diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-23 00:13:19 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-23 00:13:19 +0200 |
| commit | 36f1786bde2572cf7eb44aa1384b61ecfebdeff3 (patch) | |
| tree | 83d4f3d5abc6d19ee4df1686c4cad7655cd1b335 | |
| parent | 9a28475bba88b711b7075b58473b7e5b5df1f393 (diff) | |
nDPIsrvd.h: Fixed bug during token parsing/hashing. Do not hash array contents.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
166 files changed, 1206 insertions, 1192 deletions
diff --git a/dependencies/nDPIsrvd.h b/dependencies/nDPIsrvd.h index 91590663e..2aceb9ebd 100644 --- a/dependencies/nDPIsrvd.h +++ b/dependencies/nDPIsrvd.h @@ -27,7 +27,7 @@ #include <stdarg.h> #endif -#define nDPIsrvd_MAX_JSON_TOKENS (512u + 256u) +#define nDPIsrvd_MAX_JSON_TOKENS (512u) #define nDPIsrvd_JSON_KEY_STRLEN (32) #define nDPIsrvd_STRLEN_SZ(s) (sizeof(s) / sizeof(s[0]) - sizeof(s[0])) @@ -1257,6 +1257,12 @@ static inline enum nDPIsrvd_parse_return nDPIsrvd_parse_all(struct nDPIsrvd_sock int key_length = 0; for (int current_token = 1; current_token < sock->jsmn.tokens_found; current_token++) { + if (sock->jsmn.tokens[current_token].parent >= 0 && + sock->jsmn.tokens[sock->jsmn.tokens[current_token].parent].type == JSMN_ARRAY) + { + continue; + } + if (jsmn_token_is_key(current_token) == 1) { if (key != NULL) diff --git a/examples/c-collectd/c-collectd.c b/examples/c-collectd/c-collectd.c index 811eeee08..fbad4d2e5 100644 --- a/examples/c-collectd/c-collectd.c +++ b/examples/c-collectd/c-collectd.c @@ -457,10 +457,14 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock (void)sock; (void)instance; (void)thread_data; - (void)flow; struct nDPIsrvd_json_token const * const flow_event_name = TOKEN_GET_SZ(sock, "flow_event_name"); - struct flow_user_data * const flow_user_data = (struct flow_user_data *)flow->flow_user_data; + struct flow_user_data * flow_user_data = NULL; + + if (flow != NULL) + { + flow_user_data = (struct flow_user_data *)flow->flow_user_data; + } if (flow_user_data != NULL) { diff --git a/examples/py-flow-info/flow-info.py b/examples/py-flow-info/flow-info.py index 686ba2436..3c58858ed 100755 --- a/examples/py-flow-info/flow-info.py +++ b/examples/py-flow-info/flow-info.py @@ -363,14 +363,15 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data): flow_event_name += '{}{:>16}{}'.format(TermColor.WARNING, json_dict['flow_event_name'], TermColor.END) if args.print_analyse_results is True: - next_lines = ['[min|max|avg|stddev|variance|entropy]'] + next_lines = [' {:>9}|{:>9}|{:>9}|{:>9}|{:>9}|{:>9}'.format( + 'min', 'max', 'avg', 'stddev', 'variance', 'entropy')] next_lines += ['[IAT.........: {:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}]'.format( - nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['min']), - nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['max']), - nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['avg']), - nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['stddev']), - nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['var']), - nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['ent']) + nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['min']), + nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['max']), + nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['avg']), + nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['stddev']), + nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['var']), + nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['ent']) )] next_lines += [''] next_lines[-1] += '[PKTLEN......: {:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}]'.format( @@ -388,7 +389,11 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data): next_lines += [''] next_lines[-1] += '[DIRECTIONS..: {}]'.format(','.join([str(n) for n in json_dict['data_analysis']['directions']])) next_lines += [''] - next_lines[-1] += '[IATS........: {}]'.format(','.join([str(n) for n in json_dict['data_analysis']['iat']['data']])) + iats = '' + for n in json_dict['data_analysis']['iat']['data']: + iats += '{:.1f},'.format(n / 1000.0) + iats = iats[:-1] + next_lines[-1] += '[IATS(ms)....: {}]'.format(iats) next_lines += [''] next_lines[-1] += '[PKTLENS.....: {}]'.format(','.join([str(n) for n in json_dict['data_analysis']['pktlen']['data']])) else: diff --git a/nDPId-test.c b/nDPId-test.c index e77846c67..911e0194a 100644 --- a/nDPId-test.c +++ b/nDPId-test.c @@ -367,7 +367,6 @@ static enum nDPIsrvd_callback_return distributor_json_callback(struct nDPIsrvd_s struct distributor_thread_user_data * thread_stats = NULL; struct distributor_flow_user_data * flow_stats = NULL; - (void)thread_data; #if 0 printf("Distributor: %.*s\n", (int)sock->buffer.json_string_length, sock->buffer.json_string); #endif diff --git a/test/results/flow-info/1kxun.pcap.out b/test/results/flow-info/1kxun.pcap.out index af07ac0f0..395518d6e 100644 --- a/test/results/flow-info/1kxun.pcap.out +++ b/test/results/flow-info/1kxun.pcap.out @@ -70,49 +70,49 @@ detected: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] detected: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] analyse: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.056| 0.011| 0.020| 413.706| 0.000] [PKTLEN......: 54.000| 1314.000| 835.900| 585.300|342554.800| 4.500] [BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1] - [IATS........: 26,52106,52225,22,5484,34,48207,11555,801,69,59,49,273,37,27,28,464,56171,23,50473,3499,84,64,53877,45,17726,143,82,52,49,50,0] + [IATS(ms)....: 0.0,52.1,52.2,0.0,5.5,0.0,48.2,11.6,0.8,0.1,0.1,0.0,0.3,0.0,0.0,0.0,0.5,56.2,0.0,50.5,3.5,0.1,0.1,53.9,0.0,17.7,0.1,0.1,0.1,0.0,0.1,0.0] [PKTLENS.....: 66,66,66,54,54,414,414,60,373,1314,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,1314] analyse: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.066| 0.012| 0.024| 579.055| 0.000] [PKTLEN......: 54.000| 1314.000| 757.100| 600.300|360321.400| 4.400] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0] - [IATS........: 30,54573,54712,41,4152,56,64506,68,36,30,74,39,719,84,86,86,61743,22,885,65392,59,66248,63,504,2917,559,54,52,83,3871,32,0] + [IATS(ms)....: 0.0,54.6,54.7,0.0,4.2,0.1,64.5,0.1,0.0,0.0,0.1,0.0,0.7,0.1,0.1,0.1,61.7,0.0,0.9,65.4,0.1,66.2,0.1,0.5,2.9,0.6,0.1,0.1,0.1,3.9,0.0,0.0] [PKTLENS.....: 66,66,66,54,54,413,413,60,373,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,54,54,1314,1314,1314,1314,1314,1314,54,54] analyse: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.067| 0.012| 0.023| 544.113| 0.000] [PKTLEN......: 54.000| 1314.000| 757.200| 600.200|360235.600| 4.400] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1] - [IATS........: 36,53209,53269,23,4558,53,61521,40,293,57,57277,26,5093,104,312,45,266,88,5943,34,1372,65090,55,53,50,66840,34,3844,90,757,80,0] + [IATS(ms)....: 0.0,53.2,53.3,0.0,4.6,0.1,61.5,0.0,0.3,0.1,57.3,0.0,5.1,0.1,0.3,0.0,0.3,0.1,5.9,0.0,1.4,65.1,0.1,0.1,0.1,66.8,0.0,3.8,0.1,0.8,0.1,0.0] [PKTLENS.....: 66,66,66,54,54,415,415,60,373,1314,1314,54,54,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314] analyse: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.096| 0.013| 0.026| 693.255| 0.000] [PKTLEN......: 54.000| 1314.000| 847.000| 555.000|308021.300| 4.600] [BINS(c->s)..: 6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0] - [IATS........: 37,50730,50813,26,5716,35,60276,105,70,53,49,73,718,44,49,52,342,56283,26,72323,56,48,50,164,52,68,54,259,49,96474,55,0] + [IATS(ms)....: 0.0,50.7,50.8,0.0,5.7,0.0,60.3,0.1,0.1,0.1,0.0,0.1,0.7,0.0,0.0,0.1,0.3,56.3,0.0,72.3,0.1,0.0,0.1,0.2,0.1,0.1,0.1,0.3,0.0,96.5,0.1,0.0] [PKTLENS.....: 66,66,66,54,54,414,414,60,373,1314,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,1314,1314,1314,1314,932,423,423] analyse: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.142| 0.016| 0.032| 1046.271| 0.000] [PKTLEN......: 54.000| 1314.000| 836.000| 585.200|342449.500| 4.500] [BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1] - [IATS........: 54,51945,52076,32,5225,53,60454,877,31,40,63,40,400,73,48,50,170,85115,142000,23,40785,2483,129,70,65,43573,78,404,66,55,49,0] + [IATS(ms)....: 0.1,51.9,52.1,0.0,5.2,0.1,60.5,0.9,0.0,0.0,0.1,0.0,0.4,0.1,0.0,0.1,0.2,85.1,142.0,0.0,40.8,2.5,0.1,0.1,0.1,43.6,0.1,0.4,0.1,0.1,0.0,0.0] [PKTLENS.....: 66,66,66,54,54,416,416,60,373,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314] new: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][System][Dangerous] @@ -122,13 +122,13 @@ detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] analyse: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.147| 0.015| 0.033| 1100.854| 0.000] [PKTLEN......: 54.000| 1314.000| 707.600| 612.000|374554.600| 4.300] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1] - [IATS........: 56,37783,37994,70,1795,58,38952,109751,153,146838,45,329,66,113,56,463,29,236,62,115,388,44,244,36267,36544,26,410,130,482,92,113,0] + [IATS(ms)....: 0.1,37.8,38.0,0.1,1.8,0.1,39.0,109.8,0.2,146.8,0.0,0.3,0.1,0.1,0.1,0.5,0.0,0.2,0.1,0.1,0.4,0.0,0.2,36.3,36.5,0.0,0.4,0.1,0.5,0.1,0.1,0.0] [PKTLENS.....: 66,66,66,54,54,411,411,60,1314,1314,54,54,1314,1314,1314,1314,54,54,1314,1314,1314,54,54,1314,1314,54,54,1314,1314,1314,1314,1314] new: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] detected: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Web][Acceptable] @@ -160,13 +160,13 @@ RISK: HTTP Numeric IP Address new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.399| 0.070| 0.104|10878.943| 0.000] [PKTLEN......: 54.000| 1314.000| 364.600| 410.300|168364.100| 4.200] [BINS(c->s)..: 9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0] - [IATS........: 50,76520,76599,25,1136,41,62341,85,61755,47,298859,73,398999,66467,177,166123,34,60273,507,89,60822,34,117112,46,178142,469,61984,45,102335,44259,349653,0] + [IATS(ms)....: 0.1,76.5,76.6,0.0,1.1,0.0,62.3,0.1,61.8,0.0,298.9,0.1,399.0,66.5,0.2,166.1,0.0,60.3,0.5,0.1,60.8,0.0,117.1,0.0,178.1,0.5,62.0,0.0,102.3,44.3,349.7,0.0] [PKTLENS.....: 66,66,62,54,54,306,306,60,79,499,499,499,499,60,1314,1314,54,54,1314,1314,542,54,54,281,281,60,79,491,491,60,747,54] detected: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address @@ -185,13 +185,13 @@ new: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] detected: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Network][Acceptable] analyse: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Media][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.863| 0.183| 0.253|63925.490| 0.000] [PKTLEN......: 54.000| 1078.000| 383.300| 452.500|204736.500| 4.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0] - [IATS........: 31,69271,69368,26,1928,34,67940,1399,6083,291,73959,37,665858,862765,47,408647,411020,37,251400,251827,47,336785,335976,58,329935,190,130781,55,599505,799208,58,0] + [IATS(ms)....: 0.0,69.3,69.4,0.0,1.9,0.0,67.9,1.4,6.1,0.3,74.0,0.0,665.9,862.8,0.0,408.6,411.0,0.0,251.4,251.8,0.0,336.8,336.0,0.1,329.9,0.2,130.8,0.1,599.5,799.2,0.1,0.0] [PKTLENS.....: 66,66,60,54,54,557,557,60,335,1078,1078,54,54,1078,54,54,1078,54,54,1078,54,54,1078,54,54,1078,1078,54,54,1078,54,54] new: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] new: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] [MIDSTREAM] @@ -332,13 +332,13 @@ update: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] update: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] analyse: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 45.001| 1.464| 7.949|63183326.806| 0.000] [PKTLEN......: 54.000| 1314.000| 795.600| 593.200|351838.700| 4.500] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0] - [IATS........: 34,54477,54551,26,4891,45,65495,70,68,364,89,71,208,46,29,27,25,61484,19,69006,62,56,48,731,52,51,51,454,70696,24,45001141,0] + [IATS(ms)....: 0.0,54.5,54.6,0.0,4.9,0.0,65.5,0.1,0.1,0.4,0.1,0.1,0.2,0.0,0.0,0.0,0.0,61.5,0.0,69.0,0.1,0.1,0.0,0.7,0.1,0.1,0.1,0.5,70.7,0.0,45001.1,0.0] [PKTLENS.....: 66,66,66,54,54,415,415,60,373,1314,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,1314,1314,1314,1281,54,54,55] new: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] detected: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable] @@ -580,31 +580,31 @@ new: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.895| 0.074| 0.190|35982.832| 0.000] [PKTLEN......: 274.000|21666.000| 4548.200| 5608.100|31450230.000| 4.200] [BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1] - [IATS........: 356191,54,308075,59,2442,3212,112,200163,56,36,29,26,27,25,1594,86,63,42,33,23,24,35,23,895343,371980,1,1344,81,1941,0,0,0] + [IATS(ms)....: 356.2,0.1,308.1,0.1,2.4,3.2,0.1,200.2,0.1,0.0,0.0,0.0,0.0,0.0,1.6,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,895.3,372.0,0.0,1.3,0.1,1.9,0.0,0.0,0.0] [PKTLENS.....: 278,387,13026,14466,2946,2946,1506,7266,2946,1506,2946,2946,1506,1506,1506,1506,1506,4386,6338,2946,2946,1506,1506,1506,802,274,387,17346,21666,1506,4386,17346] analyse: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.661| 0.481| 1.215|1476638.409| 0.000] [PKTLEN......: 268.000|21666.000| 4999.800| 6236.200|38890032.000| 4.100] [BINS(c->s)..: 0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,17] [DIRECTIONS..: 0,1,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,0,1,1,1] - [IATS........: 306055,4848,325793,248766,4660887,4604216,364,552,841,1047,367664,134,94,2523,311381,119,1695,102,878348,204467,1564,1050,216537,375544,43,1531,0,0,0,0,0,0] + [IATS(ms)....: 306.1,4.8,325.8,248.8,4660.9,4604.2,0.4,0.6,0.8,1.0,367.7,0.1,0.1,2.5,311.4,0.1,1.7,0.1,878.3,204.5,1.6,1.1,216.5,375.5,0.0,1.5,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 268,384,6298,268,384,5682,278,386,1506,1506,7266,2946,5826,2946,10146,2946,1506,5826,2946,1506,8706,1506,5768,277,386,20226,21666,15363,278,387,2946,21666] analyse: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.892| 0.092| 0.200|39932.170| 0.000] [PKTLEN......: 278.000|21666.000| 6946.200| 6776.100|45915728.000| 4.300] [BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,20] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 348410,61,2586,311307,74,1916,87,90,200152,34,703,82,83,49,891560,375934,1624,82,2179,1527,332757,94,46,1896,46,1564,1588,0,0,0,0,0] + [IATS(ms)....: 348.4,0.1,2.6,311.3,0.1,1.9,0.1,0.1,200.2,0.0,0.7,0.1,0.1,0.0,891.6,375.9,1.6,0.1,2.2,1.5,332.8,0.1,0.0,1.9,0.0,1.6,1.6,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 278,386,1506,11586,1506,4386,2946,13026,7266,1506,1506,1506,1506,2946,2946,1506,4605,278,388,21666,2946,10146,11586,17346,7266,18786,5826,20226,1506,10146,11586,21666] new: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [MIDSTREAM] detected: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Streaming][Fun] @@ -626,13 +626,13 @@ new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][Web][Acceptable] analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.409| 0.085| 0.132|17528.007| 0.000] [PKTLEN......: 490.000| 8706.000| 2615.900| 2200.300|4841425.000| 4.600] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12] [DIRECTIONS..: 0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 380392,4573,408625,215737,457,986,1014,178521,331,482,379636,185383,1426,654,331743,5741,174159,6079,334,924,170502,413,6008,1070,341,710,169481,463,585,5307,422,0] + [IATS(ms)....: 380.4,4.6,408.6,215.7,0.5,1.0,1.0,178.5,0.3,0.5,379.6,185.4,1.4,0.7,331.7,5.7,174.2,6.1,0.3,0.9,170.5,0.4,6.0,1.1,0.3,0.7,169.5,0.5,0.6,5.3,0.4,0.0] [PKTLENS.....: 831,1506,1267,502,1506,1506,7266,4386,1506,1506,2518,490,2946,8706,1506,2946,8706,2946,1506,1506,7266,1506,1506,2946,1506,1506,2946,1506,1506,2946,1506,1506] new: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [MIDSTREAM] detected: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP.Tencent][SocialNetwork][Acceptable] @@ -654,42 +654,42 @@ new: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [MIDSTREAM] detected: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.832| 0.077| 0.179|32207.956| 0.000] [PKTLEN......: 351.000|10146.000| 3118.200| 2492.500|6212617.000| 4.600] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,16] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 207030,367,1074,749,203546,401,538,843,360,1168,622,204026,463,1910,808,831841,413644,1524,1634,381,916,201620,415,562,974,897,365,0,0,0,0,0] + [IATS(ms)....: 207.0,0.4,1.1,0.7,203.5,0.4,0.5,0.8,0.4,1.2,0.6,204.0,0.5,1.9,0.8,831.8,413.6,1.5,1.6,0.4,0.9,201.6,0.4,0.6,1.0,0.9,0.4,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 592,351,1506,8706,2946,1506,1506,2946,1506,1506,5826,4386,1506,1506,1506,5826,2946,2946,3956,592,351,1506,8706,10146,5826,2946,1506,1506,2946,4386,4386,1506] detection-update: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] detection-update: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.877| 0.084| 0.182|33133.681| 0.000] [PKTLEN......: 351.000|15906.000| 2761.900| 3042.000|9253906.000| 4.400] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,17,0,10] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1] - [IATS........: 216812,1301,1174,217584,379,838,730,814,206371,3184,729,1431,202135,477,2906,412,436,624,742,876517,236517,1,2089,899,206105,416,0,0,0,0,0,0] + [IATS(ms)....: 216.8,1.3,1.2,217.6,0.4,0.8,0.7,0.8,206.4,3.2,0.7,1.4,202.1,0.5,2.9,0.4,0.4,0.6,0.7,876.5,236.5,0.0,2.1,0.9,206.1,0.4,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 580,351,1506,4386,1506,5826,1506,1506,1506,1506,1506,2946,1506,4386,2946,2946,8706,1506,1506,1506,1506,1506,1506,1506,1204,592,351,7266,15906,4386,1506,1506] analyse: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.887| 0.081| 0.181|32801.006| 0.000] [PKTLEN......: 351.000|18786.000| 3157.800| 3724.000|13867893.000| 4.300] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 223740,209594,1687,207155,354,1309,724,462,462,1177,203967,420,1398,676,628,3543,886861,237591,464,978,2452,823,206716,876,409,919,651,0,0,0,0,0] + [IATS(ms)....: 223.7,209.6,1.7,207.2,0.4,1.3,0.7,0.5,0.5,1.2,204.0,0.4,1.4,0.7,0.6,3.5,886.9,237.6,0.5,1.0,2.5,0.8,206.7,0.9,0.4,0.9,0.7,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 580,2946,1506,1506,11586,1506,1506,2946,1506,1506,1506,7266,1506,1506,1506,1506,4386,1506,2946,4253,592,351,1506,8706,18786,1506,2946,1506,1506,5826,1506,1330] analyse: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.900| 0.119| 0.204|41414.242| 0.000] [PKTLEN......: 351.000|18786.000| 3665.900| 4182.900|17496908.000| 4.300] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1] - [IATS........: 205636,2121,1,224803,394,328,1444,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,407339,371504,1478,0,0,0,0,0,0,0] + [IATS(ms)....: 205.6,2.1,0.0,224.8,0.4,0.3,1.4,193.7,0.4,0.4,1.7,1.3,1.9,226.0,899.7,238.0,0.0,2.4,199.2,0.5,1.0,1.3,407.3,371.5,1.5,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 580,351,1506,4386,2946,4386,1506,1506,1506,1506,5826,1506,1506,1506,2946,4386,5826,3732,592,351,7266,15906,1506,1506,7266,1506,5826,654,580,351,7801,18786] new: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [MIDSTREAM] detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Web][Acceptable] @@ -704,13 +704,13 @@ new: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.045| 1.119| 2.029|4116996.948| 0.000] [PKTLEN......: 500.000|14466.000| 2827.500| 2993.900|8963654.000| 4.400] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1] - [IATS........: 188503,1,1404,179436,1430,692,418,2433,676,270050,61,644,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377,0,0,0] + [IATS(ms)....: 188.5,0.0,1.4,179.4,1.4,0.7,0.4,2.4,0.7,270.1,0.1,0.6,3892.8,3428.9,186.1,186.3,192.6,209.0,367.2,352.3,5253.8,5339.0,3.6,6045.0,5959.1,0.4,0.5,194.9,189.4,0.0,0.0,0.0] [PKTLENS.....: 500,2946,2946,8706,2946,7266,1506,1506,14466,1506,2946,2946,7266,7266,4092,817,709,819,1525,821,1415,817,1530,1079,2946,1144,1169,1506,1506,1589,1180,1097] new: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] @@ -719,22 +719,22 @@ new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 39.120| 3.011| 10.152|103072311.280| 0.000] [PKTLEN......: 273.000|23106.000| 5201.300| 6479.700|41986288.000| 4.100] [BINS(c->s)..: 0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,7,0,16] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1] - [IATS........: 353699,3771,104,303718,4300,92,205833,106,880957,368900,1,5053,392939,352227,1591,70,2344,55,1451,285655,2146,39119714,38675191,1,2923,335353,3681,0,0,0,0,0] + [IATS(ms)....: 353.7,3.8,0.1,303.7,4.3,0.1,205.8,0.1,881.0,368.9,0.0,5.1,392.9,352.2,1.6,0.1,2.3,0.1,1.5,285.7,2.1,39119.7,38675.2,0.0,2.9,335.4,3.7,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 278,386,1506,1506,10146,2946,2946,23106,1506,1506,1172,273,386,18786,7757,278,387,1506,21666,4386,17346,4386,10146,5826,1506,5159,273,388,1506,11586,2946,2946] analyse: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.361| 0.129| 0.285|81120.911| 0.000] [PKTLEN......: 273.000|15906.000| 6044.500| 5319.900|28301384.000| 4.400] [BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,21] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 326102,180,328843,179,2720,177591,469,1313,2855,118,155,777,2306,401346,1361476,293524,1,1093,2137,2758,88,201,2770,309632,1485,0,0,0,0,0,0,0] + [IATS(ms)....: 326.1,0.2,328.8,0.2,2.7,177.6,0.5,1.3,2.9,0.1,0.2,0.8,2.3,401.3,1361.5,293.5,0.0,1.1,2.1,2.8,0.1,0.2,2.8,309.6,1.5,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 273,388,1506,1506,2946,7266,1506,8706,2946,15906,1506,1506,4386,13026,8706,2946,1506,15906,13200,273,388,1506,5826,15906,11586,10146,4386,14466,2946,2946,13026,4386] new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Web][Acceptable] @@ -772,23 +772,23 @@ new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] analyse: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP.AmazonAWS][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.015| 0.003| 0.003| 10.814| 0.000] [PKTLEN......: 249.000| 7206.000| 4110.800| 1776.800|3156934.000| 4.800] [BINS(c->s)..: 0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,27] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 14880,612,571,2499,3579,106,930,2545,9210,1,87,6481,115,1571,2984,1607,79,1540,90,67,2792,6531,3088,2380,1844,2843,73,0,0,0,0,0] + [IATS(ms)....: 14.9,0.6,0.6,2.5,3.6,0.1,0.9,2.5,9.2,0.0,0.1,6.5,0.1,1.6,3.0,1.6,0.1,1.5,0.1,0.1,2.8,6.5,3.1,2.4,1.8,2.8,0.1,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 249,797,1494,2922,4350,4350,4350,4350,2922,1494,4350,4350,2922,4350,4350,2922,4350,5778,5778,5778,5778,4350,5778,1494,5778,4350,2922,7206,4350,7206,7206,2922] detection-update: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] analyse: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.021| 0.003| 0.005| 24.604| 0.000] [PKTLEN......: 563.000| 5778.000| 3473.000| 1697.900|2882863.000| 4.800] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,1,21] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 21003,154,129,3134,1686,3067,15801,2210,2030,2737,73,1485,603,2873,1573,1531,81,114,3525,1587,2816,10499,1437,55,1612,0,0,0,0,0,0,0] + [IATS(ms)....: 21.0,0.2,0.1,3.1,1.7,3.1,15.8,2.2,2.0,2.7,0.1,1.5,0.6,2.9,1.6,1.5,0.1,0.1,3.5,1.6,2.8,10.5,1.4,0.1,1.6,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 563,1494,1494,2922,1494,2922,1494,4350,4350,4350,2922,1494,4350,1494,4350,4350,4350,5778,5778,4350,1494,1494,1494,4350,5778,5778,3214,4202,5590,1538,5778,5778] new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP.AmazonAWS][Cloud][Acceptable] diff --git a/test/results/flow-info/443-curl.pcap.out b/test/results/flow-info/443-curl.pcap.out index 98e036b74..287a58ed9 100644 --- a/test/results/flow-info/443-curl.pcap.out +++ b/test/results/flow-info/443-curl.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.784| 0.063| 0.190|36203.258| 0.000] [PKTLEN......: 66.000| 1506.000| 411.200| 558.700|312115.000| 3.900] [BINS(c->s)..: 10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1] - [IATS........: 38692,38799,9627,47643,2769,1124,2,41874,4,11797,50900,31,39132,3,742,11,18,78,76,38549,8926,46564,784064,784044,367,123,462,127,121,240,248,0] + [IATS(ms)....: 38.7,38.8,9.6,47.6,2.8,1.1,0.0,41.9,0.0,11.8,50.9,0.0,39.1,0.0,0.7,0.0,0.0,0.1,0.1,38.5,8.9,46.6,784.1,784.0,0.4,0.1,0.5,0.1,0.1,0.2,0.2,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,197,66,66,192,117,123,66,66,119,122,108,133,104,66,104,66,281,66,1506,1506,66,1506,1062,66,1506] end: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/443-firefox.pcap.out b/test/results/flow-info/443-firefox.pcap.out index 70327cc48..63e6795bc 100644 --- a/test/results/flow-info/443-firefox.pcap.out +++ b/test/results/flow-info/443-firefox.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.656| 0.130| 0.404|163175.268| 0.000] [PKTLEN......: 66.000| 1506.000| 532.700| 610.400|372566.000| 4.100] [BINS(c->s)..: 11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1] - [IATS........: 38504,38612,1822,40006,4099,93,2,42327,4,2052,40671,32,38677,3,193774,83,215,231092,9994,47033,1655690,50,1655693,186,15,177,176,149,321,109,243,0] + [IATS(ms)....: 38.5,38.6,1.8,40.0,4.1,0.1,0.0,42.3,0.0,2.1,40.7,0.0,38.7,0.0,193.8,0.1,0.2,231.1,10.0,47.0,1655.7,0.1,1655.7,0.2,0.0,0.2,0.2,0.1,0.3,0.1,0.2,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,140,66,66,151,332,115,66,66,235,312,96,66,96,66,1506,1506,66,1506,1030,66,1506,1506,66,1506,1030] end: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/443-git.pcap.out b/test/results/flow-info/443-git.pcap.out index 458c142d5..42dca0d51 100644 --- a/test/results/flow-info/443-git.pcap.out +++ b/test/results/flow-info/443-git.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.144| 0.033| 0.053| 2832.982| 0.000] [PKTLEN......: 66.000| 1490.000| 351.800| 464.400|215710.400| 4.000] [BINS(c->s)..: 14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0] - [IATS........: 110467,110568,6595,119379,41,9,112809,2,11075,123994,112907,571,143502,5,142911,2,6496,2,14,6523,7,6,115,82,1242,13,1267,3,237,2,227,0] + [IATS(ms)....: 110.5,110.6,6.6,119.4,0.0,0.0,112.8,0.0,11.1,124.0,112.9,0.6,143.5,0.0,142.9,0.0,6.5,0.0,0.0,6.5,0.0,0.0,0.1,0.1,1.2,0.0,1.3,0.0,0.2,0.0,0.2,0.0] [PKTLENS.....: 78,74,66,583,1490,1490,768,66,66,192,117,66,273,437,140,66,66,100,358,99,66,66,66,164,66,1465,622,66,66,1465,486,66] end: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/443-opvn.pcap.out b/test/results/flow-info/443-opvn.pcap.out index 0ef035a18..d155d1be6 100644 --- a/test/results/flow-info/443-opvn.pcap.out +++ b/test/results/flow-info/443-opvn.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] detected: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][VPN][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.161| 0.158| 0.364|132701.856| 0.000] [PKTLEN......: 66.000| 1506.000| 274.300| 407.400|166005.600| 4.000] [BINS(c->s)..: 7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1] - [IATS........: 21611,21701,1053819,1075076,968,22235,339,57386,57093,21241,11768,32975,174,239,20560,20491,9065,4,19997,11251,22162,19953,19952,207,21422,21230,137,58577,1160659,1122501,1313,0] + [IATS(ms)....: 21.6,21.7,1053.8,1075.1,1.0,22.2,0.3,57.4,57.1,21.2,11.8,33.0,0.2,0.2,20.6,20.5,9.1,0.0,20.0,11.3,22.2,20.0,20.0,0.2,21.4,21.2,0.1,58.6,1160.7,1122.5,1.3,0.0] [PKTLENS.....: 78,74,66,110,66,122,66,118,66,387,66,1236,66,1506,118,69,118,1506,863,66,118,66,173,66,619,382,66,118,66,152,66,118] end: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][VPN][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/443-safari.pcap.out b/test/results/flow-info/443-safari.pcap.out index 393c5e8f4..dec6249aa 100644 --- a/test/results/flow-info/443-safari.pcap.out +++ b/test/results/flow-info/443-safari.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.696| 0.070| 0.175|30530.335| 0.000] [PKTLEN......: 66.000| 1506.000| 398.700| 559.600|313139.800| 3.900] [BINS(c->s)..: 11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1] - [IATS........: 38199,38303,1123,39767,4074,97,2,42774,4,225660,264285,31,38670,4,1586,32,19,43,88,40010,28,9938,48247,695603,124,695650,120,128,123,103,125,0] + [IATS(ms)....: 38.2,38.3,1.1,39.8,4.1,0.1,0.0,42.8,0.0,225.7,264.3,0.0,38.7,0.0,1.6,0.0,0.0,0.0,0.1,40.0,0.0,9.9,48.2,695.6,0.1,695.6,0.1,0.1,0.1,0.1,0.1,0.0] [PKTLENS.....: 78,74,66,299,66,1506,1506,168,66,66,151,109,115,66,66,111,108,100,394,96,66,66,96,66,1506,1506,66,1506,66,1030,66,1506] idle: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/6in4tunnel.pcap.out b/test/results/flow-info/6in4tunnel.pcap.out index dbb03f3fc..a678d614d 100644 --- a/test/results/flow-info/6in4tunnel.pcap.out +++ b/test/results/flow-info/6in4tunnel.pcap.out @@ -3,13 +3,13 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] analyse: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.005| 0.495| 0.455|206990.442| 0.000] [PKTLEN......: 106.000| 1911.000| 250.400| 383.000|146712.700| 4.200] [BINS(c->s)..: 0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1] [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0] - [IATS........: 104776,780142,221063,1000457,1001744,1001146,1001712,1005120,1001052,1000771,1001064,1001072,1001370,999940,1001888,1003131,365420,1118,348987,4072,96728,99146,95730,758,97863,1021,105,98080,140,8789,539,0] + [IATS(ms)....: 104.8,780.1,221.1,1000.5,1001.7,1001.1,1001.7,1005.1,1001.1,1000.8,1001.1,1001.1,1001.4,999.9,1001.9,1003.1,365.4,1.1,349.0,4.1,96.7,99.1,95.7,0.8,97.9,1.0,0.1,98.1,0.1,8.8,0.5,0.0] [PKTLENS.....: 138,138,200,138,138,138,138,138,138,138,138,138,138,138,138,138,138,133,133,273,261,114,114,106,310,106,1504,1911,106,106,268,159] not-detected: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] [Unknown][Unrated] idle: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] [Unknown][Unrated] diff --git a/test/results/flow-info/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-info/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 8a91118ca..0631f18ac 100644 --- a/test/results/flow-info/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/flow-info/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -10,34 +10,34 @@ new: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] detected: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] [SIP][VoIP][Acceptable] analyse: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.370| 1.692| 2.031|4125948.903| 0.000] [PKTLEN......: 87.000| 414.000| 168.800| 98.900| 9786.300| 4.800] [BINS(c->s)..: 0,15,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,0,7,0,0,0,7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1] - [IATS........: 147,2580,146,4369720,177,4369379,142,4370170,85,4370186,150,4369866,79,4370149,291,4370036,88,4369436,150,3508424,3524296,204367,192966,657514,15,652477,151,4369658,82,4370196,609,0] + [IATS(ms)....: 0.1,2.6,0.1,4369.7,0.2,4369.4,0.1,4370.2,0.1,4370.2,0.1,4369.9,0.1,4370.1,0.3,4370.0,0.1,4369.4,0.1,3508.4,3524.3,204.4,193.0,657.5,0.0,652.5,0.2,4369.7,0.1,4370.2,0.6,0.0] [PKTLENS.....: 87,87,292,164,87,87,292,164,87,87,292,164,87,87,292,164,87,87,292,164,376,414,94,101,88,88,293,165,88,88,293,165] new: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] detected: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Media][Acceptable] analyse: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Media][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.040| 0.020| 0.005| 23.656| 0.000] [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 20823,19142,39530,1438,19970,20000,19294,20526,19616,19873,20995,20283,18519,20415,19722,19948,20367,20228,19700,20355,19296,20527,20111,20020,19630,19979,19869,20276,20190,19810,19964,0] + [IATS(ms)....: 20.8,19.1,39.5,1.4,20.0,20.0,19.3,20.5,19.6,19.9,21.0,20.3,18.5,20.4,19.7,19.9,20.4,20.2,19.7,20.4,19.3,20.5,20.1,20.0,19.6,20.0,19.9,20.3,20.2,19.8,20.0,0.0] [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] update: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][VoIP][Acceptable] analyse: [.....3] [ip4][..udp] [....10.35.40.25][.5060] -> [...10.35.40.200][.5060] [SIP][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 27.628| 2.809| 6.896|47549159.309| 0.000] [PKTLEN......: 304.000| 923.000| 605.300| 211.900|44888.200| 4.900] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,2,4,2,0,0,0,0,0,0,0,0,0,2,0,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,2,0,2,0,0,4,2,0,2,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,1,1,1,1,0,0,0,0] - [IATS........: 1429,5975,263,162733,421,6673080,696,6843298,378,2041486,761,2040704,344,12449,653,131771,424,27628387,388,27585469,481,6913792,703,6841323,326,83992,388,88136,409,19767,961,0] + [IATS(ms)....: 1.4,6.0,0.3,162.7,0.4,6673.1,0.7,6843.3,0.4,2041.5,0.8,2040.7,0.3,12.4,0.7,131.8,0.4,27628.4,0.4,27585.5,0.5,6913.8,0.7,6841.3,0.3,84.0,0.4,88.1,0.4,19.8,1.0,0.0] [PKTLENS.....: 919,919,304,304,488,488,825,825,452,452,894,894,425,425,793,793,493,493,460,460,572,572,846,846,364,364,475,475,452,452,923,923] update: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] [SIP][VoIP][Acceptable] update: [.....2] [ip4][..udp] [....10.35.60.72][.5060] -> [...10.35.60.100][.5060] [SIP][VoIP][Acceptable] diff --git a/test/results/flow-info/KakaoTalk_chat.pcap.out b/test/results/flow-info/KakaoTalk_chat.pcap.out index 5edf2c461..b07ae5283 100644 --- a/test/results/flow-info/KakaoTalk_chat.pcap.out +++ b/test/results/flow-info/KakaoTalk_chat.pcap.out @@ -103,13 +103,13 @@ detected: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port analyse: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.174| 0.038| 0.043| 1891.518| 0.000] [PKTLEN......: 56.000| 1336.000| 272.100| 386.900|149674.200| 3.900] [BINS(c->s)..: 10,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,3,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1] - [IATS........: 36956,40344,305,47699,3998,72083,702,123993,153,15869,671,16632,152,12207,67230,35950,15778,732,105866,38147,60424,4517,92,3936,174316,67658,16785,16968,108490,672,81115,0] + [IATS(ms)....: 37.0,40.3,0.3,47.7,4.0,72.1,0.7,124.0,0.2,15.9,0.7,16.6,0.2,12.2,67.2,36.0,15.8,0.7,105.9,38.1,60.4,4.5,0.1,3.9,174.3,67.7,16.8,17.0,108.5,0.7,81.1,0.0] [PKTLENS.....: 76,60,56,621,60,56,1336,174,56,56,1336,949,56,56,1053,56,314,113,101,56,56,109,846,103,93,101,56,477,56,56,56,56] new: [....31] [ip4][..tcp] [...10.24.82.188][42332] -> [.210.103.240.15][..443] [MIDSTREAM] new: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] @@ -118,13 +118,13 @@ detected: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] RISK: Obsolete TLS (v1.1 or older) analyse: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.004| 3.803| 0.501| 0.832|692202.045| 0.000] [PKTLEN......: 56.000| 1336.000| 225.000| 352.300|124085.100| 3.900] [BINS(c->s)..: 11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0] - [IATS........: 995911,1037903,49316,6684,695526,683563,56000,2329864,2320373,251618,299011,4547,4395,4089,3723,105469,239411,242157,376495,82611,125763,244537,287323,18128,164581,238983,428131,146027,274079,3802978,24719,0] + [IATS(ms)....: 995.9,1037.9,49.3,6.7,695.5,683.6,56.0,2329.9,2320.4,251.6,299.0,4.5,4.4,4.1,3.7,105.5,239.4,242.2,376.5,82.6,125.8,244.5,287.3,18.1,164.6,239.0,428.1,146.0,274.1,3803.0,24.7,0.0] [PKTLENS.....: 76,76,60,56,240,60,56,60,240,56,1336,56,1336,56,1043,56,178,56,103,56,710,56,85,56,358,56,99,56,196,56,83,132] detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] RISK: Obsolete TLS (v1.1 or older) @@ -146,13 +146,13 @@ new: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM] detected: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable] analyse: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 27.031| 1.853| 6.601|43576507.498| 0.000] [PKTLEN......: 56.000| 1336.000| 214.800| 348.100|121165.000| 3.900] [BINS(c->s)..: 10,0,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,0,1,1] - [IATS........: 41748,45806,2228,39459,11261,448395,183,2868,498749,183,122,36927,124176,229920,321990,23011,161804,229858,405273,183,57404,108246,75989,156006,245086,67993,69489,26937805,56885,27030701,8087,0] + [IATS(ms)....: 41.7,45.8,2.2,39.5,11.3,448.4,0.2,2.9,498.7,0.2,0.1,36.9,124.2,229.9,322.0,23.0,161.8,229.9,405.3,0.2,57.4,108.2,76.0,156.0,245.1,68.0,69.5,26937.8,56.9,27030.7,8.1,0.0] [PKTLENS.....: 76,60,56,240,60,56,1336,1336,1043,56,56,56,178,56,103,56,578,56,85,56,215,328,56,56,94,56,85,56,83,132,56,56] update: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Network][Acceptable] new: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] diff --git a/test/results/flow-info/KakaoTalk_talk.pcap.out b/test/results/flow-info/KakaoTalk_talk.pcap.out index 796393a8e..90ef3ea7c 100644 --- a/test/results/flow-info/KakaoTalk_talk.pcap.out +++ b/test/results/flow-info/KakaoTalk_talk.pcap.out @@ -33,44 +33,44 @@ new: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] detected: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable] analyse: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Media][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.389| 0.067| 0.073| 5302.569| 0.000] [PKTLEN......: 99.000| 192.000| 103.200| 16.700| 278.800| 5.000] [BINS(c->s)..: 0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,9,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1] - [IATS........: 2106,92,91278,244,98327,122,103547,389008,99365,152,41687,34149,94086,1190,99945,98542,31952,72327,100128,1037,27862,87799,99732,30,76142,16052,99243,84228,99884,1099,113099,0] + [IATS(ms)....: 2.1,0.1,91.3,0.2,98.3,0.1,103.5,389.0,99.4,0.2,41.7,34.1,94.1,1.2,99.9,98.5,32.0,72.3,100.1,1.0,27.9,87.8,99.7,0.0,76.1,16.1,99.2,84.2,99.9,1.1,113.1,0.0] [PKTLENS.....: 100,99,99,99,99,99,99,99,123,99,99,192,115,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99] analyse: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.004| 0.144| 0.063| 0.038| 1440.325| 0.000] [PKTLEN......: 99.000| 192.000| 106.600| 20.800| 434.500| 5.000] [BINS(c->s)..: 0,13,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,1,0,0,0,1] - [IATS........: 36072,39245,140350,102021,35217,98114,7904,55847,41962,93445,6775,89905,91767,48217,40192,100067,12024,81512,89386,6988,84107,40741,87677,54901,38818,107880,4181,87555,68482,32257,143921,0] + [IATS(ms)....: 36.1,39.2,140.3,102.0,35.2,98.1,7.9,55.8,42.0,93.4,6.8,89.9,91.8,48.2,40.2,100.1,12.0,81.5,89.4,7.0,84.1,40.7,87.7,54.9,38.8,107.9,4.2,87.6,68.5,32.3,143.9,0.0] [PKTLENS.....: 123,192,115,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,166,141,99] new: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM] detected: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable] new: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [MIDSTREAM] new: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [MIDSTREAM] analyse: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 20.337| 1.801| 4.155|17264411.673| 0.000] [PKTLEN......: 68.000| 920.000| 241.500| 230.000|52885.800| 4.500] [BINS(c->s)..: 8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,0,0,1,1,0,0] - [IATS........: 141571,151855,11750,244934,5676,231720,5279,268921,267944,260468,295685,6066894,6069489,2289,183686,177368,76049,36560,148072,8359650,8675995,4516,469818,147369,147094,2564,694885,724152,479767,20336762,1138366,0] + [IATS(ms)....: 141.6,151.9,11.8,244.9,5.7,231.7,5.3,268.9,267.9,260.5,295.7,6066.9,6069.5,2.3,183.7,177.4,76.0,36.6,148.1,8359.6,8676.0,4.5,469.8,147.4,147.1,2.6,694.9,724.2,479.8,20336.8,1138.4,0.0] [PKTLENS.....: 76,76,68,210,68,920,68,394,302,814,574,68,782,68,238,366,68,68,238,68,254,68,238,68,366,68,238,238,68,80,254,254] analyse: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 21.237| 2.444| 5.342|28541506.814| 0.000] [PKTLEN......: 68.000| 920.000| 267.100| 266.400|70953.500| 4.400] [BINS(c->s)..: 9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,1] - [IATS........: 148041,148315,14374,196289,3692,185608,22217,228394,215698,291656,316833,4536377,4872620,301514,147949,147858,122284,336243,8596588,8810699,73731,557586,700867,602508,20472016,917846,21237091,519257,336,183,1054260,0] + [IATS(ms)....: 148.0,148.3,14.4,196.3,3.7,185.6,22.2,228.4,215.7,291.7,316.8,4536.4,4872.6,301.5,147.9,147.9,122.3,336.2,8596.6,8810.7,73.7,557.6,700.9,602.5,20472.0,917.8,21237.1,519.3,0.3,0.2,1054.3,0.0] [PKTLENS.....: 76,76,68,210,68,920,68,394,302,766,734,68,862,846,68,366,68,238,68,366,68,238,238,68,80,254,254,430,68,68,68,80] new: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [MIDSTREAM] new: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [MIDSTREAM] diff --git a/test/results/flow-info/Oscar.pcap.out b/test/results/flow-info/Oscar.pcap.out index aa00754b2..09a17056f 100644 --- a/test/results/flow-info/Oscar.pcap.out +++ b/test/results/flow-info/Oscar.pcap.out @@ -3,13 +3,13 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443] analyse: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 58.215| 3.883| 14.268|203566836.875| 0.000] [PKTLEN......: 54.000| 1414.000| 186.500| 263.300|69345.600| 4.200] [BINS(c->s)..: 11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0] - [IATS........: 28653,28776,8916,42424,33521,518,478,147,33511,33418,288,33636,843,34123,226,44565,44326,32783,32790,157,115,322,31348,31096,58175544,58215154,3,39626,1457397,1490083,502580,0] + [IATS(ms)....: 28.7,28.8,8.9,42.4,33.5,0.5,0.5,0.1,33.5,33.4,0.3,33.6,0.8,34.1,0.2,44.6,44.3,32.8,32.8,0.2,0.1,0.3,31.3,31.1,58175.5,58215.2,0.0,39.6,1457.4,1490.1,502.6,0.0] [PKTLENS.....: 78,60,54,369,64,54,619,54,106,144,54,70,1414,351,54,80,60,166,511,54,284,54,266,60,349,90,60,92,54,92,60,90] guessed: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443] [TLS][Web][Safe] detected: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/WebattackXSS.pcap.out b/test/results/flow-info/WebattackXSS.pcap.out index 85f12758b..fd95c248d 100644 --- a/test/results/flow-info/WebattackXSS.pcap.out +++ b/test/results/flow-info/WebattackXSS.pcap.out @@ -14,13 +14,13 @@ new: [.....7] [ip4][..tcp] [.....172.16.0.1][52220] -> [..192.168.10.50][...80] new: [.....8] [ip4][..tcp] [.....172.16.0.1][52222] -> [..192.168.10.50][...80] analyse: [.....5] [ip4][..tcp] [.....172.16.0.1][52200] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.805| 0.259| 0.699|488344.093| 0.000] [PKTLEN......: 66.000| 7992.000| 586.000| 1374.100|1888110.100| 3.500] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1] - [IATS........: 124,911,4,880,1546,2266,23623,26506,34185,32207,1143,1040,156,926,221,412,39847,69861,111250,1094,61600,62698,1083,842694,846614,3833,131682,132698,1100,2804194,2805230,0] + [IATS(ms)....: 