.027| 0.014| 209.331| 4.700]
+ [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out b/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out
index 696f20101..b17455d22 100644
--- a/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out
+++ b/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out
@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][]
RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400]
- [PKTLEN......: 46.000| 1500.000| 174.800| 350.900| 123099.200| 3.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400]
+ [PKTLEN......: 46.000| 1500.000| 174.800| 350.900| 123099.200| 3.600]
[BINS(c->s)..: 12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0]
diff --git a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out
index 576df79d4..2b471b0ff 100644
--- a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out
+++ b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out
@@ -82,9 +82,9 @@
detected: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
detected: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
analyse: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.056| 0.011| 0.020| 413.706| 3.100]
- [PKTLEN......: 40.000| 1300.000| 821.900| 585.300| 342554.800| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.056| 0.011| 0.020| 413.706| 3.100]
+ [PKTLEN......: 40.000| 1300.000| 821.900| 585.300| 342554.800| 4.500]
[BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1]
@@ -92,9 +92,9 @@
[PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300]
[ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.2,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.9,7.8]
analyse: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.066| 0.012| 0.024| 579.055| 2.800]
- [PKTLEN......: 40.000| 1300.000| 743.100| 600.300| 360321.400| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.066| 0.012| 0.024| 579.055| 2.800]
+ [PKTLEN......: 40.000| 1300.000| 743.100| 600.300| 360321.400| 4.400]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0]
@@ -102,9 +102,9 @@
[PKTLENS.....: 52,52,52,40,40,399,399,46,359,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40]
[ENTROPIES...: 4.5,4.5,5.0,4.7,4.7,5.8,5.8,4.4,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8]
analyse: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.067| 0.012| 0.023| 544.113| 2.900]
- [PKTLEN......: 40.000| 1300.000| 743.200| 600.200| 360235.600| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.067| 0.012| 0.023| 544.113| 2.900]
+ [PKTLEN......: 40.000| 1300.000| 743.200| 600.200| 360235.600| 4.400]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1]
@@ -112,9 +112,9 @@
[PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300]
[ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,7.5,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8]
analyse: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.096| 0.013| 0.026| 693.255| 2.700]
- [PKTLEN......: 40.000| 1300.000| 833.000| 555.000| 308021.300| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.096| 0.013| 0.026| 693.255| 2.700]
+ [PKTLEN......: 40.000| 1300.000| 833.000| 555.000| 308021.300| 4.600]
[BINS(c->s)..: 6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0]
@@ -122,9 +122,9 @@
[PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409]
[ENTROPIES...: 4.5,4.5,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.7,5.8,5.8]
analyse: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.142| 0.016| 0.032| 1046.271| 2.800]
- [PKTLEN......: 40.000| 1300.000| 822.000| 585.200| 342449.500| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.142| 0.016| 0.032| 1046.271| 2.800]
+ [PKTLEN......: 40.000| 1300.000| 822.000| 585.200| 342449.500| 4.500]
[BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1]
@@ -141,9 +141,9 @@
detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi]
RISK: HTTP Susp User-Agent
analyse: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.147| 0.015| 0.033| 1100.854| 2.600]
- [PKTLEN......: 40.000| 1300.000| 693.600| 612.000| 374554.600| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.147| 0.015| 0.033| 1100.854| 2.600]
+ [PKTLEN......: 40.000| 1300.000| 693.600| 612.000| 374554.600| 4.300]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1]
@@ -182,9 +182,9 @@
RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80]
analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.399| 0.070| 0.104| 10878.943| 3.600]
- [PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.399| 0.070| 0.104| 10878.943| 3.600]
+ [PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100]
[BINS(c->s)..: 9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0]
@@ -358,9 +358,9 @@
update: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
update: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
analyse: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 45.001| 1.464| 7.949| 63183326.806| 0.100]
- [PKTLEN......: 40.000| 1300.000| 781.600| 593.200| 351838.700| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 45.001| 1.464| 7.949| 63183326.806| 0.100]
+ [PKTLEN......: 40.000| 1300.000| 781.600| 593.200| 351838.700| 4.400]
[BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0]
@@ -626,9 +626,9 @@
new: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [MIDSTREAM]
detected: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