0.1,0.9,0.0,0.9,1.5,2.3,23.6,26.5,34.2,32.2,1.1,1.0,0.2,0.9,0.2,0.4,39.8,69.9,111.2,1.1,61.6,62.7,1.1,842.7,846.6,3.8,131.7,132.7,1.1,2804.2,2805.2,0.0] [PKTLENS.....: 74,74,66,375,66,578,66,408,1198,431,807,454,1514,7992,66,66,66,66,377,571,66,407,571,66,625,429,66,423,587,66,66,66] new: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] detected: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -29,13 +29,13 @@ new: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80] new: [....12] [ip4][..tcp] [.....172.16.0.1][52320] -> [..192.168.10.50][...80] analyse: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.856| 0.080| 0.207|42651.251| 0.000] [PKTLEN......: 66.000| 4410.000| 627.000| 1050.300|1103191.500| 3.800] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0] - [IATS........: 152,921,4,863,1492,2144,20680,25919,42487,6012,44423,1321,232,1259,67,51,1208,273,437,68644,70522,37847,60433,98253,1091,851698,856251,4579,109710,139259,29522,0] + [IATS(ms)....: 0.2,0.9,0.0,0.9,1.5,2.1,20.7,25.9,42.5,6.0,44.4,1.3,0.2,1.3,0.1,0.1,1.2,0.3,0.4,68.6,70.5,37.8,60.4,98.3,1.1,851.7,856.3,4.6,109.7,139.3,29.5,0.0] [PKTLENS.....: 74,74,66,375,66,578,66,408,1200,66,431,807,66,454,4410,4410,752,66,66,66,377,571,66,407,571,66,625,429,66,449,1870,66] detected: [....10] [ip4][..tcp] [.....172.16.0.1][52300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address @@ -78,13 +78,13 @@ new: [....45] [ip4][..tcp] [.....172.16.0.1][52978] -> [..192.168.10.50][...80] new: [....46] [ip4][..tcp] [.....172.16.0.1][53004] -> [..192.168.10.50][...80] analyse: [....41] [ip4][..tcp] [.....172.16.0.1][52910] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.809| 0.610| 0.941|885441.823| 0.000] [PKTLEN......: 66.000| 1935.000| 730.800| 755.700|571022.800| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 97,845,3808060,3808906,3088,3867,1010444,1014181,3805,246952,250608,3613,1037920,1041646,3765,265406,269174,3736,1020088,1024520,4409,240929,244611,3693,1033112,1036761,3674,252788,256472,3667,1006191,0] + [IATS(ms)....: 0.1,0.8,3808.1,3808.9,3.1,3.9,1010.4,1014.2,3.8,247.0,250.6,3.6,1037.9,1041.6,3.8,265.4,269.2,3.7,1020.1,1024.5,4.4,240.9,244.6,3.7,1033.1,1036.8,3.7,252.8,256.5,3.7,1006.2,0.0] [PKTLENS.....: 74,74,66,651,66,1933,66,449,1836,66,651,1934,66,449,1836,66,651,1935,66,449,1836,66,651,1934,66,449,1836,66,651,1932,66,449] new: [....47] [ip4][..tcp] [.....172.16.0.1][53018] -> [..192.168.10.50][...80] new: [....48] [ip4][..tcp] [.....172.16.0.1][53032] -> [..192.168.10.50][...80] @@ -143,13 +143,13 @@ new: [....83] [ip4][..tcp] [.....172.16.0.1][53678] -> [..192.168.10.50][...80] new: [....84] [ip4][..tcp] [.....172.16.0.1][53692] -> [..192.168.10.50][...80] analyse: [....78] [ip4][..tcp] [.....172.16.0.1][53584] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.899| 0.653| 1.186|1406566.662| 0.000] [PKTLEN......: 66.000| 1934.000| 727.700| 750.900|563862.600| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 127,684,4897818,4898512,8582,9379,243178,246717,3562,1041173,1044833,3840,241167,245261,3969,1005489,1009493,3958,240995,244588,3615,1008862,1012541,3693,268328,273700,5337,1005565,1009604,4099,266047,0] + [IATS(ms)....: 0.1,0.7,4897.8,4898.5,8.6,9.4,243.2,246.7,3.6,1041.2,1044.8,3.8,241.2,245.3,4.0,1005.5,1009.5,4.0,241.0,244.6,3.6,1008.9,1012.5,3.7,268.3,273.7,5.3,1005.6,1009.6,4.1,266.0,0.0] [PKTLENS.....: 74,74,66,449,66,1837,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651,1932,66,449,1836,66,651,1933,66,449,1836,66,651] end: [....10] [ip4][..tcp] [.....172.16.0.1][52300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address @@ -267,13 +267,13 @@ end: [....48] [ip4][..tcp] [.....172.16.0.1][53032] -> [..192.168.10.50][...80] new: [...119] [ip4][..tcp] [.....172.16.0.1][54362] -> [..192.168.10.50][...80] analyse: [...114] [ip4][..tcp] [.....172.16.0.1][54268] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.827| 0.609| 0.943|889903.972| 0.000] [PKTLEN......: 66.000| 1935.000| 730.800| 755.600|570947.800| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 107,901,3826349,3827235,3096,3895,1023011,1026934,3928,268230,273681,5427,1005208,1009216,4030,256246,259862,3614,1006897,1010591,3696,250084,253817,3763,1011263,1016096,4808,241019,244651,3645,1020517,0] + [IATS(ms)....: 0.1,0.9,3826.3,3827.2,3.1,3.9,1023.0,1026.9,3.9,268.2,273.7,5.4,1005.2,1009.2,4.0,256.2,259.9,3.6,1006.9,1010.6,3.7,250.1,253.8,3.8,1011.3,1016.1,4.8,241.0,244.7,3.6,1020.5,0.0] [PKTLENS.....: 74,74,66,651,66,1935,66,449,1836,66,651,1934,66,449,1836,66,651,1934,66,449,1836,66,651,1933,66,449,1836,66,651,1931,66,449] new: [...120] [ip4][..tcp] [.....172.16.0.1][54376] -> [..192.168.10.50][...80] new: [...121] [ip4][..tcp] [.....172.16.0.1][54390] -> [..192.168.10.50][...80] @@ -386,13 +386,13 @@ new: [...156] [ip4][..tcp] [.....172.16.0.1][55024] -> [..192.168.10.50][...80] new: [...157] [ip4][..tcp] [.....172.16.0.1][55038] -> [..192.168.10.50][...80] analyse: [...152] [ip4][..tcp] [.....172.16.0.1][54956] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.643| 0.568| 0.904|816455.025| 0.000] [PKTLEN......: 66.000| 1935.000| 727.700| 750.800|563712.500| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 95,698,3641887,3642588,3124,4095,234104,238457,4183,1006077,1010963,4878,233120,236850,3778,1005601,1010652,5027,236201,239833,3605,1006827,1010500,3683,232616,236267,3614,1034871,1038879,4091,256266,0] + [IATS(ms)....: 0.1,0.7,3641.9,3642.6,3.1,4.1,234.1,238.5,4.2,1006.1,1011.0,4.9,233.1,236.8,3.8,1005.6,1010.7,5.0,236.2,239.8,3.6,1006.8,1010.5,3.7,232.6,236.3,3.6,1034.9,1038.9,4.1,256.3,0.0] [PKTLENS.....: 74,74,66,449,66,1837,66,651,1933,66,449,1836,66,651,1929,66,449,1836,66,651,1935,66,449,1836,66,651,1933,66,449,1836,66,651] new: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] new: [...159] [ip4][..tcp] [.....172.16.0.1][55078] -> [..192.168.10.50][...80] @@ -501,13 +501,13 @@ new: [...194] [ip4][..tcp] [.....172.16.0.1][55700] -> [..192.168.10.50][...80] new: [...195] [ip4][..tcp] [.....172.16.0.1][55726] -> [..192.168.10.50][...80] analyse: [...190] [ip4][..tcp] [.....172.16.0.1][55632] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.785| 0.602| 0.936|875951.489| 0.000] [PKTLEN......: 66.000| 1935.000| 730.900| 755.900|571323.500| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 124,875,3784070,3784925,3065,3805,1003969,1007602,3694,223699,227380,3680,1007795,1011581,3778,255776,259460,3650,1007868,1011955,4221,230369,234793,4295,1037481,1041928,4473,238345,242041,3668,1009864,0] + [IATS(ms)....: 0.1,0.9,3784.1,3784.9,3.1,3.8,1004.0,1007.6,3.7,223.7,227.4,3.7,1007.8,1011.6,3.8,255.8,259.5,3.6,1007.9,1012.0,4.2,230.4,234.8,4.3,1037.5,1041.9,4.5,238.3,242.0,3.7,1009.9,0.0] [PKTLENS.....: 74,74,66,651,66,1935,66,449,1836,66,651,1934,66,449,1836,66,651,1935,66,449,1836,66,651,1934,66,449,1836,66,651,1934,66,449] new: [...196] [ip4][..tcp] [.....172.16.0.1][55740] -> [..192.168.10.50][...80] guessed: [...117] [ip4][..tcp] [.....172.16.0.1][54322] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -633,13 +633,13 @@ guessed: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] end: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] analyse: [...227] [ip4][..tcp] [.....172.16.0.1][56306] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.805| 0.635| 1.170|1368332.173| 0.000] [PKTLEN......: 66.000| 1934.000| 709.600| 708.000|501313.900| 4.300] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,7] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,0,1] - [IATS........: 124,694,4804702,4805402,3052,3844,248597,252202,3707,1022416,1026219,3805,225184,229157,49,3959,1026815,1030902,4151,232536,236200,80,3611,1006031,1010739,4812,233237,236850,3621,1007952,1011661,0] + [IATS(ms)....: 0.1,0.7,4804.7,4805.4,3.1,3.8,248.6,252.2,3.7,1022.4,1026.2,3.8,225.2,229.2,0.0,4.0,1026.8,1030.9,4.2,232.5,236.2,0.1,3.6,1006.0,1010.7,4.8,233.2,236.8,3.6,1008.0,1011.7,0.0] [PKTLENS.....: 74,74,66,449,66,1837,66,651,1934,66,449,1836,66,651,1514,486,66,449,1836,66,651,1514,486,66,449,1836,66,651,1934,66,449,1836] new: [...233] [ip4][..tcp] [.....172.16.0.1][56414] -> [..192.168.10.50][...80] new: [...234] [ip4][..tcp] [.....172.16.0.1][56428] -> [..192.168.10.50][...80] @@ -755,13 +755,13 @@ new: [...270] [ip4][..tcp] [.....172.16.0.1][57076] -> [..192.168.10.50][...80] new: [...271] [ip4][..tcp] [.....172.16.0.1][57090] -> [..192.168.10.50][...80] analyse: [...265] [ip4][..tcp] [.....172.16.0.1][56994] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.819| 0.606| 0.944|891595.915| 0.000] [PKTLEN......: 66.000| 1934.000| 730.700| 755.500|570797.200| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 126,889,3818133,3818967,2889,3638,1026811,1031184,4412,231903,235642,3751,1006981,1010745,3756,236240,239931,3646,1008869,1012823,4179,228551,232759,4019,1040911,1048342,7412,251595,255221,3632,1017670,0] + [IATS(ms)....: 0.1,0.9,3818.1,3819.0,2.9,3.6,1026.8,1031.2,4.4,231.9,235.6,3.8,1007.0,1010.7,3.8,236.2,239.9,3.6,1008.9,1012.8,4.2,228.6,232.8,4.0,1040.9,1048.3,7.4,251.6,255.2,3.6,1017.7,0.0] [PKTLENS.....: 74,74,66,651,66,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651,1932,66,449] new: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] new: [...273] [ip4][..tcp] [.....172.16.0.1][57130] -> [..192.168.10.50][...80] @@ -876,13 +876,13 @@ new: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80] new: [...309] [ip4][..tcp] [.....172.16.0.1][57778] -> [..192.168.10.50][...80] analyse: [...304] [ip4][..tcp] [.....172.16.0.1][57684] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.536| 0.567| 0.877|769788.412| 0.000] [PKTLEN......: 66.000| 1934.000| 727.700| 750.900|563862.600| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 126,910,3535287,3536204,3041,3865,353475,357566,4142,1009473,1013529,4051,235924,239646,3697,1007485,1011210,3722,236124,239766,3661,1007627,1011378,3776,240922,244715,3743,1011730,1015517,3791,232129,0] + [IATS(ms)....: 0.1,0.9,3535.3,3536.2,3.0,3.9,353.5,357.6,4.1,1009.5,1013.5,4.1,235.9,239.6,3.7,1007.5,1011.2,3.7,236.1,239.8,3.7,1007.6,1011.4,3.8,240.9,244.7,3.7,1011.7,1015.5,3.8,232.1,0.0] [PKTLENS.....: 74,74,66,449,66,1837,66,651,1932,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651] new: [...310] [ip4][..tcp] [.....172.16.0.1][57792] -> [..192.168.10.50][...80] new: [...311] [ip4][..tcp] [.....172.16.0.1][57806] -> [..192.168.10.50][...80] @@ -1011,13 +1011,13 @@ guessed: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] end: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] analyse: [...342] [ip4][..tcp] [.....172.16.0.1][58360] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.810| 0.603| 0.941|884966.883| 0.000] [PKTLEN......: 66.000| 1935.000| 730.800| 755.700|571097.900| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 124,686,3808906,3809547,3416,4144,1007073,1011285,4302,225901,229521,3769,1021770,1025776,4116,233969,238478,4482,1006263,1010669,4325,238452,243200,4543,1006668,1011166,4498,253524,257102,3581,1008005,0] + [IATS(ms)....: 0.1,0.7,3808.9,3809.5,3.4,4.1,1007.1,1011.3,4.3,225.9,229.5,3.8,1021.8,1025.8,4.1,234.0,238.5,4.5,1006.3,1010.7,4.3,238.5,243.2,4.5,1006.7,1011.2,4.5,253.5,257.1,3.6,1008.0,0.0] [PKTLENS.....: 74,74,66,651,66,1934,66,449,1836,66,651,1934,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1935,66,449] new: [...348] [ip4][..tcp] [.....172.16.0.1][58468] -> [..192.168.10.50][...80] new: [...349] [ip4][..tcp] [.....172.16.0.1][58482] -> [..192.168.10.50][...80] @@ -1132,13 +1132,13 @@ end: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80] new: [...385] [ip4][..tcp] [.....172.16.0.1][59124] -> [..192.168.10.50][...80] analyse: [...380] [ip4][..tcp] [.....172.16.0.1][59042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.823| 0.637| 1.173|1374936.236| 0.000] [PKTLEN......: 66.000| 1935.000| 709.600| 759.800|577334.100| 4.200] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0] - [IATS........: 143,1062,4821803,4822860,2874,5990,221999,227886,4985,1013,1004953,1011219,4071,265484,269299,3619,1019861,1023488,4016,238184,242252,4785,1005968,1010668,4015,237942,242400,5048,1010956,1015950,5036,0] + [IATS(ms)....: 0.1,1.1,4821.8,4822.9,2.9,6.0,222.0,227.9,5.0,1.0,1005.0,1011.2,4.1,265.5,269.3,3.6,1019.9,1023.5,4.0,238.2,242.3,4.8,1006.0,1010.7,4.0,237.9,242.4,5.0,1011.0,1016.0,5.0,0.0] [PKTLENS.....: 74,74,66,449,66,1837,66,651,1935,66,66,449,1836,66,651,1933,66,449,1836,66,651,1935,66,449,1836,66,651,1933,66,449,1836,66] new: [...386] [ip4][..tcp] [.....172.16.0.1][59150] -> [..192.168.10.50][...80] new: [...387] [ip4][..tcp] [.....172.16.0.1][59164] -> [..192.168.10.50][...80] @@ -1256,13 +1256,13 @@ new: [...423] [ip4][..tcp] [.....172.16.0.1][59812] -> [..192.168.10.50][...80] new: [...424] [ip4][..tcp] [.....172.16.0.1][59826] -> [..192.168.10.50][...80] analyse: [...419] [ip4][..tcp] [.....172.16.0.1][59732] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.767| 0.604| 0.933|871184.138| 0.000] [PKTLEN......: 66.000| 1935.000| 730.800| 755.700|571022.800| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 122,677,3766369,3767000,3476,4237,1039907,1045427,5545,227268,230918,3646,1037098,1040865,3812,252859,256647,3763,1024020,1027777,3716,237350,240983,3608,1007832,1011497,3720,234952,238656,3696,1007191,0] + [IATS(ms)....: 0.1,0.7,3766.4,3767.0,3.5,4.2,1039.9,1045.4,5.5,227.3,230.9,3.6,1037.1,1040.9,3.8,252.9,256.6,3.8,1024.0,1027.8,3.7,237.3,241.0,3.6,1007.8,1011.5,3.7,235.0,238.7,3.7,1007.2,0.0] [PKTLENS.....: 74,74,66,651,66,1934,66,449,1836,66,651,1932,66,449,1836,66,651,1935,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,449] new: [...425] [ip4][..tcp] [.....172.16.0.1][59852] -> [..192.168.10.50][...80] new: [...426] [ip4][..tcp] [.....172.16.0.1][59866] -> [..192.168.10.50][...80] @@ -1394,13 +1394,13 @@ end: [...389] [ip4][..tcp] [.....172.16.0.1][59192] -> [..192.168.10.50][...80] new: [...463] [ip4][..tcp] [.....172.16.0.1][60558] -> [..192.168.10.50][...80] analyse: [...458] [ip4][..tcp] [.....172.16.0.1][60464] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.582| 0.571| 0.887|786468.045| 0.000] [PKTLEN......: 66.000| 1934.000| 727.700| 750.900|563862.700| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 130,887,3581223,3582115,3304,4122,271038,275625,4605,1007486,1011252,3777,268863,273004,4125,1007482,1011640,4170,263574,267468,3888,1019754,1023735,4007,253226,261155,7923,1002871,1011773,8903,255870,0] + [IATS(ms)....: 0.1,0.9,3581.2,3582.1,3.3,4.1,271.0,275.6,4.6,1007.5,1011.3,3.8,268.9,273.0,4.1,1007.5,1011.6,4.2,263.6,267.5,3.9,1019.8,1023.7,4.0,253.2,261.2,7.9,1002.9,1011.8,8.9,255.9,0.0] [PKTLENS.....: 74,74,66,449,66,1837,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651,1931,66,449,1836,66,651,1934,66,449,1836,66,651] new: [...464] [ip4][..tcp] [.....172.16.0.1][60572] -> [..192.168.10.50][...80] new: [...465] [ip4][..tcp] [.....172.16.0.1][60598] -> [..192.168.10.50][...80] @@ -1513,13 +1513,13 @@ new: [...500] [ip4][..tcp] [.....172.16.0.1][32988] -> [..192.168.10.50][...80] new: [...501] [ip4][..tcp] [.....172.16.0.1][33002] -> [..192.168.10.50][...80] analyse: [...495] [ip4][..tcp] [.....172.16.0.1][32906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.862| 0.614| 0.953|908128.223| 0.000] [PKTLEN......: 66.000| 1935.000| 730.800| 755.600|570948.000| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 158,871,3861200,3861987,3248,3959,1007386,1010966,3670,256861,260494,3559,1018334,1021980,3614,243418,246972,3620,1033482,1037187,3726,244230,248333,4100,1037495,1041661,4162,261455,265110,3630,1039015,0] + [IATS(ms)....: 0.2,0.9,3861.2,3862.0,3.2,4.0,1007.4,1011.0,3.7,256.9,260.5,3.6,1018.3,1022.0,3.6,243.4,247.0,3.6,1033.5,1037.2,3.7,244.2,248.3,4.1,1037.5,1041.7,4.2,261.5,265.1,3.6,1039.0,0.0] [PKTLENS.....: 74,74,66,651,66,1934,66,449,1836,66,651,1934,66,449,1836,66,651,1934,66,449,1836,66,651,1930,66,449,1836,66,651,1935,66,449] new: [...502] [ip4][..tcp] [.....172.16.0.1][33028] -> [..192.168.10.50][...80] new: [...503] [ip4][..tcp] [.....172.16.0.1][33042] -> [..192.168.10.50][...80] @@ -1636,13 +1636,13 @@ new: [...536] [ip4][..tcp] [.....172.16.0.1][33648] -> [..192.168.10.50][...80] new: [...537] [ip4][..tcp] [.....172.16.0.1][33674] -> [..192.168.10.50][...80] analyse: [...532] [ip4][..tcp] [.....172.16.0.1][33580] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.841| 0.651| 1.171|1372280.717| 0.000] [PKTLEN......: 66.000| 1935.000| 727.800| 751.000|564013.300| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 126,862,4839753,4840595,3674,4464,263225,266840,3672,1005298,1009118,3796,260614,264369,3758,1024972,1028663,3708,266053,269708,3666,1007636,1011884,4257,260865,265134,4231,1006690,1010841,4181,244813,0] + [IATS(ms)....: 0.1,0.9,4839.8,4840.6,3.7,4.5,263.2,266.8,3.7,1005.3,1009.1,3.8,260.6,264.4,3.8,1025.0,1028.7,3.7,266.1,269.7,3.7,1007.6,1011.9,4.3,260.9,265.1,4.2,1006.7,1010.8,4.2,244.8,0.0] [PKTLENS.....: 74,74,66,449,66,1837,66,651,1933,66,449,1836,66,651,1935,66,449,1836,66,651,1932,66,449,1836,66,651,1934,66,449,1836,66,651] new: [...538] [ip4][..tcp] [.....172.16.0.1][33688] -> [..192.168.10.50][...80] new: [...539] [ip4][..tcp] [.....172.16.0.1][33702] -> [..192.168.10.50][...80] @@ -1753,13 +1753,13 @@ new: [...572] [ip4][..tcp] [.....172.16.0.1][34332] -> [..192.168.10.50][...80] new: [...573] [ip4][..tcp] [.....172.16.0.1][34346] -> [..192.168.10.50][...80] analyse: [...569] [ip4][..tcp] [.....172.16.0.1][34278] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.588| 0.498| 0.689|474371.129| 0.000] [PKTLEN......: 66.000| 1934.000| 718.700| 762.800|581830.000| 4.200] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,1,0] - [IATS........: 171,739,2587661,2588369,3663,4498,1020517,1024859,4382,244684,248374,3703,1042345,1046980,4607,242309,245980,3660,1031191,1034926,3726,241353,245065,3596,495,1025211,1029311,3750,251257,255524,4221,0] + [IATS(ms)....: 0.2,0.7,2587.7,2588.4,3.7,4.5,1020.5,1024.9,4.4,244.7,248.4,3.7,1042.3,1047.0,4.6,242.3,246.0,3.7,1031.2,1034.9,3.7,241.4,245.1,3.6,0.5,1025.2,1029.3,3.8,251.3,255.5,4.2,0.0] [PKTLENS.....: 74,74,66,651,66,1932,66,449,1836,66,651,1932,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,66,449,1836,66,651,1932,66] guessed: [...498] [ip4][..tcp] [.....172.16.0.1][32960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] end: [...498] [ip4][..tcp] [.....172.16.0.1][32960] -> [..192.168.10.50][...80] @@ -1887,13 +1887,13 @@ new: [...611] [ip4][..tcp] [.....172.16.0.1][35034] -> [..192.168.10.50][...80] new: [...612] [ip4][..tcp] [.....172.16.0.1][35048] -> [..192.168.10.50][...80] analyse: [...606] [ip4][..tcp] [.....172.16.0.1][34940] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.897| 0.655| 1.187|1408178.323| 0.000] [PKTLEN......: 66.000| 1934.000| 727.800| 751.000|564013.200| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 168,874,4896388,4897215,3139,3939,250433,254530,4103,1006878,1011034,4128,267330,271177,3882,1007953,1011957,4030,246777,250412,3605,1038702,1042399,3673,241578,245223,3629,1046261,1049943,3750,242035,0] + [IATS(ms)....: 0.2,0.9,4896.4,4897.2,3.1,3.9,250.4,254.5,4.1,1006.9,1011.0,4.1,267.3,271.2,3.9,1008.0,1012.0,4.0,246.8,250.4,3.6,1038.7,1042.4,3.7,241.6,245.2,3.6,1046.3,1049.9,3.8,242.0,0.0] [PKTLENS.....: 74,74,66,449,66,1837,66,651,1934,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651] new: [...613] [ip4][..tcp] [.....172.16.0.1][35074] -> [..192.168.10.50][...80] new: [...614] [ip4][..tcp] [.....172.16.0.1][35088] -> [..192.168.10.50][...80] @@ -2003,13 +2003,13 @@ new: [...648] [ip4][..tcp] [.....172.16.0.1][35696] -> [..192.168.10.50][...80] new: [...649] [ip4][..tcp] [.....172.16.0.1][35722] -> [..192.168.10.50][...80] analyse: [...643] [ip4][..tcp] [.....172.16.0.1][35626] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.954| 0.620| 0.972|945707.024| 0.000] [PKTLEN......: 66.000| 1934.000| 730.700| 755.500|570797.200| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 124,706,3953188,3953842,3024,3763,1020630,1024309,3710,248238,252345,4156,1041683,1045979,4295,255096,258771,3649,1007135,1010804,3655,252666,256217,3575,1010481,1014239,3761,262869,266680,3784,1039870,0] + [IATS(ms)....: 0.1,0.7,3953.2,3953.8,3.0,3.8,1020.6,1024.3,3.7,248.2,252.3,4.2,1041.7,1046.0,4.3,255.1,258.8,3.6,1007.1,1010.8,3.7,252.7,256.2,3.6,1010.5,1014.2,3.8,262.9,266.7,3.8,1039.9,0.0] [PKTLENS.....: 74,74,66,651,66,1934,66,449,1836,66,651,1932,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449] new: [...650] [ip4][..tcp] [.....172.16.0.1][35736] -> [..192.168.10.50][...80] new: [...651] [ip4][..tcp] [.....172.16.0.1][35762] -> [..192.168.10.50][...80] diff --git a/test/results/flow-info/aimini-http.pcap.out b/test/results/flow-info/aimini-http.pcap.out index c86a0a1ac..f1e6005e8 100644 --- a/test/results/flow-info/aimini-http.pcap.out +++ b/test/results/flow-info/aimini-http.pcap.out @@ -6,13 +6,13 @@ new: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] detected: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] analyse: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.129| 0.000] [PKTLEN......: 60.000| 1514.000| 838.400| 690.000|476082.300| 4.400] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,0,0,0,0] - [IATS........: 532,1116,414,1004,27,697,105,894,3,1,2,1,1,2,2,191,11,276,4,1,4,2,1,3,3,78,197,1,99,1148,1,0] + [IATS(ms)....: 0.5,1.1,0.4,1.0,0.0,0.7,0.1,0.9,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.2,0.0,0.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.2,0.0,0.1,1.1,0.0,0.0] [PKTLENS.....: 62,62,62,62,60,649,60,649,1514,1514,1514,1514,1514,1514,1514,290,1514,1514,60,1514,1514,60,1514,1514,60,1514,290,60,60,60,1514,1514] new: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] detected: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] diff --git a/test/results/flow-info/alexa-app.pcapng.out b/test/results/flow-info/alexa-app.pcapng.out index db6167c71..7269ea261 100644 --- a/test/results/flow-info/alexa-app.pcapng.out +++ b/test/results/flow-info/alexa-app.pcapng.out @@ -122,13 +122,13 @@ detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] analyse: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.091| 0.022| 0.031| 964.249| 0.000] [PKTLEN......: 66.000| 1514.000| 594.300| 637.000|405792.100| 4.100] [BINS(c->s)..: 11,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,1,1,1,1,1,0,0,0] - [IATS........: 46971,52965,277,73178,134,18906,393,341,423,88175,318,744,233,8121,32759,75313,63701,49446,70919,806,90510,2043,419,465,407,524,703,47,5315,294,1129,0] + [IATS(ms)....: 47.0,53.0,0.3,73.2,0.1,18.9,0.4,0.3,0.4,88.2,0.3,0.7,0.2,8.1,32.8,75.3,63.7,49.4,70.9,0.8,90.5,2.0,0.4,0.5,0.4,0.5,0.7,0.0,5.3,0.3,1.1,0.0] [PKTLENS.....: 74,74,66,268,66,66,1514,1514,1514,833,66,66,66,66,192,1096,308,66,66,1514,1514,66,1514,1514,1514,464,1514,1126,100,66,66,66] detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] @@ -137,13 +137,13 @@ detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] ERROR-EVENT: Unknown packet type analyse: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.016| 0.161| 0.286|81844.249| 0.000] [PKTLEN......: 54.000| 1514.000| 380.200| 485.100|235358.500| 4.000] [BINS(c->s)..: 12,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0] - [IATS........: 55686,59305,1428,66601,358,70,64102,4784,271,2661,66908,3070,100753,8343,108356,5909,66864,500848,354092,941132,3002,88712,111843,176480,211,64686,9150,104205,1015894,966451,45639,0] + [IATS(ms)....: 55.7,59.3,1.4,66.6,0.4,0.1,64.1,4.8,0.3,2.7,66.9,3.1,100.8,8.3,108.4,5.9,66.9,500.8,354.1,941.1,3.0,88.7,111.8,176.5,0.2,64.7,9.2,104.2,1015.9,966.5,45.6,0.0] [PKTLENS.....: 74,62,54,261,1514,1514,399,54,54,54,380,60,113,54,1136,60,955,54,1120,1120,60,507,54,1168,60,891,54,54,60,54,60,54] detection-update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] new: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] @@ -181,13 +181,13 @@ detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] analyse: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.836| 0.167| 0.244|59552.047| 0.000] [PKTLEN......: 54.000| 1514.000| 401.000| 534.600|285800.000| 3.900] [BINS(c->s)..: 10,0,0,1,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,0,0,1,1,0,0,1,0] - [IATS........: 54151,55408,518,50304,258867,520111,785264,3831,152,61,38,60785,290,133,140,52112,10967,286978,223908,2741,139187,177,171943,179936,143,402714,22375,216464,783828,835939,50504,0] + [IATS(ms)....: 54.2,55.4,0.5,50.3,258.9,520.1,785.3,3.8,0.2,0.1,0.0,60.8,0.3,0.1,0.1,52.1,11.0,287.0,223.9,2.7,139.2,0.2,171.9,179.9,0.1,402.7,22.4,216.5,783.8,835.9,50.5,0.0] [PKTLENS.....: 74,62,54,259,60,259,259,60,1514,1514,1514,688,54,54,54,54,180,1514,105,482,60,60,480,54,1514,1210,60,357,54,54,60,54] detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] new: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] @@ -211,13 +211,13 @@ detection-update: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] analyse: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.352| 0.044| 0.079| 6215.196| 0.000] [PKTLEN......: 54.000| 1514.000| 657.200| 676.900|458225.800| 4.200] [BINS(c->s)..: 4,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,11,0,0] [BINS(s->c)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,0] - [IATS........: 57034,58621,1781,56791,4768,135,59291,267,22886,80040,5852,71839,321,148,565,303,201,1403,296,114,67763,34752,23901,352057,295338,129,57737,650,60553,128,59805,0] + [IATS(ms)....: 57.0,58.6,1.8,56.8,4.8,0.1,59.3,0.3,22.9,80.0,5.9,71.8,0.3,0.1,0.6,0.3,0.2,1.4,0.3,0.1,67.8,34.8,23.9,352.1,295.3,0.1,57.7,0.7,60.6,0.1,59.8,0.0] [PKTLENS.....: 74,62,54,313,60,60,210,54,105,820,60,564,1514,1439,1514,1514,1514,1514,1514,1514,83,60,60,60,1514,60,60,1514,1514,60,60,1514] new: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] detected: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] @@ -260,22 +260,22 @@ detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.897| 0.237| 0.560|313730.662| 0.000] [PKTLEN......: 66.000| 1514.000| 617.100| 665.400|442821.700| 4.100] [BINS(c->s)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0] [BINS(s->c)..: 7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,5,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1] - [IATS........: 52937,67187,1048,63231,9607,59757,285,20918,462,225,155,1078,225,97487,133,7299,15901,484594,178,170,116007,306256,538314,1116565,2896813,279,153,126,123,583169,913790,0] + [IATS(ms)....: 52.9,67.2,1.0,63.2,9.6,59.8,0.3,20.9,0.5,0.2,0.2,1.1,0.2,97.5,0.1,7.3,15.9,484.6,0.2,0.2,116.0,306.3,538.3,1116.6,2896.8,0.3,0.2,0.1,0.1,583.2,913.8,0.0] [PKTLENS.....: 74,74,66,583,66,222,66,117,1514,1514,139,1514,1514,1495,66,66,66,66,1514,1514,1223,1223,1514,1514,1514,66,78,78,78,78,66,66] analyse: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.486| 0.102| 0.138|19130.661| 0.000] [PKTLEN......: 54.000| 1514.000| 700.300| 682.000|465082.800| 4.200] [BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 6,1,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 92394,95354,2440,97381,1862,14105,301,61,113369,268,157,49644,132555,83310,183928,260,326122,293069,272379,138,443688,400,541,41,276469,199153,505,44,713,486056,423,0] + [IATS(ms)....: 92.4,95.4,2.4,97.4,1.9,14.1,0.3,0.1,113.4,0.3,0.2,49.6,132.6,83.3,183.9,0.3,326.1,293.1,272.4,0.1,443.7,0.4,0.5,0.0,276.5,199.2,0.5,0.0,0.7,486.1,0.4,0.0] [PKTLENS.....: 74,62,54,275,60,60,1514,1514,464,54,54,54,180,105,54,1514,547,60,1514,60,60,1514,1514,1514,225,1514,1514,1514,225,1514,1514,1514] detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS @@ -376,13 +376,13 @@ detected: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] detected: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] analyse: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.570| 0.289| 0.417|173871.694| 0.000] [PKTLEN......: 54.000| 1514.000| 385.100| 516.000|266233.000| 4.000] [BINS(c->s)..: 8,1,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0] - [IATS........: 325447,332868,307,247719,185,241306,284,257,23807,287,429915,65,1569527,1485936,352980,706902,73800,283,358821,365,256619,3724,240,956217,948562,95336,235551,1125,68,275387,23718,0] + [IATS(ms)....: 325.4,332.9,0.3,247.7,0.2,241.3,0.3,0.3,23.8,0.3,429.9,0.1,1569.5,1485.9,353.0,706.9,73.8,0.3,358.8,0.4,256.6,3.7,0.2,956.2,948.6,95.3,235.6,1.1,0.1,275.4,23.7,0.0] [PKTLENS.....: 74,62,54,293,139,107,54,54,113,1514,188,60,60,188,60,731,54,1514,252,60,539,54,1514,220,539,54,1514,60,571,60,54,1514] detection-update: [....92] [ip4][..tcp] [..172.16.42.216][45715] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] RISK: Weak TLS Cipher @@ -400,24 +400,24 @@ new: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443] detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] analyse: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.192| 0.160| 0.282|79548.359| 0.000] [PKTLEN......: 54.000| 1514.000| 357.000| 486.700|236894.100| 4.000] [BINS(c->s)..: 4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [BINS(s->c)..: 10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1] - [IATS........: 214415,219069,3661,1161828,1191626,138,43,75944,170423,352,118993,9705,7936,105518,89968,79074,135403,22399,255382,307,202303,1216,199697,125,147,204784,30,11403,221917,129,253154,0] + [IATS(ms)....: 214.4,219.1,3.7,1161.8,1191.6,0.1,0.0,75.9,170.4,0.4,119.0,9.7,7.9,105.5,90.0,79.1,135.4,22.4,255.4,0.3,202.3,1.2,199.7,0.1,0.1,204.8,0.0,11.4,221.9,0.1,253.2,0.0] [PKTLENS.....: 74,62,54,293,293,60,139,107,54,60,192,54,113,1514,60,220,60,60,1147,1514,268,60,555,1514,284,176,60,60,539,1514,204,60] detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] analyse: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.080| 0.209| 0.303|92031.574| 0.000] [PKTLEN......: 54.000| 1514.000| 374.500| 516.500|266795.300| 3.900] [BINS(c->s)..: 7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1] - [IATS........: 1005698,1080313,210230,18680,169715,18028,104975,95,107187,277,11694,34788,143,215183,306,69,21708,195595,278,202797,728,212905,264,205823,10952,236264,754701,277,888900,405375,377261,0] + [IATS(ms)....: 1005.7,1080.3,210.2,18.7,169.7,18.0,105.0,0.1,107.2,0.3,11.7,34.8,0.1,215.2,0.3,0.1,21.7,195.6,0.3,202.8,0.7,212.9,0.3,205.8,11.0,236.3,754.7,0.3,888.9,405.4,377.3,0.0] [PKTLENS.....: 74,74,62,54,293,62,54,139,107,54,54,113,1514,268,60,60,60,555,1514,220,60,715,1514,252,60,571,54,1514,220,60,1514,60] new: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] detected: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] @@ -464,40 +464,40 @@ detection-update: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] RISK: Weak TLS Cipher analyse: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.326| 0.037| 0.075| 5555.152| 0.000] [PKTLEN......: 54.000| 1514.000| 559.400| 489.800|239933.900| 4.400] [BINS(c->s)..: 7,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,1] - [IATS........: 55943,57350,1409,113314,370,112296,148,3166,65706,1386,70006,242,85334,246615,142,48,84,325585,285,3839,797,233,347,98,286,299,648,356,1116,6749,1201,0] + [IATS(ms)....: 55.9,57.4,1.4,113.3,0.4,112.3,0.1,3.2,65.7,1.4,70.0,0.2,85.3,246.6,0.1,0.0,0.1,325.6,0.3,3.8,0.8,0.2,0.3,0.1,0.3,0.3,0.6,0.4,1.1,6.7,1.2,0.0] [PKTLENS.....: 74,62,54,265,1514,1289,54,54,380,60,113,1514,284,60,1035,603,603,603,54,54,1514,1514,755,1115,603,603,603,603,603,603,54,603] analyse: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.933| 0.089| 0.198|39194.591| 0.000] [PKTLEN......: 54.000| 1514.000| 464.100| 541.500|293230.800| 4.100] [BINS(c->s)..: 11,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [BINS(s->c)..: 4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0] - [IATS........: 109911,111642,1568,102004,158,101584,303,1866,56194,150,87519,19070,7646,147913,304065,639361,932653,32742,136,49,686,68,38,318,579,110731,248,1820,214,123,120,0] + [IATS(ms)....: 109.9,111.6,1.6,102.0,0.2,101.6,0.3,1.9,56.2,0.1,87.5,19.1,7.6,147.9,304.1,639.4,932.7,32.7,0.1,0.0,0.7,0.1,0.0,0.3,0.6,110.7,0.2,1.8,0.2,0.1,0.1,0.0] [PKTLENS.....: 74,62,54,265,1514,1289,54,54,380,60,113,54,1514,268,60,1514,1514,60,1035,603,603,603,603,603,1483,91,54,54,54,54,54,54] analyse: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 9.247| 1.357| 2.197|4827473.510| 0.000] [PKTLEN......: 54.000| 1514.000| 439.800| 556.200|309356.400| 4.000] [BINS(c->s)..: 9,1,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1] - [IATS........: 992408,1100523,1068,243574,812,17238,3008616,6019841,9247029,138,67248,300,303,66691,669495,281,275185,528033,1079938,2835215,349963,114629,72089,219293,5051089,276,5193864,64990,174211,2275400,2411210,0] + [IATS(ms)....: 992.4,1100.5,1.1,243.6,0.8,17.2,3008.6,6019.8,9247.0,0.1,67.2,0.3,0.3,66.7,669.5,0.3,275.2,528.0,1079.9,2835.2,350.0,114.6,72.1,219.3,5051.1,0.3,5193.9,65.0,174.2,2275.4,2411.2,0.0] [PKTLENS.....: 74,74,62,62,54,54,293,293,293,139,107,54,54,113,60,1514,1132,1514,1514,1514,60,1132,60,955,54,1514,236,60,859,54,54,60] analyse: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 19.096| 0.770| 3.358|11273140.961| 0.000] [PKTLEN......: 54.000| 1514.000| 281.500| 412.900|170449.200| 4.000] [BINS(c->s)..: 7,0,1,1,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 8,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,0,0] - [IATS........: 123577,127990,5388,470526,584,630,42,1232537,1463,5048,697,664,10016,973197,496,53,32,190922,73204,348,171867,142,116971,408177,413652,66693,140934,83299,138,166304,19096185,0] + [IATS(ms)....: 123.6,128.0,5.4,470.5,0.6,0.6,0.0,1232.5,1.5,5.0,0.7,0.7,10.0,973.2,0.5,0.1,0.0,190.9,73.2,0.3,171.9,0.1,117.0,408.2,413.7,66.7,140.9,83.3,0.1,166.3,19096.2,0.0] [PKTLENS.....: 74,62,54,246,60,1514,1514,536,246,246,54,54,54,180,60,60,60,99,54,1514,290,60,212,118,292,247,246,60,60,272,54,356] detection-update: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS @@ -561,26 +561,26 @@ detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] analyse: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.295| 0.052| 0.098| 9533.209| 0.000] [PKTLEN......: 66.000| 1514.000| 611.000| 635.800|404189.900| 4.200] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0] - [IATS........: 57953,60331,1632,154699,385,386,415,483,524,207,360,156722,299,4146,127,3380,248,131,172,143,126,121,6987,268261,295198,18253,286273,480,356,286588,4334,0] + [IATS(ms)....: 58.0,60.3,1.6,154.7,0.4,0.4,0.4,0.5,0.5,0.2,0.4,156.7,0.3,4.1,0.1,3.4,0.2,0.1,0.2,0.1,0.1,0.1,7.0,268.3,295.2,18.3,286.3,0.5,0.4,286.6,4.3,0.0] [PKTLENS.....: 74,74,66,613,66,1514,1514,1514,1514,1514,1514,1514,66,66,1514,441,66,66,66,66,66,66,66,613,613,441,78,606,1514,1514,66,66] new: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] detected: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] detection-update: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] RISK: Weak TLS Cipher analyse: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.107| 0.141| 0.257|65864.266| 0.000] [PKTLEN......: 54.000| 1514.000| 444.000| 555.400|308431.600| 4.000] [BINS(c->s)..: 7,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [BINS(s->c)..: 6,2,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1] - [IATS........: 111073,112352,831,179894,143,45,179940,2913,265,3255,516,135136,162,170164,502171,1107068,16816,231,180,41,28,24,706579,352,9657,355942,325,629177,147816,149,54,0] + [IATS(ms)....: 111.1,112.4,0.8,179.9,0.1,0.0,179.9,2.9,0.3,3.3,0.5,135.1,0.2,170.2,502.2,1107.1,16.8,0.2,0.2,0.0,0.0,0.0,706.6,0.4,9.7,355.9,0.3,629.2,147.8,0.1,0.1,0.0] [PKTLENS.....: 74,62,54,297,60,139,107,54,54,113,1514,300,60,60,1514,1514,60,1514,135,1514,167,443,91,54,54,54,1514,332,60,1035,603,603] new: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] new: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] @@ -595,13 +595,13 @@ detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] analyse: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.179| 0.023| 0.044| 1924.322| 0.000] [PKTLEN......: 66.000| 1514.000| 757.400| 681.300|464196.800| 4.300] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0] - [IATS........: 31287,34141,578,113361,46407,49,49,50,45,46,11194,1598,7176,179149,121,126,120,120,142,3369,257,407,4520,99192,277,120761,46881,156,255,789,17484,0] + [IATS(ms)....: 31.3,34.1,0.6,113.4,46.4,0.0,0.0,0.1,0.0,0.0,11.2,1.6,7.2,179.1,0.1,0.1,0.1,0.1,0.1,3.4,0.3,0.4,4.5,99.2,0.3,120.8,46.9,0.2,0.3,0.8,17.5,0.0] [PKTLENS.....: 74,74,66,613,66,1514,1514,1514,1514,1514,1514,1514,1237,1237,66,66,66,66,66,66,66,66,78,613,1514,1514,66,1514,1350,1514,1514,66] update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] update: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Network][Acceptable] @@ -620,13 +620,13 @@ update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] analyse: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.511| 0.042| 0.110|12114.281| 0.000] [PKTLEN......: 66.000| 1514.000| 693.600| 671.900|451493.000| 4.200] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1] - [IATS........: 24956,26298,431,110222,135,214,308,354,363,1114,487,409,385,114928,244,126,125,3452,97,26252,252,149,120,119,152,4719,62468,45133,368811,510931,416,0] + [IATS(ms)....: 25.0,26.3,0.4,110.2,0.1,0.2,0.3,0.4,0.4,1.1,0.5,0.4,0.4,114.9,0.2,0.1,0.1,3.5,0.1,26.3,0.3,0.1,0.1,0.1,0.2,4.7,62.5,45.1,368.8,510.9,0.4,0.0] [PKTLENS.....: 74,74,66,613,66,66,1514,1514,1514,1514,1514,1514,1514,1514,66,66,66,66,1514,1309,66,66,66,66,66,66,613,1309,78,613,1514,1514] new: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] detected: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] @@ -639,13 +639,13 @@ idle: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] idle: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2] [ICMPV6][Network][Acceptable] analyse: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 120.003| 3.968| 21.185|448816230.695| 0.000] [PKTLEN......: 66.000| 1514.000| 450.500| 570.000|324877.800| 4.000] [BINS(c->s)..: 9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0] [BINS(s->c)..: 7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1] - [IATS........: 77142,79508,13198,60889,401,551,135,48584,1797,3570,177758,227426,44512,20026,267154,445550,122636,142,45,33,282451,8709,270484,1626,407007,145,164075,140,290013,120002762,69,0] + [IATS(ms)....: 77.1,79.5,13.2,60.9,0.4,0.6,0.1,48.6,1.8,3.6,177.8,227.4,44.5,20.0,267.2,445.6,122.6,0.1,0.0,0.0,282.5,8.7,270.5,1.6,407.0,0.1,164.1,0.1,290.0,120002.8,0.1,0.0] [PKTLENS.....: 74,74,66,287,66,1514,1514,640,66,66,66,192,308,66,1430,1430,66,1514,314,110,100,66,66,1514,1017,66,66,1329,100,66,97,66] detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS @@ -759,13 +759,13 @@ detection-update: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] new: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] analyse: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 8.001| 0.664| 1.905|3629965.115| 0.000] [PKTLEN......: 54.000| 1514.000| 438.700| 584.700|341856.600| 3.900] [BINS(c->s)..: 9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0] - [IATS........: 133822,140403,3233,141605,1309,112,137230,287,136,2714,82197,163,95708,410,359058,405413,633638,688626,100774,373131,50752,202632,7767064,1576,8001087,353783,410110,314766,108314,179,84048,0] + [IATS(ms)....: 133.8,140.4,3.2,141.6,1.3,0.1,137.2,0.3,0.1,2.7,82.2,0.2,95.7,0.4,359.1,405.4,633.6,688.6,100.8,373.1,50.8,202.6,7767.1,1.6,8001.1,353.8,410.1,314.8,108.3,0.2,84.0,0.0] [PKTLENS.....: 74,62,54,261,1514,1514,399,54,54,54,380,60,113,1514,204,60,1514,113,54,1514,60,683,54,1514,300,60,54,60,1514,60,60,54] detection-update: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] RISK: Weak TLS Cipher @@ -791,13 +791,13 @@ detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][SoftwareUpdate][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.106| 0.022| 0.031| 964.869| 0.000] [PKTLEN......: 66.000| 1514.000| 539.800| 600.400|360465.600| 4.100] [BINS(c->s)..: 9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0] - [IATS........: 42665,43661,659,44970,3982,526,602,251,50626,787,253,1113,7308,12716,306,65597,42616,4166,48889,363,25248,76421,105973,250,551,581,305,49,101959,2918,1893,0] + [IATS(ms)....: 42.7,43.7,0.7,45.0,4.0,0.5,0.6,0.3,50.6,0.8,0.3,1.1,7.3,12.7,0.3,65.6,42.6,4.2,48.9,0.4,25.2,76.4,106.0,0.2,0.6,0.6,0.3,0.0,102.0,2.9,1.9,0.0] [PKTLENS.....: 74,74,66,268,66,1514,1514,1514,833,66,66,66,66,192,1514,781,78,192,1514,78,320,66,66,1514,1514,1514,697,608,143,66,163,66] detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] new: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] @@ -853,34 +853,34 @@ detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.262| 0.033| 0.059| 3460.134| 0.000] [PKTLEN......: 66.000| 1514.000| 631.000| 624.900|390532.600| 4.200] [BINS(c->s)..: 10,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,0,0,0,0,1,1,0,0,1,0,1,1] - [IATS........: 16682,17944,1581,27330,5292,477,511,279,32463,293,12932,291,133,38969,52766,61918,541,272,54,35117,659,5109,216850,261773,199,39363,7450,74173,66612,42132,427,0] + [IATS(ms)....: 16.7,17.9,1.6,27.3,5.3,0.5,0.5,0.3,32.5,0.3,12.9,0.3,0.1,39.0,52.8,61.9,0.5,0.3,0.1,35.1,0.7,5.1,216.8,261.8,0.2,39.4,7.5,74.2,66.6,42.1,0.4,0.0] [PKTLENS.....: 74,74,66,285,66,1514,1514,1514,764,66,66,66,66,192,324,1343,1514,1514,770,100,66,66,1308,1308,862,100,66,1319,100,78,1514,1514] detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] analyse: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.241| 0.031| 0.057| 3274.655| 0.000] [PKTLEN......: 66.000| 1514.000| 634.400| 578.400|334504.200| 4.400] [BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 33996,35089,2227,37919,5059,483,236,42863,280,131,30800,68825,38426,227149,241435,50068,58385,55537,3754,2000,4418,1636,659,7796,67,79,9049,341,3084,756,10250,0] + [IATS(ms)....: 34.0,35.1,2.2,37.9,5.1,0.5,0.2,42.9,0.3,0.1,30.8,68.8,38.4,227.1,241.4,50.1,58.4,55.5,3.8,2.0,4.4,1.6,0.7,7.8,0.1,0.1,9.0,0.3,3.1,0.8,10.2,0.0] [PKTLENS.....: 74,74,66,260,66,1514,1514,632,66,66,66,192,117,732,732,117,78,66,1110,441,270,829,919,455,1514,191,571,1514,1514,1514,1514,1514] new: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] analyse: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.264| 0.057| 0.086| 7393.244| 0.000] [PKTLEN......: 66.000| 1514.000| 546.200| 595.200|354289.100| 4.200] [BINS(c->s)..: 12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0] [BINS(s->c)..: 2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0] - [IATS........: 22841,23998,943,22793,6583,564,615,276,39690,124,146,157,6771,37572,46160,226745,213104,3861,222252,264056,50,55344,103406,128,10396,183950,242536,953,71,38628,142,0] + [IATS(ms)....: 22.8,24.0,0.9,22.8,6.6,0.6,0.6,0.3,39.7,0.1,0.1,0.2,6.8,37.6,46.2,226.7,213.1,3.9,222.3,264.1,0.1,55.3,103.4,0.1,10.4,183.9,242.5,1.0,0.1,38.6,0.1,0.0] [PKTLENS.....: 74,74,66,285,66,1514,1514,1514,764,66,66,66,66,192,324,1351,324,78,1351,1351,944,100,100,66,66,78,1336,1514,1514,522,66,66] detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] detection-update: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] @@ -888,13 +888,13 @@ detected: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] new: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] analyse: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 7.471| 0.614| 1.478|2183643.136| 0.000] [PKTLEN......: 54.000| 1514.000| 540.200| 637.500|406420.100| 4.000] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1] - [IATS........: 168457,171158,1511,108893,4406,1671,697,112679,290,4146,167,6217,127,10389,13091,1079,255,290409,42,32,60,299358,743,529311,1065924,2114234,3665356,7470598,595200,595070,1817122,0] + [IATS(ms)....: 168.5,171.2,1.5,108.9,4.4,1.7,0.7,112.7,0.3,4.1,0.2,6.2,0.1,10.4,13.1,1.1,0.3,290.4,0.0,0.0,0.1,299.4,0.7,529.3,1065.9,2114.2,3665.4,7470.6,595.2,595.1,1817.1,0.0] [PKTLENS.....: 74,62,54,281,60,60,1514,1514,54,54,1514,669,54,54,180,1514,1438,374,60,60,105,60,54,1438,1438,1438,1438,54,60,1438,60,60] detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable] detected: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] diff --git a/test/results/flow-info/amqp.pcap.out b/test/results/flow-info/amqp.pcap.out index 8e7590346..4c65ba42b 100644 --- a/test/results/flow-info/amqp.pcap.out +++ b/test/results/flow-info/amqp.pcap.out @@ -8,13 +8,13 @@ detected: [.....3] [ip4][..tcp] [......127.0.0.1][44206] -> [......127.0.1.1][.5672] [AMQP][RPC][Acceptable] detected: [.....2] [ip4][..tcp] [......127.0.1.1][.5672] -> [......127.0.0.1][44204] [AMQP][RPC][Acceptable] analyse: [.....1] [ip4][..tcp] [......127.0.0.1][44205] -> [......127.0.1.1][.5672] [AMQP][RPC][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.002| 0.224| 0.537|287986.745| 0.000] [PKTLEN......: 66.000| 395.000| 132.000| 99.500| 9895.700| 4.700] [BINS(c->s)..: 0,6,0,5,0,0,1,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 31,198,177,103,103,2001663,2001684,188,167,98,97,1032593,1032598,113,109,94,93,11037,11041,111,108,94,93,17674,17676,105,104,99,99,412703,412706,0] + [IATS(ms)....: 0.0,0.2,0.2,0.1,0.1,2001.7,2001.7,0.2,0.2,0.1,0.1,1032.6,1032.6,0.1,0.1,0.1,0.1,11.0,11.0,0.1,0.1,0.1,0.1,17.7,17.7,0.1,0.1,0.1,0.1,412.7,412.7,0.0] [PKTLENS.....: 107,66,162,66,369,66,107,66,162,66,369,66,104,66,162,66,395,66,103,66,162,66,271,66,105,66,162,66,325,66,104,66] idle: [.....2] [ip4][..tcp] [......127.0.1.1][.5672] -> [......127.0.0.1][44204] [AMQP][RPC][Acceptable] idle: [.....1] [ip4][..tcp] [......127.0.0.1][44205] -> [......127.0.1.1][.5672] [AMQP][RPC][Acceptable] diff --git a/test/results/flow-info/android.pcap.out b/test/results/flow-info/android.pcap.out index bc4500a3c..67051ee69 100644 --- a/test/results/flow-info/android.pcap.out +++ b/test/results/flow-info/android.pcap.out @@ -168,13 +168,13 @@ detected: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] detected: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun] analyse: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.405| 0.048| 0.104|10866.215| 0.000] [PKTLEN......: 66.000| 1484.000| 430.500| 552.700|305506.200| 4.000] [BINS(c->s)..: 13,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,5,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,0] - [IATS........: 13673,15022,32725,47474,16568,3,34518,282,386517,404574,19668,197623,221096,19209,15019,27735,41804,1657,22,36,1002,1575,133,18,9,1204,14,1169,2703,19,10,0] + [IATS(ms)....: 13.7,15.0,32.7,47.5,16.6,0.0,34.5,0.3,386.5,404.6,19.7,197.6,221.1,19.2,15.0,27.7,41.8,1.7,0.0,0.0,1.0,1.6,0.1,0.0,0.0,1.2,0.0,1.2,2.7,0.0,0.0,0.0] [PKTLENS.....: 74,74,66,246,66,1484,1202,66,66,159,358,66,578,66,100,66,655,66,1484,1484,1421,1484,66,1484,396,102,66,66,66,66,66,66] detection-update: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] detection-update: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun] diff --git a/test/results/flow-info/anyconnect-vpn.pcap.out b/test/results/flow-info/anyconnect-vpn.pcap.out index 28061e313..90b510045 100644 --- a/test/results/flow-info/anyconnect-vpn.pcap.out +++ b/test/results/flow-info/anyconnect-vpn.pcap.out @@ -44,13 +44,13 @@ detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn analyse: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.072| 0.022| 0.022| 465.545| 0.000] [PKTLEN......: 66.000| 1514.000| 504.700| 597.200|356597.600| 4.000] [BINS(c->s)..: 11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,2,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,0,0,0] - [IATS........: 39490,39550,431,43733,1217,44517,40926,4,40928,1,38216,8,38254,1,33217,1,71520,5,38273,6102,35094,41225,217,42300,2869,5,1,44938,58,0,0,0] + [IATS(ms)....: 39.5,39.5,0.4,43.7,1.2,44.5,40.9,0.0,40.9,0.0,38.2,0.0,38.3,0.0,33.2,0.0,71.5,0.0,38.3,6.1,35.1,41.2,0.2,42.3,2.9,0.0,0.0,44.9,0.1,0.0,0.0,0.0] [PKTLENS.....: 78,70,66,233,66,1514,66,1514,1514,66,66,1514,1181,66,66,1514,1514,1333,66,66,677,66,141,66,1175,66,359,711,119,66,66,66] detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn @@ -110,13 +110,13 @@ detection-update: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] analyse: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.385| 0.079| 0.122|14784.686| 0.000] [PKTLEN......: 66.000| 1434.000| 299.000| 416.200|173206.900| 4.000] [BINS(c->s)..: 9,2,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1] - [IATS........: 28537,28596,272,35158,11581,46466,4231,33144,2963,31899,1468,30539,1730,30777,254948,281121,5133,31326,314965,342213,26303,53543,25788,25778,4801,30501,2712,28408,358152,384774,2066,0] + [IATS(ms)....: 28.5,28.6,0.3,35.2,11.6,46.5,4.2,33.1,3.0,31.9,1.5,30.5,1.7,30.8,254.9,281.1,5.1,31.3,315.0,342.2,26.3,53.5,25.8,25.8,4.8,30.5,2.7,28.4,358.2,384.8,2.1,0.0] [PKTLENS.....: 78,78,66,214,66,1374,66,1261,66,117,66,510,66,477,66,377,66,181,66,791,66,1434,66,1174,66,128,66,136,66,124,66,124] new: [....37] [ip4][..tcp] [.....10.0.0.227][56881] -> [.162.222.43.153][..443] [MIDSTREAM] new: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] @@ -127,13 +127,13 @@ detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.138| 0.027| 0.033| 1098.419| 0.000] [PKTLEN......: 66.000| 1514.000| 531.300| 619.300|383541.000| 4.100] [BINS(c->s)..: 12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0] - [IATS........: 42362,42438,1999,46916,1210,46124,40336,4,40344,1,37231,6,37243,1,97159,138032,40854,1159,43270,9027,4,1,1,9,1,1,51168,0,0,0,0,0] + [IATS(ms)....: 42.4,42.4,2.0,46.9,1.2,46.1,40.3,0.0,40.3,0.0,37.2,0.0,37.2,0.0,97.2,138.0,40.9,1.2,43.3,9.0,0.0,0.0,0.0,0.0,0.0,0.0,51.2,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 78,70,66,218,66,1514,66,1514,1514,66,66,1514,1181,66,66,420,141,66,1031,66,1514,223,1514,223,1514,223,1514,223,66,66,66,66] detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn @@ -191,13 +191,13 @@ detection-update: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) analyse: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.047| 0.016| 0.019| 352.973| 0.000] [PKTLEN......: 90.000| 407.000| 213.100| 70.700| 5001.800| 4.900] [BINS(c->s)..: 0,0,1,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,0,0,2,5,1,2,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,0,0,1,1,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0,1,0,0,0,1] - [IATS........: 43486,43887,46602,46963,13778,22397,136,45366,3,1,180,3,8893,184,3220,4,34551,3,41128,530,5716,3654,11825,10035,4233,4600,46982,47070,168,405,3845,0] + [IATS(ms)....: 43.5,43.9,46.6,47.0,13.8,22.4,0.1,45.4,0.0,0.0,0.2,0.0,8.9,0.2,3.2,0.0,34.6,0.0,41.1,0.5,5.7,3.7,11.8,10.0,4.2,4.6,47.0,47.1,0.2,0.4,3.8,0.0] [PKTLENS.....: 141,90,161,230,135,167,167,167,263,215,215,215,199,151,167,359,311,183,231,167,167,311,167,279,199,407,199,279,167,183,183,343] new: [....60] [ip4][..udp] [.....10.0.0.227][52595] -> [.......10.0.0.1][..192] new: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] diff --git a/test/results/flow-info/anydesk.pcapng.out b/test/results/flow-info/anydesk.pcapng.out index 47d9c7b5f..d1bc9399a 100644 --- a/test/results/flow-info/anydesk.pcapng.out +++ b/test/results/flow-info/anydesk.pcapng.out @@ -12,13 +12,13 @@ detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing analyse: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.603| 0.177| 0.394|155451.113| 0.000] [PKTLEN......: 54.000| 1514.000| 406.700| 555.200|308238.000| 3.900] [BINS(c->s)..: 8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1] - [IATS........: 164805,164917,612,1082,165028,165426,485,455,339,338,1756,2021,164886,165169,210,191,219,307,218569,218677,606,928,1215453,1216321,7,87,855,7,2,1602919,62,0] + [IATS(ms)....: 164.8,164.9,0.6,1.1,165.0,165.4,0.5,0.5,0.3,0.3,1.8,2.0,164.9,165.2,0.2,0.2,0.2,0.3,218.6,218.7,0.6,0.9,1215.5,1216.3,0.0,0.1,0.9,0.0,0.0,1602.9,0.1,0.0] [PKTLENS.....: 74,60,54,317,60,1354,54,1354,54,60,54,1148,60,105,54,94,54,200,60,200,54,125,60,133,1514,1514,1256,60,60,60,1514,1194] detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing @@ -45,13 +45,13 @@ detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing analyse: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.022| 0.471| 0.869|754614.927| 0.000] [PKTLEN......: 54.000| 3980.000| 320.300| 747.400|558552.100| 3.200] [BINS(c->s)..: 6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1] [BINS(s->c)..: 11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0] - [IATS........: 491,529,333,431,328,10474,10878,39566,40320,8749,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,1754245,1753698,16355,71246,2966766,3021750,4006,0,0,0,0,0] + [IATS(ms)....: 0.5,0.5,0.3,0.4,0.3,10.5,10.9,39.6,40.3,8.7,9.5,516.9,517.5,1.6,27.8,26.2,2.4,56.3,902.9,957.3,1754.2,1753.7,16.4,71.2,2966.8,3021.8,4.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 66,66,54,299,60,60,1514,197,54,1340,60,968,94,54,101,60,89,88,60,88,54,3980,60,60,60,93,60,155,54,113,60,130] DAEMON-EVENT: [Processed: 9484 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0] @@ -63,13 +63,13 @@ detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Missing SNI TLS Extn, Desktop/File Sharing analyse: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][RemoteAccess][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 8.445| 0.583| 2.064|4258557.067| 0.000] [PKTLEN......: 66.000| 1514.000| 342.900| 495.500|245485.500| 3.900] [BINS(c->s)..: 8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1] - [IATS........: 17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993,0] + [IATS(ms)....: 17.7,17.8,0.9,17.8,3.4,20.3,0.1,0.0,3.8,21.9,18.1,0.1,0.0,0.9,64.2,13.4,76.8,1.5,18.4,206.6,224.8,0.0,0.0,18.7,0.0,62.8,0.0,80.2,8427.9,8444.6,314.0,0.0] [PKTLENS.....: 74,74,66,355,66,1514,66,1146,66,1160,117,66,106,66,213,66,212,66,151,66,159,1514,1514,1287,66,66,106,104,66,151,66,159] end: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] idle: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable] diff --git a/test/results/flow-info/bad-dns-traffic.pcap.out b/test/results/flow-info/bad-dns-traffic.pcap.out index 5c26327f2..8101644f6 100644 --- a/test/results/flow-info/bad-dns-traffic.pcap.out +++ b/test/results/flow-info/bad-dns-traffic.pcap.out @@ -22,13 +22,13 @@ detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name analyse: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.063| 4.102| 1.074| 0.689|474850.951| 0.000] [PKTLEN......: 95.000| 323.000| 129.200| 50.600| 2560.600| 4.900] [BINS(c->s)..: 0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1] - [IATS........: 1006460,1005839,1008074,1008541,4101854,73173,63089,1023925,1006666,2080907,1018755,962463,1014062,1012614,1013561,1040293,1038247,1060225,1011738,991100,1041523,1066575,1017786,982256,1029549,1026193,1027755,1007446,2080430,166358,305851,0] + [IATS(ms)....: 1006.5,1005.8,1008.1,1008.5,4101.9,73.2,63.1,1023.9,1006.7,2080.9,1018.8,962.5,1014.1,1012.6,1013.6,1040.3,1038.2,1060.2,1011.7,991.1,1041.5,1066.6,1017.8,982.3,1029.5,1026.2,1027.8,1007.4,2080.4,166.4,305.9,0.0] [PKTLENS.....: 133,133,133,133,133,164,95,130,95,95,126,95,128,95,130,95,128,95,128,95,126,95,128,95,130,95,128,95,95,174,290,323] update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name diff --git a/test/results/flow-info/bitcoin.pcap.out b/test/results/flow-info/bitcoin.pcap.out index 53a7a290e..7c94f3acb 100644 --- a/test/results/flow-info/bitcoin.pcap.out +++ b/test/results/flow-info/bitcoin.pcap.out @@ -8,25 +8,25 @@ detected: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 141.657| 9.231| 28.185|794377756.606| 0.000] [PKTLEN......: 86.000| 1514.000| 1196.700| 570.200|325114.200| 4.800] [BINS(c->s)..: 0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0] [DIRECTIONS..: 0,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 52705,59165,36072737,6972560,71059721,141657328,28238337,91,32968,6,2,1933055,1,2,1,2,4527,16790,273,4103,461,12118,1136,339,10616,15667,2671,6,3102,4098,7913,0] + [IATS(ms)....: 52.7,59.2,36072.7,6972.6,71059.7,141657.3,28238.3,0.1,33.0,0.0,0.0,1933.1,0.0,0.0,0.0,0.0,4.5,16.8,0.3,4.1,0.5,12.1,1.1,0.3,10.6,15.7,2.7,0.0,3.1,4.1,7.9,0.0] [PKTLENS.....: 171,171,86,127,121,127,110,1514,1514,1514,1514,1045,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] new: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 100.111| 6.495| 19.445|378100231.700| 0.000] [PKTLEN......: 86.000| 1514.000| 1169.300| 597.200|356626.800| 4.700] [BINS(c->s)..: 0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0] [DIRECTIONS..: 0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 59193,103209,9823152,39766075,21773202,100110670,311562,29237037,27,63547,5,128,1815,36336,73,10069,11,2188,6,22497,6,36,5434,1881,16669,98,3307,3200,88,2587,1046,0] + [IATS(ms)....: 59.2,103.2,9823.2,39766.1,21773.2,100110.7,311.6,29237.0,0.0,63.5,0.0,0.1,1.8,36.3,0.1,10.1,0.0,2.2,0.0,22.5,0.0,0.0,5.4,1.9,16.7,0.1,3.3,3.2,0.1,2.6,1.0,0.0] [PKTLENS.....: 171,171,86,182,121,121,110,121,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] new: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [Mining][Mining][Unsafe] @@ -34,25 +34,25 @@ DAEMON-EVENT: [Processed: 214 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] analyse: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 134.322| 8.966| 25.482|649325705.167| 0.000] [PKTLEN......: 86.000| 1514.000| 1089.600| 630.500|397582.100| 4.700] [BINS(c->s)..: 0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [BINS(s->c)..: 1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 62318,90510,14042384,39643167,11451980,9238604,22700384,134322478,190526,216456,52,56784,49,15,11,45582876,5468,2949,79677,2390,56420,14875,38291,1106,29429,10233,41403,43,29590,11803,15753,0] + [IATS(ms)....: 62.3,90.5,14042.4,39643.2,11452.0,9238.6,22700.4,134322.5,190.5,216.5,0.1,56.8,0.0,0.0,0.0,45582.9,5.5,2.9,79.7,2.4,56.4,14.9,38.3,1.1,29.4,10.2,41.4,0.0,29.6,11.8,15.8,0.0] [PKTLENS.....: 171,171,86,127,127,127,182,127,110,1514,1514,1514,1514,1514,1514,331,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] new: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [MIDSTREAM] detected: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 41.186| 2.780| 7.976|63609669.419| 0.000] [PKTLEN......: 86.000| 1514.000| 1120.500| 621.500|386298.000| 4.700] [BINS(c->s)..: 0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0] [BINS(s->c)..: 1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 128208,113258,17195103,11450771,3438749,6775,2755264,41186439,319900,321845,34,347450,8283500,31885,35035,52689,19022,36630,49289,41130,63903,2317,29070,27748,37436,32734,49198,24571,33724,41084,34074,0] + [IATS(ms)....: 128.2,113.3,17195.1,11450.8,3438.7,6.8,2755.3,41186.4,319.9,321.8,0.0,347.4,8283.5,31.9,35.0,52.7,19.0,36.6,49.3,41.1,63.9,2.3,29.1,27.7,37.4,32.7,49.2,24.6,33.7,41.1,34.1,0.0] [PKTLENS.....: 171,171,86,121,121,121,121,127,110,1514,1514,1514,1399,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] DAEMON-EVENT: [Processed: 494 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 5 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/bittorrent.pcap.out b/test/results/flow-info/bittorrent.pcap.out index 63c92cfce..f1e100b08 100644 --- a/test/results/flow-info/bittorrent.pcap.out +++ b/test/results/flow-info/bittorrent.pcap.out @@ -64,13 +64,13 @@ detected: [....21] [ip4][..tcp] [....192.168.1.3][52922] -> [..95.237.193.34][11321] [BitTorrent][Download][Acceptable] RISK: Known Proto on Non Std Port analyse: [....17] [ip4][..tcp] [....192.168.1.3][52915] -> [..198.100.146.9][60163] [BitTorrent][Download][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.012| 0.920| 0.247| 0.229|52345.696| 0.000] [PKTLEN......: 80.000| 1506.000| 736.400| 635.200|403438.900| 4.400] [BINS(c->s)..: 5,1,1,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,0,0] [DIRECTIONS..: 0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,0,1,1,1,1,0,1,1] - [IATS........: 176832,184047,360999,337345,477634,919975,779765,619481,619422,156869,158080,151021,161242,12043,185627,163549,148908,165750,153542,19235,148725,12813,146117,495893,130312,32142,133808,27318,421482,129521,27423,0] + [IATS(ms)....: 176.8,184.0,361.0,337.3,477.6,920.0,779.8,619.5,619.4,156.9,158.1,151.0,161.2,12.0,185.6,163.5,148.9,165.8,153.5,19.2,148.7,12.8,146.1,495.9,130.3,32.1,133.8,27.3,421.5,129.5,27.4,0.0] [PKTLENS.....: 134,146,625,242,80,190,104,100,1506,83,1180,83,623,95,83,403,83,202,623,1506,1506,1506,1506,1506,202,1506,1506,1506,1506,211,1506,1506] new: [....22] [ip4][..tcp] [....192.168.1.3][52927] -> [.83.216.184.241][51413] [MIDSTREAM] detected: [....22] [ip4][..tcp] [....192.168.1.3][52927] -> [.83.216.184.241][51413] [BitTorrent][Download][Acceptable] diff --git a/test/results/flow-info/bittorrent_utp.pcap.out b/test/results/flow-info/bittorrent_utp.pcap.out index 8b0df6133..09e137233 100644 --- a/test/results/flow-info/bittorrent_utp.pcap.out +++ b/test/results/flow-info/bittorrent_utp.pcap.out @@ -5,13 +5,13 @@ detected: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Download][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Download][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 5.430| 0.412| 1.202|1445669.503| 0.000] [PKTLEN......: 62.000| 1514.000| 511.200| 600.800|360942.700| 4.100] [BINS(c->s)..: 3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0] [BINS(s->c)..: 11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0] - [IATS........: 4392194,1037924,5430275,116819,116920,100471,240441,139898,4463,110556,115010,959,58628,60551,88152,88141,37493,37665,24480,24365,43679,55465,11575,11793,11863,53659,52777,104119,173318,8337,17540,0] + [IATS(ms)....: 4392.2,1037.9,5430.3,116.8,116.9,100.5,240.4,139.9,4.5,110.6,115.0,1.0,58.6,60.6,88.2,88.1,37.5,37.7,24.5,24.4,43.7,55.5,11.6,11.8,11.9,53.7,52.8,104.1,173.3,8.3,17.5,0.0] [PKTLENS.....: 146,146,62,72,252,519,62,62,117,271,62,62,146,1514,68,1514,68,1514,68,1514,68,96,1514,68,1514,68,1514,62,62,1051,1051,1051] idle: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Download][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/bot.pcap.out b/test/results/flow-info/bot.pcap.out index f6488ea40..503df129b 100644 --- a/test/results/flow-info/bot.pcap.out +++ b/test/results/flow-info/bot.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] detected: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP.Azure][Cloud][Acceptable] analyse: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP.Azure][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.114| 0.014| 0.036| 1309.010| 0.000] [PKTLEN......: 64.000| 1498.000| 1104.500| 631.200|398369.000| 4.600] [BINS(c->s)..: 6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1] - [IATS........: 409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465,0] + [IATS(ms)....: 0.4,106.5,0.0,106.7,7.6,0.1,0.1,0.1,0.0,0.0,0.8,0.0,0.0,0.0,114.2,0.3,105.4,0.1,0.0,0.0,0.1,0.0,0.0,0.0,0.2,0.0,0.1,0.0,0.8,0.1,0.5,0.0] [PKTLENS.....: 66,66,64,374,64,1498,1498,1498,1498,1498,1498,1498,1498,1498,1498,64,64,1498,1498,1498,1498,1498,1498,1498,1498,1498,1498,1498,1498,64,64,1498] end: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP.Azure][Cloud][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/capwap.pcap.out b/test/results/flow-info/capwap.pcap.out index b1c245823..0ef3faeb3 100644 --- a/test/results/flow-info/capwap.pcap.out +++ b/test/results/flow-info/capwap.pcap.out @@ -17,26 +17,26 @@ detected: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Network][Acceptable] update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Network][Acceptable] analyse: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.093| 0.751| 2.532|6409154.986| 0.000] [PKTLEN......: 106.000| 1499.000| 512.200| 485.400|235625.000| 4.400] [BINS(c->s)..: 0,0,5,3,0,0,0,0,0,1,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0] [BINS(s->c)..: 0,0,1,6,1,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0] [DIRECTIONS..: 0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,1,0] - [IATS........: 760,9998434,10093423,96372,2625,2,127,182379,1,94,314122,135275,2746,249,111759,1,157255,1,325739,280124,1,39490,1,39481,264,2133,995,502,500,0,0,0] + [IATS(ms)....: 0.8,9998.4,10093.4,96.4,2.6,0.0,0.1,182.4,0.0,0.1,314.1,135.3,2.7,0.2,111.8,0.0,157.3,0.0,325.7,280.1,0.0,39.5,0.0,39.5,0.3,2.1,1.0,0.5,0.5,0.0,0.0,0.0] [PKTLENS.....: 156,156,115,106,147,590,590,360,590,590,179,329,420,137,1499,1499,1499,1451,1035,1451,475,155,123,139,155,139,123,891,155,123,139,875] new: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] detected: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Network][Acceptable] update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] ERROR-EVENT: Unknown packet type analyse: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.500| 4.000| 1.016| 0.875|765810.835| 0.000] [PKTLEN......: 122.000| 325.000| 195.400| 58.400| 3415.700| 4.900] [BINS(c->s)..: 0,0,6,7,2,9,2,5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 499983,500014,499872,2999961,499995,500031,499980,499982,499890,499986,499975,499998,499999,999998,999993,500014,2999827,1000005,999991,500032,1999814,500016,499990,999989,500017,1499983,499857,1999983,999996,999993,3999845,0] + [IATS(ms)....: 500.0,500.0,499.9,3000.0,500.0,500.0,500.0,500.0,499.9,500.0,500.0,500.0,500.0,1000.0,1000.0,500.0,2999.8,1000.0,1000.0,500.0,1999.8,500.0,500.0,1000.0,500.0,1500.0,499.9,2000.0,1000.0,1000.0,3999.8,0.0] [PKTLENS.....: 122,209,296,151,238,151,122,209,325,151,122,122,151,296,151,209,209,296,151,209,122,267,180,209,209,209,267,151,122,209,238,180] update: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Network][Acceptable] update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Network][Acceptable] diff --git a/test/results/flow-info/cassandra.pcap.out b/test/results/flow-info/cassandra.pcap.out index d41299483..2fb60d21d 100644 --- a/test/results/flow-info/cassandra.pcap.out +++ b/test/results/flow-info/cassandra.pcap.out @@ -6,22 +6,22 @@ new: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] detected: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] analyse: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 26.002| 1.755| 6.369|40566842.720| 0.000] [PKTLEN......: 66.000|25214.000| 1951.600| 5902.900|34844344.000| 2.100] [BINS(c->s)..: 9,2,3,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,2,2,1,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,0] - [IATS........: 11,19,249,264,5672,5686,233,620,1533,1593,1631,2318,1136,3494,3539,2825,4760,1891,1781,667,2471,2015,1427,3423,25963183,26002233,1164047,1204436,1335,2304,5708,0] + [IATS(ms)....: 0.0,0.0,0.2,0.3,5.7,5.7,0.2,0.6,1.5,1.6,1.6,2.3,1.1,3.5,3.5,2.8,4.8,1.9,1.8,0.7,2.5,2.0,1.4,3.4,25963.2,26002.2,1164.0,1204.4,1.3,2.3,5.7,0.0] [PKTLENS.....: 74,74,66,75,66,127,66,97,75,124,75,167,182,193,11145,66,119,557,387,380,257,66,21816,25214,66,124,66,140,147,139,144,157] analyse: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 25.937| 2.293| 6.507|42345709.961| 0.000] [PKTLEN......: 66.000|11512.000| 466.300| 1984.700|3939065.000| 1.900] [BINS(c->s)..: 10,2,4,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 13,21,671,688,5291,5315,288,749,1660,4537,3374,25897068,25937061,6031,46634,674,28,18,1162,1117,2315,1239,3343,41722,7689860,7730331,832,186,642,40128,3670158,0] + [IATS(ms)....: 0.0,0.0,0.7,0.7,5.3,5.3,0.3,0.7,1.7,4.5,3.4,25897.1,25937.1,6.0,46.6,0.7,0.0,0.0,1.2,1.1,2.3,1.2,3.3,41.7,7689.9,7730.3,0.8,0.2,0.6,40.1,3670.2,0.0] [PKTLENS.....: 74,74,66,75,66,127,66,97,75,140,11512,66,201,66,113,140,66,139,66,147,144,66,157,289,66,113,94,66,101,94,66,291] end: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] end: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] diff --git a/test/results/flow-info/check_mk_new.pcap.out b/test/results/flow-info/check_mk_new.pcap.out index 2dedf5f40..affbc43ad 100644 --- a/test/results/flow-info/check_mk_new.pcap.out +++ b/test/results/flow-info/check_mk_new.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] detected: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][DataTransfer][Acceptable] analyse: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][DataTransfer][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.002| 0.001| 0.001| 0.660| 0.000] [PKTLEN......: 66.000| 568.000| 109.500| 116.800|13650.400| 4.500] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 27,188,2128,2061,102,68,67,104,1865,1834,72,90,1254,1242,147,158,91,94,1228,1205,176,172,1964,1988,1810,1805,1867,1907,699,663,119,0] + [IATS(ms)....: 0.0,0.2,2.1,2.1,0.1,0.1,0.1,0.1,1.9,1.8,0.1,0.1,1.3,1.2,0.1,0.2,0.1,0.1,1.2,1.2,0.2,0.2,2.0,2.0,1.8,1.8,1.9,1.9,0.7,0.7,0.1,0.0] [PKTLENS.....: 74,74,66,81,66,331,66,76,66,67,66,75,66,568,66,75,66,84,66,477,66,82,66,82,66,83,66,79,66,131,66,75] end: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][DataTransfer][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/chrome.pcap.out b/test/results/flow-info/chrome.pcap.out index 73ad7d9ca..b226b4da5 100644 --- a/test/results/flow-info/chrome.pcap.out +++ b/test/results/flow-info/chrome.pcap.out @@ -7,13 +7,13 @@ new: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] detected: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.629| 0.057| 0.154|23802.585| 0.000] [PKTLEN......: 66.000| 1506.000| 619.400| 632.900|400560.700| 4.200] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,1,1] - [IATS........: 28765,28872,339,29774,6968,212,36564,499,471,13592,322,42282,28,185,11,28620,3,627868,1163,629043,92,171,257,86,255,319,1121,131143,160052,5604,100,0] + [IATS(ms)....: 28.8,28.9,0.3,29.8,7.0,0.2,36.6,0.5,0.5,13.6,0.3,42.3,0.0,0.2,0.0,28.6,0.0,627.9,1.2,629.0,0.1,0.2,0.3,0.1,0.3,0.3,1.1,131.1,160.1,5.6,0.1,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,66,772,66,146,816,66,66,369,369,66,66,1506,1506,66,1506,1506,66,1506,1485,66,66,717,66,1506,1506] detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] new: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] @@ -25,13 +25,13 @@ detected: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe] detected: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.469| 0.038| 0.110|12173.627| 0.000] [PKTLEN......: 66.000| 1506.000| 631.100| 638.000|407026.800| 4.200] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,0,1,0,0] - [IATS........: 28488,28560,612,28383,2758,30530,2041,28373,116,26422,441785,468764,1748,1393,30158,119,111,182,125,120,237,134,128,266,240,251,495,806,26027,25276,1809,0] + [IATS(ms)....: 28.5,28.6,0.6,28.4,2.8,30.5,2.0,28.4,0.1,26.4,441.8,468.8,1.7,1.4,30.2,0.1,0.1,0.2,0.1,0.1,0.2,0.1,0.1,0.3,0.2,0.3,0.5,0.8,26.0,25.3,1.8,0.0] [PKTLENS.....: 78,74,66,701,66,326,66,146,66,369,66,783,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,66,1029,66,770] detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe] @@ -39,43 +39,43 @@ detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.035| 0.006| 0.011| 126.441| 0.000] [PKTLEN......: 66.000| 1506.000| 542.700| 598.400|358096.100| 4.100] [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,1,0,0,0,0] - [IATS........: 26769,26817,1326,28249,6762,1293,14,34983,12,374,291,27566,2,26902,1379,1360,1118,15,1124,130,231,245,356,130,118,13,252,11,746,1742,0,0] + [IATS(ms)....: 26.8,26.8,1.3,28.2,6.8,1.3,0.0,35.0,0.0,0.4,0.3,27.6,0.0,26.9,1.4,1.4,1.1,0.0,1.1,0.1,0.2,0.2,0.4,0.1,0.1,0.0,0.3,0.0,0.7,1.7,0.0,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,772,66,66,146,772,66,369,66,66,369,66,1506,1506,66,66,1506,1506,66,1506,1506,412,66,66,66,820] detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.031| 0.008| 0.012| 146.160| 0.000] [PKTLEN......: 66.000| 1506.000| 713.600| 675.500|456346.800| 4.300] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1] - [IATS........: 29278,29334,864,29011,2497,30653,580,334,26242,1058,2318,28687,1760,236,1984,377,499,883,126,124,243,136,114,251,129,941,26868,117,26169,1503,132,0] + [IATS(ms)....: 29.3,29.3,0.9,29.0,2.5,30.7,0.6,0.3,26.2,1.1,2.3,28.7,1.8,0.2,2.0,0.4,0.5,0.9,0.1,0.1,0.2,0.1,0.1,0.3,0.1,0.9,26.9,0.1,26.2,1.5,0.1,0.0] [PKTLENS.....: 78,74,66,701,66,326,66,146,772,66,66,369,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,66,1506,1506,66,1506,1506] detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.038| 0.007| 0.012| 150.077| 0.000] [PKTLEN......: 66.000| 1506.000| 643.300| 651.900|424923.800| 4.200] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1,0,1] - [IATS........: 28686,28726,1295,29880,9620,122,15,38324,11,451,233,27995,116,117,14,27547,3,1242,1253,2514,126,125,241,123,122,245,249,230,376,396,25266,0] + [IATS(ms)....: 28.7,28.7,1.3,29.9,9.6,0.1,0.0,38.3,0.0,0.5,0.2,28.0,0.1,0.1,0.0,27.5,0.0,1.2,1.3,2.5,0.1,0.1,0.2,0.1,0.1,0.2,0.2,0.2,0.4,0.4,25.3,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,772,66,66,146,772,66,66,369,369,66,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,66,1506,66,1506] detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.032| 0.008| 0.013| 163.814| 0.000] [PKTLEN......: 66.000| 1506.000| 623.700| 634.700|402848.700| 4.200] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0] - [IATS........: 29778,29819,1050,30027,2482,31460,377,194,32013,8,1,31458,983,109,1078,130,153,122,98,131,118,249,502,124,630,126,1459,27278,100,26052,4586,0] + [IATS(ms)....: 29.8,29.8,1.1,30.0,2.5,31.5,0.4,0.2,32.0,0.0,0.0,31.5,1.0,0.1,1.1,0.1,0.2,0.1,0.1,0.1,0.1,0.2,0.5,0.1,0.6,0.1,1.5,27.3,0.1,26.1,4.6,0.0] [PKTLENS.....: 78,74,66,701,66,326,66,146,772,66,369,66,66,1506,1506,66,1506,66,1506,66,1506,1506,66,1506,1506,66,1506,66,1506,799,66,775] detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe] end: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/citrix.pcap.out b/test/results/flow-info/citrix.pcap.out index f0b34aeea..7e9427cbe 100644 --- a/test/results/flow-info/citrix.pcap.out +++ b/test/results/flow-info/citrix.pcap.out @@ -2,13 +2,13 @@ new: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] detected: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Network][Acceptable] analyse: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.056| 0.005| 0.012| 154.959| 0.000] [PKTLEN......: 64.000| 401.000| 114.300| 63.600| 4041.600| 4.800] [BINS(c->s)..: 5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0] - [IATS........: 2099,2106,6093,6094,4120,7122,1007,6,6,6,6,1006,1007,7,5,13,6,1007,6,5,2009,7,5,6,5,1007,5,56256,46119,4116,4114,0] + [IATS(ms)....: 2.1,2.1,6.1,6.1,4.1,7.1,1.0,0.0,0.0,0.0,0.0,1.0,1.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,2.0,0.0,0.0,0.0,0.0,1.0,0.0,56.3,46.1,4.1,4.1,0.0] [PKTLENS.....: 64,64,64,64,64,76,212,121,101,102,105,401,97,225,109,147,117,111,109,117,112,97,97,97,114,117,111,109,142,64,64,64] idle: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/coap_mqtt.pcap.out b/test/results/flow-info/coap_mqtt.pcap.out index cfef7ccf2..d15c9625f 100644 --- a/test/results/flow-info/coap_mqtt.pcap.out +++ b/test/results/flow-info/coap_mqtt.pcap.out @@ -46,82 +46,82 @@ detected: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][RPC][Acceptable] RISK: Known Proto on Non Std Port analyse: [....11] [ip4][..tcp] [...192.168.56.1][53528] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.439| 0.304| 1.061|1125807.423| 0.000] [PKTLEN......: 54.000| 140.000| 76.300| 30.100| 907.000| 4.900] [BINS(c->s)..: 11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1] - [IATS........: 72,248,4635,4859,1038,9311,9054,2795,3496,481,2352,21820,23421,198700,4438876,4242440,38504,37941,469,2294,62501,64983,1232,38696,37823,527,2778,66747,69695,1087,39395,0] + [IATS(ms)....: 0.1,0.2,4.6,4.9,1.0,9.3,9.1,2.8,3.5,0.5,2.4,21.8,23.4,198.7,4438.9,4242.4,38.5,37.9,0.5,2.3,62.5,65.0,1.2,38.7,37.8,0.5,2.8,66.7,69.7,1.1,39.4,0.0] [PKTLENS.....: 66,66,60,73,54,58,114,58,69,59,138,60,114,58,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54] analyse: [.....9] [ip4][..tcp] [...192.168.56.1][53522] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 27.506| 1.802| 6.725|45219399.598| 0.000] [PKTLEN......: 54.000| 140.000| 77.400| 32.800| 1072.600| 4.900] [BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0] - [IATS........: 709,199149,27505948,27310358,42735,39960,130,529,60417,61165,1588,38934,37729,553,2947,66282,69491,1247,39646,39140,1019,2437,62744,65305,1790,40465,38726,170,6175,66713,73088,0] + [IATS(ms)....: 0.7,199.1,27505.9,27310.4,42.7,40.0,0.1,0.5,60.4,61.2,1.6,38.9,37.7,0.6,2.9,66.3,69.5,1.2,39.6,39.1,1.0,2.4,62.7,65.3,1.8,40.5,38.7,0.2,6.2,66.7,73.1,0.0] [PKTLENS.....: 60,56,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60] analyse: [....10] [ip4][..tcp] [...192.168.56.1][53523] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 13.151| 0.876| 3.198|10225378.656| 0.000] [PKTLEN......: 54.000| 140.000| 77.400| 32.800| 1072.600| 4.900] [BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0] - [IATS........: 404,199934,13150790,12952309,38608,37989,477,2148,62571,64954,1016,38807,38093,501,2594,66803,69615,1179,39541,39110,979,2406,62938,65497,773,40198,39480,237,5592,67477,73236,0] + [IATS(ms)....: 0.4,199.9,13150.8,12952.3,38.6,38.0,0.5,2.1,62.6,65.0,1.0,38.8,38.1,0.5,2.6,66.8,69.6,1.2,39.5,39.1,1.0,2.4,62.9,65.5,0.8,40.2,39.5,0.2,5.6,67.5,73.2,0.0] [PKTLENS.....: 60,56,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60] analyse: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][RPC][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.074| 0.031| 0.027| 714.536| 0.000] [PKTLEN......: 54.000| 140.000| 79.000| 33.200| 1105.200| 4.900] [BINS(c->s)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1] - [IATS........: 1998,38598,37069,480,2447,62266,64859,841,38683,38127,461,2290,67273,69748,665,39428,39498,931,2251,63248,65640,1623,40275,38699,156,6124,67250,73508,2463,42357,39863,0] + [IATS(ms)....: 2.0,38.6,37.1,0.5,2.4,62.3,64.9,0.8,38.7,38.1,0.5,2.3,67.3,69.7,0.7,39.4,39.5,0.9,2.3,63.2,65.6,1.6,40.3,38.7,0.2,6.1,67.2,73.5,2.5,42.4,39.9,0.0] [PKTLENS.....: 140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114] new: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] detected: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 0.000] [PKTLEN......: 59.000| 143.000| 99.600| 38.600| 1486.700| 4.900] [BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 1824,103882,104036,108951,108450,105413,105949,113800,113717,106838,107131,109410,109028,108906,115953,117757,112312,110612,110806,109887,107946,108022,108009,113116,114023,110812,110429,107359,111248,109470,105114,0] + [IATS(ms)....: 1.8,103.9,104.0,109.0,108.5,105.4,105.9,113.8,113.7,106.8,107.1,109.4,109.0,108.9,116.0,117.8,112.3,110.6,110.8,109.9,107.9,108.0,108.0,113.1,114.0,110.8,110.4,107.4,111.2,109.5,105.1,0.0] [PKTLENS.....: 138,61,137,60,136,59,143,66,139,62,136,59,138,61,138,61,140,63,137,60,138,61,137,60,137,60,137,60,143,66,136,59] new: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] detected: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 0.000] [PKTLEN......: 60.000| 142.000| 100.500| 38.500| 1485.600| 4.900] [BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 2441,112948,114313,107773,108080,108005,107995,109511,111427,119112,118338,116979,117004,127663,125063,114041,112993,120228,120931,111475,111310,105608,107791,113820,112048,122618,125498,112978,109966,123530,125708,0] + [IATS(ms)....: 2.4,112.9,114.3,107.8,108.1,108.0,108.0,109.5,111.4,119.1,118.3,117.0,117.0,127.7,125.1,114.0,113.0,120.2,120.9,111.5,111.3,105.6,107.8,113.8,112.0,122.6,125.5,113.0,110.0,123.5,125.7,0.0] [PKTLENS.....: 137,60,141,64,140,63,142,65,137,60,139,62,140,63,139,62,137,60,138,61,142,65,140,63,137,60,137,60,137,60,141,64] new: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] detected: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 0.000] [PKTLEN......: 60.000| 143.000| 101.200| 38.500| 1485.300| 4.900] [BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537,0] + [IATS(ms)....: 1.3,105.0,107.1,122.6,124.6,114.9,120.4,119.7,111.5,123.9,123.0,105.4,109.4,122.9,120.1,118.0,119.4,130.1,131.4,131.3,129.0,120.1,121.3,112.3,114.8,128.9,125.5,128.0,127.0,125.1,128.5,0.0] [PKTLENS.....: 139,62,143,66,139,62,140,63,140,63,137,60,137,60,137,60,142,65,140,63,141,64,139,62,139,62,142,65,141,64,140,63] analyse: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 0.000] [PKTLEN......: 59.000| 143.000| 101.100| 38.600| 1487.100| 4.900] [BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564,0] + [IATS(ms)....: 5.1,140.5,139.4,127.3,129.3,138.0,134.5,137.7,141.2,137.9,138.6,132.6,133.3,132.1,136.8,172.3,164.6,137.8,136.7,122.3,121.6,117.1,118.7,128.8,133.2,115.5,110.1,123.6,124.5,106.7,105.6,0.0] [PKTLENS.....: 141,64,142,65,137,60,137,60,140,63,137,60,136,59,141,64,139,62,143,66,140,63,138,61,139,62,143,66,138,61,142,65] idle: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] idle: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] diff --git a/test/results/flow-info/collectd.pcap.out b/test/results/flow-info/collectd.pcap.out index b39bb79d4..8ca67a843 100644 --- a/test/results/flow-info/collectd.pcap.out +++ b/test/results/flow-info/collectd.pcap.out @@ -34,13 +34,13 @@ update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] analyse: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.000| 8.710| 3.352|11236716.577| 0.000] [PKTLEN......: 1353.000| 1388.000| 1371.600| 10.800| 116.600| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,26,4,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 9999043,10000474,9999533,9999908,9999948,529,9999990,10000110,9999700,10000036,9999885,10000020,417,9999778,9999931,10000097,9999852,9999817,10000085,761,9999588,9999630,10000163,10000066,9999926,9999713,640,10000064,9999244,10000446,9999890,0] + [IATS(ms)....: 9999.0,10000.5,9999.5,9999.9,9999.9,0.5,10000.0,10000.1,9999.7,10000.0,9999.9,10000.0,0.4,9999.8,9999.9,10000.1,9999.9,9999.8,10000.1,0.8,9999.6,9999.6,10000.2,10000.1,9999.9,9999.7,0.6,10000.1,9999.2,10000.4,9999.9,0.0] [PKTLENS.....: 1385,1365,1371,1361,1365,1355,1369,1388,1379,1385,1386,1380,1386,1368,1375,1376,1353,1371,1368,1353,1365,1364,1367,1370,1384,1361,1381,1383,1388,1355,1359,1376] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] diff --git a/test/results/flow-info/dnp3.pcap.out b/test/results/flow-info/dnp3.pcap.out index 5846bb6cf..3080954d2 100644 --- a/test/results/flow-info/dnp3.pcap.out +++ b/test/results/flow-info/dnp3.pcap.out @@ -4,26 +4,26 @@ new: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] detected: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 120.146| 12.647| 35.851|1285324797.903| 0.000] [PKTLEN......: 60.000| 79.000| 66.200| 6.800| 46.800| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0] - [IATS........: 201,411,1564,151649,2891882,795,3043080,21210,212002,120145678,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.2,0.4,1.6,151.6,2891.9,0.8,3043.1,21.2,212.0,120145.7,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,69,69,69,79,79,79,60,60,60,71,71,71,60,60,60,78,78] DAEMON-EVENT: [Processed: 39 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] detected: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 17.487| 5.095| 6.400|40966232.736| 0.000] [PKTLEN......: 60.000| 78.000| 64.800| 7.100| 50.000| 5.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1] - [IATS........: 174,378,1487,181225,17203302,17487311,4814054,4907006,3276812,3079947,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.2,0.4,1.5,181.2,17203.3,17487.3,4814.1,4907.0,3276.8,3079.9,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,78,78,78,60,60,60,78,78,78,60,60,60,60,60,60,60,60] DAEMON-EVENT: [Processed: 78 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -31,13 +31,13 @@ detected: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] end: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 82.989| 8.549| 24.817|615875493.233| 0.000] [PKTLEN......: 60.000| 79.000| 66.200| 6.800| 46.800| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0] - [IATS........: 167,372,1487,144969,996855,774,1141407,10263,204144,82989444,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.2,0.4,1.5,145.0,996.9,0.8,1141.4,10.3,204.1,82989.4,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,69,69,69,79,79,79,60,60,60,71,71,71,60,60,60,78,78] DAEMON-EVENT: [Processed: 216 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -45,26 +45,26 @@ idle: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] detected: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 75.076| 22.122| 29.810|888614640.681| 0.000] [PKTLEN......: 60.000| 77.000| 66.700| 5.900| 34.500| 5.