analyse: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.895| 0.069| 0.184| 33990.969| 2.200]
- [PKTLEN......: 260.000|21652.000| 4534.200| 5608.100| 31450232.000| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.895| 0.069| 0.184| 33990.969| 2.200]
+ [PKTLEN......: 260.000| 21652.000| 4534.200| 5608.100| 31450232.000| 4.200]
[BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1]
@@ -654,9 +654,9 @@
new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM]
detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com]
analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.409| 0.085| 0.132| 17528.007| 3.300]
- [PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300]
+ [PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12]
[DIRECTIONS..: 0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -682,9 +682,9 @@
new: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [MIDSTREAM]
detected: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com]
analyse: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.887| 0.071| 0.171| 29312.068| 2.600]
- [PKTLEN......: 337.000|18772.000| 3143.800| 3724.000| 13867894.000| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.887| 0.071| 0.171| 29312.068| 2.600]
+ [PKTLEN......: 337.000| 18772.000| 3143.800| 3724.000| 13867894.000| 4.300]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1]
@@ -692,9 +692,9 @@
[PKTLENS.....: 566,2932,1492,1492,11572,1492,1492,2932,1492,1492,1492,7252,1492,1492,1492,1492,4372,1492,2932,4239,578,337,1492,8692,18772,1492,2932,1492,1492,5812,1492,1316]
[ENTROPIES...: 5.9,7.9,7.8,7.8,8.0,7.8,7.9,7.9,7.9,7.9,7.8,8.0,7.8,7.8,7.8,7.9,7.9,7.8,7.9,7.9,5.9,5.8,7.8,8.0,8.0,7.9,7.9,7.9,7.9,8.0,7.9,7.9]
analyse: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.900| 0.096| 0.189| 35619.967| 3.000]
- [PKTLEN......: 337.000|18772.000| 3651.900| 4182.900| 17496908.000| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.900| 0.096| 0.189| 35619.967| 3.000]
+ [PKTLEN......: 337.000| 18772.000| 3651.900| 4182.900| 17496908.000| 4.300]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1]
@@ -714,9 +714,9 @@
new: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [MIDSTREAM]
detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi]
analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 6.045| 1.047| 1.982| 3926937.043| 3.000]
- [PKTLEN......: 486.000|14452.000| 2813.500| 2993.900| 8963654.000| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 6.045| 1.047| 1.982| 3926937.043| 3.000]
+ [PKTLEN......: 486.000| 14452.000| 2813.500| 2993.900| 8963654.000| 4.400]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1]
diff --git a/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out
index 05d0b1b12..d014bfd75 100644
--- a/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out
+++ b/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out
@@ -14,9 +14,9 @@
new: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222]
detected: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable]
analyse: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.304| 0.044| 0.076| 5836.115| 3.200]
- [PKTLEN......: 52.000| 1440.000| 295.400| 467.500| 218553.500| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.304| 0.044| 0.076| 5836.115| 3.200]
+ [PKTLEN......: 52.000| 1440.000| 295.400| 467.500| 218553.500| 3.800]
[BINS(c->s)..: 11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1]
@@ -30,9 +30,9 @@
detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net]
detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net]
analyse: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.163| 0.020| 0.047| 2203.182| 2.500]
- [PKTLEN......: 52.000| 1440.000| 343.600| 489.700| 239839.300| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.163| 0.020| 0.047| 2203.182| 2.500]
+ [PKTLEN......: 52.000| 1440.000| 343.600| 489.700| 239839.300| 3.900]
[BINS(c->s)..: 10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0]
@@ -70,9 +70,9 @@
detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net]
detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net]
analyse: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.129| 0.020| 0.031| 949.768| 3.500]
- [PKTLEN......: 52.000| 1440.000| 374.400| 526.300| 277041.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.129| 0.020| 0.031| 949.768| 3.500]
+ [PKTLEN......: 52.000| 1440.000| 374.400| 526.300| 277041.400| 3.900]
[BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1]
@@ -85,9 +85,9 @@
detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 12.196| 1.588| 3.050| 9304956.469| 3.200]
- [PKTLEN......: 30.000| 306.000| 110.000| 87.200| 7598.900| 4.600]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 12.196| 1.588| 3.050| 9304956.469| 3.200]
+ [PKTLEN......: 30.000| 306.000| 110.000| 87.200| 7598.900| 4.600]
[BINS(c->s)..: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1]
@@ -98,9 +98,9 @@
detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.204| 0.182| 0.229| 52393.320| 4.200]
- [PKTLEN......: 54.000| 301.000| 144.900| 51.700| 2672.500| 4.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.204| 0.182| 0.229| 52393.320| 4.200]
+ [PKTLEN......: 54.000| 301.000| 144.900| 51.700| 2672.500| 4.900]
[BINS(c->s)..: 1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1]
Powered by cgit, Themed by Ted Yin.