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1] - [IATS........: 172,422,75028631,75076356,533,48219,553,153041,35338826,35569788,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.2,0.4,75028.6,75076.4,0.5,48.2,0.6,153.0,35338.8,35569.8,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 62,62,62,62,62,62,60,60,60,69,69,69,71,71,71,71,71,71,60,60,60,77,77,77,60,60,60,72,72,72,71,71] DAEMON-EVENT: [Processed: 351 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] detected: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.639| 0.563| 1.000|999705.674| 0.000] [PKTLEN......: 60.000| 79.000| 66.200| 6.800| 46.100| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0] - [IATS........: 139,330,1310,168563,2471106,796,2639445,99801,232167,15277,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.1,0.3,1.3,168.6,2471.1,0.8,2639.4,99.8,232.2,15.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,69,69,69,78,78,78,60,60,60,71,71,71,60,60,60,79,79] idle: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] DAEMON-EVENT: [Processed: 444 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -79,26 +79,26 @@ detected: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] idle: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 9.488| 2.471| 3.592|12904304.738| 0.000] [PKTLEN......: 60.000| 78.000| 66.800| 7.000| 48.700| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0] - [IATS........: 157,360,1427,192830,9226978,9487840,187102,2636386,2814075,167839,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.2,0.4,1.4,192.8,9227.0,9487.8,187.1,2636.4,2814.1,167.8,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,78,78,78,71,71,71,60,60,60,78,78,78,71,71,71,60,60] DAEMON-EVENT: [Processed: 504 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] new: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] detected: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.963| 1.541| 1.422|2023320.715| 0.000] [PKTLEN......: 60.000| 78.000| 64.800| 7.100| 50.000| 5.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1] - [IATS........: 199,410,1542,125290,3672101,3963212,1744251,1702440,2163787,2038609,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.2,0.4,1.5,125.3,3672.1,3963.2,1744.3,1702.4,2163.8,2038.6,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,78,78,78,60,60,60,78,78,78,60,60,60,60,60,60,60,60] end: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] idle: [.....6] [ip4][..tcp] [.......10.0.0.8][.1159] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] diff --git a/test/results/flow-info/dns-tunnel-iodine.pcap.out b/test/results/flow-info/dns-tunnel-iodine.pcap.out index 4e1c8a32e..d8541a35b 100644 --- a/test/results/flow-info/dns-tunnel-iodine.pcap.out +++ b/test/results/flow-info/dns-tunnel-iodine.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable] RISK: Suspicious DNS Traffic analyse: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.003| 0.162| 0.368|135658.824| 0.000] [PKTLEN......: 82.000| 1476.000| 246.600| 286.600|82112.700| 4.400] [BINS(c->s)..: 0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0] - [IATS........: 93,897,1083,5795,5715,411,342,245,227,219,217,216,215,213,212,209,230,282,586,445,177,314,494,447,227,245,1001664,1002291,1001465,1002966,1002454,0] + [IATS(ms)....: 0.1,0.9,1.1,5.8,5.7,0.4,0.3,0.2,0.2,0.2,0.2,0.2,0.2,0.2,0.2,0.2,0.2,0.3,0.6,0.4,0.2,0.3,0.5,0.4,0.2,0.2,1001.7,1002.3,1001.5,1003.0,1002.5,0.0] [PKTLENS.....: 82,103,103,144,88,137,123,166,132,184,138,196,118,156,134,188,88,96,88,95,88,93,323,1092,323,1476,323,323,323,323,323,323] idle: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable] RISK: Suspicious DNS Traffic diff --git a/test/results/flow-info/dns_doh.pcap.out b/test/results/flow-info/dns_doh.pcap.out index 2ccc39c63..bfedf75bd 100644 --- a/test/results/flow-info/dns_doh.pcap.out +++ b/test/results/flow-info/dns_doh.pcap.out @@ -5,13 +5,13 @@ detected: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] detection-update: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] analyse: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.535| 0.064| 0.132|17379.013| 0.000] [PKTLEN......: 54.000| 1354.000| 230.900| 327.300|107137.200| 4.100] [BINS(c->s)..: 9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1] - [IATS........: 87116,87208,1808,92218,5,2,90426,511,1485,930,26074,858,110,91,102733,7825,6,1,83431,1,17900,147557,535341,708,88830,66,525420,6,10702,6,0,0] + [IATS(ms)....: 87.1,87.2,1.8,92.2,0.0,0.0,90.4,0.5,1.5,0.9,26.1,0.9,0.1,0.1,102.7,7.8,0.0,0.0,83.4,0.0,17.9,147.6,535.3,0.7,88.8,0.1,525.4,0.0,10.7,0.0,0.0,0.0] [PKTLENS.....: 78,66,54,571,54,1354,1354,54,54,503,54,118,224,297,133,54,591,404,85,54,54,54,85,54,116,147,116,157,54,54,258,85] idle: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_exfiltration.pcap.out b/test/results/flow-info/dns_exfiltration.pcap.out index 567150b77..985334158 100644 --- a/test/results/flow-info/dns_exfiltration.pcap.out +++ b/test/results/flow-info/dns_exfiltration.pcap.out @@ -7,13 +7,13 @@ detection-update: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name analyse: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.004| 1.036| 0.914| 0.282|79410.348| 0.000] [PKTLEN......: 101.000| 386.000| 146.400| 59.100| 3497.900| 4.900] [BINS(c->s)..: 0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 170631,1035526,866477,1015270,1015599,4647,3976,1009971,1010376,1009201,1009121,1008475,1008435,1009499,1009380,1008042,1008120,1008655,1008570,1009773,1009797,1009990,1010112,1008960,1008939,1008465,1008353,1007666,1007763,1008795,1008694,0] + [IATS(ms)....: 170.6,1035.5,866.5,1015.3,1015.6,4.6,4.0,1010.0,1010.4,1009.2,1009.1,1008.5,1008.4,1009.5,1009.4,1008.0,1008.1,1008.7,1008.6,1009.8,1009.8,1010.0,1010.1,1009.0,1008.9,1008.5,1008.4,1007.7,1007.8,1008.8,1008.7,0.0] [PKTLENS.....: 215,386,166,286,136,193,101,148,101,148,101,156,101,148,101,158,101,158,101,156,101,148,101,158,101,158,101,158,101,148,101,148] update: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name diff --git a/test/results/flow-info/doq_adguard.pcapng.out b/test/results/flow-info/doq_adguard.pcapng.out index 57437d0e4..baafcb075 100644 --- a/test/results/flow-info/doq_adguard.pcapng.out +++ b/test/results/flow-info/doq_adguard.pcapng.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] detected: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Network][Fun] analyse: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Network][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.885| 0.161| 0.453|205274.628| 0.000] [PKTLEN......: 73.000| 1294.000| 456.800| 522.900|273444.500| 4.100] [BINS(c->s)..: 4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1] - [IATS........: 36477,41681,43201,66,19,41861,6662,38406,6603,58707,16,206479,12,419140,55,727,29151,153173,67,8229,73,10468,39556,83,37026,44980,51489,1830423,63,12,1885270,0] + [IATS(ms)....: 36.5,41.7,43.2,0.1,0.0,41.9,6.7,38.4,6.6,58.7,0.0,206.5,0.0,419.1,0.1,0.7,29.2,153.2,0.1,8.2,0.1,10.5,39.6,0.1,37.0,45.0,51.5,1830.4,0.1,0.0,1885.3,0.0] [PKTLENS.....: 1274,182,1274,1294,1294,1284,97,98,198,95,1284,1284,1284,1284,269,73,97,98,83,306,154,100,73,83,437,73,84,73,101,103,103,83] idle: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Network][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dos_win98_smb_netbeui.pcap.out b/test/results/flow-info/dos_win98_smb_netbeui.pcap.out index 1d46a64e2..c84e2fe3d 100644 --- a/test/results/flow-info/dos_win98_smb_netbeui.pcap.out +++ b/test/results/flow-info/dos_win98_smb_netbeui.pcap.out @@ -179,13 +179,13 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type analyse: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 96.434| 4.235| 17.262|297969697.948| 0.000] [PKTLEN......: 110.000| 110.000| 110.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 471,72,38984,710235,79,43,39467,709823,84,47,40333,710082,133,63,40024,760697,749893,749148,750102,96434388,763919,759984,756024,755162,752213,756593,760022,22000853,749883,749867,755005,0] + [IATS(ms)....: 0.5,0.1,39.0,710.2,0.1,0.0,39.5,709.8,0.1,0.0,40.3,710.1,0.1,0.1,40.0,760.7,749.9,749.1,750.1,96434.4,763.9,760.0,756.0,755.2,752.2,756.6,760.0,22000.9,749.9,749.9,755.0,0.0] [PKTLENS.....: 110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110] idle: [.....2] [ip4][.icmp] [192.168.239.129] -> [......224.0.0.2] [ICMP][Network][Acceptable] idle: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable] diff --git a/test/results/flow-info/drda_db2.pcap.out b/test/results/flow-info/drda_db2.pcap.out index 6a2be62ac..158fe33d8 100644 --- a/test/results/flow-info/drda_db2.pcap.out +++ b/test/results/flow-info/drda_db2.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] detected: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Database][Acceptable] analyse: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Database][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 17.986| 1.315| 4.366|19063346.561| 0.000] [PKTLEN......: 54.000| 717.000| 197.000| 190.600|36335.200| 4.400] [BINS(c->s)..: 10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0] - [IATS........: 489,527,117332,117692,728,9146,43443,966142,1129664,349281,477633,7546,71563,64394,182669,413229,622408,30275,5528,2591,521,1606,2014,1552,1127,154254,17828332,17986057,9928,7015,168439,0] + [IATS(ms)....: 0.5,0.5,117.3,117.7,0.7,9.1,43.4,966.1,1129.7,349.3,477.6,7.5,71.6,64.4,182.7,413.2,622.4,30.3,5.5,2.6,0.5,1.6,2.0,1.6,1.1,154.3,17828.3,17986.1,9.9,7.0,168.4,0.0] [PKTLENS.....: 62,62,54,229,54,161,318,54,295,54,717,54,524,64,108,54,296,684,144,65,64,108,322,455,64,108,54,383,466,64,108,54] end: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Database][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dropbox.pcap.out b/test/results/flow-info/dropbox.pcap.out index b96ade025..815bd1f55 100644 --- a/test/results/flow-info/dropbox.pcap.out +++ b/test/results/flow-info/dropbox.pcap.out @@ -6,44 +6,44 @@ new: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] detected: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 0.000] [PKTLEN......: 59.000| 143.000| 99.600| 38.600| 1486.700| 4.900] [BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 1824,103882,104036,108951,108450,105413,105949,113800,113717,106838,107131,109410,109028,108906,115953,117757,112312,110612,110806,109887,107946,108022,108009,113116,114023,110812,110429,107359,111248,109470,105114,0] + [IATS(ms)....: 1.8,103.9,104.0,109.0,108.5,105.4,105.9,113.8,113.7,106.8,107.1,109.4,109.0,108.9,116.0,117.8,112.3,110.6,110.8,109.9,107.9,108.0,108.0,113.1,114.0,110.8,110.4,107.4,111.2,109.5,105.1,0.0] [PKTLENS.....: 138,61,137,60,136,59,143,66,139,62,136,59,138,61,138,61,140,63,137,60,138,61,137,60,137,60,137,60,143,66,136,59] new: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] detected: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 0.000] [PKTLEN......: 60.000| 142.000| 100.500| 38.500| 1485.600| 4.900] [BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 2441,112948,114313,107773,108080,108005,107995,109511,111427,119112,118338,116979,117004,127663,125063,114041,112993,120228,120931,111475,111310,105608,107791,113820,112048,122618,125498,112978,109966,123530,125708,0] + [IATS(ms)....: 2.4,112.9,114.3,107.8,108.1,108.0,108.0,109.5,111.4,119.1,118.3,117.0,117.0,127.7,125.1,114.0,113.0,120.2,120.9,111.5,111.3,105.6,107.8,113.8,112.0,122.6,125.5,113.0,110.0,123.5,125.7,0.0] [PKTLENS.....: 137,60,141,64,140,63,142,65,137,60,139,62,140,63,139,62,137,60,138,61,142,65,140,63,137,60,137,60,137,60,141,64] new: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] detected: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 0.000] [PKTLEN......: 60.000| 143.000| 101.200| 38.500| 1485.300| 4.900] [BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537,0] + [IATS(ms)....: 1.3,105.0,107.1,122.6,124.6,114.9,120.4,119.7,111.5,123.9,123.0,105.4,109.4,122.9,120.1,118.0,119.4,130.1,131.4,131.3,129.0,120.1,121.3,112.3,114.8,128.9,125.5,128.0,127.0,125.1,128.5,0.0] [PKTLENS.....: 139,62,143,66,139,62,140,63,140,63,137,60,137,60,137,60,142,65,140,63,141,64,139,62,139,62,142,65,141,64,140,63] analyse: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 0.000] [PKTLEN......: 59.000| 143.000| 101.100| 38.600| 1487.100| 4.900] [BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564,0] + [IATS(ms)....: 5.1,140.5,139.4,127.3,129.3,138.0,134.5,137.7,141.2,137.9,138.6,132.6,133.3,132.1,136.8,172.3,164.6,137.8,136.7,122.3,121.6,117.1,118.7,128.8,133.2,115.5,110.1,123.6,124.5,106.7,105.6,0.0] [PKTLENS.....: 141,64,142,65,137,60,137,60,140,63,137,60,136,59,141,64,139,62,143,66,140,63,138,61,139,62,143,66,138,61,142,65] DAEMON-EVENT: [Processed: 800 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/emotet.pcap.out b/test/results/flow-info/emotet.pcap.out index a0958470a..69574f4bb 100644 --- a/test/results/flow-info/emotet.pcap.out +++ b/test/results/flow-info/emotet.pcap.out @@ -4,26 +4,26 @@ new: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] detected: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Email][Acceptable] analyse: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Email][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.056| 0.539| 0.774|599161.176| 0.000] [PKTLEN......: 54.000| 752.000| 94.800| 121.900|14849.500| 4.500] [BINS(c->s)..: 8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0] - [IATS........: 749523,749719,1106307,1106777,773,369838,370621,895,325625,326244,506,323,737,841210,842439,907,363,438,3054676,3056402,1628,247201,247778,521,1205120,1205575,420,442964,443628,704,254,0] + [IATS(ms)....: 749.5,749.7,1106.3,1106.8,0.8,369.8,370.6,0.9,325.6,326.2,0.5,0.3,0.7,841.2,842.4,0.9,0.4,0.4,3054.7,3056.4,1.6,247.2,247.8,0.5,1205.1,1205.6,0.4,443.0,443.6,0.7,0.3,0.0] [PKTLENS.....: 66,58,54,108,75,54,214,66,54,72,86,54,56,54,72,70,54,56,54,94,91,54,100,87,54,101,60,54,62,93,54,752] DAEMON-EVENT: [Processed: 626 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Web][Acceptable] analyse: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.204| 0.029| 0.060| 3581.477| 0.000] [PKTLEN......: 54.000| 1415.000| 834.000| 663.100|439751.800| 4.400] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] - [IATS........: 115764,115896,335,518,204207,77,204389,352,224,565,217,228,441,212,496,705,246,220,470,115050,221,115302,340,251,573,9235,226,9483,474,242,690,0] + [IATS(ms)....: 115.8,115.9,0.3,0.5,204.2,0.1,204.4,0.4,0.2,0.6,0.2,0.2,0.4,0.2,0.5,0.7,0.2,0.2,0.5,115.0,0.2,115.3,0.3,0.3,0.6,9.2,0.2,9.5,0.5,0.2,0.7,0.0] [PKTLENS.....: 66,58,54,500,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54] end: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Email][Acceptable] DAEMON-EVENT: [Processed: 834 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -33,13 +33,13 @@ detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] RISK: Binary App Transfer analyse: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.261| 0.031| 0.066| 4320.020| 0.000] [PKTLEN......: 60.000| 1442.000| 671.700| 680.400|462891.900| 4.100] [BINS(c->s)..: 16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 97254,97549,387,260940,260431,3204,3158,9543,9466,6236,69,6255,124,124,128,201,123,50,174,174,40,2646,2680,60630,60713,9884,9822,15114,15099,12868,12932,0] + [IATS(ms)....: 97.3,97.5,0.4,260.9,260.4,3.2,3.2,9.5,9.5,6.2,0.1,6.3,0.1,0.1,0.1,0.2,0.1,0.1,0.2,0.2,0.0,2.6,2.7,60.6,60.7,9.9,9.8,15.1,15.1,12.9,12.9,0.0] [PKTLENS.....: 66,62,60,279,1442,60,1442,60,1442,60,1442,1442,60,1442,60,1442,60,1442,60,1442,60,60,1442,60,1442,60,1442,60,1442,60,1442,60] end: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Web][Acceptable] DAEMON-EVENT: [Processed: 1663 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -50,13 +50,13 @@ detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer, HTTP Suspicious User-Agent analyse: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Download][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.292| 0.042| 0.080| 6342.811| 0.000] [PKTLEN......: 60.000| 1442.000| 892.900| 652.600|425943.000| 4.500] [BINS(c->s)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,18,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0] - [IATS........: 184236,184528,232,171817,120639,81,116,292217,2662,111,117,90,2892,2739,117,70,3040,164670,68,120,164820,2817,118,71,3042,2918,68,119,165,3158,56,0] + [IATS(ms)....: 184.2,184.5,0.2,171.8,120.6,0.1,0.1,292.2,2.7,0.1,0.1,0.1,2.9,2.7,0.1,0.1,3.0,164.7,0.1,0.1,164.8,2.8,0.1,0.1,3.0,2.9,0.1,0.1,0.2,3.2,0.1,0.0] [PKTLENS.....: 66,66,60,206,60,626,1442,1442,60,1442,1442,1442,1114,60,1442,1442,1442,60,1442,1442,1442,60,1442,1442,1442,60,1442,1442,1442,1442,60,60] end: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] RISK: Binary App Transfer @@ -66,13 +66,13 @@ detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.263| 0.117| 0.292|85184.340| 0.000] [PKTLEN......: 60.000| 1442.000| 696.000| 663.200|439900.200| 4.200] [BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0,1,1] - [IATS........: 109372,109625,14139,123772,13228,122858,52674,132935,80275,6518,151937,1117119,71,165,1262510,58,2900,71,3072,96890,117,96947,3054,71,165,71,3262,116,2919,118,0,0] + [IATS(ms)....: 109.4,109.6,14.1,123.8,13.2,122.9,52.7,132.9,80.3,6.5,151.9,1117.1,0.1,0.2,1262.5,0.1,2.9,0.1,3.1,96.9,0.1,96.9,3.1,0.1,0.2,0.1,3.3,0.1,2.9,0.1,0.0,0.0] [PKTLENS.....: 66,66,60,203,60,1432,60,147,296,60,534,60,1442,1442,1442,60,60,1442,1442,66,1442,1442,74,1442,1442,1442,1442,74,74,74,1442,1442] detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn diff --git a/test/results/flow-info/ethereum.pcap.out b/test/results/flow-info/ethereum.pcap.out index c7e6114e6..5505359a5 100644 --- a/test/results/flow-info/ethereum.pcap.out +++ b/test/results/flow-info/ethereum.pcap.out @@ -56,25 +56,25 @@ detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.063| 0.008| 0.018| 335.828| 0.000] [PKTLEN......: 60.000| 561.000| 105.200| 114.100|13011.400| 4.500] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] - [IATS........: 42899,42982,2208,63466,818,46,62123,6,373,313,356,354,126,10,127,6,123,159,339,3,86,17,41,85,11,59,21,32,10,27626,14,0] + [IATS(ms)....: 42.9,43.0,2.2,63.5,0.8,0.0,62.1,0.0,0.4,0.3,0.4,0.4,0.1,0.0,0.1,0.0,0.1,0.2,0.3,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,27.6,0.0,0.0] [PKTLENS.....: 78,74,66,561,66,514,98,66,66,67,66,68,66,79,82,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] new: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] detected: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.063| 0.009| 0.019| 355.411| 0.000] [PKTLEN......: 66.000| 612.000| 121.800| 122.800|15078.800| 4.500] [BINS(c->s)..: 14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1] - [IATS........: 42941,42985,1880,62851,2026,2,12,7,1,62996,2,23,5,115,83,3,1324,29,68,8,50,438,29,39,9,101,32217,29,13,30178,778,0] + [IATS(ms)....: 42.9,43.0,1.9,62.9,2.0,0.0,0.0,0.0,0.0,63.0,0.0,0.0,0.0,0.1,0.1,0.0,1.3,0.0,0.1,0.0,0.1,0.4,0.0,0.0,0.0,0.1,32.2,0.0,0.0,30.2,0.8,0.0] [PKTLENS.....: 78,74,66,612,66,470,98,67,222,69,66,66,66,66,82,66,66,98,67,190,69,82,98,67,114,81,82,78,78,78,338,78] detected: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -88,13 +88,13 @@ detected: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.070| 0.011| 0.024| 583.849| 0.000] [PKTLEN......: 60.000| 578.000| 104.300| 111.300|12394.700| 4.500] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] - [IATS........: 70028,70198,1425,62112,2103,2,2,32,23,22,62731,3,15,11,2,8,85,118,636,45,106,25,18,64,32,95,10,50,9,63729,37,0] + [IATS(ms)....: 70.0,70.2,1.4,62.1,2.1,0.0,0.0,0.0,0.0,0.0,62.7,0.0,0.0,0.0,0.0,0.0,0.1,0.1,0.6,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.1,0.0,63.7,0.0,0.0] [PKTLENS.....: 78,74,66,578,66,468,98,67,68,79,82,66,66,66,66,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] new: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] detected: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [Mining][Mining][Unsafe] @@ -107,13 +107,13 @@ detected: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.073| 0.008| 0.018| 321.083| 0.000] [PKTLEN......: 60.000| 487.000| 99.000| 93.300| 8701.200| 4.600] [BINS(c->s)..: 15,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1] - [IATS........: 36441,36500,1495,43967,497,46,63,13,18,43065,4,1,1,17,703,21,64,47,32,88,50,77,17,30,32,72892,13,7,734,1,12,0] + [IATS(ms)....: 36.4,36.5,1.5,44.0,0.5,0.0,0.1,0.0,0.0,43.1,0.0,0.0,0.0,0.0,0.7,0.0,0.1,0.0,0.0,0.1,0.1,0.1,0.0,0.0,0.0,72.9,0.0,0.0,0.7,0.0,0.0,0.0] [PKTLENS.....: 78,74,66,487,66,406,98,67,68,95,66,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60,60,60,60,60] detected: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -134,22 +134,22 @@ detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.079| 0.012| 0.027| 705.641| 0.000] [PKTLEN......: 60.000| 545.000| 104.400| 111.100|12335.600| 4.500] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1] - [IATS........: 68454,68561,1411,78125,1877,68,78584,38,219,12,4,177,15,1,106,11,115,2,426,13,74,15,66,39,30,87,16,26,26,67245,39,0] + [IATS(ms)....: 68.5,68.6,1.4,78.1,1.9,0.1,78.6,0.0,0.2,0.0,0.0,0.2,0.0,0.0,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,67.2,0.0,0.0] [PKTLENS.....: 78,74,66,545,66,505,98,66,66,67,68,79,66,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] analyse: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.077| 0.012| 0.026| 688.970| 0.000] [PKTLEN......: 60.000| 508.000| 101.100| 105.300|11090.000| 4.600] [BINS(c->s)..: 13,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 74179,74294,1198,77251,76054,663,12,594,2,179,16,57,19,60,67,15,72,28,42,24,51962,31,247,15,13,11,81,2,10,6,105,0] + [IATS(ms)....: 74.2,74.3,1.2,77.3,76.1,0.7,0.0,0.6,0.0,0.2,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,52.0,0.0,0.2,0.0,0.0,0.0,0.1,0.0,0.0,0.0,0.1,0.0] [PKTLENS.....: 78,74,66,508,488,66,98,98,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60,60,60,60,60,60,60,60] new: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] new: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] @@ -160,13 +160,13 @@ detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.164| 0.023| 0.053| 2778.035| 0.000] [PKTLEN......: 60.000| 536.000| 103.000| 105.000|11031.500| 4.600] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] - [IATS........: 134408,134510,2041,164457,730,163149,164,16,91,13,125,16,10,133,2,2,198,213,439,13,62,28,71,55,19,91,9,24,22,112857,28,0] + [IATS(ms)....: 134.4,134.5,2.0,164.5,0.7,163.1,0.2,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.2,0.2,0.4,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,112.9,0.0,0.0] [PKTLENS.....: 78,74,66,461,66,536,66,98,67,66,66,68,79,82,66,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60] detected: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -176,25 +176,25 @@ new: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] new: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] analyse: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.007| 0.014| 203.606| 0.000] [PKTLEN......: 66.000| 560.000| 120.000| 112.400|12624.200| 4.600] [BINS(c->s)..: 13,3,0,2,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1] - [IATS........: 32588,32677,1133,41248,3045,43142,1077,15,57,29,33,2220,3,33,1051,3,12,110,51,429,10,11,17,141,33844,34,22,20,33327,11,92,0] + [IATS(ms)....: 32.6,32.7,1.1,41.2,3.0,43.1,1.1,0.0,0.1,0.0,0.0,2.2,0.0,0.0,1.1,0.0,0.0,0.1,0.1,0.4,0.0,0.0,0.0,0.1,33.8,0.0,0.0,0.0,33.3,0.0,0.1,0.0] [PKTLENS.....: 78,74,66,481,66,560,66,98,67,190,69,82,98,67,209,66,66,66,82,66,98,67,114,81,82,78,78,78,78,226,178,66] new: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] detected: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.158| 0.021| 0.049| 2374.200| 0.000] [PKTLEN......: 60.000| 497.000| 101.300| 103.800|10779.300| 4.600] [BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] - [IATS........: 158073,158141,1927,112688,964,45,111769,2,97,24,66,10,893,34,92,13,26,143,3,148,30,48,25,111098,32,825,2,26,2,1,16,0] + [IATS(ms)....: 158.1,158.1,1.9,112.7,1.0,0.0,111.8,0.0,0.1,0.0,0.1,0.0,0.9,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,111.1,0.0,0.8,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 78,74,66,497,66,489,98,66,66,82,82,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60,60,60,60,60] new: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] detected: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][Mining][Unsafe] @@ -208,35 +208,35 @@ RISK: Unsafe Protocol new: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] analyse: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.202| 0.031| 0.071| 5088.628| 0.000] [PKTLEN......: 60.000| 556.000| 105.800| 115.500|13350.200| 4.500] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] - [IATS........: 194951,195066,1242,202293,279,25,201303,2,92,53,99,12,102,9,99,103,126,125,566,17,55,13,75,43,16,62,14,42,23,175388,354,0] + [IATS(ms)....: 195.0,195.1,1.2,202.3,0.3,0.0,201.3,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.1,0.1,0.6,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,175.4,0.4,0.0] [PKTLENS.....: 78,74,66,556,66,533,98,66,66,67,66,68,79,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60] detected: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.109| 0.018| 0.040| 1575.808| 0.000] [PKTLEN......: 60.000| 637.000| 109.600| 130.900|17130.100| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1] - [IATS........: 107626,107678,1475,109033,1825,109385,687,13,52,13,68,1028,198,109,79,136,133,112,7,116,2,80,130,42,5,71,30,33,21,107121,13,0] + [IATS(ms)....: 107.6,107.7,1.5,109.0,1.8,109.4,0.7,0.0,0.1,0.0,0.1,1.0,0.2,0.1,0.1,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.0,0.0,0.1,0.0,0.0,0.0,107.1,0.0,0.0] [PKTLENS.....: 78,74,66,637,66,579,66,98,67,190,69,82,98,66,67,66,68,66,79,82,66,66,98,66,67,66,68,79,82,66,60,60] new: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] new: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.049| 0.009| 0.018| 316.609| 0.000] [PKTLEN......: 66.000| 535.000| 106.900| 97.800| 9570.500| 4.600] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1] - [IATS........: 44428,44545,1146,47405,2629,34,48881,2,106,60,120,15,121,3,107,116,574,31,61,16,57,386,11,31,13,50,43304,549,42693,151,10,0] + [IATS(ms)....: 44.4,44.5,1.1,47.4,2.6,0.0,48.9,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.6,0.0,0.1,0.0,0.1,0.4,0.0,0.0,0.0,0.1,43.3,0.5,42.7,0.2,0.0,0.0] [PKTLENS.....: 78,74,66,535,66,384,98,66,66,67,66,191,68,66,66,82,66,98,67,190,69,82,98,67,114,81,82,66,98,66,67,70] new: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] detected: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Mining][Unsafe] @@ -246,13 +246,13 @@ detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.052| 0.010| 0.019| 354.234| 0.000] [PKTLEN......: 66.000| 476.000| 107.900| 97.700| 9536.300| 4.600] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1] - [IATS........: 47219,47359,1594,49528,3728,51634,828,16,1020,92,14,1,37,127,71,134,135,105,102,138,138,353,12,12,16,83,45623,1100,32,46342,115,0] + [IATS(ms)....: 47.2,47.4,1.6,49.5,3.7,51.6,0.8,0.0,1.0,0.1,0.0,0.0,0.0,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.4,0.0,0.0,0.0,0.1,45.6,1.1,0.0,46.3,0.1,0.0] [PKTLENS.....: 78,74,66,476,66,448,66,98,67,98,190,66,69,82,67,66,222,66,69,66,82,66,98,67,114,81,82,66,66,98,66,67] new: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] detected: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Mining][Unsafe] @@ -260,102 +260,102 @@ detected: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.262| 0.038| 0.087| 7588.779| 0.000] [PKTLEN......: 60.000| 519.000| 104.200| 109.100|11904.300| 4.600] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1] - [IATS........: 261712,261804,1508,222767,73,3,23,221290,9,6,194,11,189,20,102,10,88,9,563,27,71,35,50,54,29,73,9,29,34,211443,15,0] + [IATS(ms)....: 261.7,261.8,1.5,222.8,0.1,0.0,0.0,221.3,0.0,0.0,0.2,0.0,0.2,0.0,0.1,0.0,0.1,0.0,0.6,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,211.4,0.0,0.0] [PKTLENS.....: 78,74,66,516,66,519,98,67,66,66,66,68,79,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60] analyse: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.263| 0.038| 0.087| 7624.721| 0.000] [PKTLEN......: 60.000| 578.000| 106.100| 117.400|13788.700| 4.500] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1] - [IATS........: 263094,263164,1256,221848,245,3,9,220800,8,13,125,15,115,10,130,9,138,8,711,8,50,43,2,70,7,75,9,33,11,212620,221,0] + [IATS(ms)....: 263.1,263.2,1.3,221.8,0.2,0.0,0.0,220.8,0.0,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.7,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,212.6,0.2,0.0] [PKTLENS.....: 78,74,66,578,66,525,98,67,66,66,66,68,79,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] detected: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol new: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] new: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] analyse: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.037| 0.006| 0.012| 148.778| 0.000] [PKTLEN......: 60.000| 483.000| 98.100| 91.500| 8376.200| 4.600] [BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] - [IATS........: 32598,32641,1212,33881,3882,36541,367,364,134,135,131,136,417,10,43,12,102,2,13,40,18,46,15,31120,114,13,120,11,562,50,11,0] + [IATS(ms)....: 32.6,32.6,1.2,33.9,3.9,36.5,0.4,0.4,0.1,0.1,0.1,0.1,0.4,0.0,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,31.1,0.1,0.0,0.1,0.0,0.6,0.1,0.0,0.0] [PKTLENS.....: 78,74,66,483,66,393,66,98,66,82,66,82,66,98,67,190,69,82,98,67,68,79,82,66,66,60,60,60,60,60,60,60] analyse: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.116| 0.012| 0.026| 687.065| 0.000] [PKTLEN......: 66.000| 540.000| 116.300| 108.500|11769.500| 4.600] [BINS(c->s)..: 14,4,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,1,1,1,1,1,0,0,1,0,0,0] - [IATS........: 25501,25603,1194,25860,91412,116020,834,13,59,13,31,24470,23554,429,12,15,16,655,121,709,21,11,5,23284,18,24097,248,344,46,20,10,0] + [IATS(ms)....: 25.5,25.6,1.2,25.9,91.4,116.0,0.8,0.0,0.1,0.0,0.0,24.5,23.6,0.4,0.0,0.0,0.0,0.7,0.1,0.7,0.0,0.0,0.0,23.3,0.0,24.1,0.2,0.3,0.0,0.0,0.0,0.0] [PKTLENS.....: 78,74,66,540,66,398,66,98,67,190,69,82,306,66,98,67,114,81,66,82,66,66,66,66,274,66,66,98,66,67,69,78] analyse: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.035| 0.006| 0.012| 149.558| 0.000] [PKTLEN......: 60.000| 597.000| 104.600| 116.900|13676.100| 4.500] [BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] - [IATS........: 32769,32829,1344,33937,2357,34994,270,193,122,12,123,10,417,12,70,10,89,1,14,53,11,44,42,32625,14,112,124,133,12,7,92,0] + [IATS(ms)....: 32.8,32.8,1.3,33.9,2.4,35.0,0.3,0.2,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,32.6,0.0,0.1,0.1,0.1,0.0,0.0,0.1,0.0] [PKTLENS.....: 78,74,66,597,66,494,66,98,66,82,82,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60,60,60,60,60] new: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] new: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] new: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] new: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] analyse: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.159| 0.026| 0.057| 3248.179| 0.000] [PKTLEN......: 60.000| 479.000| 101.500| 99.100| 9815.100| 4.600] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1] - [IATS........: 157669,157791,1578,152892,8130,159357,1177,13,61,20,78,1877,13,527,1,123,12,130,3,101,114,166,3,78,34,46,32,749,390,149661,614,0] + [IATS(ms)....: 157.7,157.8,1.6,152.9,8.1,159.4,1.2,0.0,0.1,0.0,0.1,1.9,0.0,0.5,0.0,0.1,0.0,0.1,0.0,0.1,0.1,0.2,0.0,0.1,0.0,0.0,0.0,0.7,0.4,149.7,0.6,0.0] [PKTLENS.....: 78,74,66,479,66,471,66,98,67,190,69,82,98,67,66,66,68,79,66,66,82,66,98,67,68,79,82,66,66,66,66,60] analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.131| 0.020| 0.046| 2133.935| 0.000] [PKTLEN......: 60.000| 587.000| 107.000| 122.200|14931.500| 4.500] [BINS(c->s)..: 16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1] - [IATS........: 130846,130950,1277,122765,1253,122671,155,10,149,9,88,86,123,126,124,123,256,9,49,17,28,59,7,51,29,22,20,121098,33,23,22,0] + [IATS(ms)....: 130.8,130.9,1.3,122.8,1.3,122.7,0.2,0.0,0.1,0.0,0.1,0.1,0.1,0.1,0.1,0.1,0.3,0.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,121.1,0.0,0.0,0.0,0.0] [PKTLENS.....: 78,74,66,587,66,556,66,98,67,66,66,81,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60] analyse: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.057| 0.011| 0.022| 493.706| 0.000] [PKTLEN......: 66.000| 528.000| 114.400| 109.700|12030.800| 4.600] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1] - [IATS........: 56823,56925,1602,56390,2342,57129,531,462,124,8,117,8,162,10,51,23,20,1132,926,430,2,33,26,92,56511,32,22,55939,9,1784,32,0] + [IATS(ms)....: 56.8,56.9,1.6,56.4,2.3,57.1,0.5,0.5,0.1,0.0,0.1,0.0,0.2,0.0,0.1,0.0,0.0,1.1,0.9,0.4,0.0,0.0,0.0,0.1,56.5,0.0,0.0,55.9,0.0,1.8,0.0,0.0] [PKTLENS.....: 78,74,66,528,66,508,66,98,66,209,67,66,66,98,67,190,69,82,82,66,98,67,114,81,82,66,98,148,66,66,96,66] analyse: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.300| 0.044| 0.100|10075.352| 0.000] [PKTLEN......: 60.000| 597.000| 102.300| 106.200|11275.500| 4.600] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1] - [IATS........: 300373,300415,1705,253379,743,11,252408,10,126,124,122,12,120,7,112,11,115,13,362,33,90,11,17,64,29,59,24,45,44,252812,30,0] + [IATS(ms)....: 300.4,300.4,1.7,253.4,0.7,0.0,252.4,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,252.8,0.0,0.0] [PKTLENS.....: 78,74,66,597,66,384,98,66,66,67,66,68,79,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.308| 0.045| 0.103|10532.101| 0.000] [PKTLEN......: 60.000| 537.000| 103.800| 108.100|11684.800| 4.600] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1] - [IATS........: 308002,308079,2079,260252,1619,259755,495,482,122,10,122,8,118,9,119,17,140,15,66,21,45,75,23,49,39,20,18,2347,1915,254515,36,0] + [IATS(ms)....: 308.0,308.1,2.1,260.3,1.6,259.8,0.5,0.5,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,2.3,1.9,254.5,0.0,0.0] [PKTLENS.....: 78,74,66,537,66,488,66,98,66,67,68,66,66,79,82,66,66,98,67,190,69,82,98,67,68,79,82,66,66,66,66,60] new: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] detected: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [Mining][Mining][Unsafe] @@ -365,13 +365,13 @@ detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.339| 0.050| 0.114|12910.542| 0.000] [PKTLEN......: 60.000| 640.000| 106.100| 119.200|14212.100| 4.500] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1] - [IATS........: 339196,339297,1296,287250,2535,288430,1006,11,1005,14,2,8,122,6,111,4,2,12,35,118,61,115,34,101,31,26,56,616,251,285614,33,0] + [IATS(ms)....: 339.2,339.3,1.3,287.2,2.5,288.4,1.0,0.0,1.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.0,0.1,0.6,0.3,285.6,0.0,0.0] [PKTLENS.....: 78,74,66,640,66,462,66,98,67,66,66,98,67,68,79,190,66,69,66,82,82,66,98,67,68,79,82,66,66,66,60,60] detected: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -383,13 +383,13 @@ detected: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.355| 0.054| 0.122|14890.530| 0.000] [PKTLEN......: 60.000| 591.000| 106.400| 118.100|13953.700| 4.500] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] - [IATS........: 354503,354597,1517,316901,1340,316735,173,101,119,114,122,127,128,12,120,9,115,122,283,10,68,11,22,44,44,48,7,18,49,313859,305,0] + [IATS(ms)....: 354.5,354.6,1.5,316.9,1.3,316.7,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.3,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,313.9,0.3,0.0] [PKTLENS.....: 78,74,66,591,66,517,66,98,66,67,66,68,66,79,82,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60] new: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] detected: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [Mining][Mining][Unsafe] @@ -407,24 +407,24 @@ detected: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.147| 0.028| 0.054| 2939.853| 0.000] [PKTLEN......: 66.000| 639.000| 114.200| 122.100|14898.100| 4.500] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1] - [IATS........: 139345,139431,1667,141731,7248,147323,778,15,57,13,65,6714,5782,300,242,748,13,7,750,26,2,438,13,27,43,49,129951,188,824,130452,297,0] + [IATS(ms)....: 139.3,139.4,1.7,141.7,7.2,147.3,0.8,0.0,0.1,0.0,0.1,6.7,5.8,0.3,0.2,0.7,0.0,0.0,0.8,0.0,0.0,0.4,0.0,0.0,0.0,0.0,130.0,0.2,0.8,130.5,0.3,0.0] [PKTLENS.....: 78,74,66,639,66,487,66,98,67,190,69,82,98,66,67,66,216,75,82,66,66,66,98,67,114,81,82,66,66,98,66,67] new: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] new: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] analyse: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.039| 0.010| 0.016| 256.751| 0.000] [PKTLEN......: 66.000| 606.000| 121.000| 118.700|14100.300| 4.600] [BINS(c->s)..: 17,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0] - [IATS........: 39074,39189,1465,38437,362,37288,763,13,47,10,88,39176,38284,307,256,561,11,34,20,89,30734,30582,269,187,28,20,37,34,54,6,63,0] + [IATS(ms)....: 39.1,39.2,1.5,38.4,0.4,37.3,0.8,0.0,0.0,0.0,0.1,39.2,38.3,0.3,0.3,0.6,0.0,0.0,0.0,0.1,30.7,30.6,0.3,0.2,0.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0] [PKTLENS.....: 78,74,66,606,66,430,66,98,67,190,69,82,306,66,66,66,98,67,114,81,82,274,66,66,98,67,69,78,82,98,67,70] new: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] detected: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Mining][Unsafe] @@ -435,35 +435,35 @@ detected: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.184| 0.035| 0.071| 5044.452| 0.000] [PKTLEN......: 66.000| 649.000| 114.100| 121.000|14650.900| 4.500] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0] - [IATS........: 179302,179369,1797,184362,177,182759,106,62,111,97,367,12,367,8,114,117,157,11,64,17,19,306,10,10,14,156,176481,904,995,9,177632,0] + [IATS(ms)....: 179.3,179.4,1.8,184.4,0.2,182.8,0.1,0.1,0.1,0.1,0.4,0.0,0.4,0.0,0.1,0.1,0.2,0.0,0.1,0.0,0.0,0.3,0.0,0.0,0.0,0.2,176.5,0.9,1.0,0.0,177.6,0.0] [PKTLENS.....: 78,74,66,649,66,457,66,98,66,67,66,227,80,66,66,82,66,98,67,190,69,82,98,67,125,70,82,66,66,98,67,66] detected: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol new: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] analyse: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.042| 0.007| 0.015| 228.263| 0.000] [PKTLEN......: 60.000| 452.000| 98.000| 90.700| 8221.200| 4.600] [BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] - [IATS........: 41413,41460,1312,42383,1046,42119,204,192,363,356,369,368,205,23,58,13,64,62,24,80,8,25,33,39148,1363,11,132,116,14,104,121,0] + [IATS(ms)....: 41.4,41.5,1.3,42.4,1.0,42.1,0.2,0.2,0.4,0.4,0.4,0.4,0.2,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,39.1,1.4,0.0,0.1,0.1,0.0,0.1,0.1,0.0] [PKTLENS.....: 78,74,66,452,66,422,66,98,66,82,66,82,66,98,67,190,69,82,98,67,68,79,82,66,66,60,60,60,60,60,60,60] new: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.194| 0.037| 0.074| 5538.541| 0.000] [PKTLEN......: 66.000| 538.000| 114.200| 109.000|11872.900| 4.600] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0] - [IATS........: 179215,179258,1530,193512,372,17,192344,9,225,230,714,12,52,18,61,2845,2062,406,9,21,19,104,193755,151,777,194120,128,66,1119,26,1161,0] + [IATS(ms)....: 179.2,179.3,1.5,193.5,0.4,0.0,192.3,0.0,0.2,0.2,0.7,0.0,0.1,0.0,0.1,2.8,2.1,0.4,0.0,0.0,0.0,0.1,193.8,0.2,0.8,194.1,0.1,0.1,1.1,0.0,1.2,0.0] [PKTLENS.....: 78,74,66,538,66,494,98,66,66,198,66,98,67,190,69,82,94,66,98,67,114,81,82,66,66,98,66,147,66,97,66,66] new: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] new: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] @@ -475,23 +475,23 @@ detected: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.075| 0.014| 0.028| 803.714| 0.000] [PKTLEN......: 66.000| 613.000| 119.000| 126.800|16079.300| 4.500] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1] - [IATS........: 71269,71376,1312,75129,983,32,74778,28,135,90,486,477,192,27,65,15,66,252,9,12,16,87,69614,777,19,69699,729,15,730,7,115,0] + [IATS(ms)....: 71.3,71.4,1.3,75.1,1.0,0.0,74.8,0.0,0.1,0.1,0.5,0.5,0.2,0.0,0.1,0.0,0.1,0.3,0.0,0.0,0.0,0.1,69.6,0.8,0.0,69.7,0.7,0.0,0.7,0.0,0.1,0.0] [PKTLENS.....: 78,74,66,613,66,570,98,66,66,209,66,83,66,98,67,190,69,82,98,67,114,81,82,66,66,98,66,148,96,66,66,66] new: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] analyse: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.263| 0.042| 0.096| 9182.918| 0.000] [PKTLEN......: 60.000| 605.000| 105.400| 121.500|14755.200| 4.500] [BINS(c->s)..: 13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1] - [IATS........: 259670,259779,1313,261414,3049,263115,462,422,253,247,161,10,63,22,41,100,13,84,18,22,24,260103,45,20,93,122,13,668,28,8,8,0] + [IATS(ms)....: 259.7,259.8,1.3,261.4,3.0,263.1,0.5,0.4,0.3,0.2,0.2,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,260.1,0.0,0.0,0.1,0.1,0.0,0.7,0.0,0.0,0.0,0.0] [PKTLENS.....: 78,74,66,605,66,525,66,98,66,98,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60,60,60,60,60,60,60] new: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] detected: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [Mining][Mining][Unsafe] @@ -506,13 +506,13 @@ detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.286| 0.027| 0.065| 4262.303| 0.000] [PKTLEN......: 66.000| 633.000| 123.600| 120.400|14503.600| 4.600] [BINS(c->s)..: 16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0] - [IATS........: 40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216,0] + [IATS(ms)....: 40.4,40.4,1.5,40.9,246.5,285.9,40.6,40.6,0.7,0.0,0.1,0.0,0.0,0.4,0.0,0.0,0.0,0.1,39.4,0.2,0.9,0.7,39.7,0.2,0.0,0.0,0.0,0.1,1.1,0.8,0.2,0.0] [PKTLENS.....: 78,74,66,633,66,306,78,413,66,98,67,190,69,82,98,67,114,81,82,66,66,66,130,66,98,67,69,78,82,274,66,98] end: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol diff --git a/test/results/flow-info/exe_download.pcap.out b/test/results/flow-info/exe_download.pcap.out index 68b804d98..f42005a12 100644 --- a/test/results/flow-info/exe_download.pcap.out +++ b/test/results/flow-info/exe_download.pcap.out @@ -7,13 +7,13 @@ detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer, HTTP Suspicious User-Agent, HTTP Numeric IP Address analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Download][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.320| 0.062| 0.115|13236.602| 0.000] [PKTLEN......: 54.000| 1514.000| 868.500| 668.400|446708.300| 4.400] [BINS(c->s)..: 10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,2,0,0,8,0,0,7,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,1,1,0] - [IATS........: 319320,319527,656,1120,298136,10,298579,1555,147,1842,2428,2695,9,4969,246,28639,114,28917,100748,305805,34,11,94,205204,207,207,651,10,7,7,727,0] + [IATS(ms)....: 319.3,319.5,0.7,1.1,298.1,0.0,298.6,1.6,0.1,1.8,2.4,2.7,0.0,5.0,0.2,28.6,0.1,28.9,100.7,305.8,0.0,0.0,0.1,205.2,0.2,0.2,0.7,0.0,0.0,0.0,0.7,0.0] [PKTLENS.....: 66,58,54,207,54,1514,1322,54,1418,1418,54,1418,1514,1302,54,1418,1418,1418,54,54,1514,1514,1226,1418,54,1418,54,1514,1514,1514,1130,54] end: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer, HTTP Suspicious User-Agent, HTTP Numeric IP Address diff --git a/test/results/flow-info/exe_download_as_png.pcap.out b/test/results/flow-info/exe_download_as_png.pcap.out index 629485974..377b18b31 100644 --- a/test/results/flow-info/exe_download_as_png.pcap.out +++ b/test/results/flow-info/exe_download_as_png.pcap.out @@ -7,13 +7,13 @@ detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable] RISK: Binary App Transfer, HTTP Numeric IP Address analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.613| 0.094| 0.193|37090.865| 0.000] [PKTLEN......: 54.000| 1514.000| 869.000| 664.600|441668.300| 4.400] [BINS(c->s)..: 10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1] - [IATS........: 400153,400486,228,717,612677,12,613012,424,482,834,426,507,936,1134,423,1552,361,732,1082,417726,1390,103,419479,654,405,941,2596,154,2784,26602,344,0] + [IATS(ms)....: 400.2,400.5,0.2,0.7,612.7,0.0,613.0,0.4,0.5,0.8,0.4,0.5,0.9,1.1,0.4,1.6,0.4,0.7,1.1,417.7,1.4,0.1,419.5,0.7,0.4,0.9,2.6,0.2,2.8,26.6,0.3,0.0] [PKTLENS.....: 66,58,54,203,54,1514,1322,54,1418,1418,54,1418,1418,54,1418,1418,54,1418,1418,54,1418,1418,1418,54,1418,1418,54,1418,1418,54,1418,1418] end: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable] RISK: Binary App Transfer, HTTP Numeric IP Address diff --git a/test/results/flow-info/facebook.pcap.out b/test/results/flow-info/facebook.pcap.out index 96accfafa..e43e19d1c 100644 --- a/test/results/flow-info/facebook.pcap.out +++ b/test/results/flow-info/facebook.pcap.out @@ -9,13 +9,13 @@ detected: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] detection-update: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] analyse: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.155| 0.037| 0.058| 3352.274| 0.000] [PKTLEN......: 66.000| 1454.000| 569.100| 613.300|376153.100| 4.200] [BINS(c->s)..: 10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] - [IATS........: 132117,132136,193,154701,485,154982,244,3282,129361,125921,442,418,797,119231,4520,123730,627,605,1230,4940,621,5568,8878,7797,16680,916,530,1441,790,657,1444,0] + [IATS(ms)....: 132.1,132.1,0.2,154.7,0.5,155.0,0.2,3.3,129.4,125.9,0.4,0.4,0.8,119.2,4.5,123.7,0.6,0.6,1.2,4.9,0.6,5.6,8.9,7.8,16.7,0.9,0.5,1.4,0.8,0.7,1.4,0.0] [PKTLENS.....: 74,74,66,583,66,212,66,117,452,147,104,104,108,66,1454,445,66,1454,590,66,1454,1454,66,1454,1454,66,1454,1454,66,1454,1454,66] idle: [.....1] [ip4][..tcp] [..192.168.43.18][52066] -> [..66.220.156.68][..443] idle: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] diff --git a/test/results/flow-info/fastcgi.pcap.out b/test/results/flow-info/fastcgi.pcap.out index c41285a9f..b8726bb6c 100644 --- a/test/results/flow-info/fastcgi.pcap.out +++ b/test/results/flow-info/fastcgi.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] detected: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Network][Safe] analyse: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.020| 0.130| 0.496|246254.469| 0.000] [PKTLEN......: 66.000| 1514.000| 553.200| 672.800|452637.900| 3.900] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 169,226,42,67,15,217,77,12,83,12,48,16,2019881,2020143,186,63,52,55,94,90,42,33,32,28,26,27,50,53,34,34,32,0] + [IATS(ms)....: 0.2,0.2,0.0,0.1,0.0,0.2,0.1,0.0,0.1,0.0,0.0,0.0,2019.9,2020.1,0.2,0.1,0.1,0.1,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.1,0.0,0.0,0.0,0.0] [PKTLENS.....: 74,74,66,82,1121,74,66,74,74,66,66,66,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514] end: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/firefox.pcap.out b/test/results/flow-info/firefox.pcap.out index 43d7d24db..163922d9b 100644 --- a/test/results/flow-info/firefox.pcap.out +++ b/test/results/flow-info/firefox.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] new: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] analyse: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.577| 0.067| 0.148|21926.652| 0.000] [PKTLEN......: 66.000| 1506.000| 599.100| 633.000|400627.700| 4.200] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,1,1] - [IATS........: 26706,26798,1311,27344,5752,45,31822,499,455,210977,313,236002,29,1309,26,26092,3,575380,1218,576607,259,117,346,122,123,243,1357,145807,171406,2874,1353,0] + [IATS(ms)....: 26.7,26.8,1.3,27.3,5.8,0.0,31.8,0.5,0.5,211.0,0.3,236.0,0.0,1.3,0.0,26.1,0.0,575.4,1.2,576.6,0.3,0.1,0.3,0.1,0.1,0.2,1.4,145.8,171.4,2.9,1.4,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,66,772,66,146,452,66,66,369,369,66,66,1506,1506,66,1506,1506,66,1506,1485,66,66,431,66,1506,1506] new: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] detected: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe] @@ -23,58 +23,58 @@ new: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] new: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] analyse: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.231| 0.023| 0.053| 2771.897| 0.000] [PKTLEN......: 66.000| 1506.000| 656.300| 649.700|422101.600| 4.200] [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,0,1,1,1,1,0] - [IATS........: 34406,34489,3261,32258,1506,30479,4158,18595,31638,14,8894,18473,2988,120,21557,203508,231008,997,180,13,28684,187,199,924,71,1013,133,374,19,9,500,0] + [IATS(ms)....: 34.4,34.5,3.3,32.3,1.5,30.5,4.2,18.6,31.6,0.0,8.9,18.5,3.0,0.1,21.6,203.5,231.0,1.0,0.2,0.0,28.7,0.2,0.2,0.9,0.1,1.0,0.1,0.4,0.0,0.0,0.5,0.0] [PKTLENS.....: 78,74,66,746,66,326,66,146,416,66,369,66,66,1506,1042,66,447,66,1506,1506,1506,66,1506,66,1506,1506,66,1506,1506,1506,1506,66] detected: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe] detected: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe] detected: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.221| 0.023| 0.050| 2549.799| 0.000] [PKTLEN......: 66.000| 1506.000| 622.900| 649.700|422127.900| 4.200] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] - [IATS........: 27372,27441,16192,42139,1225,27152,10064,34749,19,24715,195798,221390,1843,27432,3443,28677,1090,241,26560,1009,109,1111,130,120,236,127,123,253,261,233,512,0] + [IATS(ms)....: 27.4,27.4,16.2,42.1,1.2,27.2,10.1,34.7,0.0,24.7,195.8,221.4,1.8,27.4,3.4,28.7,1.1,0.2,26.6,1.0,0.1,1.1,0.1,0.1,0.2,0.1,0.1,0.3,0.3,0.2,0.5,0.0] [PKTLENS.....: 78,74,66,746,66,326,66,146,66,369,66,433,66,1406,66,436,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66] detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.030| 0.007| 0.010| 104.605| 0.000] [PKTLEN......: 66.000| 1506.000| 614.500| 660.200|435829.600| 4.100] [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,0,1] - [IATS........: 26761,26832,3278,29208,2415,28362,2863,12850,29597,2,13859,11433,1695,114,13236,128,293,994,822,122,164,127,63,168,80,256,81,263,11998,12186,128,0] + [IATS(ms)....: 26.8,26.8,3.3,29.2,2.4,28.4,2.9,12.8,29.6,0.0,13.9,11.4,1.7,0.1,13.2,0.1,0.3,1.0,0.8,0.1,0.2,0.1,0.1,0.2,0.1,0.3,0.1,0.3,12.0,12.2,0.1,0.0] [PKTLENS.....: 78,74,66,746,66,326,66,146,436,66,369,66,66,1506,1506,66,1506,66,1506,66,1506,66,1506,66,1506,1506,66,66,1506,1506,66,1506] detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.009| 0.012| 154.305| 0.000] [PKTLEN......: 66.000| 1506.000| 592.400| 641.500|411570.000| 4.100] [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0] - [IATS........: 28117,28187,5501,31657,1076,27239,20259,3957,45603,1275,22621,2846,3133,147,6125,104,193,162,80,94,95,129,121,148,217,366,254,1527,18636,26,17416,0] + [IATS(ms)....: 28.1,28.2,5.5,31.7,1.1,27.2,20.3,4.0,45.6,1.3,22.6,2.8,3.1,0.1,6.1,0.1,0.2,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.2,0.4,0.3,1.5,18.6,0.0,17.4,0.0] [PKTLENS.....: 78,74,66,746,66,326,66,146,436,66,369,66,66,1506,1506,66,1506,66,1506,66,1506,66,1506,66,1506,1506,66,1506,66,1506,799,66] detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.037| 0.010| 0.013| 180.101| 0.000] [PKTLEN......: 66.000| 1506.000| 547.200| 619.500|383804.700| 4.100] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0,0,1] - [IATS........: 28631,28716,7742,37388,1480,31124,2184,12981,31005,84,15910,15394,488,119,15971,252,383,635,139,236,17,375,2,151,475,36484,124,120,36112,183,377,0] + [IATS(ms)....: 28.6,28.7,7.7,37.4,1.5,31.1,2.2,13.0,31.0,0.1,15.9,15.4,0.5,0.1,16.0,0.3,0.4,0.6,0.1,0.2,0.0,0.4,0.0,0.2,0.5,36.5,0.1,0.1,36.1,0.2,0.4,0.0] [PKTLENS.....: 78,74,66,746,66,326,66,146,436,66,369,66,66,1506,1506,66,1506,1506,66,1506,1506,412,66,66,66,445,66,1506,1506,66,66,1506] detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe] idle: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/fix.pcap.out b/test/results/flow-info/fix.pcap.out index 7e9d6815f..a8e339af2 100644 --- a/test/results/flow-info/fix.pcap.out +++ b/test/results/flow-info/fix.pcap.out @@ -14,37 +14,37 @@ new: [.....6] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47962] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47962] [FIX][RPC][Safe] analyse: [.....3] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45578] [FIX][RPC][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.315| 0.065| 0.068| 4636.039| 0.000] [PKTLEN......: 54.000| 511.000| 107.100| 87.500| 7658.200| 4.700] [BINS(c->s)..: 4,6,1,1,1,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 170,209,52428,3585,93980,87569,49399,50741,50707,52796,52875,49653,49630,49737,49707,49456,49402,49750,49791,49981,50005,49926,49930,49589,49596,49797,49760,50218,50168,314891,314954,0] + [IATS(ms)....: 0.2,0.2,52.4,3.6,94.0,87.6,49.4,50.7,50.7,52.8,52.9,49.7,49.6,49.7,49.7,49.5,49.4,49.8,49.8,50.0,50.0,49.9,49.9,49.6,49.6,49.8,49.8,50.2,50.2,314.9,315.0,0.0] [PKTLENS.....: 93,60,140,169,54,60,511,60,230,60,233,60,143,60,110,60,185,60,112,60,81,60,106,60,81,60,89,60,108,60,81,60] new: [.....7] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38652] [MIDSTREAM] detected: [.....7] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38652] [FIX][RPC][Safe] new: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [MIDSTREAM] detected: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [FIX][RPC][Safe] analyse: [.....2] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47968] [FIX][RPC][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.300| 0.091| 0.084| 7079.807| 0.000] [PKTLEN......: 66.000| 153.000| 86.000| 23.600| 558.300| 4.900] [BINS(c->s)..: 6,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1] - [IATS........: 147,100141,123,100163,124,100018,123,100053,25,99913,99995,100225,100166,100788,100836,300170,29,300186,26,222,17881,82390,142005,200503,158539,99966,99944,398,386,200212,200256,0] + [IATS(ms)....: 0.1,100.1,0.1,100.2,0.1,100.0,0.1,100.1,0.0,99.9,100.0,100.2,100.2,100.8,100.8,300.2,0.0,300.2,0.0,0.2,17.9,82.4,142.0,200.5,158.5,100.0,99.9,0.4,0.4,200.2,200.3,0.0] [PKTLENS.....: 96,66,101,92,66,66,101,100,66,66,92,66,135,66,91,66,105,135,66,66,153,66,105,66,101,66,101,66,90,66,98,66] new: [.....9] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38646] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38646] [FIX][RPC][Safe] analyse: [.....1] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][43594] [FIX][RPC][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.291| 0.178| 0.113|12753.578| 0.000] [PKTLEN......: 66.000| 254.000| 109.700| 52.000| 2700.500| 4.800] [BINS(c->s)..: 2,4,3,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1] - [IATS........: 209,293,265,250589,114,250615,24,223,18233,232135,291268,250073,208970,250691,250733,250586,250560,250658,250654,250671,250658,250632,30,250660,26,251471,251453,249735,249759,250325,250315,0] + [IATS(ms)....: 0.2,0.3,0.3,250.6,0.1,250.6,0.0,0.2,18.2,232.1,291.3,250.1,209.0,250.7,250.7,250.6,250.6,250.7,250.7,250.7,250.7,250.6,0.0,250.7,0.0,251.5,251.5,249.7,249.8,250.3,250.3,0.0] [PKTLENS.....: 152,66,91,66,105,152,66,66,151,66,169,66,169,66,186,66,169,66,169,66,118,66,254,113,66,66,135,66,203,66,118,66] new: [....10] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][39094] [MIDSTREAM] detected: [....10] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][39094] [FIX][RPC][Safe] @@ -53,22 +53,22 @@ new: [....12] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40928] [MIDSTREAM] detected: [....12] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40928] [FIX][RPC][Safe] analyse: [.....5] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45584] [FIX][RPC][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 5.507| 0.699| 1.281|1640706.605| 0.000] [PKTLEN......: 54.000| 141.000| 77.600| 21.900| 481.200| 4.900] [BINS(c->s)..: 2,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1] - [IATS........: 168,500717,500699,200419,200471,184,89723,210661,340264,500679,460548,5507291,5507323,600979,600971,400442,400455,700964,700990,400404,400386,600557,600559,400806,400807,600830,600822,215,54314,45693,140268,0] + [IATS(ms)....: 0.2,500.7,500.7,200.4,200.5,0.2,89.7,210.7,340.3,500.7,460.5,5507.3,5507.3,601.0,601.0,400.4,400.5,701.0,701.0,400.4,400.4,600.6,600.6,400.8,400.8,600.8,600.8,0.2,54.3,45.7,140.3,0.0] [PKTLENS.....: 89,60,89,60,93,60,141,54,89,60,89,60,89,60,89,60,89,60,89,60,89,60,89,60,89,60,93,60,140,54,89,60] analyse: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [FIX][RPC][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.175| 1.332| 1.132|1282462.056| 0.000] [PKTLEN......: 66.000| 151.000| 91.700| 28.500| 811.200| 4.900] [BINS(c->s)..: 2,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1] - [IATS........: 110,1093319,1093395,599016,598995,1546128,1546141,239,22763,2072709,2137804,913298,870712,442005,442027,3366066,3366054,1195438,1195405,437653,437695,1550229,1550211,211,22417,1711389,1774342,1498173,1457475,4175061,4175010,0] + [IATS(ms)....: 0.1,1093.3,1093.4,599.0,599.0,1546.1,1546.1,0.2,22.8,2072.7,2137.8,913.3,870.7,442.0,442.0,3366.1,3366.1,1195.4,1195.4,437.7,437.7,1550.2,1550.2,0.2,22.4,1711.4,1774.3,1498.2,1457.5,4175.1,4175.0,0.0] [PKTLENS.....: 105,66,126,66,105,66,105,66,151,66,105,66,105,66,126,66,105,66,126,66,105,66,105,66,151,66,105,66,147,66,105,66] idle: [.....3] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45578] [FIX][RPC][Safe] idle: [.....5] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45584] [FIX][RPC][Safe] diff --git a/test/results/flow-info/fix2.pcap.out b/test/results/flow-info/fix2.pcap.out index 7b66cbe1a..876e7d089 100644 --- a/test/results/flow-info/fix2.pcap.out +++ b/test/results/flow-info/fix2.pcap.out @@ -6,22 +6,22 @@ detected: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][RPC][Safe] detected: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][RPC][Safe] analyse: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][RPC][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.026| 0.000] [PKTLEN......: 60.000| 174.000| 106.600| 46.700| 2179.900| 4.900] [BINS(c->s)..: 7,0,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,1,0,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1] - [IATS........: 641,652,12,92,71,9,33,29,203,208,31,32,5,2,23,28,2,2,8,8,11,13,25,23,5,4,9,5,7,5,0,0] + [IATS(ms)....: 0.6,0.7,0.0,0.1,0.1,0.0,0.0,0.0,0.2,0.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 62,62,60,139,62,60,147,144,60,152,144,152,146,60,60,147,60,60,60,152,60,174,157,174,60,60,60,60,157,147,160,152] analyse: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][RPC][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.020| 0.000] [PKTLEN......: 60.000| 174.000| 106.000| 46.100| 2122.500| 4.900] [BINS(c->s)..: 6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0] - [IATS........: 568,570,2,146,145,106,1,105,2,16,6,26,48,7,14,19,2,2,18,19,48,49,27,12,37,4,6,27,25,0,0,0] + [IATS(ms)....: 0.6,0.6,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 62,62,60,139,147,144,152,62,60,144,60,60,152,146,60,147,60,152,60,174,157,147,160,60,60,60,160,162,144,60,60,60] end: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][RPC][Safe] end: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][RPC][Safe] diff --git a/test/results/flow-info/forticlient.pcap.out b/test/results/flow-info/forticlient.pcap.out index 903b3875b..444105a0f 100644 --- a/test/results/flow-info/forticlient.pcap.out +++ b/test/results/flow-info/forticlient.pcap.out @@ -37,13 +37,13 @@ detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS analyse: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.495| 0.071| 0.112|12454.003| 0.000] [PKTLEN......: 66.000| 1506.000| 267.000| 343.000|117623.000| 4.200] [BINS(c->s)..: 9,4,1,0,1,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,0,0,0,1,0,0,1,1] - [IATS........: 62553,62662,2345,64550,19935,1929,84016,11197,85323,74192,429584,495036,65428,84550,160241,75696,71555,6274,142878,591,65604,251,221,2934,4011,39,64164,57249,427,3990,89,0] + [IATS(ms)....: 62.6,62.7,2.3,64.5,19.9,1.9,84.0,11.2,85.3,74.2,429.6,495.0,65.4,84.5,160.2,75.7,71.6,6.3,142.9,0.6,65.6,0.3,0.2,2.9,4.0,0.0,64.2,57.2,0.4,4.0,0.1,0.0] [PKTLENS.....: 78,74,66,379,66,1506,1047,66,224,308,66,596,841,66,362,937,66,357,113,66,113,66,113,66,113,131,117,113,66,113,125,125] end: [.....1] [ip4][..tcp] [..192.168.1.178][61805] -> [....82.81.46.13][10443] end: [.....2] [ip4][..tcp] [..192.168.1.178][61806] -> [....82.81.46.13][10443] diff --git a/test/results/flow-info/ftp-start-tls.pcap.out b/test/results/flow-info/ftp-start-tls.pcap.out index 17c46ad5f..8aa54a748 100644 --- a/test/results/flow-info/ftp-start-tls.pcap.out +++ b/test/results/flow-info/ftp-start-tls.pcap.out @@ -11,13 +11,13 @@ detection-update: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Download][Unsafe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Unsafe Protocol, Missing SNI TLS Extn analyse: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.040| 0.005| 0.010| 91.331| 0.000] [PKTLEN......: 60.000| 566.000| 174.900| 164.200|26956.400| 4.500] [BINS(c->s)..: 4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1] - [IATS........: 415,134,1253,15030,72,17807,3947,60,788,5,4347,3279,113,1027,2,8,2,118,3,2582,8520,40376,68,34737,4456,749,2222,1775,305,2738,2203,0] + [IATS(ms)....: 0.4,0.1,1.3,15.0,0.1,17.8,3.9,0.1,0.8,0.0,4.3,3.3,0.1,1.0,0.0,0.0,0.0,0.1,0.0,2.6,8.5,40.4,0.1,34.7,4.5,0.7,2.2,1.8,0.3,2.7,2.2,0.0] [PKTLENS.....: 60,60,60,60,127,127,64,60,60,85,85,204,60,60,566,566,269,566,566,269,60,384,105,105,91,136,136,91,136,136,99,144] detection-update: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Download][Unsafe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Unsafe Protocol, Missing SNI TLS Extn diff --git a/test/results/flow-info/ftp.pcap.out b/test/results/flow-info/ftp.pcap.out index 1ebe0366e..de06070f5 100644 --- a/test/results/flow-info/ftp.pcap.out +++ b/test/results/flow-info/ftp.pcap.out @@ -5,26 +5,26 @@ detected: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Download][Unsafe] RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Download][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.090| 0.019| 0.021| 426.190| 0.000] [PKTLEN......: 66.000| 307.000| 85.900| 42.700| 1824.000| 4.900] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1] - [IATS........: 27412,27520,29008,29012,526,27660,315,27401,217,69061,21193,90047,306,27070,21,26780,133,26972,64,26857,6,275,27478,27261,90,29,651,27147,26517,90,26761,0] + [IATS(ms)....: 27.4,27.5,29.0,29.0,0.5,27.7,0.3,27.4,0.2,69.1,21.2,90.0,0.3,27.1,0.0,26.8,0.1,27.0,0.1,26.9,0.0,0.3,27.5,27.3,0.1,0.0,0.7,27.1,26.5,0.1,26.8,0.0] [PKTLENS.....: 78,74,66,86,66,82,66,100,66,79,66,89,66,71,66,100,66,72,81,131,66,66,77,110,66,307,66,96,88,66,71,100] new: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] detected: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] [FTP_DATA][Download][Acceptable] RISK: Known Proto on Non Std Port new: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] analyse: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.030| 0.006| 0.011| 123.407| 0.000] [PKTLEN......: 66.000| 1506.000| 832.000| 717.500|514855.000| 4.300] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,1,1,0,1,0,1,1] - [IATS........: 28770,28814,29579,29566,281,284,597,608,340,458,790,363,375,64,327,2,379,43,300,27513,27767,195,211,1702,115,4,1805,1866,1903,218,1796,0] + [IATS(ms)....: 28.8,28.8,29.6,29.6,0.3,0.3,0.6,0.6,0.3,0.5,0.8,0.4,0.4,0.1,0.3,0.0,0.4,0.0,0.3,27.5,27.8,0.2,0.2,1.7,0.1,0.0,1.8,1.9,1.9,0.2,1.8,0.0] [PKTLENS.....: 78,74,66,1506,78,1506,66,1506,66,1506,1506,66,1506,66,1506,1506,1506,66,66,1506,1506,66,1506,66,1506,1506,66,66,1506,66,1506,1506] not-detected: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] [Unknown][Unrated] end: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] [Unknown][Unrated] diff --git a/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out index abeebc13f..981ae2a1e 100644 --- a/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out @@ -519,13 +519,13 @@ detection-update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] RISK: Malformed Packet analyse: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.742| 47.495| 20.018| 22.628|512023754.441| 0.000] [PKTLEN......: 92.000| 92.000| 92.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 746308,47494748,744583,751092,46512252,745680,46548540,1500555,45837567,749435,751083,46756478,741823,751085,45987992,749213,47479804,47268139,749384,47257959,751080,46297871,749788,46627979,750158,751078,45907667,749430,751084,46347688,750041,0] + [IATS(ms)....: 746.3,47494.7,744.6,751.1,46512.3,745.7,46548.5,1500.6,45837.6,749.4,751.1,46756.5,741.8,751.1,45988.0,749.2,47479.8,47268.1,749.4,47258.0,751.1,46297.9,749.8,46628.0,750.2,751.1,45907.7,749.4,751.1,46347.7,750.0,0.0] [PKTLENS.....: 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92] idle: [....76] [ip4][..udp] [..192.168.130.1][...53] -> [....192.168.1.2][.2741] [DNS][Network][Acceptable] idle: [....75] [ip4][..udp] [....192.168.1.2][.2741] -> [....192.168.1.1][...53] @@ -961,13 +961,13 @@ detected: [...165] [ip4][..udp] [....192.168.1.2][.2788] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] new: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2] analyse: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.026| 279.042| 51.474| 59.389|3527099352.613| 0.000] [PKTLEN......: 47.000| 1118.000| 381.000| 296.200|87757.200| 4.500] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,0,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1] - [IATS........: 17474795,107207461,89874891,17280679,167478647,167525220,17335822,73902652,91241081,17333170,25935,17724998,29031776,29092737,68237242,29272359,29031830,29031631,29031476,18604480,279041814,227102,15287489,17115049,32679444,257340,76383084,29031077,58063525,24495477,17375114,0] + [IATS(ms)....: 17474.8,107207.5,89874.9,17280.7,167478.6,167525.2,17335.8,73902.7,91241.1,17333.2,25.9,17725.0,29031.8,29092.7,68237.2,29272.4,29031.8,29031.6,29031.5,18604.5,279041.8,227.1,15287.5,17115.0,32679.4,257.3,76383.1,29031.1,58063.5,24495.5,17375.1,0.0] [PKTLENS.....: 528,388,509,528,722,528,722,533,528,722,348,512,47,47,47,47,47,47,47,47,867,635,382,47,1118,487,377,47,47,47,480,715] ERROR-EVENT: Unknown packet type ERROR-EVENT: nDPI IPv4/L4 payload detection failed diff --git a/test/results/flow-info/fuzz-2020-02-16-11740.pcap.out b/test/results/flow-info/fuzz-2020-02-16-11740.pcap.out index 9844a484c..eac928d80 100644 --- a/test/results/flow-info/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/flow-info/fuzz-2020-02-16-11740.pcap.out @@ -69,13 +69,13 @@ ERROR-EVENT: nDPI IPv4/L4 payload detection failed idle: [.....5] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813] [Radius][Network][Acceptable] analyse: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.155| 612.411| 61.128| 140.850|19838793242.640| 0.000] [PKTLEN......: 179.000| 745.000| 506.200| 248.200|61618.100| 4.800] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,4,3,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,1,0,1,0,0] - [IATS........: 155168,452627740,595449,114837328,612411195,44261470,205164,4046522,4037802,201918,4553249,187053,43562433,202627,48502104,3244519,3442366,3335821,3536360,209147,201397,255983176,256164296,599645,6262990,492548,7309633,8000538,8015324,522347,7260933,0] + [IATS(ms)....: 155.2,452627.7,595.4,114837.3,612411.2,44261.5,205.2,4046.5,4037.8,201.9,4553.2,187.1,43562.4,202.6,48502.1,3244.5,3442.4,3335.8,3536.4,209.1,201.4,255983.2,256164.3,599.6,6263.0,492.5,7309.6,8000.5,8015.3,522.3,7260.9,0.0] [PKTLENS.....: 697,257,239,318,239,745,179,697,179,697,206,745,697,745,697,206,179,697,745,179,697,206,745,239,725,745,725,318,745,239,725,745] ERROR-EVENT: Unknown L3 protocol new: [....13] [ip4][..udp] [..198.162.25.53][.1810] -> [....10.12.64.30][29200] diff --git a/test/results/flow-info/git.pcap.out b/test/results/flow-info/git.pcap.out index 15a93426a..09087f2cc 100644 --- a/test/results/flow-info/git.pcap.out +++ b/test/results/flow-info/git.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] detected: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Collaborative][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Collaborative][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.100| 0.025| 0.029| 818.762| 0.000] [PKTLEN......: 66.000| 2946.000| 704.900| 773.900|598945.800| 4.100] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1] - [IATS........: 57902,57964,60,56073,43848,99851,54739,54730,537,49455,48900,45519,29,17836,63404,1849,203,2031,860,202,1063,209,208,710,439,1139,50571,205,50785,547,651,0] + [IATS(ms)....: 57.9,58.0,0.1,56.1,43.8,99.9,54.7,54.7,0.5,49.5,48.9,45.5,0.0,17.8,63.4,1.8,0.2,2.0,0.9,0.2,1.1,0.2,0.2,0.7,0.4,1.1,50.6,0.2,50.8,0.5,0.7,0.0] [PKTLENS.....: 74,74,66,135,66,267,66,962,66,593,66,75,66,74,1506,66,1506,1506,66,1506,1506,66,2946,66,1506,1506,66,1506,1506,66,1506,1506] end: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Collaborative][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/gnutella.pcap.out b/test/results/flow-info/gnutella.pcap.out index 87a576c6b..f0eb85b2f 100644 --- a/test/results/flow-info/gnutella.pcap.out +++ b/test/results/flow-info/gnutella.pcap.out @@ -575,31 +575,31 @@ detected: [...327] [ip4][..udp] [......10.0.2.15][28681] -> [...84.28.53.225][44859] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol analyse: [...239] [ip4][..tcp] [......10.0.2.15][50285] -> [..75.133.101.93][52367] [Gnutella][Download][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 8.796| 0.767| 2.113|4465727.373| 0.000] [PKTLEN......: 54.000| 1514.000| 423.200| 491.700|241767.600| 4.100] [BINS(c->s)..: 9,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1] - [IATS........: 111774,112031,223,580,122233,123811,1735,510239,510348,125373,7027,133055,508500,509079,643423,701863,8737919,8796467,643884,78,644721,118605,2969,121592,121581,84,121516,120907,68,120959,117511,0] + [IATS(ms)....: 111.8,112.0,0.2,0.6,122.2,123.8,1.7,510.2,510.3,125.4,7.0,133.1,508.5,509.1,643.4,701.9,8737.9,8796.5,643.9,0.1,644.7,118.6,3.0,121.6,121.6,0.1,121.5,120.9,0.1,121.0,117.5,0.0] [PKTLENS.....: 66,58,54,653,54,666,104,54,367,54,196,437,54,82,54,463,54,100,54,1514,1066,54,654,1502,54,1514,642,54,1514,642,54,654] analyse: [...238] [ip4][..tcp] [......10.0.2.15][50284] -> [.104.156.226.72][53258] [Gnutella][Download][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 8.218| 0.797| 1.971|3884024.594| 0.000] [PKTLEN......: 54.000| 1078.000| 296.600| 381.800|145784.600| 4.000] [BINS(c->s)..: 12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1] - [IATS........: 128313,128710,372,938,178629,178799,1,501219,501471,98390,140683,469376,511641,1190983,1233531,8175797,8218469,772334,828075,95677,89547,96875,110099,405396,409608,95445,89124,2830,63380,645,642,0] + [IATS(ms)....: 128.3,128.7,0.4,0.9,178.6,178.8,0.0,501.2,501.5,98.4,140.7,469.4,511.6,1191.0,1233.5,8175.8,8218.5,772.3,828.1,95.7,89.5,96.9,110.1,405.4,409.6,95.4,89.1,2.8,63.4,0.6,0.6,0.0] [PKTLENS.....: 66,58,54,654,54,682,104,54,367,54,588,54,82,54,456,54,100,54,1078,54,1078,54,1078,54,1078,54,1078,54,69,54,64,54] analyse: [...288] [ip4][..tcp] [......10.0.2.15][50312] -> [104.238.172.250][23548] [Gnutella][Download][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 8.692| 0.666| 2.111|4456211.546| 0.000] [PKTLEN......: 54.000| 682.000| 135.800| 170.000|28912.700| 4.200] [BINS(c->s)..: 12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 30928,31210,439,818,29157,31647,2471,501745,502012,17074,17362,35097,479690,480352,544167,592641,8643736,8692014,619,570,563,598,427,387,461,428,346,360,379,396,439,0] + [IATS(ms)....: 30.9,31.2,0.4,0.8,29.2,31.6,2.5,501.7,502.0,17.1,17.4,35.1,479.7,480.4,544.2,592.6,8643.7,8692.0,0.6,0.6,0.6,0.6,0.4,0.4,0.5,0.4,0.3,0.4,0.4,0.4,0.4,0.0] [PKTLENS.....: 66,58,54,655,54,682,104,54,367,54,196,384,54,81,54,441,54,108,54,64,54,64,54,64,54,64,54,64,54,64,54,64] new: [...328] [ip4][..udp] [......10.0.2.15][28681] -> [.203.220.105.27][19260] detected: [...328] [ip4][..udp] [......10.0.2.15][28681] -> [.203.220.105.27][19260] [Gnutella][Download][Potentially Dangerous] @@ -643,22 +643,22 @@ detected: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol analyse: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Media][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.139| 0.307| 0.464|214847.930| 0.000] [PKTLEN......: 54.000| 1514.000| 862.800| 665.400|442787.600| 4.400] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0,1,1,1,0,1,0,1,1,1,1,0,1,1,1] - [IATS........: 108990,109470,822,1560,1123233,14904,1138736,509,4088,37,4418,993404,175,19,291,993807,142,988894,159,41,989074,4759,4845,1004141,96,26,62,1004324,1027632,5162,84,0] + [IATS(ms)....: 109.0,109.5,0.8,1.6,1123.2,14.9,1138.7,0.5,4.1,0.0,4.4,993.4,0.2,0.0,0.3,993.8,0.1,988.9,0.2,0.0,989.1,4.8,4.8,1004.1,0.1,0.0,0.1,1004.3,1027.6,5.2,0.1,0.0] [PKTLENS.....: 66,58,54,587,54,848,1514,54,1514,1514,118,54,1514,1514,1514,912,54,54,1514,1514,1514,54,912,54,1514,1514,1514,912,54,1514,1514,1514] analyse: [...276] [ip4][..tcp] [......10.0.2.15][50300] -> [..188.61.52.183][11852] [Gnutella][Download][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 13.802| 1.828| 3.934|15478358.540| 0.000] [PKTLEN......: 54.000| 1514.000| 212.900| 294.000|86413.100| 4.100] [BINS(c->s)..: 8,1,2,1,1,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,1,0,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0] - [IATS........: 17190,17418,3506,3946,14197,14999,687,2797,2855,25798,49,26144,8990,9323,15893,71757,495574,483536,221196,265159,15579,77266,487598,467678,9468962,9510672,13760964,13801588,1593559,1633954,4140974,0] + [IATS(ms)....: 17.2,17.4,3.5,3.9,14.2,15.0,0.7,2.8,2.9,25.8,0.0,26.1,9.0,9.3,15.9,71.8,495.6,483.5,221.2,265.2,15.6,77.3,487.6,467.7,9469.0,9510.7,13761.0,13801.6,1593.6,1634.0,4141.0,0.0] [PKTLENS.....: 66,58,54,653,54,713,125,54,318,54,1514,194,54,180,54,105,54,233,54,418,54,401,54,521,54,129,54,125,54,190,54,115] update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] @@ -746,13 +746,13 @@ detected: [...344] [ip4][..udp] [......10.0.2.15][28681] -> [.207.38.163.228][.6778] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol analyse: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Media][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.215| 0.581| 0.506|255907.955| 0.000] [PKTLEN......: 54.000| 1514.000| 789.100| 623.900|389219.000| 4.400] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1] - [IATS........: 193649,195345,1788,3675,1208824,5559,69,1214808,993314,122,993548,1040345,116,1040488,1001310,128,1001514,998194,120,998177,1008259,218,1008532,1046807,141,1046873,1000209,118,1000330,1013376,42,0] + [IATS(ms)....: 193.6,195.3,1.8,3.7,1208.8,5.6,0.1,1214.8,993.3,0.1,993.5,1040.3,0.1,1040.5,1001.3,0.1,1001.5,998.2,0.1,998.2,1008.3,0.2,1008.5,1046.8,0.1,1046.9,1000.2,0.1,1000.3,1013.4,0.0,0.0] [PKTLENS.....: 66,58,54,592,54,860,1514,340,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146] new: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] detected: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] [HTTP.Gnutella][Download][Potentially Dangerous] @@ -843,13 +843,13 @@ new: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] new: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] analyse: [....93] [ip4][..tcp] [......10.0.2.15][50248] -> [109.214.154.216][.6346] [Gnutella][Download][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 22.685| 3.465| 6.256|39132462.055| 0.000] [PKTLEN......: 54.000| 1078.000| 152.200| 217.400|47264.800| 4.200] [BINS(c->s)..: 9,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,2,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,1,1,0,0,1,0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1] - [IATS........: 399865,400165,2576,3065,879170,880284,1091,343284,15848,359592,3003,2180,5087,145122,145627,10048654,10048652,469496,2676,472723,3557750,3604090,6175326,6222212,413766,464528,22633783,22684647,605343,604983,15818919,0] + [IATS(ms)....: 399.9,400.2,2.6,3.1,879.2,880.3,1.1,343.3,15.8,359.6,3.0,2.2,5.1,145.1,145.6,10048.7,10048.7,469.5,2.7,472.7,3557.8,3604.1,6175.3,6222.2,413.8,464.5,22633.8,22684.6,605.3,605.0,15818.9,0.0] [PKTLENS.....: 66,58,54,358,54,337,157,54,132,776,54,67,72,54,163,54,118,54,1078,59,54,136,54,84,54,227,54,66,54,137,54,76] new: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] new: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] @@ -1171,13 +1171,13 @@ update: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] analyse: [....94] [ip4][..tcp] [......10.0.2.15][50249] -> [.86.208.180.181][45883] [Gnutella][Download][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 55.455| 7.491| 14.262|203411798.622| 0.000] [PKTLEN......: 54.000| 1119.000| 170.900| 244.600|59812.500| 4.100] [BINS(c->s)..: 11,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,0,0,1,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,0,0] - [IATS........: 106993,107336,276,805,178388,179820,1439,41004,98031,375723,432936,10046845,10046768,42293,94463,6595038,6594815,3591919,3643921,39217,93460,24009088,24063297,605105,604823,14641110,23768,14665256,55396943,55455380,453178,0] + [IATS(ms)....: 107.0,107.3,0.3,0.8,178.4,179.8,1.4,41.0,98.0,375.7,432.9,10046.8,10046.8,42.3,94.5,6595.0,6594.8,3591.9,3643.9,39.2,93.5,24009.1,24063.3,605.1,604.8,14641.1,23.8,14665.3,55396.9,55455.4,453.2,0.0] [PKTLENS.....: 66,58,54,357,54,337,157,54,926,54,163,54,118,54,1119,54,214,54,84,54,203,54,66,54,137,54,78,503,54,64,54,63] end: [....35] [ip4][..tcp] [......10.0.2.15][50196] -> [...218.250.6.59][12556] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol diff --git a/test/results/flow-info/googledns_android10.pcap.out b/test/results/flow-info/googledns_android10.pcap.out index 97dfff593..237b9b713 100644 --- a/test/results/flow-info/googledns_android10.pcap.out +++ b/test/results/flow-info/googledns_android10.pcap.out @@ -24,13 +24,13 @@ detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.447| 0.072| 0.122|14825.912| 0.000] [PKTLEN......: 66.000| 1484.000| 282.200| 356.700|127227.700| 4.200] [BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0] - [IATS........: 12824,14641,349,14827,16165,1147,99,31089,1039,512,12517,28602,36858,41216,19219,12546,6221,5033,24265,307087,326211,13788,74283,386701,447414,5048,23824,155667,173706,5036,23182,0] + [IATS(ms)....: 12.8,14.6,0.3,14.8,16.2,1.1,0.1,31.1,1.0,0.5,12.5,28.6,36.9,41.2,19.2,12.5,6.2,5.0,24.3,307.1,326.2,13.8,74.3,386.7,447.4,5.0,23.8,155.7,173.7,5.0,23.2,0.0] [PKTLENS.....: 74,74,66,220,66,1484,1484,305,66,66,66,159,358,225,66,225,565,66,565,66,225,66,565,66,225,66,565,66,225,66,565,66] new: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] detected: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Network][Acceptable] @@ -42,13 +42,13 @@ detection-update: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.254| 0.185| 0.342|116761.002| 0.000] [PKTLEN......: 66.000| 583.000| 212.200| 197.900|39161.300| 4.400] [BINS(c->s)..: 8,1,0,0,6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,1] - [IATS........: 12746,14119,899,14919,79,14194,1137,19603,19131,13753,1318,58447,651251,714961,3808,23304,1234142,1253719,12532,32716,484043,503710,3783,30780,265369,292430,20267,12603,11759,7400,12615,0] + [IATS(ms)....: 12.7,14.1,0.9,14.9,0.1,14.2,1.1,19.6,19.1,13.8,1.3,58.4,651.3,715.0,3.8,23.3,1234.1,1253.7,12.5,32.7,484.0,503.7,3.8,30.8,265.4,292.4,20.3,12.6,11.8,7.4,12.6,0.0] [PKTLENS.....: 74,74,66,583,66,213,66,117,66,225,66,565,66,225,66,565,66,225,66,565,66,225,66,565,66,225,66,225,565,66,66,565] update: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Network][Acceptable] idle: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Network][Acceptable] @@ -68,13 +68,13 @@ detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 5.704| 0.390| 1.388|1925240.193| 0.000] [PKTLEN......: 66.000| 1484.000| 282.200| 356.700|127227.700| 4.200] [BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1] - [IATS........: 14386,41870,9180,49912,17551,119,78,32502,535,103,15369,30822,15661,19948,22571,85476,5640736,5703762,20528,7552,6167,13685,17563,31103,85377,103703,33240,18803,6257,16181,17586,0] + [IATS(ms)....: 14.4,41.9,9.2,49.9,17.6,0.1,0.1,32.5,0.5,0.1,15.4,30.8,15.7,19.9,22.6,85.5,5640.7,5703.8,20.5,7.6,6.2,13.7,17.6,31.1,85.4,103.7,33.2,18.8,6.3,16.2,17.6,0.0] [PKTLENS.....: 74,74,66,220,66,1484,1484,305,66,66,66,159,358,225,66,565,66,225,66,225,565,66,66,565,66,225,66,225,565,66,66,565] end: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] RISK: TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow-info/http-manipulated.pcap.out b/test/results/flow-info/http-manipulated.pcap.out index 3c8b1055d..6df536074 100644 --- a/test/results/flow-info/http-manipulated.pcap.out +++ b/test/results/flow-info/http-manipulated.pcap.out @@ -10,13 +10,13 @@ detected: [.....2] [ip4][..tcp] [...192.168.0.20][33684] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..tcp] [...192.168.0.20][33684] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.073| 0.005| 0.018| 320.351| 0.000] [PKTLEN......: 54.000| 5894.000| 1464.400| 1938.500|3757919.200| 3.800] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,10] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 227,236,111,336,193,414,72850,73065,187,402,51,53,13,9,38,39,116,116,52,52,10,8,43,47,49,47,9,7,46,48,49,0] + [IATS(ms)....: 0.2,0.2,0.1,0.3,0.2,0.4,72.8,73.1,0.2,0.4,0.1,0.1,0.0,0.0,0.0,0.0,0.1,0.1,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 66,66,54,440,60,631,54,389,60,2974,54,4434,54,2974,54,4434,54,1514,54,4434,54,2974,54,4434,54,1514,54,5894,54,5894,54,2974] end: [.....1] [ip4][..tcp] [...192.168.0.20][33632] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/http_auth.pcap.out b/test/results/flow-info/http_auth.pcap.out index a141ee0c3..43efb6f75 100644 --- a/test/results/flow-info/http_auth.pcap.out +++ b/test/results/flow-info/http_auth.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] detected: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Web][Acceptable] analyse: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.862| 0.405| 1.194|1424465.723| 0.000] [PKTLEN......: 66.000| 1514.000| 640.900| 665.600|443042.200| 4.200] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0] - [IATS........: 180032,180140,139,193993,206403,1322,401505,596,594,735,724,4027,4555,8666,4603,3019,7560,3303,5323,8621,158972,3971,162953,3627,4243,7859,2612,2607,4861805,4861829,1269016,0] + [IATS(ms)....: 180.0,180.1,0.1,194.0,206.4,1.3,401.5,0.6,0.6,0.7,0.7,4.0,4.6,8.7,4.6,3.0,7.6,3.3,5.3,8.6,159.0,4.0,163.0,3.6,4.2,7.9,2.6,2.6,4861.8,4861.8,1269.0,0.0] [PKTLENS.....: 78,74,66,805,66,1514,551,66,145,66,288,66,1514,1514,66,1514,1514,66,1514,1514,66,1514,1514,66,1514,1514,66,989,66,66,66,66] end: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/http_connect.pcap.out b/test/results/flow-info/http_connect.pcap.out index db6b911a9..c25a29cde 100644 --- a/test/results/flow-info/http_connect.pcap.out +++ b/test/results/flow-info/http_connect.pcap.out @@ -10,22 +10,22 @@ detected: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] detection-update: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] analyse: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.016| 0.003| 0.005| 23.691| 0.000] [PKTLEN......: 66.000| 1450.000| 563.000| 627.700|394029.600| 4.100] [BINS(c->s)..: 13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 8850,8886,2829,11347,7507,16011,65,50,21,19,18,33,7291,458,15010,14,4004,11279,678,666,42,41,26,25,27,27,115,115,31,32,149,0] + [IATS(ms)....: 8.8,8.9,2.8,11.3,7.5,16.0,0.1,0.1,0.0,0.0,0.0,0.0,7.3,0.5,15.0,0.0,4.0,11.3,0.7,0.7,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.1,0.0,0.0,0.1,0.0] [PKTLENS.....: 74,74,66,583,66,1450,66,1450,66,1450,66,985,66,130,555,66,66,125,66,1450,66,1450,66,1450,66,1450,66,1450,66,1450,66,1450] analyse: [.....1] [ip4][..tcp] [..192.168.1.103][.1714] -> [..192.168.1.146][.8080] [HTTP_Connect][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.053| 0.007| 0.013| 164.772| 0.000] [PKTLEN......: 54.000| 5590.000| 813.000| 1594.600|2542806.200| 3.300] [BINS(c->s)..: 7,0,2,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,4] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1] - [IATS........: 32,2664,352,3052,9578,12352,2730,16207,17263,6110,7163,474,478,42,22,11387,743,133,163,12593,29,193,4,101,98,705,4022,50186,53379,1210,1208,0] + [IATS(ms)....: 0.0,2.7,0.4,3.1,9.6,12.4,2.7,16.2,17.3,6.1,7.2,0.5,0.5,0.0,0.0,11.4,0.7,0.1,0.2,12.6,0.0,0.2,0.0,0.1,0.1,0.7,4.0,50.2,53.4,1.2,1.2,0.0] [PKTLENS.....: 66,66,60,257,54,130,571,54,5125,60,118,54,224,54,373,54,113,5590,2822,1438,85,60,54,60,5590,1438,963,60,187,54,129,54] idle: [.....2] [ip4][..udp] [..192.168.1.146][47767] -> [....192.168.1.2][...53] [DNS][Network][Acceptable] idle: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/http_ipv6.pcap.out b/test/results/flow-info/http_ipv6.pcap.out index cd6dd371c..77d07ed6b 100644 --- a/test/results/flow-info/http_ipv6.pcap.out +++ b/test/results/flow-info/http_ipv6.pcap.out @@ -9,13 +9,13 @@ new: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [MIDSTREAM] new: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] analyse: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 6.009| 0.604| 1.486|2208638.173| 0.000] [PKTLEN......: 91.000| 1412.000| 340.600| 376.200|141514.900| 4.300] [BINS(c->s)..: 0,9,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0] [BINS(s->c)..: 2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0] - [IATS........: 25363,26190,172445,219452,15689,87208,38758,110203,47003,1512,26672,45844,1752482,1778725,6798,78256,246614,318052,6008829,6008710,4760,76866,102599,174483,2367,73860,70885,142482,2922,74310,992388,0] + [IATS(ms)....: 25.4,26.2,172.4,219.5,15.7,87.2,38.8,110.2,47.0,1.5,26.7,45.8,1752.5,1778.7,6.8,78.3,246.6,318.1,6008.8,6008.7,4.8,76.9,102.6,174.5,2.4,73.9,70.9,142.5,2.9,74.3,992.4,0.0] [PKTLENS.....: 1412,1412,99,1216,94,674,102,252,94,102,581,102,91,257,94,637,105,102,94,262,91,589,105,263,94,586,102,264,94,561,102,265] new: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] new: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] diff --git a/test/results/flow-info/iax.pcap.out b/test/results/flow-info/iax.pcap.out index 415805ccf..e6420b9b3 100644 --- a/test/results/flow-info/iax.pcap.out +++ b/test/results/flow-info/iax.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] detected: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][VoIP][Acceptable] analyse: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.051| 0.019| 0.011| 120.322| 0.000] [PKTLEN......: 54.000| 214.000| 175.500| 59.500| 3538.200| 4.900] [BINS(c->s)..: 3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 2173,5097,7653,24399,24352,24724,16912,51403,9638,12261,14097,6869,22758,16765,31325,17887,20048,11489,43190,21320,13940,17067,22553,948,20517,34133,6854,21003,19904,17982,29140,0] + [IATS(ms)....: 2.2,5.1,7.7,24.4,24.4,24.7,16.9,51.4,9.6,12.3,14.1,6.9,22.8,16.8,31.3,17.9,20.0,11.5,43.2,21.3,13.9,17.1,22.6,0.9,20.5,34.1,6.9,21.0,19.9,18.0,29.1,0.0] [PKTLENS.....: 108,54,54,60,54,60,206,214,214,60,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206] idle: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][VoIP][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/icmp-tunnel.pcap.out b/test/results/flow-info/icmp-tunnel.pcap.out index 470787e6a..2124e14d0 100644 --- a/test/results/flow-info/icmp-tunnel.pcap.out +++ b/test/results/flow-info/icmp-tunnel.pcap.out @@ -5,13 +5,13 @@ detected: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Network][Acceptable] RISK: Malformed Packet analyse: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.999| 13.999| 1.420| 2.297|5274800.751| 0.000] [PKTLEN......: 126.000| 126.000| 126.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 998770,1000036,1000056,999983,1000051,1000074,1000009,1000032,1000047,1000127,999991,999982,1000043,999922,13999352,1001250,1001214,1000977,1001002,1001107,1001081,1000973,1000923,1000944,1000921,1001115,1001144,1001036,1001015,1001004,1001005,0] + [IATS(ms)....: 998.8,1000.0,1000.1,1000.0,1000.1,1000.1,1000.0,1000.0,1000.0,1000.1,1000.0,1000.0,1000.0,999.9,13999.4,1001.2,1001.2,1001.0,1001.0,1001.1,1001.1,1001.0,1000.9,1000.9,1000.9,1001.1,1001.1,1001.0,1001.0,1001.0,1001.0,0.0] [PKTLENS.....: 126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126] update: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Network][Acceptable] RISK: Malformed Packet diff --git a/test/results/flow-info/iec60780-5-104.pcap.out b/test/results/flow-info/iec60780-5-104.pcap.out index e51833940..354391d09 100644 --- a/test/results/flow-info/iec60780-5-104.pcap.out +++ b/test/results/flow-info/iec60780-5-104.pcap.out @@ -21,13 +21,13 @@ end: [.....4] [ip4][..tcp] [.172.27.248.109][.1572] -> [..172.27.248.79][.2404] [IEC60870][IoT-Scada][Acceptable] end: [.....5] [ip4][..tcp] [.172.27.248.109][.1577] -> [..172.27.248.79][.2404] [IEC60870][IoT-Scada][Acceptable] analyse: [.....6] [ip4][..tcp] [.172.27.248.109][.1578] -> [..172.27.248.79][.2404] [IEC60870][IoT-Scada][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 32.516| 11.085| 10.877|118310385.484| 0.000] [PKTLEN......: 54.000| 118.000| 65.600| 11.500| 132.400| 5.000] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1] - [IATS........: 133,283,1182,4289,153898,32516052,32485009,17329020,17462619,171223,19844571,20033163,171510,19860294,20118307,25436246,25352045,204330,19828922,20215237,5341755,5765246,10455867,10671339,13934,15202,139861,131307,218735,19641453,20056039,0] + [IATS(ms)....: 0.1,0.3,1.2,4.3,153.9,32516.1,32485.0,17329.0,17462.6,171.2,19844.6,20033.2,171.5,19860.3,20118.3,25436.2,25352.0,204.3,19828.9,20215.2,5341.8,5765.2,10455.9,10671.3,13.9,15.2,139.9,131.3,218.7,19641.5,20056.0,0.0] [PKTLENS.....: 62,62,60,60,60,60,70,60,70,118,60,60,70,60,60,54,70,76,60,60,54,70,60,70,76,70,76,60,77,60,60,54] end: [.....6] [ip4][..tcp] [.172.27.248.109][.1578] -> [..172.27.248.79][.2404] [IEC60870][IoT-Scada][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/imap-starttls.pcap.out b/test/results/flow-info/imap-starttls.pcap.out index d9e9739ce..1ab25f851 100644 --- a/test/results/flow-info/imap-starttls.pcap.out +++ b/test/results/flow-info/imap-starttls.pcap.out @@ -11,13 +11,13 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Email][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.678| 0.188| 0.378|143010.873| 0.000] [PKTLEN......: 54.000| 1514.000| 249.200| 424.600|180326.200| 3.700] [BINS(c->s)..: 15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1] - [IATS........: 189790,189950,188317,188305,133,192463,259,192553,155,186504,9,186418,431,197380,166,197053,2043,207,2163,90,3747,191586,187876,1486951,1677753,168,190848,49,279,1,189432,0] + [IATS(ms)....: 189.8,189.9,188.3,188.3,0.1,192.5,0.3,192.6,0.2,186.5,0.0,186.4,0.4,197.4,0.2,197.1,2.0,0.2,2.2,0.1,3.7,191.6,187.9,1487.0,1677.8,0.2,190.8,0.0,0.3,0.0,189.4,0.0] [PKTLENS.....: 78,66,54,325,54,68,60,281,54,66,86,60,54,372,1514,1514,54,1514,636,54,54,180,105,54,93,133,85,54,54,85,54,60] detection-update: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Email][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn diff --git a/test/results/flow-info/imap.pcap.out b/test/results/flow-info/imap.pcap.out index c5f535f48..899e4fabe 100644 --- a/test/results/flow-info/imap.pcap.out +++ b/test/results/flow-info/imap.pcap.out @@ -5,13 +5,13 @@ detected: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Email][Unsafe] RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Email][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.331| 0.295| 1.060|1123749.069| 0.000] [PKTLEN......: 66.000| 762.000| 115.900| 125.900|15857.500| 4.600] [BINS(c->s)..: 18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1] - [IATS........: 126,150,12887,12906,231,444,36852,36794,135,4330018,4331408,1394,16846,17272,39867,39540,93,199,596,39710,39393,88,905,1344,39009,38693,107,104,10836,47768,37190,0] + [IATS(ms)....: 0.1,0.1,12.9,12.9,0.2,0.4,36.9,36.8,0.1,4330.0,4331.4,1.4,16.8,17.3,39.9,39.5,0.1,0.2,0.6,39.7,39.4,0.1,0.9,1.3,39.0,38.7,0.1,0.1,10.8,47.8,37.2,0.0] [PKTLENS.....: 74,74,66,108,66,85,131,66,98,66,92,93,66,86,87,66,123,66,86,87,66,123,66,87,78,66,325,66,139,178,66,762] idle: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Email][Unsafe] RISK: Unsafe Protocol diff --git a/test/results/flow-info/imo.pcap.out b/test/results/flow-info/imo.pcap.out index fa01a84a9..410d68eb8 100644 --- a/test/results/flow-info/imo.pcap.out +++ b/test/results/flow-info/imo.pcap.out @@ -6,22 +6,22 @@ new: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] detected: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][VoIP][Acceptable] analyse: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.464| 0.060| 0.120|14499.616| 0.000] [PKTLEN......: 43.000| 149.000| 57.000| 23.000| 529.800| 4.900] [BINS(c->s)..: 15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0] - [IATS........: 36207,20915,69195,11193,10953,10897,11928,60266,17574,7210,47,9880,379036,463846,100219,9477,9867,20901,22,106515,270,209,156,89,19549,7836,19677,23241,7950,3744,407480,0] + [IATS(ms)....: 36.2,20.9,69.2,11.2,11.0,10.9,11.9,60.3,17.6,7.2,0.0,9.9,379.0,463.8,100.2,9.5,9.9,20.9,0.0,106.5,0.3,0.2,0.2,0.1,19.5,7.8,19.7,23.2,8.0,3.7,407.5,0.0] [PKTLENS.....: 43,43,149,52,52,52,52,52,52,52,52,52,52,43,142,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52] analyse: [.....1] [ip4][..udp] [.192.168.12.169][49207] -> [.185.155.137.30][36535] [IMO][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.003| 0.138| 0.306|93428.728| 0.000] [PKTLEN......: 52.000| 1266.000| 433.400| 488.900|239046.100| 4.200] [BINS(c->s)..: 0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1] - [IATS........: 396,41304,49,43405,10843,2151,275,10533,8077,9421,9986,55709,51,24,9743,18469,13472,314,9827,9743,9558,13513,46,69283,127192,99850,16582,835382,861703,1002796,1002553,0] + [IATS(ms)....: 0.4,41.3,0.0,43.4,10.8,2.2,0.3,10.5,8.1,9.4,10.0,55.7,0.1,0.0,9.7,18.5,13.5,0.3,9.8,9.7,9.6,13.5,0.0,69.3,127.2,99.8,16.6,835.4,861.7,1002.8,1002.6,0.0] [PKTLENS.....: 242,371,53,160,1266,1266,224,242,1266,1266,1266,1266,122,266,53,1266,52,1266,242,52,52,52,52,53,226,139,361,138,242,53,242,53] idle: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][VoIP][Acceptable] idle: [.....1] [ip4][..udp] [.192.168.12.169][49207] -> [.185.155.137.30][36535] [IMO][VoIP][Acceptable] diff --git a/test/results/flow-info/instagram.pcap.out b/test/results/flow-info/instagram.pcap.out index 8aec57bec..c4780fc04 100644 --- a/test/results/flow-info/instagram.pcap.out +++ b/test/results/flow-info/instagram.pcap.out @@ -9,13 +9,13 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] [TLS.Instagram][SocialNetwork][Fun] RISK: Obsolete TLS (v1.1 or older) analyse: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.572| 0.136| 0.382|146017.665| 0.000] [PKTLEN......: 66.000| 1464.000| 682.500| 663.900|440818.000| 4.200] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,11,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 88898,75897,164978,1522736,1572479,340302,390014,2197,2137,122,91,92,92,91,91,61,61,92,92,61,91,91,61,92,92,29907,29999,733,671,702,672,0] + [IATS(ms)....: 88.9,75.9,165.0,1522.7,1572.5,340.3,390.0,2.2,2.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,29.9,30.0,0.7,0.7,0.7,0.7,0.0] [PKTLENS.....: 1431,66,679,66,1063,66,1464,66,209,66,1464,66,1297,66,1464,66,1464,66,1464,66,1464,66,1464,66,1464,66,1464,66,1464,66,1464,66] detection-update: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] [TLS.Facebook][SocialNetwork][Fun] new: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [MIDSTREAM] @@ -27,34 +27,34 @@ new: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][SocialNetwork][Fun] analyse: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.033| 0.003| 0.008| 64.366| 0.000] [PKTLEN......: 66.000| 1484.000| 1226.200| 538.200|289645.800| 4.800] [BINS(c->s)..: 5,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0] [DIRECTIONS..: 0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,1,1,1,1,1,0,1] - [IATS........: 32685,33112,763,702,1770,2075,61,30,336,366,672,610,610,611,610,641,610,611,10956,1922,1953,366,305,794,1068,458,457,428,824,4059,488,0] + [IATS(ms)....: 32.7,33.1,0.8,0.7,1.8,2.1,0.1,0.0,0.3,0.4,0.7,0.6,0.6,0.6,0.6,0.6,0.6,0.6,11.0,1.9,2.0,0.4,0.3,0.8,1.1,0.5,0.5,0.4,0.8,4.1,0.5,0.0] [PKTLENS.....: 326,1484,66,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,66,1484,66,1484,66,1484,1484,1484,1484,1484,1484,66,1484] analyse: [.....4] [ip4][..tcp] [..192.168.0.103][57936] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.112| 0.011| 0.030| 883.414| 0.000] [PKTLEN......: 66.000| 1484.000| 785.400| 697.700|486813.200| 4.300] [BINS(c->s)..: 14,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,15,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,1,0,1,0,1] - [IATS........: 56793,57068,1160,977,610,610,428,397,457,457,672,702,1281,1282,1160,1160,488,457,428,458,111480,31,111969,336,1343,61,30,1038,885,793,519,0] + [IATS(ms)....: 56.8,57.1,1.2,1.0,0.6,0.6,0.4,0.4,0.5,0.5,0.7,0.7,1.3,1.3,1.2,1.2,0.5,0.5,0.4,0.5,111.5,0.0,112.0,0.3,1.3,0.1,0.0,1.0,0.9,0.8,0.5,0.0] [PKTLENS.....: 319,1484,66,1445,66,1484,66,1484,66,1484,66,1484,66,186,66,1484,66,1484,66,1484,66,1484,1484,66,66,1484,1484,1484,66,1484,66,1484] detection-update: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][SocialNetwork][Fun] detection-update: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][SocialNetwork][Fun] new: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [MIDSTREAM] analyse: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.372| 0.037| 0.093| 8582.227| 0.000] [PKTLEN......: 66.000| 1484.000| 840.400| 686.900|471900.100| 4.400] [BINS(c->s)..: 13,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1] - [IATS........: 185486,185853,397,519,640,61,1434,61,1404,61,580,733,1434,61,310272,372071,63232,2166,2198,336,305,549,427,733,793,580,519,519,519,1007,976,0] + [IATS(ms)....: 185.5,185.9,0.4,0.5,0.6,0.1,1.4,0.1,1.4,0.1,0.6,0.7,1.4,0.1,310.3,372.1,63.2,2.2,2.2,0.3,0.3,0.5,0.4,0.7,0.8,0.6,0.5,0.5,0.5,1.0,1.0,0.0] [PKTLENS.....: 325,1484,94,1484,1484,94,94,1484,1484,94,94,1484,94,1484,1484,325,1484,66,1484,66,1474,66,1484,66,1484,66,1484,66,1484,66,1484,1484] new: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] [MIDSTREAM] detected: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] [HTTP.Instagram][SocialNetwork][Fun] @@ -73,13 +73,13 @@ detected: [....15] [ip4][..tcp] [..192.168.0.103][33763] -> [....31.13.93.52][..443] [TLS.Facebook][SocialNetwork][Fun] new: [....16] [ip4][..tcp] [..192.168.0.103][38817] -> [...46.33.70.160][...80] [MIDSTREAM] analyse: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 7.322| 0.237| 1.293|1672842.314| 0.000] [PKTLEN......: 66.000| 1484.000| 903.300| 693.100|480370.200| 4.400] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,18,0,0,0] [DIRECTIONS..: 0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,0,0] - [IATS........: 183,854,1526,2655,488,367,335,397,1495,519,1160,1800,61,31,2258,92,3204,427,3571,1038,549,367,1953,885,885,671,3632,61,4699,183,7321503,0] + [IATS(ms)....: 0.2,0.9,1.5,2.7,0.5,0.4,0.3,0.4,1.5,0.5,1.2,1.8,0.1,0.0,2.3,0.1,3.2,0.4,3.6,1.0,0.5,0.4,2.0,0.9,0.9,0.7,3.6,0.1,4.7,0.2,7321.5,0.0] [PKTLENS.....: 66,66,1484,1484,66,1484,1484,1484,1484,66,66,1484,1484,1484,1484,66,66,1484,1484,66,1484,1484,1484,66,1484,66,1484,1484,1337,66,66,66] guessed: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Web][Acceptable] detected: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Web][Acceptable] @@ -127,23 +127,23 @@ new: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [MIDSTREAM] detected: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] analyse: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.062| 0.005| 0.015| 225.668| 0.000] [PKTLEN......: 66.000| 1484.000| 793.200| 693.800|481326.300| 4.300] [BINS(c->s)..: 14,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0] [DIRECTIONS..: 0,1,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,0,0,1,0,0,1,0,1,0,1,1,1] - [IATS........: 61310,214,427,62164,336,336,1434,671,916,885,1556,61,61,1618,61,61,1312,92,30,1312,61,92,31,61,519,549,2411,2441,1373,61,31,0] + [IATS(ms)....: 61.3,0.2,0.4,62.2,0.3,0.3,1.4,0.7,0.9,0.9,1.6,0.1,0.1,1.6,0.1,0.1,1.3,0.1,0.0,1.3,0.1,0.1,0.0,0.1,0.5,0.5,2.4,2.4,1.4,0.1,0.0,0.0] [PKTLENS.....: 326,1484,1484,1475,66,66,66,1484,66,1484,66,1484,1484,1484,66,66,66,1484,1484,1484,66,66,1484,66,66,1484,66,1484,66,396,1484,1484] new: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [MIDSTREAM] analyse: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.002| 0.001| 0.001| 0.353| 0.000] [PKTLEN......: 66.000| 1464.000| 983.400| 664.000|440886.100| 4.500] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0] [BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0] - [IATS........: 367,1465,1587,519,458,824,1465,61,30,1648,2198,2075,366,213,641,367,1312,1678,488,214,610,641,1037,1679,336,488,915,794,335,977,672,0] + [IATS(ms)....: 0.4,1.5,1.6,0.5,0.5,0.8,1.5,0.1,0.0,1.6,2.2,2.1,0.4,0.2,0.6,0.4,1.3,1.7,0.5,0.2,0.6,0.6,1.0,1.7,0.3,0.5,0.9,0.8,0.3,1.0,0.7,0.0] [PKTLENS.....: 1464,66,1464,66,1464,1464,66,1464,1464,1464,66,1464,66,1464,1464,66,1464,1464,66,1464,1464,66,1464,1464,66,1464,1464,66,1464,1464,66,1464] guessed: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP.Facebook][SocialNetwork][Fun] detected: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP.Facebook][SocialNetwork][Fun] @@ -157,13 +157,13 @@ new: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] detected: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] analyse: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.004| 0.001| 0.001| 1.362| 0.000] [PKTLEN......: 66.000| 1484.000| 819.300| 707.600|500717.400| 4.300] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0] [BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0] - [IATS........: 122,2106,427,3387,31,3174,2289,427,946,1892,213,2563,1831,3785,61,3846,183,1342,1312,367,183,213,275,519,519,885,854,2075,2106,2014,61,0] + [IATS(ms)....: 0.1,2.1,0.4,3.4,0.0,3.2,2.3,0.4,0.9,1.9,0.2,2.6,1.8,3.8,0.1,3.8,0.2,1.3,1.3,0.4,0.2,0.2,0.3,0.5,0.5,0.9,0.9,2.1,2.1,2.0,0.1,0.0] [PKTLENS.....: 1484,66,1484,1484,66,66,1484,66,1484,1484,66,66,1484,66,1484,1484,66,66,1484,66,1484,66,1484,66,1484,66,1484,66,1484,66,1484,1484] guessed: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Web][Acceptable] detected: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Web][Acceptable] @@ -174,13 +174,13 @@ detected: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] detection-update: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] analyse: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.017| 0.003| 0.006| 31.659| 0.000] [PKTLEN......: 66.000| 1454.000| 647.500| 640.400|410152.900| 4.200] [BINS(c->s)..: 11,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,0,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0] - [IATS........: 12399,14597,58,14624,1725,26,7,16760,58,2044,498,16542,723,227,12497,604,464,936,285,275,177,245,128,170,272,201,2390,75,1564,117,147,0] + [IATS(ms)....: 12.4,14.6,0.1,14.6,1.7,0.0,0.0,16.8,0.1,2.0,0.5,16.5,0.7,0.2,12.5,0.6,0.5,0.9,0.3,0.3,0.2,0.2,0.1,0.2,0.3,0.2,2.4,0.1,1.6,0.1,0.1,0.0] [PKTLENS.....: 78,74,66,288,66,1454,1454,369,66,66,130,564,259,696,89,66,1454,1454,66,1454,1454,1454,1454,1454,1454,1454,1454,66,66,66,66,66] new: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] new: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] @@ -192,22 +192,22 @@ detection-update: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] detection-update: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] analyse: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.159| 0.012| 0.037| 1346.646| 0.000] [PKTLEN......: 66.000| 1454.000| 536.800| 570.200|325102.600| 4.200] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,1,1,1,1,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,1,0,0,1,1] - [IATS........: 12015,14119,556,167,14869,68,308,601,354,271,107,13997,388,138,112,165,226,1385,108,1160,122,114,5,489,10627,8948,1625,2191,142763,158859,395,0] + [IATS(ms)....: 12.0,14.1,0.6,0.2,14.9,0.1,0.3,0.6,0.4,0.3,0.1,14.0,0.4,0.1,0.1,0.2,0.2,1.4,0.1,1.2,0.1,0.1,0.0,0.5,10.6,8.9,1.6,2.2,142.8,158.9,0.4,0.0] [PKTLENS.....: 78,74,66,485,579,66,66,288,699,1454,1454,1454,66,1454,1454,1454,720,1454,150,66,66,66,66,66,66,100,66,244,66,637,699,1454] analyse: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.157| 0.021| 0.045| 2047.640| 0.000] [PKTLEN......: 66.000| 1454.000| 532.200| 557.600|310915.100| 4.200] [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1] - [IATS........: 11078,12229,3431,138,15990,219,497,12957,479,11770,12042,155644,475,129,254,92,123,275,7,156515,111,123,122,255,2699,48704,55896,8249,149165,503,16,0] + [IATS(ms)....: 11.1,12.2,3.4,0.1,16.0,0.2,0.5,13.0,0.5,11.8,12.0,155.6,0.5,0.1,0.3,0.1,0.1,0.3,0.0,156.5,0.1,0.1,0.1,0.3,2.7,48.7,55.9,8.2,149.2,0.5,0.0,0.0] [PKTLENS.....: 78,74,66,485,595,66,66,288,66,150,244,66,840,1454,1454,1454,1454,1057,1454,100,66,66,66,66,66,654,654,66,66,841,1454,1454] idle: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] idle: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] @@ -254,31 +254,31 @@ detection-update: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] detection-update: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] analyse: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.016| 0.003| 0.005| 22.312| 0.000] [PKTLEN......: 66.000| 1454.000| 733.000| 652.700|426025.800| 4.300] [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,1,0,1,0,1,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1] - [IATS........: 11840,12942,2760,70,16353,27,401,1108,14120,264,633,553,236,305,380,53,1148,300,94,1743,117,248,13,105,10046,132,1375,75,1411,144,201,0] + [IATS(ms)....: 11.8,12.9,2.8,0.1,16.4,0.0,0.4,1.1,14.1,0.3,0.6,0.6,0.2,0.3,0.4,0.1,1.1,0.3,0.1,1.7,0.1,0.2,0.0,0.1,10.0,0.1,1.4,0.1,1.4,0.1,0.2,0.0] [PKTLENS.....: 78,74,66,470,592,66,66,288,699,66,89,150,1454,1454,1454,1454,1454,66,1454,1454,66,66,66,66,66,1454,1454,1454,1454,1454,1454,1454] analyse: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.470| 0.692| 2.561|6557671.096| 0.000] [PKTLEN......: 66.000| 1454.000| 474.700| 528.600|279392.300| 4.200] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1] - [IATS........: 11096,12433,1241,548,13252,614,103,14204,568,14367,12466,169576,258,200,98,307,55,169,229,6,169709,106,1819,218,113,542,10413415,52212,10469815,9752,75862,0] + [IATS(ms)....: 11.1,12.4,1.2,0.5,13.3,0.6,0.1,14.2,0.6,14.4,12.5,169.6,0.3,0.2,0.1,0.3,0.1,0.2,0.2,0.0,169.7,0.1,1.8,0.2,0.1,0.5,10413.4,52.2,10469.8,9.8,75.9,0.0] [PKTLENS.....: 78,74,66,485,663,66,66,288,66,150,244,66,839,1454,1454,1454,1454,1454,642,1454,100,66,66,66,66,66,66,601,601,66,66,842] analyse: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.132| 0.012| 0.032| 1010.732| 0.000] [PKTLEN......: 66.000| 1454.000| 569.500| 619.500|383805.700| 4.100] [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0] - [IATS........: 12123,13295,2535,457,15987,6,842,13996,1396,14470,16133,131670,10,876,193,264,9,116,291,177,158,249,254,129919,113,139,2594,71,83,9,41,0] + [IATS(ms)....: 12.1,13.3,2.5,0.5,16.0,0.0,0.8,14.0,1.4,14.5,16.1,131.7,0.0,0.9,0.2,0.3,0.0,0.1,0.3,0.2,0.2,0.2,0.3,129.9,0.1,0.1,2.6,0.1,0.1,0.0,0.0,0.0] [PKTLENS.....: 78,74,66,470,592,66,66,288,66,150,244,66,840,89,1454,1454,1454,1454,1454,1454,1454,1454,1454,1454,66,66,66,66,66,66,66,66] end: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] end: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] diff --git a/test/results/flow-info/iphone.pcap.out b/test/results/flow-info/iphone.pcap.out index 49c97d903..ebe66274d 100644 --- a/test/results/flow-info/iphone.pcap.out +++ b/test/results/flow-info/iphone.pcap.out @@ -134,43 +134,43 @@ detected: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] detection-update: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] analyse: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.686| 0.087| 0.170|29013.449| 0.000] [PKTLEN......: 66.000| 1506.000| 324.700| 443.900|197074.700| 4.000] [BINS(c->s)..: 8,4,1,0,1,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,0] - [IATS........: 33952,135750,186,135485,2092,235,8690,6,162529,885,167358,319355,36,34737,102,651125,555,14,127,59,44,145,155,686219,30,1215,16,33741,32499,122595,156547,0] + [IATS(ms)....: 34.0,135.8,0.2,135.5,2.1,0.2,8.7,0.0,162.5,0.9,167.4,319.4,0.0,34.7,0.1,651.1,0.6,0.0,0.1,0.1,0.0,0.1,0.2,686.2,0.0,1.2,0.0,33.7,32.5,122.6,156.5,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,1506,580,66,66,159,117,135,66,66,119,116,108,1090,438,104,200,438,66,104,66,66,66,66,637,66] new: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun] detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun] analyse: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.655| 0.067| 0.146|21410.738| 0.000] [PKTLEN......: 54.000| 1506.000| 313.400| 449.800|202280.400| 3.900] [BINS(c->s)..: 9,5,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1] - [IATS........: 34116,36074,120,34743,1609,104,2287,55,140235,397,7279,143339,13,33865,58,1492,19,11,252,423,44,150,34850,6,1213,30,128241,155238,167955,510701,654765,0] + [IATS(ms)....: 34.1,36.1,0.1,34.7,1.6,0.1,2.3,0.1,140.2,0.4,7.3,143.3,0.0,33.9,0.1,1.5,0.0,0.0,0.3,0.4,0.0,0.1,34.9,0.0,1.2,0.0,128.2,155.2,168.0,510.7,654.8,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,1506,580,66,66,159,117,135,66,66,119,116,108,1084,104,450,104,66,104,66,66,66,750,66,54,66] analyse: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.147| 0.026| 0.045| 1989.449| 0.000] [PKTLEN......: 66.000| 1506.000| 336.100| 461.100|212650.100| 4.000] [BINS(c->s)..: 10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1] - [IATS........: 33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566,0] + [IATS(ms)....: 33.3,146.1,0.1,147.3,1.4,0.2,0.1,0.0,38.6,0.0,0.1,10.9,46.9,12.5,120.2,0.0,0.0,0.2,1.1,0.1,1.5,0.5,107.4,0.0,1.2,31.0,0.5,3.7,0.0,4.5,82.6,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,456,66,66,66,146,353,353,112,109,101,1506,566,832,66,66,66,136,66,66,97,66,101,66,66] analyse: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.804| 0.109| 0.185|34306.707| 0.000] [PKTLEN......: 66.000| 1506.000| 735.000| 667.300|445284.800| 4.300] [BINS(c->s)..: 8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0] [BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0] - [IATS........: 145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245,0] + [IATS(ms)....: 146.0,171.0,0.4,171.3,2.7,0.1,11.1,1.3,11.2,179.7,0.0,0.1,0.1,15.6,168.2,146.4,161.4,0.7,308.7,51.5,198.2,655.7,0.2,0.2,0.3,803.5,1.3,180.3,0.3,0.3,0.2,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,1506,1506,1488,66,66,66,66,159,117,66,1183,358,66,1010,66,1178,1506,1506,1506,66,66,1506,1506,1506,1506] detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable] new: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] diff --git a/test/results/flow-info/ipp.pcap.out b/test/results/flow-info/ipp.pcap.out index 3165d60be..ffa682f97 100644 --- a/test/results/flow-info/ipp.pcap.out +++ b/test/results/flow-info/ipp.pcap.out @@ -8,13 +8,13 @@ detected: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address analyse: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.009| 0.004| 0.004| 12.440| 0.000] [PKTLEN......: 66.000| 2962.000| 897.700| 882.800|779357.900| 4.200] [BINS(c->s)..: 3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,1,1,1,0,1,0,9] [BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1] - [IATS........: 709,735,61,34,3567,1615,5071,72,15,5799,5726,12,3653,3625,5,7253,7252,7,8848,8850,9,9119,9104,8,7245,7239,6,7601,7598,8,7210,0] + [IATS(ms)....: 0.7,0.7,0.1,0.0,3.6,1.6,5.1,0.1,0.0,5.8,5.7,0.0,3.7,3.6,0.0,7.3,7.3,0.0,8.8,8.8,0.0,9.1,9.1,0.0,7.2,7.2,0.0,7.6,7.6,0.0,7.2,0.0] [PKTLENS.....: 74,74,66,210,214,66,91,66,2962,1514,66,2962,1586,66,1442,1610,66,1418,1634,66,1394,1658,66,1370,1682,66,1346,1706,66,1322,1730,66] new: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631] detected: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] diff --git a/test/results/flow-info/ipsec_isakmp_esp.pcap.out b/test/results/flow-info/ipsec_isakmp_esp.pcap.out index 240657cf7..b158fc2d4 100644 --- a/test/results/flow-info/ipsec_isakmp_esp.pcap.out +++ b/test/results/flow-info/ipsec_isakmp_esp.pcap.out @@ -12,13 +12,13 @@ update: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][VPN][Safe] update: [.....2] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.193][..500] [IPSec][VPN][Safe] analyse: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][VPN][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 662.067| 87.057| 203.164|41275511887.888| 0.000] [PKTLEN......: 122.000| 1374.000| 542.100| 468.700|219671.500| 4.500] [BINS(c->s)..: 0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0] [BINS(s->c)..: 0,0,3,0,7,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1] - [IATS........: 122000,677000,771000,222000,34000,2372000,1000,23000,2387000,22000,24000,661960000,662067000,681000,743000,195000,34000,407000,421000,4000,138000,188000,12771000,421390000,408766000,0,0,0,0,0,0,0] + [IATS(ms)....: 122.0,677.0,771.0,222.0,34.0,2372.0,1.0,23.0,2387.0,22.0,24.0,661960.0,662067.0,681.0,743.0,195.0,34.0,407.0,421.0,4.0,138.0,188.0,12771.0,421390.0,408766.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 858,250,154,122,138,458,1374,1374,942,1374,174,174,174,942,174,858,250,154,122,138,458,1374,1374,942,174,174,174,1070,174,122,858,250] update: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][VPN][Safe] update: [.....2] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.193][..500] [IPSec][VPN][Safe] @@ -118,22 +118,22 @@ new: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] detected: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] [IPSec][VPN][Safe] analyse: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] [IPSec][VPN][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] [PKTLEN......: 122.000| 1374.000| 507.000| 453.900|206039.000| 4.500] [BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0] [BINS(s->c)..: 0,0,4,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1] - [IATS........: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 858,250,154,122,138,458,1374,1374,942,174,174,174,1070,174,122,858,250,154,122,138,458,1374,1374,942,174,174,174,1070,174,122,858,250] analyse: [....23] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.227][..500] [IPSec][VPN][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] [PKTLEN......: 94.000| 842.000| 521.000| 320.200|102515.000| 4.700] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330] new: [....25] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.226][..500] detected: [....25] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.226][..500] [IPSec][VPN][Safe] @@ -144,13 +144,13 @@ new: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] detected: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][VPN][Safe] analyse: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][VPN][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] [PKTLEN......: 122.000| 1374.000| 665.200| 511.600|261688.400| 4.500] [BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0] [BINS(s->c)..: 0,0,2,0,4,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,4,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1] - [IATS........: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 858,250,154,122,138,458,1374,1070,174,174,1070,174,1374,1374,1326,858,250,154,122,138,458,1374,1070,174,174,1070,174,1374,1374,1326,858,250] new: [....29] [ip4][..udp] [..192.168.2.100][42593] -> [109.237.187.193][.4500] detected: [....29] [ip4][..udp] [..192.168.2.100][42593] -> [109.237.187.193][.4500] [IPSec][VPN][Safe] @@ -169,22 +169,22 @@ new: [....36] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.195][..500] detected: [....36] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.195][..500] [IPSec][VPN][Safe] analyse: [....34] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.195][.4500] [IPSec][VPN][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] [PKTLEN......: 122.000| 1374.000| 584.200| 486.800|236933.900| 4.500] [BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0] [BINS(s->c)..: 0,0,2,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1] - [IATS........: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 858,250,154,122,138,458,1374,1374,926,174,174,174,1070,174,1374,858,250,154,122,138,458,1374,1374,926,174,174,174,1070,174,1374,858,250] analyse: [....18] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.225][.4500] [IPSec][VPN][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] [PKTLEN......: 122.000| 1374.000| 545.600| 472.200|222978.400| 4.500] [BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0] [BINS(s->c)..: 0,0,3,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1] - [IATS........: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 858,250,154,122,138,458,1374,1374,942,174,174,174,1070,174,122,858,250,154,122,138,458,1374,1374,926,174,174,174,1070,174,1374,858,250] idle: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][VPN][Safe] idle: [....20] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.131][.4500] [IPSec][VPN][Safe] diff --git a/test/results/flow-info/jabber.pcap.out b/test/results/flow-info/jabber.pcap.out index cade853f9..1f1f26737 100644 --- a/test/results/flow-info/jabber.pcap.out +++ b/test/results/flow-info/jabber.pcap.out @@ -4,24 +4,24 @@ new: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] detected: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] analyse: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.338| 0.039| 0.084| 7085.730| 0.000] [PKTLEN......: 66.000| 445.000| 142.100| 104.500|10930.100| 4.700] [BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0] - [IATS........: 444,511,417,828,400,374,12411,12818,2412,2410,348,1979,1627,218,40781,36965,77519,220,613,337303,337747,374,834,51093,51498,6383,6386,306,844,109053,109606,0] + [IATS(ms)....: 0.4,0.5,0.4,0.8,0.4,0.4,12.4,12.8,2.4,2.4,0.3,2.0,1.6,0.2,40.8,37.0,77.5,0.2,0.6,337.3,337.7,0.4,0.8,51.1,51.5,6.4,6.4,0.3,0.8,109.1,109.6,0.0] [PKTLENS.....: 78,74,66,88,66,182,66,245,66,351,66,228,226,66,404,66,186,66,118,66,117,66,182,66,245,66,445,66,189,66,198,66] new: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] detected: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] analyse: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.337| 0.038| 0.085| 7210.629| 0.000] [PKTLEN......: 66.000| 445.000| 142.000| 104.500|10917.300| 4.700] [BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0] - [IATS........: 690,749,72,451,362,328,190,509,138,134,177,1433,1288,169,39805,40983,80676,197,580,336438,336798,280,830,51170,51717,134,126,305,762,115132,115569,0] + [IATS(ms)....: 0.7,0.7,0.1,0.5,0.4,0.3,0.2,0.5,0.1,0.1,0.2,1.4,1.3,0.2,39.8,41.0,80.7,0.2,0.6,336.4,336.8,0.3,0.8,51.2,51.7,0.1,0.1,0.3,0.8,115.1,115.6,0.0] [PKTLENS.....: 78,74,66,88,66,182,66,243,66,351,66,228,226,66,404,66,186,66,118,66,117,66,182,66,245,66,445,66,189,66,198,66] new: [.....3] [ip4][..tcp] [....172.16.0.62][57126] -> [...172.16.1.138][.5222] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [....172.16.0.62][57126] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] @@ -38,13 +38,13 @@ DAEMON-EVENT: [Processed: 243 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] analyse: [.....6] [ip4][..tcp] [....172.16.0.62][57149] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 600.488| 42.007| 147.105|21639823353.709| 0.000] [PKTLEN......: 66.000| 529.000| 164.800| 117.900|13893.800| 4.700] [BINS(c->s)..: 9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1] - [IATS........: 5033,2,5089,3,217021,217977,974,3684463,3688323,3876,600484177,600487770,3,3561,6,1107,1119,7791,47498,39730,447,62982,63440,253,504,186,80,2,90,46583978,46623992,0] + [IATS(ms)....: 5.0,0.0,5.1,0.0,217.0,218.0,1.0,3684.5,3688.3,3.9,600484.2,600487.8,0.0,3.6,0.0,1.1,1.1,7.8,47.5,39.7,0.4,63.0,63.4,0.3,0.5,0.2,0.1,0.0,0.1,46584.0,46624.0,0.0] [PKTLENS.....: 305,474,186,66,66,248,529,66,248,193,66,216,270,172,120,66,286,66,114,66,114,66,288,66,114,167,66,66,171,66,201,66] DAEMON-EVENT: [Processed: 270 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/kismet.pcap.out b/test/results/flow-info/kismet.pcap.out index 0dab67917..d09bbaf22 100644 --- a/test/results/flow-info/kismet.pcap.out +++ b/test/results/flow-info/kismet.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] detected: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Network][Acceptable] analyse: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.100| 0.836| 0.406|165002.641| 0.000] [PKTLEN......: 54.000| 1099.000| 142.900| 184.200|33913.200| 4.400] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 28,42,208,235,399947,399927,615244,615286,399575,399620,1099784,1099782,1099835,1099834,1099815,1099816,1099834,1099831,1099838,1099839,1099849,1099852,1099837,1099839,1099821,1099818,1099833,1099833,1099842,1099843,1099828,0] + [IATS(ms)....: 0.0,0.0,0.2,0.2,399.9,399.9,615.2,615.3,399.6,399.6,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.9,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,0.0] [PKTLENS.....: 66,66,54,253,54,72,54,1099,54,129,54,189,54,189,54,189,54,189,54,189,54,189,54,189,54,189,54,189,54,189,54,189] idle: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/kontiki.pcap.out b/test/results/flow-info/kontiki.pcap.out index 1baa4adc8..d0abbfcc7 100644 --- a/test/results/flow-info/kontiki.pcap.out +++ b/test/results/flow-info/kontiki.pcap.out @@ -18,13 +18,13 @@ new: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59] detected: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59] [ICMP][Network][Acceptable] analyse: [.....3] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.86][.8888] [Kontiki][Media][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.608| 0.045| 0.118|13931.400| 0.000] [PKTLEN......: 46.000| 1283.000| 818.400| 568.000|322604.600| 4.500] [BINS(c->s)..: 7,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,0,1,0,1,0,1,1,1,1,0,1,1,1,1,1,0,1,1,1,1,1,1,0,1,1,1,1] - [IATS........: 198615,212422,193796,607738,3074,5780,31191,29960,8831,9093,72,244,17,19380,18261,96,127,127,114,15289,14893,16,235,114,13,97,15924,15357,18,115,125,0] + [IATS(ms)....: 198.6,212.4,193.8,607.7,3.1,5.8,31.2,30.0,8.8,9.1,0.1,0.2,0.0,19.4,18.3,0.1,0.1,0.1,0.1,15.3,14.9,0.0,0.2,0.1,0.0,0.1,15.9,15.4,0.0,0.1,0.1,0.0] [PKTLENS.....: 46,46,46,62,70,259,513,246,218,132,1283,1283,1283,1283,58,1283,1283,1283,1283,1283,58,1283,1283,1283,1283,1283,1283,58,1283,1283,1283,1283] idle: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59] [ICMP][Network][Acceptable] idle: [.....7] [ip4][.icmp] [216.168.241.157] -> [....10.25.32.59] [ICMP][Network][Acceptable] diff --git a/test/results/flow-info/log4j-webapp-exploit.pcap.out b/test/results/flow-info/log4j-webapp-exploit.pcap.out index 7774f28d6..7b6f44f10 100644 --- a/test/results/flow-info/log4j-webapp-exploit.pcap.out +++ b/test/results/flow-info/log4j-webapp-exploit.pcap.out @@ -18,13 +18,13 @@ ERROR-EVENT: Unknown L3 protocol ERROR-EVENT: Unknown L3 protocol analyse: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 7.289| 0.474| 1.790|3202664.366| 0.000] [PKTLEN......: 68.000| 76.000| 69.500| 2.200| 4.600| 5.000] [BINS(c->s)..: 17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 143,183,7288581,7288582,60489,60668,256,174,116,102,89,87,86,86,151,159,99,144,121,87,73,51,50,48,47,46,47,47,47,46,81,0] + [IATS(ms)....: 0.1,0.2,7288.6,7288.6,60.5,60.7,0.3,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.2,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.0] [PKTLENS.....: 76,76,68,71,68,69,68,69,68,69,68,69,68,69,68,69,68,69,68,71,68,73,68,71,68,71,68,71,68,71,68,71] not-detected: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001] [Unknown][Unrated] new: [.....5] [ip4][..tcp] [..172.16.238.10][57742] -> [..172.16.238.11][.1389] diff --git a/test/results/flow-info/long_tls_certificate.pcap.out b/test/results/flow-info/long_tls_certificate.pcap.out index a43438a5d..6b402edfd 100644 --- a/test/results/flow-info/long_tls_certificate.pcap.out +++ b/test/results/flow-info/long_tls_certificate.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.371| 0.087| 0.130|17024.252| 0.000] [PKTLEN......: 54.000| 1506.000| 384.700| 546.600|298744.200| 3.800] [BINS(c->s)..: 10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1] - [IATS........: 370788,370939,9373,360927,2844,76,70,354425,123,125,124,131,8073,8089,5763,200299,194564,174299,34,174324,4,2275,71,66,101,117,94097,91476,274609,24,6,0] + [IATS(ms)....: 370.8,370.9,9.4,360.9,2.8,0.1,0.1,354.4,0.1,0.1,0.1,0.1,8.1,8.1,5.8,200.3,194.6,174.3,0.0,174.3,0.0,2.3,0.1,0.1,0.1,0.1,94.1,91.5,274.6,0.0,0.0,0.0] [PKTLENS.....: 78,78,54,571,60,1506,1506,1506,54,1506,54,1104,54,1104,66,180,1506,66,105,123,54,54,107,110,96,128,92,123,66,66,66,66] detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] end: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] diff --git a/test/results/flow-info/modbus.pcap.out b/test/results/flow-info/modbus.pcap.out index e932b563d..47eec1162 100644 --- a/test/results/flow-info/modbus.pcap.out +++ b/test/results/flow-info/modbus.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][IoT-Scada][Acceptable] analyse: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][IoT-Scada][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 1.014| 0.452| 0.497|247304.159| 0.000] [PKTLEN......: 65.000| 66.000| 65.500| 0.500| 0.200| 5.000] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 1135,1208,905,1013603,1014211,1539,891,986516,986873,1217,900,1000224,1000513,1187,905,1000230,1000558,1232,911,1000222,1000609,1645,915,999845,1000447,1173,835,1000242,1000645,1238,912,0] + [IATS(ms)....: 1.1,1.2,0.9,1013.6,1014.2,1.5,0.9,986.5,986.9,1.2,0.9,1000.2,1000.5,1.2,0.9,1000.2,1000.6,1.2,0.9,1000.2,1000.6,1.6,0.9,999.8,1000.4,1.2,0.8,1000.2,1000.6,1.2,0.9,0.0] [PKTLENS.....: 66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65] idle: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][IoT-Scada][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monero.pcap.out b/test/results/flow-info/monero.pcap.out index 9813eb91e..513bca99f 100644 --- a/test/results/flow-info/monero.pcap.out +++ b/test/results/flow-info/monero.pcap.out @@ -8,22 +8,22 @@ detected: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Mining][Unsafe] RISK: Known Proto on Non Std Port, Unsafe Protocol analyse: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 71.693| 7.500| 18.614|346464978.993| 0.000] [PKTLEN......: 66.000| 1514.000| 372.800| 549.100|301531.900| 3.800] [BINS(c->s)..: 8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0] [BINS(s->c)..: 10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1] - [IATS........: 80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986,0] + [IATS(ms)....: 80.3,80.3,0.1,83.2,0.0,83.1,0.1,81.0,0.0,80.9,0.3,118.0,882.3,1042.5,71569.6,0.2,71693.1,0.0,0.7,81.6,32242.2,0.2,32323.4,1.5,82.5,7433.0,7432.9,3511.8,0.2,3592.7,1.0,0.0] [PKTLENS.....: 74,74,66,164,66,128,66,161,104,185,66,126,66,376,66,1514,1496,66,66,91,66,1514,1496,66,91,66,376,66,1514,1496,66,91] analyse: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 170.525| 32.857| 51.784|2681624034.542| 0.000] [PKTLEN......: 54.000| 1498.000| 237.600| 347.600|120860.400| 4.100] [BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0] [BINS(s->c)..: 4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1] - [IATS........: 308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525,0] + [IATS(ms)....: 308.1,308.2,0.2,308.1,0.0,308.0,0.7,308.7,0.0,308.0,0.1,346.7,653.9,1043.1,114411.2,114368.8,308.6,308.5,36863.2,36863.2,20419.9,20419.9,170525.4,170525.4,113243.5,113243.5,35871.3,35871.3,15564.6,0.2,15873.5,0.0] [PKTLENS.....: 74,66,54,152,60,116,54,147,92,173,54,114,60,364,54,364,54,364,54,364,54,364,54,364,54,364,54,364,54,1498,1486,60] DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/nest_log_sink.pcap.out b/test/results/flow-info/nest_log_sink.pcap.out index aa30aa1e7..ddef9dc92 100644 --- a/test/results/flow-info/nest_log_sink.pcap.out +++ b/test/results/flow-info/nest_log_sink.pcap.out @@ -5,13 +5,13 @@ DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] analyse: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.061| 60.122| 38.821| 28.558|815563555.209| 0.000] [PKTLEN......: 54.000| 60.000| 57.000| 3.000| 9.000| 5.000] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1] - [IATS........: 60807,60066531,60070988,444607,512208,60052382,60122070,60064103,60058548,139368,204086,59876012,59944753,60065849,60071735,305546,379257,59710128,59782330,60066153,60065042,470660,541865,60021230,60097006,60071977,60059874,163527,227320,59833996,59896720,0] + [IATS(ms)....: 60.8,60066.5,60071.0,444.6,512.2,60052.4,60122.1,60064.1,60058.5,139.4,204.1,59876.0,59944.8,60065.8,60071.7,305.5,379.3,59710.1,59782.3,60066.2,60065.0,470.7,541.9,60021.2,60097.0,60072.0,60059.9,163.5,227.3,59834.0,59896.7,0.0] [PKTLENS.....: 60,54,60,54,54,60,60,54,60,54,54,60,60,54,60,54,54,60,60,54,60,54,54,60,60,54,60,54,54,60,60,54] guessed: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink.AmazonAWS][Cloud][Acceptable] detected: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink.AmazonAWS][Cloud][Acceptable] @@ -23,13 +23,13 @@ new: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] detected: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.491| 0.199| 0.354|125081.829| 0.000] [PKTLEN......: 54.000| 733.000| 255.900| 219.800|48330.300| 4.500] [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0] - [IATS........: 69743,72197,635648,708301,5274,110825,1347393,1490586,118042,84290,55,88866,80271,82780,83378,79961,79977,80201,79559,79635,80946,81395,80711,79963,79339,79335,79882,72223,8456,80008,81752,0] + [IATS(ms)....: 69.7,72.2,635.6,708.3,5.3,110.8,1347.4,1490.6,118.0,84.3,0.1,88.9,80.3,82.8,83.4,80.0,80.0,80.2,79.6,79.6,80.9,81.4,80.7,80.0,79.3,79.3,79.9,72.2,8.5,80.0,81.8,0.0] [PKTLENS.....: 60,58,60,585,54,733,60,106,54,124,54,111,509,109,509,109,509,109,509,109,509,109,509,109,509,109,509,109,60,509,109,509] new: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] detected: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] @@ -37,13 +37,13 @@ detected: [.....5] [ip4][..tcp] [.192.168.242.15][63344] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] update: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] analyse: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.007| 60.078| 8.258| 19.898|395938807.939| 0.000] [PKTLEN......: 54.000| 731.000| 181.000| 184.800|34140.600| 4.400] [BINS(c->s)..: 9,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1] - [IATS........: 64103,66685,638775,711013,16458,201353,1246735,1463240,104910,69439,22020,94707,71220,78130,7081,87220,75789,84472,84342,76407,307337,280726,43263,5019615,5092313,178784,59560541,59727665,60063791,60077555,375945,0] + [IATS(ms)....: 64.1,66.7,638.8,711.0,16.5,201.4,1246.7,1463.2,104.9,69.4,22.0,94.7,71.2,78.1,7.1,87.2,75.8,84.5,84.3,76.4,307.3,280.7,43.3,5019.6,5092.3,178.8,59560.5,59727.7,60063.8,60077.6,375.9,0.0] [PKTLENS.....: 60,58,60,585,54,731,60,106,54,458,54,114,176,683,60,234,220,234,204,234,215,60,215,60,346,116,60,60,54,60,54,54] end: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink.AmazonAWS][Cloud][Acceptable] end: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] @@ -62,13 +62,13 @@ new: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] detected: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.478| 0.186| 0.338|114146.574| 0.000] [PKTLEN......: 54.000| 732.000| 255.900| 219.700|48280.000| 4.500] [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0] - [IATS........: 61003,66332,638637,696721,5239,274658,1166948,1477502,96252,57032,33,69584,64878,63516,66188,66283,63911,64139,63928,63783,65164,65050,63165,63274,64227,64111,63788,54150,11824,65153,63500,0] + [IATS(ms)....: 61.0,66.3,638.6,696.7,5.2,274.7,1166.9,1477.5,96.3,57.0,0.0,69.6,64.9,63.5,66.2,66.3,63.9,64.1,63.9,63.8,65.2,65.0,63.2,63.3,64.2,64.1,63.8,54.1,11.8,65.2,63.5,0.0] [PKTLENS.....: 60,58,60,584,54,732,60,106,54,124,54,111,509,109,509,109,509,109,509,109,509,109,509,109,509,109,509,109,60,509,109,509] new: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] detected: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] @@ -80,13 +80,13 @@ end: [.....9] [ip4][..tcp] [.192.168.242.15][63347] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] update: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] analyse: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.007| 60.066| 10.038| 21.842|477077551.710| 0.000] [PKTLEN......: 54.000| 731.000| 176.200| 185.800|34538.800| 4.400] [BINS(c->s)..: 10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0] - [IATS........: 66203,68921,634989,702416,15391,245970,1210603,1481601,108755,76207,16822,97423,70982,72827,6654,85865,79238,75829,75050,77170,97357,2619475,2881135,371772,59569035,59778516,60065954,60063694,377489,447329,59622627,0] + [IATS(ms)....: 66.2,68.9,635.0,702.4,15.4,246.0,1210.6,1481.6,108.8,76.2,16.8,97.4,71.0,72.8,6.7,85.9,79.2,75.8,75.0,77.2,97.4,2619.5,2881.1,371.8,59569.0,59778.5,60066.0,60063.7,377.5,447.3,59622.6,0.0] [PKTLENS.....: 60,58,60,585,54,731,60,106,54,458,54,114,176,683,60,234,220,234,204,234,215,60,346,116,60,60,54,60,54,54,60,60] idle: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] DAEMON-EVENT: [Processed: 424 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -99,13 +99,13 @@ new: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] detected: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.475| 0.185| 0.337|113653.596| 0.000] [PKTLEN......: 54.000| 732.000| 255.900| 219.700|48280.000| 4.500] [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0] - [IATS........: 56837,63375,631089,692531,4988,275292,1167126,1475007,94881,56956,41,68349,63598,63560,63263,63527,64323,71144,70310,64275,64470,63960,64294,64276,63689,63201,62870,53104,10769,65047,64005,0] + [IATS(ms)....: 56.8,63.4,631.1,692.5,5.0,275.3,1167.1,1475.0,94.9,57.0,0.0,68.3,63.6,63.6,63.3,63.5,64.3,71.1,70.3,64.3,64.5,64.0,64.3,64.3,63.7,63.2,62.9,53.1,10.8,65.0,64.0,0.0] [PKTLENS.....: 60,58,60,584,54,732,60,106,54,124,54,111,509,109,509,109,509,109,509,109,509,109,509,109,509,109,509,109,60,509,109,509] new: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] detected: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] @@ -115,13 +115,13 @@ update: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] idle: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] analyse: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.004| 60.116| 15.667| 26.142|683403720.524| 0.000] [PKTLEN......: 54.000| 732.000| 159.100| 181.000|32752.900| 4.300] [BINS(c->s)..: 10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1] - [IATS........: 65118,68086,678411,747347,17507,94704,1396423,1507704,104371,70568,14503,87690,68949,72988,7038,83601,72569,4297,74338,110547,112155,137112,59606094,59757940,60076789,60061094,60093385,60092412,60108066,60116188,184155,0] + [IATS(ms)....: 65.1,68.1,678.4,747.3,17.5,94.7,1396.4,1507.7,104.4,70.6,14.5,87.7,68.9,73.0,7.0,83.6,72.6,4.3,74.3,110.5,112.2,137.1,59606.1,59757.9,60076.8,60061.1,60093.4,60092.4,60108.1,60116.2,184.2,0.0] [PKTLENS.....: 60,58,60,584,54,732,60,106,54,258,54,114,176,683,60,234,204,60,234,215,346,116,60,60,54,60,54,60,54,60,54,54] DAEMON-EVENT: [Processed: 562 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 12|skipped: 0|!detected: 0|guessed: 1|detection-updates: 3|updates: 6] @@ -134,23 +134,23 @@ new: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] detected: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.484| 0.189| 0.353|124509.217| 0.000] [PKTLEN......: 54.000| 733.000| 255.900| 219.800|48309.800| 4.500] [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0] - [IATS........: 55511,58104,637607,698601,8299,132470,1319785,1484002,100866,62363,34,73666,66291,66062,64356,70801,72468,66245,63705,65435,67073,65571,63470,63974,64872,66987,66191,76434,5185,82369,64364,0] + [IATS(ms)....: 55.5,58.1,637.6,698.6,8.3,132.5,1319.8,1484.0,100.9,62.4,0.0,73.7,66.3,66.1,64.4,70.8,72.5,66.2,63.7,65.4,67.1,65.6,63.5,64.0,64.9,67.0,66.2,76.4,5.2,82.4,64.4,0.0] [PKTLENS.....: 60,58,60,584,54,733,60,106,54,124,54,111,509,109,509,109,509,109,509,109,509,109,509,109,509,109,509,109,60,509,109,509] new: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] analyse: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 60.156| 9.910| 20.689|428051338.887| 0.000] [PKTLEN......: 54.000| 731.000| 161.100| 180.100|32452.700| 4.400] [BINS(c->s)..: 10,2,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1] - [IATS........: 68635,72232,634362,701888,15937,150934,1314255,1491295,109213,70989,18037,93450,70186,72141,7151,80030,74076,77118,76505,41618,115484,208508,59946855,60155801,60057740,60124304,30586012,30652885,66856,1252,68314,0] + [IATS(ms)....: 68.6,72.2,634.4,701.9,15.9,150.9,1314.3,1491.3,109.2,71.0,18.0,93.5,70.2,72.1,7.2,80.0,74.1,77.1,76.5,41.6,115.5,208.5,59946.9,60155.8,60057.7,60124.3,30586.0,30652.9,66.9,1.3,68.3,0.0] [PKTLENS.....: 60,58,60,585,54,731,60,106,54,258,54,114,176,683,60,234,204,234,215,60,346,116,60,60,54,54,60,116,54,60,60,54] detected: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] new: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] @@ -161,13 +161,13 @@ end: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] update: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] analyse: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.005| 60.173| 10.045| 21.954|481957439.865| 0.000] [PKTLEN......: 54.000| 730.000| 176.200| 185.800|34529.800| 4.400] [BINS(c->s)..: 10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0] - [IATS........: 65322,67761,637540,709814,18708,293379,1174542,1481999,109107,72201,17976,90820,70287,73214,8669,96471,87696,75885,78977,77415,126677,2595650,2731016,150399,59910787,60056830,60173109,60107028,4658,60634,60165330,0] + [IATS(ms)....: 65.3,67.8,637.5,709.8,18.7,293.4,1174.5,1482.0,109.1,72.2,18.0,90.8,70.3,73.2,8.7,96.5,87.7,75.9,79.0,77.4,126.7,2595.7,2731.0,150.4,59910.8,60056.8,60173.1,60107.0,4.7,60.6,60165.3,0.0] [PKTLENS.....: 60,58,60,586,54,730,60,106,54,458,54,114,176,683,60,234,220,234,204,234,215,60,346,116,60,60,54,60,54,60,54,60] idle: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] DAEMON-EVENT: [Processed: 713 pkts][ZLib][compressions: 0|diff: 0 / 0] diff --git a/test/results/flow-info/netbios.pcap.out b/test/results/flow-info/netbios.pcap.out index bf855bd92..9d6a631aa 100644 --- a/test/results/flow-info/netbios.pcap.out +++ b/test/results/flow-info/netbios.pcap.out @@ -10,13 +10,13 @@ RISK: Unsafe Protocol new: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [MIDSTREAM] analyse: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.014| 0.750| 0.325| 0.215|46083.158| 0.000] [PKTLEN......: 92.000| 92.000| 92.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 471274,14022,264705,470792,80220,113829,555812,80046,113289,146849,489849,113312,146439,749995,33651,749542,308595,441426,307586,628917,121033,628920,470970,278997,470688,458539,291466,334217,123758,93119,532865,0] + [IATS(ms)....: 471.3,14.0,264.7,470.8,80.2,113.8,555.8,80.0,113.3,146.8,489.8,113.3,146.4,750.0,33.7,749.5,308.6,441.4,307.6,628.9,121.0,628.9,471.0,279.0,470.7,458.5,291.5,334.2,123.8,93.1,532.9,0.0] [PKTLENS.....: 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92] new: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] detected: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] @@ -40,13 +40,13 @@ new: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] detected: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] analyse: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.749| 1.516| 0.995| 0.356|126784.610| 0.000] [PKTLEN......: 92.000| 92.000| 92.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 749395,750108,1510862,749350,750084,1512101,749146,750073,1513657,749593,750165,1509201,749922,750117,1511084,749128,750100,1515990,749246,750060,1507974,749281,750095,1513465,749807,750021,1513052,749194,750091,1506879,749381,0] + [IATS(ms)....: 749.4,750.1,1510.9,749.4,750.1,1512.1,749.1,750.1,1513.7,749.6,750.2,1509.2,749.9,750.1,1511.1,749.1,750.1,1516.0,749.2,750.1,1508.0,749.3,750.1,1513.5,749.8,750.0,1513.1,749.2,750.1,1506.9,749.4,0.0] [PKTLENS.....: 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92] new: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] detected: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] diff --git a/test/results/flow-info/netflix.pcap.out b/test/results/flow-info/netflix.pcap.out index 8ac32ab5b..1b0622088 100644 --- a/test/results/flow-info/netflix.pcap.out +++ b/test/results/flow-info/netflix.pcap.out @@ -34,22 +34,22 @@ detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.364| 0.040| 0.082| 6699.630| 0.000] [PKTLEN......: 66.000| 1514.000| 279.200| 396.800|157454.800| 4.000] [BINS(c->s)..: 11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0] - [IATS........: 46025,48575,597,54003,1611,989,54938,11050,13463,9437,301,377,58747,4648,50832,1878,237,59545,562,62143,8477,4734,310931,590,363670,5842,131,72,58058,152,137,0] + [IATS(ms)....: 46.0,48.6,0.6,54.0,1.6,1.0,54.9,11.1,13.5,9.4,0.3,0.4,58.7,4.6,50.8,1.9,0.2,59.5,0.6,62.1,8.5,4.7,310.9,0.6,363.7,5.8,0.1,0.1,58.1,0.2,0.1,0.0] [PKTLENS.....: 78,74,66,274,66,1514,1514,66,229,66,141,72,111,66,117,66,422,376,66,1006,66,126,66,422,375,66,1006,121,100,66,66,66] analyse: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.200| 0.035| 0.048| 2263.883| 0.000] [PKTLEN......: 66.000| 1514.000| 444.800| 557.400|310647.700| 4.000] [BINS(c->s)..: 10,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0] [BINS(s->c)..: 5,2,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,0,0,1] - [IATS........: 45497,51828,277,66352,510,13769,75518,25611,26489,15622,271,195,60990,421,44123,5113,191,57731,67780,234,2712,130987,13830,8367,10032,8058,2353,2270,141147,1238,199917,0] + [IATS(ms)....: 45.5,51.8,0.3,66.4,0.5,13.8,75.5,25.6,26.5,15.6,0.3,0.2,61.0,0.4,44.1,5.1,0.2,57.7,67.8,0.2,2.7,131.0,13.8,8.4,10.0,8.1,2.4,2.3,141.1,1.2,199.9,0.0] [PKTLENS.....: 78,74,66,298,66,1514,1514,66,259,66,141,72,111,66,117,66,1514,742,66,1514,429,1514,66,1130,66,275,66,115,66,1450,581,66] detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] new: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] @@ -87,13 +87,13 @@ detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.350| 0.041| 0.077| 5966.970| 0.000] [PKTLEN......: 66.000| 1514.000| 544.200| 630.500|397553.600| 4.100] [BINS(c->s)..: 11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0] - [IATS........: 50833,52103,3892,68860,549,14675,80527,16948,16635,16128,355,222,66675,773,50716,3176,284,61420,291182,143,350146,11846,12750,24110,12460,12309,13854,13662,2679,13302,16338,0] + [IATS(ms)....: 50.8,52.1,3.9,68.9,0.5,14.7,80.5,16.9,16.6,16.1,0.4,0.2,66.7,0.8,50.7,3.2,0.3,61.4,291.2,0.1,350.1,11.8,12.8,24.1,12.5,12.3,13.9,13.7,2.7,13.3,16.3,0.0] [PKTLENS.....: 78,74,66,274,66,1514,1514,66,259,66,141,72,111,66,117,66,1514,686,66,1514,1514,66,1514,1416,66,1514,66,251,66,1514,1033,66] detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS @@ -105,22 +105,22 @@ detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] analyse: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.040| 0.008| 0.010| 109.761| 0.000] [PKTLEN......: 66.000| 1514.000| 269.300| 414.200|171525.600| 4.000] [BINS(c->s)..: 8,5,6,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,2,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0] - [IATS........: 11378,14427,1674,21129,2857,316,24018,10358,7406,16914,385,833,30795,4734,18083,26013,249,318,147,231,142,435,4518,193,40245,7107,5353,4161,461,364,1965,0] + [IATS(ms)....: 11.4,14.4,1.7,21.1,2.9,0.3,24.0,10.4,7.4,16.9,0.4,0.8,30.8,4.7,18.1,26.0,0.2,0.3,0.1,0.2,0.1,0.4,4.5,0.2,40.2,7.1,5.4,4.2,0.5,0.4,2.0,0.0] [PKTLENS.....: 78,74,66,293,66,1514,1514,66,584,66,141,72,111,66,117,66,119,116,108,214,155,155,155,155,154,134,66,104,104,406,1514,66] analyse: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 7.508| 0.502| 1.826|3335198.867| 0.000] [PKTLEN......: 66.000| 1514.000| 372.800| 520.700|271128.800| 3.900] [BINS(c->s)..: 10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1] - [IATS........: 49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990,0] + [IATS(ms)....: 49.5,50.9,4.4,54.3,2.4,1.0,53.5,43.0,42.8,12.7,0.3,0.2,57.4,5.1,49.3,4.2,0.4,50.0,75.8,32.1,2.0,0.9,5.1,4.7,0.1,7402.2,0.1,7507.8,0.9,35.7,1.0,0.0] [PKTLENS.....: 78,74,66,274,66,1514,1514,66,259,66,141,72,111,66,117,66,1514,675,66,66,198,110,100,66,66,66,1514,803,66,66,1514,488] detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS @@ -134,13 +134,13 @@ new: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] detected: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] analyse: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.007| 1.300| 0.097| 0.230|52797.755| 0.000] [PKTLEN......: 66.000| 1514.000| 1115.900| 637.700|406609.600| 4.700] [BINS(c->s)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0] - [IATS........: 22705,29125,36813,70338,13255,32378,25989,101810,6882,28009,25233,44994,56409,27146,27165,53793,54320,26078,52109,80662,53766,398536,54325,39942,109640,40469,26128,51507,108074,13323,1300093,0] + [IATS(ms)....: 22.7,29.1,36.8,70.3,13.3,32.4,26.0,101.8,6.9,28.0,25.2,45.0,56.4,27.1,27.2,53.8,54.3,26.1,52.1,80.7,53.8,398.5,54.3,39.9,109.6,40.5,26.1,51.5,108.1,13.3,1300.1,0.0] [PKTLENS.....: 78,74,66,311,66,1514,1514,1514,66,66,1514,1514,66,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,94] new: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] detected: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] @@ -148,13 +148,13 @@ new: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][Video][Fun] analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.187| 0.029| 0.042| 1791.215| 0.000] [PKTLEN......: 66.000| 1514.000| 826.300| 674.900|455511.900| 4.400] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0] [DIRECTIONS..: 0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0] - [IATS........: 44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463,0] + [IATS(ms)....: 44.1,45.6,3.9,10.7,0.2,60.0,5.7,1.0,135.1,0.3,187.2,5.7,5.7,13.9,14.0,13.3,14.4,27.8,13.3,13.1,9.2,13.3,22.5,13.4,39.3,13.3,13.3,13.9,13.3,13.3,124.5,0.0] [PKTLENS.....: 78,74,66,379,1514,917,66,66,66,728,1514,66,1514,66,1514,66,1514,1514,66,1026,66,1514,1307,66,1514,1514,1514,1514,1514,1514,1514,78] new: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] detected: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][Video][Fun] @@ -164,13 +164,13 @@ new: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 6.031| 0.428| 1.232|1516791.529| 0.000] [PKTLEN......: 66.000| 1514.000| 809.600| 706.600|499284.200| 4.300] [BINS(c->s)..: 12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1] - [IATS........: 22448,28943,26758,57708,590,13165,40076,31828,42757,26526,25526,50240,53221,30909,25521,54871,53768,27167,52693,79537,53772,544724,1519985,11557,27351,27280,28765,635381,3643850,6030936,1068,0] + [IATS(ms)....: 22.4,28.9,26.8,57.7,0.6,13.2,40.1,31.8,42.8,26.5,25.5,50.2,53.2,30.9,25.5,54.9,53.8,27.2,52.7,79.5,53.8,544.7,1520.0,11.6,27.4,27.3,28.8,635.4,3643.8,6030.9,1.1,0.0] [PKTLENS.....: 78,74,66,312,66,1514,1514,66,1514,66,1514,1514,66,1514,1514,1514,1514,1514,1514,1514,1514,1514,94,94,94,86,78,66,66,311,1514,1514] detection-update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] new: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] @@ -189,46 +189,46 @@ detected: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.004| 0.651| 0.082| 0.154|23582.077| 0.000] [PKTLEN......: 66.000| 1514.000| 954.800| 683.500|467159.100| 4.500] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1] - [IATS........: 24769,26290,3794,42485,4828,43771,27157,40474,69366,43854,44827,78254,38808,79815,102619,28781,14718,354324,85041,14066,12423,12747,651024,22850,582496,8619,27490,16417,16392,14698,15077,0] + [IATS(ms)....: 24.8,26.3,3.8,42.5,4.8,43.8,27.2,40.5,69.4,43.9,44.8,78.3,38.8,79.8,102.6,28.8,14.7,354.3,85.0,14.1,12.4,12.7,651.0,22.9,582.5,8.6,27.5,16.4,16.4,14.7,15.1,0.0] [PKTLENS.....: 78,74,66,422,581,1514,66,1514,1514,66,1514,66,1514,1514,1514,1514,1514,1514,94,1514,1514,1514,1514,78,66,1514,1514,66,1514,66,1514,1514] new: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] detected: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.639| 0.088| 0.152|23073.200| 0.000] [PKTLEN......: 66.000| 1514.000| 865.900| 697.400|486427.500| 4.400] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1] - [IATS........: 18792,21375,5144,35741,1043,5439,35508,13242,13983,20324,20435,13235,116191,170244,28107,56564,51631,31663,27571,12760,327583,131379,638852,579987,19881,15021,30035,13582,42286,118688,118005,0] + [IATS(ms)....: 18.8,21.4,5.1,35.7,1.0,5.4,35.5,13.2,14.0,20.3,20.4,13.2,116.2,170.2,28.1,56.6,51.6,31.7,27.6,12.8,327.6,131.4,638.9,580.0,19.9,15.0,30.0,13.6,42.3,118.7,118.0,0.0] [PKTLENS.....: 78,74,66,422,582,1514,1514,66,1514,66,1514,66,1514,66,1514,1514,1514,1514,1514,1514,1514,94,1514,94,1514,86,1514,78,66,1514,66,1514] new: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] detected: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 0.044| 0.018| 0.010| 100.655| 0.000] [PKTLEN......: 66.000| 1514.000| 998.900| 672.700|452466.100| 4.500] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1] - [IATS........: 30791,32492,5528,44333,2187,41107,2921,12763,15575,14938,14982,12802,12713,26425,12767,11943,13284,17180,31033,13321,13566,25571,14329,13905,26660,13805,13288,27210,13255,13305,27167,0] + [IATS(ms)....: 30.8,32.5,5.5,44.3,2.2,41.1,2.9,12.8,15.6,14.9,15.0,12.8,12.7,26.4,12.8,11.9,13.3,17.2,31.0,13.3,13.6,25.6,14.3,13.9,26.7,13.8,13.3,27.2,13.3,13.3,27.2,0.0] [PKTLENS.....: 78,74,66,420,585,1514,66,1514,1514,66,1514,66,1514,1514,66,1514,66,1514,1514,66,1514,66,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] analyse: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.003| 4.094| 0.319| 0.812|659111.739| 0.000] [PKTLEN......: 66.000| 1514.000| 625.100| 689.400|475329.800| 4.100] [BINS(c->s)..: 17,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1] - [IATS........: 24907,27714,2986,28468,27857,27840,80258,56838,56993,49295,90365,82473,40903,66540,53920,192092,80506,134732,711253,22984,31289,47833,1645394,40376,54849,160828,1864439,25699,40451,28479,4093620,0] + [IATS(ms)....: 24.9,27.7,3.0,28.5,27.9,27.8,80.3,56.8,57.0,49.3,90.4,82.5,40.9,66.5,53.9,192.1,80.5,134.7,711.3,23.0,31.3,47.8,1645.4,40.4,54.8,160.8,1864.4,25.7,40.5,28.5,4093.6,0.0] [PKTLENS.....: 78,74,66,282,66,1514,1514,66,1514,66,1514,78,1514,1514,1514,1514,1514,1514,1514,94,94,94,94,94,94,94,94,86,78,78,66,1514] new: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] new: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] @@ -264,112 +264,112 @@ detected: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.098| 0.201| 0.403|162731.114| 0.000] [PKTLEN......: 66.000| 1514.000| 507.700| 638.100|407212.300| 3.900] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1] - [IATS........: 61813,72267,473,134860,394,125851,1162295,73601,899,212949,11519,409208,101075,1892,70852,2097549,79500,52131,129820,120649,42895,59919,67076,69354,174355,284029,29385,65003,252681,150502,125903,0] + [IATS(ms)....: 61.8,72.3,0.5,134.9,0.4,125.9,1162.3,73.6,0.9,212.9,11.5,409.2,101.1,1.9,70.9,2097.5,79.5,52.1,129.8,120.6,42.9,59.9,67.1,69.4,174.4,284.0,29.4,65.0,252.7,150.5,125.9,0.0] [PKTLENS.....: 78,74,66,426,584,1514,66,94,94,94,94,94,94,78,78,66,1514,66,1514,66,1514,1514,66,1514,66,1514,78,66,66,1514,66,1514] analyse: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.047| 0.281| 0.301|90549.584| 0.000] [PKTLEN......: 66.000| 1514.000| 504.100| 638.900|408170.900| 3.900] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1] - [IATS........: 43730,45845,23628,124789,4917,111637,635898,176069,176,135,41643,37401,940199,857,45449,434520,483806,1046959,74656,202356,418896,472205,955340,169880,525271,694311,167240,252312,98045,326303,148897,0] + [IATS(ms)....: 43.7,45.8,23.6,124.8,4.9,111.6,635.9,176.1,0.2,0.1,41.6,37.4,940.2,0.9,45.4,434.5,483.8,1047.0,74.7,202.4,418.9,472.2,955.3,169.9,525.3,694.3,167.2,252.3,98.0,326.3,148.9,0.0] [PKTLENS.....: 78,74,66,426,585,1514,66,86,86,78,78,78,66,102,1490,66,66,66,1514,1514,66,66,66,1514,66,66,1514,66,1514,1514,66,1514] analyse: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 1.636| 0.284| 0.363|131453.321| 0.000] [PKTLEN......: 66.000| 1514.000| 550.600| 657.900|432827.800| 4.000] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1] - [IATS........: 16087,19422,23622,88585,4002,82236,1105315,26930,21843,19608,569,13093,381586,1636184,66410,119030,421421,408128,882662,90167,143374,490378,519431,92259,120978,487097,597701,217631,227512,270000,221864,0] + [IATS(ms)....: 16.1,19.4,23.6,88.6,4.0,82.2,1105.3,26.9,21.8,19.6,0.6,13.1,381.6,1636.2,66.4,119.0,421.4,408.1,882.7,90.2,143.4,490.4,519.4,92.3,121.0,487.1,597.7,217.6,227.5,270.0,221.9,0.0] [PKTLENS.....: 78,74,66,423,584,1514,66,86,86,86,78,78,78,78,1514,1514,66,78,66,1514,1514,66,66,1514,1514,66,66,1514,66,1514,78,1514] analyse: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.005| 1.397| 0.291| 0.314|98805.531| 0.000] [PKTLEN......: 66.000| 1514.000| 730.200| 699.000|488561.800| 4.200] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1] - [IATS........: 23914,25117,18248,72539,4949,71292,152183,249467,985618,26703,1397235,519076,299466,499851,482346,40528,55620,206768,137068,537495,535230,174291,571825,775969,198842,230534,89909,283953,128056,116304,110490,0] + [IATS(ms)....: 23.9,25.1,18.2,72.5,4.9,71.3,152.2,249.5,985.6,26.7,1397.2,519.1,299.5,499.9,482.3,40.5,55.6,206.8,137.1,537.5,535.2,174.3,571.8,776.0,198.8,230.5,89.9,284.0,128.1,116.3,110.5,0.0] [PKTLENS.....: 78,74,66,423,584,1514,66,1514,66,94,94,1514,86,1514,78,1514,1514,1514,66,1514,66,1514,66,66,1514,66,1514,1514,66,1514,66,1514] analyse: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.716| 0.300| 0.539|290723.889| 0.000] [PKTLEN......: 66.000| 1514.000| 506.600| 638.800|408052.900| 3.900] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0] - [IATS........: 61747,63082,19443,172653,342,153906,1162512,94154,1429,12319,104280,65945,674747,41474,39967,488929,2716440,44869,75746,28743,32797,29468,133613,256105,742961,71312,1131465,569658,135441,73631,104098,0] + [IATS(ms)....: 61.7,63.1,19.4,172.7,0.3,153.9,1162.5,94.2,1.4,12.3,104.3,65.9,674.7,41.5,40.0,488.9,2716.4,44.9,75.7,28.7,32.8,29.5,133.6,256.1,743.0,71.3,1131.5,569.7,135.4,73.6,104.1,0.0] [PKTLENS.....: 78,74,66,424,584,1514,66,94,86,86,86,86,86,86,78,66,66,1514,1514,66,1514,66,1514,66,1514,78,66,1514,66,1514,1514,66] analyse: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.094| 0.303| 0.556|309287.715| 0.000] [PKTLEN......: 66.000| 1514.000| 461.800| 616.500|380048.700| 3.900] [BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0] - [IATS........: 19993,22151,5332,69145,137,72224,626011,606979,26604,520264,51479,55493,593239,41657,80288,418048,3094333,65564,425655,469983,40810,84995,52141,54303,117697,383081,387305,709380,53664,73805,158619,0] + [IATS(ms)....: 20.0,22.2,5.3,69.1,0.1,72.2,626.0,607.0,26.6,520.3,51.5,55.5,593.2,41.7,80.3,418.0,3094.3,65.6,425.7,470.0,40.8,85.0,52.1,54.3,117.7,383.1,387.3,709.4,53.7,73.8,158.6,0.0] [PKTLENS.....: 78,74,66,424,584,1514,66,86,86,86,86,78,78,86,78,66,66,1514,78,78,1514,1514,66,1514,66,1514,66,78,1514,78,1514,66] analyse: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.609| 0.294| 0.529|280024.056| 0.000] [PKTLEN......: 66.000| 1514.000| 463.200| 615.600|378913.200| 3.900] [BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0] - [IATS........: 61899,63035,8952,155118,266,150147,1152400,92133,498,591361,113696,141666,52293,522,39853,381137,2608516,28241,68204,27169,29555,26620,56459,81742,44814,43749,497350,496550,1208877,807442,91559,0] + [IATS(ms)....: 61.9,63.0,9.0,155.1,0.3,150.1,1152.4,92.1,0.5,591.4,113.7,141.7,52.3,0.5,39.9,381.1,2608.5,28.2,68.2,27.2,29.6,26.6,56.5,81.7,44.8,43.7,497.4,496.6,1208.9,807.4,91.6,0.0] [PKTLENS.....: 78,74,66,425,583,1514,66,94,94,94,94,86,78,78,78,66,78,1514,1514,66,1514,66,1514,1514,66,1514,66,78,66,1514,86,86] analyse: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.064| 0.322| 0.577|332375.130| 0.000] [PKTLEN......: 66.000| 1514.000| 509.000| 637.200|406023.800| 4.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1] - [IATS........: 11668,15660,2402,60224,1206,79,57126,107813,316921,313910,536684,811161,71198,122498,693690,84709,585634,3064500,52838,57895,98411,231468,526235,115101,671,585669,117652,1178873,25807,79129,64284,0] + [IATS(ms)....: 11.7,15.7,2.4,60.2,1.2,0.1,57.1,107.8,316.9,313.9,536.7,811.2,71.2,122.5,693.7,84.7,585.6,3064.5,52.8,57.9,98.4,231.5,526.2,115.1,0.7,585.7,117.7,1178.9,25.8,79.1,64.3,0.0] [PKTLENS.....: 78,74,66,424,584,1514,1514,66,66,1514,66,94,94,94,94,86,78,86,1514,86,1514,78,1514,94,78,66,78,66,1514,66,1514,1514] analyse: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.546| 0.356| 0.683|466078.499| 0.000] [PKTLEN......: 66.000| 1514.000| 507.200| 638.400|407523.400| 3.900] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1] - [IATS........: 43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168,0] + [IATS(ms)....: 43.2,45.3,13.2,106.7,4.9,97.9,1317.7,102.1,98.2,0.2,515.8,59.8,1148.4,57.2,54.9,165.2,3546.3,68.4,92.3,156.0,131.0,70.0,95.9,104.0,104.5,205.1,729.4,92.0,551.2,1189.4,68.2,0.0] [PKTLENS.....: 78,74,66,423,584,1514,66,94,94,86,86,86,86,86,78,78,66,1514,66,1514,66,1514,1514,66,1514,66,1514,78,66,66,1514,1514] analyse: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.457| 0.415| 0.811|658300.731| 0.000] [PKTLEN......: 66.000| 1514.000| 552.100| 656.800|431419.800| 4.000] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1] - [IATS........: 41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793,0] + [IATS(ms)....: 41.4,43.5,2.9,82.1,0.1,78.7,1252.1,77.7,132.2,0.8,525.3,100.7,510.0,513.0,40.3,4457.1,87.0,1393.0,522.4,574.9,39.6,91.2,57.6,58.1,139.0,449.1,380.1,69.9,139.5,473.4,516.8,0.0] [PKTLENS.....: 78,74,66,424,584,1514,66,94,94,86,86,86,86,86,78,78,1514,1514,66,66,1514,1514,66,1514,66,1514,66,1514,1514,66,66,1514] analyse: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 4.432| 0.435| 0.814|663375.512| 0.000] [PKTLEN......: 66.000| 1514.000| 418.200| 589.200|347103.400| 3.800] [BINS(c->s)..: 22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1] - [IATS........: 43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669,0] + [IATS(ms)....: 43.9,45.8,13.4,88.6,4.9,81.9,1250.8,92.5,118.4,0.7,544.2,69.2,495.5,501.7,62.9,1143.9,28.6,39.1,4432.0,83.0,87.8,169.9,586.4,795.5,292.9,509.0,501.2,1203.5,55.9,83.0,70.7,0.0] [PKTLENS.....: 78,74,66,424,583,1514,66,94,94,86,86,86,86,86,78,78,78,78,78,1514,66,1514,78,66,1514,78,66,66,1514,1514,66,1514] analyse: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 30.086| 1.958| 7.380|54461959.504| 0.000] [PKTLEN......: 66.000| 1514.000| 394.000| 556.900|310128.200| 3.900] [BINS(c->s)..: 9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0] [BINS(s->c)..: 9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1] - [IATS........: 47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822,0] + [IATS(ms)....: 47.0,48.4,1.7,53.1,2.6,1.0,62.3,11.1,6.0,10.8,0.3,0.3,60.3,3.4,50.1,4.4,0.9,0.6,55.9,50.5,0.3,42.7,4.0,5.1,5.2,0.1,57.7,0.3,30033.4,30086.0,0.8,0.0] [PKTLENS.....: 78,74,66,295,66,1514,1514,66,229,66,141,72,111,66,117,66,1416,1514,1514,66,1514,351,66,66,66,1007,126,66,66,66,97,66] detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] new: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] @@ -385,13 +385,13 @@ detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 30.431| 1.003| 5.373|28867930.620| 0.000] [PKTLEN......: 66.000| 1514.000| 393.500| 557.000|310204.400| 3.900] [BINS(c->s)..: 10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0] [BINS(s->c)..: 7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0] - [IATS........: 44924,46321,7446,58250,1844,979,55802,12140,9904,9342,287,206,60460,132,50780,11459,460,157,72134,60865,339,50757,444,15673,16944,136,74,82928,303,146,30431499,0] + [IATS(ms)....: 44.9,46.3,7.4,58.2,1.8,1.0,55.8,12.1,9.9,9.3,0.3,0.2,60.5,0.1,50.8,11.5,0.5,0.2,72.1,60.9,0.3,50.8,0.4,15.7,16.9,0.1,0.1,82.9,0.3,0.1,30431.5,0.0] [PKTLENS.....: 78,74,66,295,66,1514,1514,66,229,66,141,72,111,66,117,66,1416,1514,1514,66,1514,336,66,66,66,1007,121,100,66,66,66,66] detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] detected: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] @@ -410,66 +410,66 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun] analyse: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.266| 0.048| 0.057| 3291.764| 0.000] [PKTLEN......: 66.000| 1514.000| 879.400| 680.500|463015.400| 4.400] [BINS(c->s)..: 5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] [BINS(s->c)..: 5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1] - [IATS........: 53359,54641,4455,73724,451,53617,123531,11602,72543,62717,1529,55777,52363,2209,208,426,218,96299,96364,227,131,105,82592,81689,880,205,155,38176,40581,146597,266118,0] + [IATS(ms)....: 53.4,54.6,4.5,73.7,0.5,53.6,123.5,11.6,72.5,62.7,1.5,55.8,52.4,2.2,0.2,0.4,0.2,96.3,96.4,0.2,0.1,0.1,82.6,81.7,0.9,0.2,0.2,38.2,40.6,146.6,266.1,0.0] [PKTLENS.....: 78,74,66,583,66,1514,1146,66,192,117,66,1058,120,66,1514,1514,1514,1514,66,1514,1514,1514,1514,66,1514,1514,1514,1514,1514,1514,1514,86] detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.282| 0.053| 0.058| 3383.537| 0.000] [PKTLEN......: 66.000| 1514.000| 566.500| 629.700|396553.700| 4.100] [BINS(c->s)..: 10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0] - [IATS........: 50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723,0] + [IATS(ms)....: 50.8,52.1,6.3,61.1,40.7,74.7,170.4,11.8,79.4,67.6,2.0,57.4,55.8,1.7,0.8,0.2,0.2,82.5,79.7,0.2,94.6,127.5,60.6,282.5,10.6,27.6,38.0,39.9,42.9,7.7,0.7,0.0] [PKTLENS.....: 78,74,66,583,66,1514,1146,66,192,117,66,1057,120,66,1514,1514,1514,1514,66,1514,401,66,66,1257,66,1514,1500,66,115,66,97,66] detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.333| 0.059| 0.083| 6944.879| 0.000] [PKTLEN......: 66.000| 1514.000| 760.100| 703.800|495333.000| 4.300] [BINS(c->s)..: 6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0] [BINS(s->c)..: 6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0] - [IATS........: 69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549,0] + [IATS(ms)....: 69.5,71.0,2.6,55.6,49.1,64.4,167.9,331.9,332.6,26.5,0.7,0.7,87.7,0.5,60.7,8.8,7.1,0.4,81.1,62.8,0.8,0.2,0.1,68.1,67.1,0.8,0.2,0.1,111.2,109.6,2.5,0.0] [PKTLENS.....: 78,74,66,295,66,1514,1514,66,229,66,141,72,111,66,117,66,1417,1514,1514,66,1514,1514,1514,1514,66,1514,1514,1514,1514,66,1514,1514] detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun] analyse: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.003| 0.472| 0.093| 0.119|14235.635| 0.000] [PKTLEN......: 66.000| 1514.000| 698.800| 659.100|434476.800| 4.300] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,0,0,0,1,1] - [IATS........: 26070,27491,2593,46530,5363,49411,29634,29502,8466,38422,5397,39840,38400,39693,140326,138333,356578,206910,471964,29274,417442,40849,81521,44012,43364,83015,187750,28619,25160,184386,25502,0] + [IATS(ms)....: 26.1,27.5,2.6,46.5,5.4,49.4,29.6,29.5,8.5,38.4,5.4,39.8,38.4,39.7,140.3,138.3,356.6,206.9,472.0,29.3,417.4,40.8,81.5,44.0,43.4,83.0,187.8,28.6,25.2,184.4,25.5,0.0] [PKTLENS.....: 78,74,66,575,635,1514,66,677,66,581,643,1514,66,1514,66,1514,1514,94,1514,78,66,1514,1514,66,1514,66,1514,86,78,66,1514,1514] analyse: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.005| 0.731| 0.102| 0.156|24231.225| 0.000] [PKTLEN......: 66.000| 1514.000| 662.300| 653.400|426995.300| 4.200] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0] - [IATS........: 30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720,0] + [IATS(ms)....: 30.5,31.5,13.2,64.0,5.3,56.4,6.1,68.2,5.4,71.5,109.5,202.7,164.8,560.3,47.3,79.0,279.5,27.7,94.5,26.6,26.1,15.8,70.5,85.9,39.5,39.8,41.6,84.4,730.9,41.5,39.7,0.0] [PKTLENS.....: 78,74,66,571,632,965,66,578,642,1514,66,1514,1514,1514,86,78,66,1514,1514,66,1514,66,1514,1514,66,1514,66,1514,78,86,78,66] new: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] detected: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.004| 0.530| 0.111| 0.160|25664.158| 0.000] [PKTLEN......: 66.000| 1514.000| 786.900| 666.800|444580.800| 4.400] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,1,0,1,0,1,0,1,1,0,1,0] - [IATS........: 18406,19875,3710,28859,18073,45753,41559,39617,18474,45294,5405,31729,29350,29485,41132,41119,82225,87690,42083,64319,51529,299907,159779,515651,435957,526591,530041,39964,69880,40403,40425,0] + [IATS(ms)....: 18.4,19.9,3.7,28.9,18.1,45.8,41.6,39.6,18.5,45.3,5.4,31.7,29.4,29.5,41.1,41.1,82.2,87.7,42.1,64.3,51.5,299.9,159.8,515.7,436.0,526.6,530.0,40.0,69.9,40.4,40.4,0.0] [PKTLENS.....: 78,74,66,575,634,1514,66,635,66,581,643,1514,66,1514,66,1514,1514,66,1514,1514,1514,1514,94,1514,78,1514,66,1514,1514,66,1514,66] update: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] @@ -481,13 +481,13 @@ detected: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.286| 0.030| 0.050| 2491.019| 0.000] [PKTLEN......: 66.000| 1514.000| 833.000| 665.800|443241.700| 4.400] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,0] - [IATS........: 13013,14780,4042,30273,839,3652,30261,186,16542,35559,2040,21479,3192,3317,13322,13300,26482,13309,13526,13848,42739,56409,14727,15199,71007,25498,25497,25504,51553,55156,286066,0] + [IATS(ms)....: 13.0,14.8,4.0,30.3,0.8,3.7,30.3,0.2,16.5,35.6,2.0,21.5,3.2,3.3,13.3,13.3,26.5,13.3,13.5,13.8,42.7,56.4,14.7,15.2,71.0,25.5,25.5,25.5,51.6,55.2,286.1,0.0] [PKTLENS.....: 78,74,66,575,634,1514,677,66,66,584,643,1514,66,1514,66,1514,1514,66,1514,66,1514,1514,66,1514,66,1514,1514,1514,1514,1514,1514,86] update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] @@ -529,13 +529,13 @@ detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.141| 0.020| 0.029| 838.464| 0.000] [PKTLEN......: 66.000| 1514.000| 434.800| 506.400|256458.000| 4.100] [BINS(c->s)..: 12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840,0] + [IATS(ms)....: 52.7,54.2,4.7,50.1,0.9,46.0,1.1,0.4,2.3,0.6,48.9,36.1,58.6,0.1,1.0,141.4,13.3,12.2,4.7,8.7,8.5,4.5,3.7,4.5,12.4,12.8,15.2,13.9,6.1,6.2,6.8,0.0] [PKTLENS.....: 78,74,66,274,66,211,66,72,111,1514,564,66,66,1514,227,1514,66,559,66,1005,66,439,66,1306,66,1406,66,660,66,808,66,721] new: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] detected: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] @@ -545,32 +545,32 @@ detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] analyse: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.501| 0.064| 0.122|14766.799| 0.000] [PKTLEN......: 66.000| 1514.000| 456.800| 552.300|305076.800| 4.100] [BINS(c->s)..: 10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1] - [IATS........: 58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945,0] + [IATS(ms)....: 58.3,61.2,1.8,70.6,2.9,1.0,71.3,11.6,12.3,13.1,0.1,0.1,65.7,0.8,52.3,3.6,0.2,91.6,51.8,0.3,140.2,3.7,3.4,3.9,5.5,6.4,5.0,437.2,0.9,500.9,291.9,0.0] [PKTLENS.....: 78,74,66,583,66,1514,1514,66,259,66,141,72,111,66,117,66,1514,803,66,1514,490,66,462,66,765,66,100,66,1514,686,66,1514] detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.100| 0.036| 0.022| 464.586| 0.000] [PKTLEN......: 66.000| 1514.000| 1160.700| 613.300|376142.500| 4.700] [BINS(c->s)..: 5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489,0] + [IATS(ms)....: 16.7,17.7,12.0,38.5,0.5,12.7,40.1,27.1,27.1,58.5,99.8,81.1,33.9,23.7,53.8,53.8,65.1,48.0,65.4,13.9,30.9,13.3,28.7,40.4,54.5,28.8,29.4,29.4,27.5,25.5,25.5,0.0] [PKTLENS.....: 78,74,66,311,66,1514,1514,66,1514,66,1514,78,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] analyse: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.416| 0.126| 0.341|116136.157| 0.000] [PKTLEN......: 66.000| 1514.000| 781.500| 698.900|488505.900| 4.300] [BINS(c->s)..: 12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0] - [IATS........: 15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156,0] + [IATS(ms)....: 15.4,16.8,2.1,27.2,1.0,1.1,27.3,38.1,39.4,39.9,44.7,83.4,40.7,236.7,277.7,1389.8,1416.3,0.3,12.8,48.7,0.2,12.8,12.8,15.9,13.8,16.3,12.8,12.7,23.2,13.3,13.2,0.0] [PKTLENS.....: 78,74,66,311,66,1514,1514,66,1514,66,1514,1514,66,1514,733,66,311,1514,1514,1514,66,66,1514,1514,66,1514,66,1514,1514,66,1514,66] end: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] idle: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Network][Acceptable] diff --git a/test/results/flow-info/nfsv2.pcap.out b/test/results/flow-info/nfsv2.pcap.out index c7d1e7418..c122cad11 100644 --- a/test/results/flow-info/nfsv2.pcap.out +++ b/test/results/flow-info/nfsv2.pcap.out @@ -15,13 +15,13 @@ new: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] detected: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable] analyse: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.010| 0.040| 0.015| 0.011| 125.000| 0.000] [PKTLEN......: 70.000| 214.000| 147.500| 43.100| 1860.800| 4.900] [BINS(c->s)..: 0,0,0,5,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 40000,40000,10000,10000,10000,10000,10000,10000,10000,10000,10000,10000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 40.0,40.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 166,138,166,90,174,70,174,70,206,170,166,138,166,138,174,170,198,138,174,170,174,70,174,70,174,170,174,70,214,70,166,138] new: [.....6] [ip4][..udp] [....139.25.22.2][.3293] -> [..139.25.22.102][..111] detected: [.....6] [ip4][..udp] [....139.25.22.2][.3293] -> [..139.25.22.102][..111] [NFS][DataTransfer][Acceptable] diff --git a/test/results/flow-info/nfsv3.pcap.out b/test/results/flow-info/nfsv3.pcap.out index 0d51ae8c6..3d56985ff 100644 --- a/test/results/flow-info/nfsv3.pcap.out +++ b/test/results/flow-info/nfsv3.pcap.out @@ -18,13 +18,13 @@ new: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] detected: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable] analyse: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.010| 0.050| 0.017| 0.015| 222.222| 0.000] [PKTLEN......: 74.000| 314.000| 176.400| 63.400| 4021.900| 4.900] [BINS(c->s)..: 0,0,0,0,13,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,6,0,2,2,2,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 10000,10000,50000,50000,10000,10000,10000,10000,10000,10000,10000,10000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 10.0,10.0,50.0,50.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 170,154,170,206,170,210,170,182,178,74,178,74,226,314,170,154,206,186,178,74,178,74,178,282,178,74,222,302,178,282,178,74] new: [.....7] [ip4][..udp] [....139.25.22.2][.3299] -> [..139.25.22.102][..111] detected: [.....7] [ip4][..udp] [....139.25.22.2][.3299] -> [..139.25.22.102][..111] [NFS][DataTransfer][Acceptable] diff --git a/test/results/flow-info/nintendo.pcap.out b/test/results/flow-info/nintendo.pcap.out index c45b7adba..aa5ee7950 100644 --- a/test/results/flow-info/nintendo.pcap.out +++ b/test/results/flow-info/nintendo.pcap.out @@ -12,13 +12,13 @@ new: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] detected: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][Game][Fun] analyse: [.....1] [ip4][..udp] [.192.168.12.114][52119] -> [....91.8.243.35][49432] [Nintendo][Game][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.730| 0.194| 0.332|110172.324| 0.000] [PKTLEN......: 102.000| 854.000| 167.000| 179.500|32207.000| 4.500] [BINS(c->s)..: 0,7,7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,4,8,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1] - [IATS........: 87919,239629,335441,89838,30639,131192,103304,499986,507312,130872,234805,19308,15810,5164,16850,12585,53490,8758,197,60833,14170,505639,501514,5142,514446,94641,233,1729670,53,52619,81,0] + [IATS(ms)....: 87.9,239.6,335.4,89.8,30.6,131.2,103.3,500.0,507.3,130.9,234.8,19.3,15.8,5.2,16.9,12.6,53.5,8.8,0.2,60.8,14.2,505.6,501.5,5.1,514.4,94.6,0.2,1729.7,0.1,52.6,0.1,0.0] [PKTLENS.....: 102,102,198,230,118,102,150,118,102,118,150,134,118,118,118,854,118,854,102,102,118,102,102,102,102,102,118,118,118,118,118,118] new: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343] new: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] @@ -52,13 +52,13 @@ detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][Game][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS.AmazonAWS][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 14.019| 1.263| 3.443|11853821.379| 0.000] [PKTLEN......: 66.000| 471.000| 134.200| 98.400| 9678.600| 4.700] [BINS(c->s)..: 8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1] - [IATS........: 6277,307132,3508675,3481620,246,43,276417,18546,55237,145,35743,210876,214177,255332,13944464,14019058,757,51,5265,332523,29922,280387,254222,215658,3394,13561,231064,4335,258992,453544,730768,0] + [IATS(ms)....: 6.3,307.1,3508.7,3481.6,0.2,0.0,276.4,18.5,55.2,0.1,35.7,210.9,214.2,255.3,13944.5,14019.1,0.8,0.1,5.3,332.5,29.9,280.4,254.2,215.7,3.4,13.6,231.1,4.3,259.0,453.5,730.8,0.0] [PKTLENS.....: 166,117,66,133,66,124,113,66,117,166,166,66,66,117,66,471,66,113,400,166,66,117,66,382,66,123,113,66,117,66,166,117] new: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] detected: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] [Nintendo][Game][Fun] @@ -71,31 +71,31 @@ new: [....21] [ip4][.icmp] [...151.6.184.98] -> [.192.168.12.114] detected: [....21] [ip4][.icmp] [...151.6.184.98] -> [.192.168.12.114] [ICMP][Network][Acceptable] analyse: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] [Nintendo][Game][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.754| 0.078| 0.153|23284.658| 0.000] [PKTLEN......: 102.000| 886.000| 168.000| 186.200|34652.000| 4.500] [BINS(c->s)..: 0,2,18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,1,1,1,0,0,1,0,0,1,1,1] - [IATS........: 280,397,210011,243,431,203806,304,212,311877,2339,183,754134,1127,30674,588,242272,245592,5517,2752,1899,125604,98,25,109131,222,10721,20118,10437,105846,2222,28907,0] + [IATS(ms)....: 0.3,0.4,210.0,0.2,0.4,203.8,0.3,0.2,311.9,2.3,0.2,754.1,1.1,30.7,0.6,242.3,245.6,5.5,2.8,1.9,125.6,0.1,0.0,109.1,0.2,10.7,20.1,10.4,105.8,2.2,28.9,0.0] [PKTLENS.....: 118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,182,102,118,118,182,102,118,118,118,118,886,102,886,118,118,102] analyse: [....19] [ip4][..udp] [.192.168.12.114][55915] -> [.93.237.131.235][56066] [Nintendo][Game][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.758| 0.106| 0.188|35487.695| 0.000] [PKTLEN......: 102.000| 886.000| 221.000| 231.800|53743.000| 4.500] [BINS(c->s)..: 0,3,13,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,0,1,1,1,0,0,0,0,0] - [IATS........: 726,2728,200750,236,363,313750,216,309,757918,67,245897,246,38434,238,116689,3047,25905,110485,1189,79734,7959,87905,10077,91853,20145,506365,607064,9714,10174,12917,36738,0] + [IATS(ms)....: 0.7,2.7,200.8,0.2,0.4,313.8,0.2,0.3,757.9,0.1,245.9,0.2,38.4,0.2,116.7,3.0,25.9,110.5,1.2,79.7,8.0,87.9,10.1,91.9,20.1,506.4,607.1,9.7,10.2,12.9,36.7,0.0] [PKTLENS.....: 118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,182,102,182,102,886,102,886,102,118,118,102,358,854,486,486] analyse: [....20] [ip4][..udp] [.192.168.12.114][55915] -> [..81.61.158.138][51769] [Nintendo][Game][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.649| 0.099| 0.184|33766.533| 0.000] [PKTLEN......: 102.000| 886.000| 167.500| 186.300|34709.800| 4.500] [BINS(c->s)..: 0,3,15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0] - [IATS........: 295,399,313495,260,289,284287,137,381,629371,5230,43658,5349,61371,137,131610,65365,7948,186,836,31052,435,67583,2946,484,7525,105852,5669,103301,9836,549379,649265,0] + [IATS(ms)....: 0.3,0.4,313.5,0.3,0.3,284.3,0.1,0.4,629.4,5.2,43.7,5.3,61.4,0.1,131.6,65.4,7.9,0.2,0.8,31.1,0.4,67.6,2.9,0.5,7.5,105.9,5.7,103.3,9.8,549.4,649.3,0.0] [PKTLENS.....: 118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,182,102,118,118,182,118,118,102,118,118,886,102,886,102,118,118,102] guessed: [....11] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][10025] [AmazonAWS][Cloud][Acceptable] idle: [....11] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][10025] diff --git a/test/results/flow-info/nntp.pcap.out b/test/results/flow-info/nntp.pcap.out index 9a9e0dd86..96d7b006b 100644 --- a/test/results/flow-info/nntp.pcap.out +++ b/test/results/flow-info/nntp.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] detected: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Web][Acceptable] analyse: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 25.684| 4.346| 7.782|60565611.348| 0.000] [PKTLEN......: 54.000| 1514.000| 219.900| 397.400|157950.100| 3.700] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0] - [IATS........: 157,178,17001,17072,178,379,673149,673694,608,343,40452,19518042,19565845,7986,4770071,4784435,14326,95,29,25683555,25684268,770,12078373,12090740,12467,209,55,4543973,116,4544308,283,0] + [IATS(ms)....: 0.2,0.2,17.0,17.1,0.2,0.4,673.1,673.7,0.6,0.3,40.5,19518.0,19565.8,8.0,4770.1,4784.4,14.3,0.1,0.0,25683.6,25684.3,0.8,12078.4,12090.7,12.5,0.2,0.1,4544.0,0.1,4544.3,0.3,0.0] [PKTLENS.....: 74,74,66,190,66,79,66,113,92,66,115,66,79,1294,66,79,1514,66,186,66,97,116,66,77,1514,66,332,66,72,66,94,54] end: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/no_sni.pcap.out b/test/results/flow-info/no_sni.pcap.out index 8bdf8757e..072d92afc 100644 --- a/test/results/flow-info/no_sni.pcap.out +++ b/test/results/flow-info/no_sni.pcap.out @@ -8,24 +8,24 @@ detection-update: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Network][Fun] new: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] analyse: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Network][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.180| 0.028| 0.054| 2913.211| 0.000] [PKTLEN......: 54.000| 736.000| 141.200| 163.800|26828.900| 4.400] [BINS(c->s)..: 10,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0] - [IATS........: 137944,138022,4673,280,93,180261,3035,178242,156,4,141,2334,6395,1417,5511,15440,136,687,115,1388,73966,13479,4177,2946,6,76790,62,5422,2521,12,7950,0] + [IATS(ms)....: 137.9,138.0,4.7,0.3,0.1,180.3,3.0,178.2,0.2,0.0,0.1,2.3,6.4,1.4,5.5,15.4,0.1,0.7,0.1,1.4,74.0,13.5,4.2,2.9,0.0,76.8,0.1,5.4,2.5,0.0,8.0,0.0] [PKTLENS.....: 78,66,54,670,60,224,60,736,54,116,60,54,138,60,85,54,205,140,114,146,85,60,60,60,380,85,54,54,60,307,85,54] detected: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable] detection-update: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable] analyse: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.473| 0.050| 0.107|11455.737| 0.000] [PKTLEN......: 54.000| 1514.000| 381.000| 489.400|239474.400| 4.000] [BINS(c->s)..: 12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0] - [IATS........: 121173,121273,5431,100429,365,95332,957,4750,120,77068,533,71774,182,427,594,188,76917,15494,380381,472643,2763,2757,2091,2075,1637,1645,1367,284,1629,603,593,0] + [IATS(ms)....: 121.2,121.3,5.4,100.4,0.4,95.3,1.0,4.8,0.1,77.1,0.5,71.8,0.2,0.4,0.6,0.2,76.9,15.5,380.4,472.6,2.8,2.8,2.1,2.1,1.6,1.6,1.4,0.3,1.6,0.6,0.6,0.0] [PKTLENS.....: 78,66,54,1001,60,286,54,118,224,917,60,566,54,60,85,54,85,60,60,1092,54,844,54,1445,54,1445,54,1514,407,54,1178,54] new: [.....4] [ip4][..tcp] [..192.168.1.119][51635] -> [..104.17.198.37][..443] new: [.....5] [ip4][..tcp] [..192.168.1.119][51636] -> [..104.17.198.37][..443] @@ -43,13 +43,13 @@ detection-update: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] detection-update: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] analyse: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.144| 0.032| 0.043| 1852.691| 0.000] [PKTLEN......: 54.000| 1514.000| 285.300| 409.400|167573.600| 4.000] [BINS(c->s)..: 12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0] - [IATS........: 81926,82025,5271,129371,1703,673,126443,63976,9103,148,11896,1581,143742,57056,79239,1596,80830,1627,14677,255,13311,11856,23,12136,91,25357,25014,814,775,5252,5500,0] + [IATS(ms)....: 81.9,82.0,5.3,129.4,1.7,0.7,126.4,64.0,9.1,0.1,11.9,1.6,143.7,57.1,79.2,1.6,80.8,1.6,14.7,0.3,13.3,11.9,0.0,12.1,0.1,25.4,25.0,0.8,0.8,5.3,5.5,0.0] [PKTLENS.....: 78,66,54,766,60,1514,1385,54,118,224,380,129,129,1385,66,60,566,54,85,60,85,54,581,85,54,54,368,54,85,54,368,54] idle: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] end: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] diff --git a/test/results/flow-info/ocs.pcap.out b/test/results/flow-info/ocs.pcap.out index 020824d19..a87b2756e 100644 --- a/test/results/flow-info/ocs.pcap.out +++ b/test/results/flow-info/ocs.pcap.out @@ -33,13 +33,13 @@ detected: [....15] [ip4][..tcp] [..192.168.180.2][36680] -> [.178.248.208.54][..443] [TLS.OCS][Media][Fun] RISK: Obsolete TLS (v1.1 or older) analyse: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] [HTTP.OCS][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.929| 0.088| 0.173|29794.175| 0.000] [PKTLEN......: 52.000| 715.000| 83.100| 113.800|12942.200| 4.500] [BINS(c->s)..: 31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 83797,14275,246872,572,450,68391,1837,71492,506,5433,4137,41728,146026,90832,71054,77421,63432,3718,80468,1653,86121,564,67336,32599,43283,386587,73735,2510,928563,31722,2140,0] + [IATS(ms)....: 83.8,14.3,246.9,0.6,0.5,68.4,1.8,71.5,0.5,5.4,4.1,41.7,146.0,90.8,71.1,77.4,63.4,3.7,80.5,1.7,86.1,0.6,67.3,32.6,43.3,386.6,73.7,2.5,928.6,31.7,2.1,0.0] [PKTLENS.....: 60,52,715,64,72,72,80,72,72,72,72,72,64,52,64,64,64,52,52,52,52,64,64,64,64,52,52,64,64,52,64,64] new: [....16] [ip4][..tcp] [..192.168.180.2][32946] -> [.64.233.184.188][..443] detected: [....16] [ip4][..tcp] [..192.168.180.2][32946] -> [.64.233.184.188][..443] [TLS.GoogleServices][Web][Acceptable] @@ -60,13 +60,13 @@ new: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] detected: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][Media][Fun] analyse: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.079| 0.027| 0.030| 875.550| 0.000] [PKTLEN......: 52.000| 204.000| 63.900| 26.300| 690.500| 4.900] [BINS(c->s)..: 31,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 71399,1526,54762,1106,3570,59902,605,77,5328,64776,1667,1533,79495,5458,58361,1849,64604,1987,67520,26503,42864,25995,65439,972,48553,1253,1960,1270,75524,1445,4821,0] + [IATS(ms)....: 71.4,1.5,54.8,1.1,3.6,59.9,0.6,0.1,5.3,64.8,1.7,1.5,79.5,5.5,58.4,1.8,64.6,2.0,67.5,26.5,42.9,26.0,65.4,1.0,48.6,1.3,2.0,1.3,75.5,1.4,4.8,0.0] [PKTLENS.....: 60,52,204,52,52,52,52,52,64,64,64,64,72,64,64,72,72,72,64,64,64,52,52,52,52,52,52,52,52,52,64,72] update: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] idle: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][Media][Fun] diff --git a/test/results/flow-info/ocsp.pcapng.out b/test/results/flow-info/ocsp.pcapng.out index 3161ecc06..1223443e3 100644 --- a/test/results/flow-info/ocsp.pcapng.out +++ b/test/results/flow-info/ocsp.pcapng.out @@ -11,22 +11,22 @@ new: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] detected: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Network][Safe] analyse: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Cloud][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.003| 10.243| 7.530| 4.272|18250505.126| 0.000] [PKTLEN......: 118.000| 820.000| 187.000| 189.100|35745.500| 4.500] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0] - [IATS........: 3376,7013,7440,102951,109262,10007824,10012989,10151666,10151973,10240500,10240566,10243102,10242877,10236097,10235872,10239925,10240468,10239857,10239497,5617732,5617894,102927,109302,10148797,10155034,10236056,10236089,10239827,10239709,10239962,0,0] + [IATS(ms)....: 3.4,7.0,7.4,103.0,109.3,10007.8,10013.0,10151.7,10152.0,10240.5,10240.6,10243.1,10242.9,10236.1,10235.9,10239.9,10240.5,10239.9,10239.5,5617.7,5617.9,102.9,109.3,10148.8,10155.0,10236.1,10236.1,10239.8,10239.7,10240.0,0.0,0.0] [PKTLENS.....: 126,126,118,512,118,820,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,512,118,820,118,118,118,118,118,118,118,118] analyse: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.244| 7.440| 4.399|19348030.751| 0.000] [PKTLEN......: 118.000| 1007.000| 198.200| 228.700|52281.300| 4.400] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 12043,16085,280,19618,157130,176931,7779779,7796085,1344,16621,10045906,10060740,10239929,10239733,10239821,10240037,10244027,10243851,10239937,10239981,10236031,10236118,10243927,10244049,10235957,10235895,10239975,10239809,10240030,10240044,10239885,0] + [IATS(ms)....: 12.0,16.1,0.3,19.6,157.1,176.9,7779.8,7796.1,1.3,16.6,10045.9,10060.7,10239.9,10239.7,10239.8,10240.0,10244.0,10243.9,10239.9,10240.0,10236.0,10236.1,10243.9,10244.0,10236.0,10235.9,10240.0,10239.8,10240.0,10240.0,10239.9,0.0] [PKTLENS.....: 126,126,118,504,118,1007,118,504,118,1007,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118] new: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] detected: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] @@ -41,13 +41,13 @@ end: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] end: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] analyse: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.240| 6.308| 4.932|24328020.165| 0.000] [PKTLEN......: 118.000| 917.000| 229.700| 247.800|61420.800| 4.400] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0] - [IATS........: 3075,7547,2588,10413,297,8000,10198565,10205648,10239932,10239686,10240046,10239807,10240147,10240173,10239675,10239894,594543,595404,7786,346,7916,7271,10142015,10148632,10239909,10240023,10239943,10239865,10239954,10239944,10239922,0] + [IATS(ms)....: 3.1,7.5,2.6,10.4,0.3,8.0,10198.6,10205.6,10239.9,10239.7,10240.0,10239.8,10240.1,10240.2,10239.7,10239.9,594.5,595.4,7.8,0.3,7.9,7.3,10142.0,10148.6,10239.9,10240.0,10239.9,10239.9,10240.0,10239.9,10239.9,0.0] [PKTLENS.....: 126,126,118,505,118,917,118,118,118,118,118,118,118,118,118,118,118,505,917,118,505,917,118,118,118,118,118,118,118,118,118,118] DAEMON-EVENT: [Processed: 207 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -57,22 +57,22 @@ detected: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Network][Safe] end: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Network][Safe] analyse: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 10.241| 7.851| 4.241|17983611.077| 0.000] [PKTLEN......: 118.000| 1462.000| 193.500| 263.000|69147.600| 4.300] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 3378,7400,923,8114,615,9140,10126876,10134843,10240392,10240491,10239169,10239578,10239933,10239705,10239910,10239519,10239942,10240185,10239877,10240084,10240632,10240175,10239571,10239443,10239518,10240005,10239975,10240013,2594877,0,0,0] + [IATS(ms)....: 3.4,7.4,0.9,8.1,0.6,9.1,10126.9,10134.8,10240.4,10240.5,10239.2,10239.6,10239.9,10239.7,10239.9,10239.5,10239.9,10240.2,10239.9,10240.1,10240.6,10240.2,10239.6,10239.4,10239.5,10240.0,10240.0,10240.0,2594.9,0.0,0.0,0.0] [PKTLENS.....: 126,126,118,519,118,1462,772,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118] analyse: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.241| 7.462| 4.365|19049033.499| 0.000] [PKTLEN......: 118.000| 1124.000| 162.300| 185.900|34567.000| 4.500] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 11963,16479,379,17094,109967,126649,9996419,10012379,10239928,10239783,10239896,10240232,10239903,10239633,10239951,10239961,10239904,10240133,10239949,10239714,10239909,10239972,10240568,10240566,10239801,10239750,10239347,10239527,3107000,3107879,16865,0] + [IATS(ms)....: 12.0,16.5,0.4,17.1,110.0,126.6,9996.4,10012.4,10239.9,10239.8,10239.9,10240.2,10239.9,10239.6,10240.0,10240.0,10239.9,10240.1,10239.9,10239.7,10239.9,10240.0,10240.6,10240.6,10239.8,10239.8,10239.3,10239.5,3107.0,3107.9,16.9,0.0] [PKTLENS.....: 126,126,118,514,118,1124,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118] DAEMON-EVENT: [Processed: 274 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -84,13 +84,13 @@ detected: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Network][Safe] end: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Network][Safe] analyse: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.241| 4.682| 4.929|24292207.100| 0.000] [PKTLEN......: 118.000| 1566.000| 338.200| 431.700|186386.900| 4.200] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 12234,16624,475,17773,3362,21718,1169650,1186786,9796,24736,1031529,1046686,2550,18982,10158449,10174381,10240180,10240467,10240694,10240443,10239931,10239902,10238718,10240083,10241196,0,0,0,0,0,0,0] + [IATS(ms)....: 12.2,16.6,0.5,17.8,3.4,21.7,1169.7,1186.8,9.8,24.7,1031.5,1046.7,2.5,19.0,10158.4,10174.4,10240.2,10240.5,10240.7,10240.4,10239.9,10239.9,10238.7,10240.1,10241.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 126,126,118,504,118,1566,627,118,118,504,118,1566,627,118,118,505,118,1566,628,118,118,118,118,118,118,118,118,118,118,118,118,118] end: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/ookla.pcap.out b/test/results/flow-info/ookla.pcap.out index 58daa6550..01d5601ce 100644 --- a/test/results/flow-info/ookla.pcap.out +++ b/test/results/flow-info/ookla.pcap.out @@ -6,13 +6,13 @@ new: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] detected: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Network][Safe] analyse: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Network][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.138| 0.055| 0.033| 1064.798| 0.000] [PKTLEN......: 66.000| 100.000| 77.900| 9.700| 93.700| 5.000] [BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 36785,36897,27990,64017,72,36059,38392,72665,34304,27134,61863,34745,97665,133205,35538,27694,63063,35336,68477,103729,35275,26006,61113,35107,103239,137734,34506,32637,67251,34614,94056,0] + [IATS(ms)....: 36.8,36.9,28.0,64.0,0.1,36.1,38.4,72.7,34.3,27.1,61.9,34.7,97.7,133.2,35.5,27.7,63.1,35.3,68.5,103.7,35.3,26.0,61.1,35.1,103.2,137.7,34.5,32.6,67.3,34.6,94.1,0.0] [PKTLENS.....: 78,74,66,69,66,100,66,85,85,66,85,85,66,85,85,66,85,85,66,85,85,66,85,85,66,85,85,66,85,85,66,85] end: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Network][Safe] end: [.....1] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Network][Safe] diff --git a/test/results/flow-info/openvpn.pcap.out b/test/results/flow-info/openvpn.pcap.out index fcffb9258..5987e4216 100644 --- a/test/results/flow-info/openvpn.pcap.out +++ b/test/results/flow-info/openvpn.pcap.out @@ -5,13 +5,13 @@ detected: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.998| 0.088| 0.234|54526.591| 0.000] [PKTLEN......: 66.000| 371.000| 154.300| 75.300| 5671.500| 4.800] [BINS(c->s)..: 6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1] - [IATS........: 54914,54953,945324,997748,484,52895,181,76406,76231,41001,2720,125,43907,139,238,305,40498,40497,41001,40993,125,124,261,41001,40990,40292,40328,460,133,578,40117,0] + [IATS(ms)....: 54.9,55.0,945.3,997.7,0.5,52.9,0.2,76.4,76.2,41.0,2.7,0.1,43.9,0.1,0.2,0.3,40.5,40.5,41.0,41.0,0.1,0.1,0.3,41.0,41.0,40.3,40.3,0.5,0.1,0.6,40.1,0.0] [PKTLENS.....: 74,74,66,110,66,122,66,118,66,371,66,222,210,118,210,210,66,210,222,210,118,210,210,66,210,222,210,118,210,210,66,210] DAEMON-EVENT: [Processed: 95 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -19,13 +19,13 @@ detected: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.196| 0.045| 0.060| 3547.546| 0.000] [PKTLEN......: 84.000| 345.000| 140.400| 58.600| 3436.100| 4.900] [BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 195179,195816,838,177248,176180,535,476,500,395,473,450,98532,98585,29601,29590,19812,19831,411,519,50093,49983,29934,29992,20280,20221,9484,9461,38312,38344,31856,31865,0] + [IATS(ms)....: 195.2,195.8,0.8,177.2,176.2,0.5,0.5,0.5,0.4,0.5,0.5,98.5,98.6,29.6,29.6,19.8,19.8,0.4,0.5,50.1,50.0,29.9,30.0,20.3,20.2,9.5,9.5,38.3,38.3,31.9,31.9,0.0] [PKTLENS.....: 84,96,92,345,196,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92] idle: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port @@ -35,13 +35,13 @@ detected: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.242| 0.188| 0.537|288658.031| 0.000] [PKTLEN......: 84.000| 345.000| 137.300| 58.900| 3466.400| 4.900] [BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 2195888,2242452,46716,128,203103,15136,218070,621,558,521,518,3451,3482,185164,185172,417,398,39454,39467,9396,9396,82274,82279,3757,3775,34199,34189,15722,15714,74305,74299,0] + [IATS(ms)....: 2195.9,2242.5,46.7,0.1,203.1,15.1,218.1,0.6,0.6,0.5,0.5,3.5,3.5,185.2,185.2,0.4,0.4,39.5,39.5,9.4,9.4,82.3,82.3,3.8,3.8,34.2,34.2,15.7,15.7,74.3,74.3,0.0] [PKTLENS.....: 84,84,96,92,345,92,196,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92] idle: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/pgm.pcap.out b/test/results/flow-info/pgm.pcap.out index 99dbba2cd..58730cc42 100644 --- a/test/results/flow-info/pgm.pcap.out +++ b/test/results/flow-info/pgm.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] detected: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Network][Acceptable] analyse: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.841| 0.063| 0.156|24250.839| 0.000] [PKTLEN......: 70.000| 1344.000| 203.200| 214.800|46132.500| 4.600] [BINS(c->s)..: 0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 840685,20786,25,36771,5581,109,6559,20,17008,16,14904,14731,16,37275,29,168236,95027,1618,67043,1565,11009,51225,29,243023,25455,15996,6391,15033,3510,84,240009,0] + [IATS(ms)....: 840.7,20.8,0.0,36.8,5.6,0.1,6.6,0.0,17.0,0.0,14.9,14.7,0.0,37.3,0.0,168.2,95.0,1.6,67.0,1.6,11.0,51.2,0.0,243.0,25.5,16.0,6.4,15.0,3.5,0.1,240.0,0.0] [PKTLENS.....: 70,129,127,321,1344,206,126,130,170,285,252,333,179,131,227,313,129,141,148,128,129,144,146,145,128,135,133,134,133,135,126,127] idle: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/pinterest.pcap.out b/test/results/flow-info/pinterest.pcap.out index 0289760ca..805bfdcd7 100644 --- a/test/results/flow-info/pinterest.pcap.out +++ b/test/results/flow-info/pinterest.pcap.out @@ -8,13 +8,13 @@ detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] analyse: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.172| 0.014| 0.033| 1083.758| 0.000] [PKTLEN......: 86.000| 1134.000| 378.100| 421.400|177613.600| 4.200] [BINS(c->s)..: 10,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1] - [IATS........: 17629,17683,505,39969,1745,1,2,41182,41,13,234,2,175,23,26,7012,281,424,41621,1,1,33877,492,1,473,243,41960,172415,2,1,0,0] + [IATS(ms)....: 17.6,17.7,0.5,40.0,1.7,0.0,0.0,41.2,0.0,0.0,0.2,0.0,0.2,0.0,0.0,7.0,0.3,0.4,41.6,0.0,0.0,33.9,0.5,0.0,0.5,0.2,42.0,172.4,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,1134,1134,86,86,86,1134,1134,168,86,86,86,179,185,451,86,86,344,86,152,86,86,124,86,1134,1134,563] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] new: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] @@ -45,13 +45,13 @@ new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] [MIDSTREAM] new: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][34626] -> [.....................64:ff9b::acd9:13e2][..443] [MIDSTREAM] analyse: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.054| 0.008| 0.015| 223.156| 0.000] [PKTLEN......: 86.000| 1474.000| 395.000| 486.900|237029.200| 4.100] [BINS(c->s)..: 9,1,1,1,0,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,1,0,0,1,0] - [IATS........: 29210,29304,461,30605,2146,1,1,1,32223,44,9,7,7205,255,2012,156,139,311,354,53871,1,222,1,43618,1326,1,1343,231,798,527,0,0] + [IATS(ms)....: 29.2,29.3,0.5,30.6,2.1,0.0,0.0,0.0,32.2,0.0,0.0,0.0,7.2,0.3,2.0,0.2,0.1,0.3,0.4,53.9,0.0,0.2,0.0,43.6,1.3,0.0,1.3,0.2,0.8,0.5,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1474,1474,1474,1244,86,86,86,86,179,185,377,397,364,1040,342,86,86,86,344,86,152,86,86,86,124,1474,86] new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe] @@ -62,47 +62,47 @@ detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Web][Acceptable] detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.009| 0.014| 199.945| 0.000] [PKTLEN......: 86.000| 1294.000| 265.000| 327.800|107441.100| 4.200] [BINS(c->s)..: 12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1] - [IATS........: 26021,26034,177,34476,9474,43788,3,51,24,2375,110,130,39176,1,238,310,37117,263,3095,2873,7183,1,7144,49,3,681,625,589,26257,0,0,0] + [IATS(ms)....: 26.0,26.0,0.2,34.5,9.5,43.8,0.0,0.1,0.0,2.4,0.1,0.1,39.2,0.0,0.2,0.3,37.1,0.3,3.1,2.9,7.2,0.0,7.1,0.0,0.0,0.7,0.6,0.6,26.3,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,303,86,150,178,409,86,86,86,666,86,117,117,86,507,832,281,86,86,86,125,86,125,86] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.133| 0.017| 0.031| 941.058| 0.000] [PKTLEN......: 86.000| 1294.000| 323.400| 401.100|160869.700| 4.200] [BINS(c->s)..: 11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0] - [IATS........: 23500,23520,222,32278,1902,1,33966,35,25,324,242,8,1731,75,102,35078,5741,3731,1,42641,14,135,39228,93613,132689,1225,118,74,0,0,0,0] + [IATS(ms)....: 23.5,23.5,0.2,32.3,1.9,0.0,34.0,0.0,0.0,0.3,0.2,0.0,1.7,0.1,0.1,35.1,5.7,3.7,0.0,42.6,0.0,0.1,39.2,93.6,132.7,1.2,0.1,0.1,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,1294,86,86,86,1294,187,86,86,150,178,465,86,86,666,117,86,86,86,117,86,344,86,125,243,585] detected: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Web][Safe] detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Web][Safe] detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Media][Safe] analyse: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.090| 0.016| 0.023| 544.707| 0.000] [PKTLEN......: 86.000| 1134.000| 314.800| 374.800|140490.000| 4.200] [BINS(c->s)..: 11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0] - [IATS........: 39835,39893,388,39880,1850,1,41296,35,60,18,4,565,563,29,2922,2605,564,39805,119,1086,1924,36819,15,203,49740,40102,89623,0,0,0,0,0] + [IATS(ms)....: 39.8,39.9,0.4,39.9,1.9,0.0,41.3,0.0,0.1,0.0,0.0,0.6,0.6,0.0,2.9,2.6,0.6,39.8,0.1,1.1,1.9,36.8,0.0,0.2,49.7,40.1,89.6,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,1134,86,86,1134,1134,86,86,1134,168,86,86,179,185,382,86,86,86,344,152,86,86,124,86,530,260,86] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] analyse: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.050| 0.009| 0.016| 268.348| 0.000] [PKTLEN......: 86.000| 1474.000| 512.700| 595.900|355070.700| 4.100] [BINS(c->s)..: 12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1] - [IATS........: 50290,50337,220,31719,3102,34561,13,675,659,1179,1,1182,11,2643,116,155,32346,1,29460,6,548,1,514,15,6,589,0,0,0,0,0,0] + [IATS(ms)....: 50.3,50.3,0.2,31.7,3.1,34.6,0.0,0.7,0.7,1.2,0.0,1.2,0.0,2.6,0.1,0.2,32.3,0.0,29.5,0.0,0.5,0.0,0.5,0.0,0.0,0.6,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1474,1474,86,86,1474,86,1474,1219,86,86,179,185,454,86,86,86,344,152,86,86,1474,1474,1474,86,86,86,1474] detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Media][Safe] new: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] @@ -115,31 +115,31 @@ detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Web][Acceptable] detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][SocialNetwork][Fun] analyse: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.077| 0.017| 0.027| 751.406| 0.000] [PKTLEN......: 86.000| 1294.000| 421.600| 486.000|236213.000| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0] - [IATS........: 76818,76867,1845,47286,29961,75361,6,2,2110,577,1618,47934,88,1,1,1,1,43713,12,4,2,3,3,4,0,0,0,0,0,0,0,0] + [IATS(ms)....: 76.8,76.9,1.8,47.3,30.0,75.4,0.0,0.0,2.1,0.6,1.6,47.9,0.1,0.0,0.0,0.0,0.0,43.7,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,356,86,86,86,150,178,400,86,86,86,666,117,484,1294,1294,1294,1294,1294,86,86,86,86,86,86,86] analyse: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.079| 0.014| 0.022| 503.587| 0.000] [PKTLEN......: 86.000| 1294.000| 436.100| 496.100|246097.600| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,1,0,0,0,0,1,1] - [IATS........: 51607,51735,639,27991,20462,1,47699,14,8,3349,184,136,69956,1,28,13172,79486,329,8681,8388,16746,3,2,2,16717,40,14,21,164,2,0,0] + [IATS(ms)....: 51.6,51.7,0.6,28.0,20.5,0.0,47.7,0.0,0.0,3.3,0.2,0.1,70.0,0.0,0.0,13.2,79.5,0.3,8.7,8.4,16.7,0.0,0.0,0.0,16.7,0.0,0.0,0.0,0.2,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,326,86,86,86,150,178,347,86,86,86,666,86,117,117,86,1002,1294,1294,1294,86,86,86,86,1294,1294] analyse: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.093| 0.012| 0.022| 484.499| 0.000] [PKTLEN......: 86.000| 1466.000| 285.000| 368.400|135732.300| 4.200] [BINS(c->s)..: 12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0] - [IATS........: 26987,27077,236,32338,1,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879,0,0] + [IATS(ms)....: 27.0,27.1,0.2,32.3,0.0,32.0,0.0,3.9,0.4,0.1,64.7,93.2,0.0,0.0,0.3,0.0,0.0,0.0,24.3,0.0,0.0,0.0,0.2,0.0,0.0,0.1,0.0,0.0,4.4,39.9,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1466,993,86,86,150,178,344,344,86,86,86,265,166,130,667,86,86,86,86,497,1466,128,86,86,86,117,213] new: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][SocialNetwork][Fun] @@ -150,43 +150,43 @@ new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [MIDSTREAM] detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Web][Safe] analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.029| 0.002| 0.007| 49.867| 0.000] [PKTLEN......: 86.000| 1294.000| 752.800| 578.200|334348.700| 4.500] [BINS(c->s)..: 7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1] - [IATS........: 202,23469,160,5107,2,28590,251,1,1,2,214,4,31,19,391,1,1,397,8,1304,1,1316,72,1,1,0,0,0,0,0,0,0] + [IATS(ms)....: 0.2,23.5,0.2,5.1,0.0,28.6,0.3,0.0,0.0,0.0,0.2,0.0,0.0,0.0,0.4,0.0,0.0,0.4,0.0,1.3,0.0,1.3,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 244,209,86,86,277,1294,86,1294,1294,1294,1294,86,86,1294,1294,86,1294,1294,1294,1294,86,86,1294,1294,251,125,213,86,1294,1294,1294,1294] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable] detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable] analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.486| 0.068| 0.273|74793.992| 0.000] [PKTLEN......: 86.000| 1294.000| 252.100| 317.700|100919.600| 4.200] [BINS(c->s)..: 11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0] - [IATS........: 55481,55557,2604,45080,17803,15,60231,16,286,275,9398,2484,606,42880,228,1,30633,193,14864,14650,23014,23014,8,85,70,1606,29384,1485939,0,0,0,0] + [IATS(ms)....: 55.5,55.6,2.6,45.1,17.8,0.0,60.2,0.0,0.3,0.3,9.4,2.5,0.6,42.9,0.2,0.0,30.6,0.2,14.9,14.7,23.0,23.0,0.0,0.1,0.1,1.6,29.4,1485.9,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,587,86,150,178,458,86,86,86,666,86,117,117,86,476,149,86,86,125,86,86,125,86,251] analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.009| 0.013| 174.232| 0.000] [PKTLEN......: 86.000| 1294.000| 432.800| 492.400|242485.900| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0] - [IATS........: 23434,23612,605,27825,5261,2,32335,48,7,3191,171,159,42968,880,1,157,40413,894,3393,2534,21369,1,21337,22,7799,1,1,7829,32,0,0,0] + [IATS(ms)....: 23.4,23.6,0.6,27.8,5.3,0.0,32.3,0.0,0.0,3.2,0.2,0.2,43.0,0.9,0.0,0.2,40.4,0.9,3.4,2.5,21.4,0.0,21.3,0.0,7.8,0.0,0.0,7.8,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,336,86,86,86,150,178,341,86,86,86,666,86,117,117,86,890,1294,86,86,1294,1294,1294,1294,86,86] analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.522| 0.133| 0.377|141791.068| 0.000] [PKTLEN......: 86.000| 1466.000| 273.400| 363.600|132225.800| 4.100] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,1,0,1] - [IATS........: 51050,51117,702,184290,1,183671,66,7538,8559,3870,48706,3,10603,1,1,39192,55,6,1700,5826,4025,34675,42375,77042,1489773,1522186,1,32460,71970,0,0,0] + [IATS(ms)....: 51.0,51.1,0.7,184.3,0.0,183.7,0.1,7.5,8.6,3.9,48.7,0.0,10.6,0.0,0.0,39.2,0.1,0.0,1.7,5.8,4.0,34.7,42.4,77.0,1489.8,1522.2,0.0,32.5,72.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1466,994,86,86,150,178,456,86,86,86,257,166,117,86,86,86,117,121,86,86,506,86,632,86,121,86,1388] new: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56940] -> [......................2a04:4e42:1d::720][..443] [MIDSTREAM] new: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] [MIDSTREAM] @@ -207,22 +207,22 @@ detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Advertisement][Acceptable] analyse: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Advertisement][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.157| 0.019| 0.038| 1426.179| 0.000] [PKTLEN......: 86.000| 1294.000| 427.000| 486.700|236885.800| 4.200] [BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0] - [IATS........: 46894,46909,201,112030,45428,2,157269,9,5,2935,270,2964,37660,1,1100,1,32562,12,3,631,955,1,308,7,3,3,0,0,0,0,0,0] + [IATS(ms)....: 46.9,46.9,0.2,112.0,45.4,0.0,157.3,0.0,0.0,2.9,0.3,3.0,37.7,0.0,1.1,0.0,32.6,0.0,0.0,0.6,1.0,0.0,0.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,563,86,86,86,150,178,351,86,86,86,666,500,1294,86,86,86,117,1294,1294,1294,1294,86,86,86,86] analyse: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.136| 0.027| 0.042| 1750.865| 0.000] [PKTLEN......: 86.000| 1474.000| 444.600| 544.300|296293.800| 4.100] [BINS(c->s)..: 9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1] - [IATS........: 46509,46553,392,49783,3591,52945,10,1267,1,1272,3,2358,266,496,109019,1,1,105909,5,6,6499,35807,111148,135965,1,2,0,0,0,0,0,0] + [IATS(ms)....: 46.5,46.6,0.4,49.8,3.6,52.9,0.0,1.3,0.0,1.3,0.0,2.4,0.3,0.5,109.0,0.0,0.0,105.9,0.0,0.0,6.5,35.8,111.1,136.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1474,1474,86,86,1474,1244,86,86,179,185,352,86,86,344,152,86,584,86,86,86,124,86,224,86,1474,1474,1474] detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] @@ -230,13 +230,13 @@ detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Web][Safe] detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Media][Safe] analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.045| 0.007| 0.012| 147.627| 0.000] [PKTLEN......: 86.000| 1134.000| 391.700| 441.200|194656.500| 4.200] [BINS(c->s)..: 11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1] - [IATS........: 20965,21014,506,37100,8905,1,45476,39,2004,2,1,1,1959,29,12,7,90,33,7803,454,394,31006,1,387,1,22756,38,359,8296,2575,2,0] + [IATS(ms)....: 21.0,21.0,0.5,37.1,8.9,0.0,45.5,0.0,2.0,0.0,0.0,0.0,2.0,0.0,0.0,0.0,0.1,0.0,7.8,0.5,0.4,31.0,0.0,0.4,0.0,22.8,0.0,0.4,8.3,2.6,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,1134,86,86,1134,1134,1134,1134,86,86,86,86,127,86,179,185,356,86,86,344,152,86,86,124,86,1134,1134] detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Media][Safe] guessed: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/pop3_stls.pcap.out b/test/results/flow-info/pop3_stls.pcap.out index c5715ef6f..fa44f44e9 100644 --- a/test/results/flow-info/pop3_stls.pcap.out +++ b/test/results/flow-info/pop3_stls.pcap.out @@ -11,13 +11,13 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Email][Safe] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) analyse: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.072| 0.263| 0.525|275477.529| 0.000] [PKTLEN......: 54.000| 1514.000| 248.500| 417.000|173868.900| 3.800] [BINS(c->s)..: 9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1] - [IATS........: 68193,68972,68661,120626,119751,1003135,1075317,72544,524,70840,70284,69545,70981,215,69915,69104,262,69187,6957,114416,36010,229437,154000,2002867,2072094,69067,658,117241,116699,68875,75810,0] + [IATS(ms)....: 68.2,69.0,68.7,120.6,119.8,1003.1,1075.3,72.5,0.5,70.8,70.3,69.5,71.0,0.2,69.9,69.1,0.3,69.2,7.0,114.4,36.0,229.4,154.0,2002.9,2072.1,69.1,0.7,117.2,116.7,68.9,75.8,0.0] [PKTLENS.....: 66,66,54,65,60,60,82,60,60,203,60,91,222,1514,1514,54,1514,414,54,368,60,292,85,60,107,85,60,222,98,103,96,103] detection-update: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Email][Safe] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) diff --git a/test/results/flow-info/pps.pcap.out b/test/results/flow-info/pps.pcap.out index dffbdd8cc..ad8b314bb 100644 --- a/test/results/flow-info/pps.pcap.out +++ b/test/results/flow-info/pps.pcap.out @@ -9,46 +9,46 @@ new: [.....6] [ip4][..udp] [..192.168.115.8][22793] -> [.111.249.53.196][32443] new: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] analyse: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.014| 0.003| 0.004| 16.289| 0.000] [PKTLEN......: 79.000| 1107.000| 400.200| 476.500|227043.400| 4.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1] - [IATS........: 306,331,2951,1986,4674,337,125,2,561,612,2012,866,221,1880,1060,119,11920,11824,91,13556,13473,115,2750,2611,216,1278,998,122,1608,1850,320,0] + [IATS(ms)....: 0.3,0.3,3.0,2.0,4.7,0.3,0.1,0.0,0.6,0.6,2.0,0.9,0.2,1.9,1.1,0.1,11.9,11.8,0.1,13.6,13.5,0.1,2.8,2.6,0.2,1.3,1.0,0.1,1.6,1.9,0.3,0.0] [PKTLENS.....: 1107,79,79,1107,1107,79,79,79,79,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79] not-detected: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793] [Unknown][Unrated] analyse: [.....3] [ip4][..udp] [..192.168.115.8][22793] -> [...114.42.0.158][.7716] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.013| 0.002| 0.004| 13.731| 0.000] [PKTLEN......: 79.000| 1107.000| 400.200| 476.500|227043.400| 4.000] [BINS(c->s)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS........: 314,12554,12553,190,1137,940,141,1586,1472,244,2060,1844,332,694,598,286,1704,1051,140,3586,5819,415,11908,9064,111,1248,1392,110,1452,1075,107,0] + [IATS(ms)....: 0.3,12.6,12.6,0.2,1.1,0.9,0.1,1.6,1.5,0.2,2.1,1.8,0.3,0.7,0.6,0.3,1.7,1.1,0.1,3.6,5.8,0.4,11.9,9.1,0.1,1.2,1.4,0.1,1.5,1.1,0.1,0.0] [PKTLENS.....: 79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79] not-detected: [.....3] [ip4][..udp] [..192.168.115.8][22793] -> [...114.42.0.158][.7716] [Unknown][Unrated] new: [.....8] [ip4][..udp] [.183.228.182.44][13913] -> [..192.168.115.8][22793] analyse: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.027| 0.009| 0.008| 71.240| 0.000] [PKTLEN......: 79.000| 1107.000| 400.200| 476.500|227043.400| 4.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,1,0,1,1,0] - [IATS........: 354,233,4927,176,24291,18871,121,5388,6873,160,19127,17570,126,13829,13759,135,13082,15439,116,26979,24414,172,9012,10973,385,1993,887,14115,8282,98,12123,0] + [IATS(ms)....: 0.4,0.2,4.9,0.2,24.3,18.9,0.1,5.4,6.9,0.2,19.1,17.6,0.1,13.8,13.8,0.1,13.1,15.4,0.1,27.0,24.4,0.2,9.0,11.0,0.4,2.0,0.9,14.1,8.3,0.1,12.1,0.0] [PKTLENS.....: 1107,79,79,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107] not-detected: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793] [Unknown][Unrated] new: [.....9] [ip4][..tcp] [..192.168.115.8][50462] -> [.202.108.14.236][...80] [MIDSTREAM] new: [....10] [ip4][..tcp] [...192.168.5.15][65125] -> [.68.233.253.133][...80] [MIDSTREAM] analyse: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.070| 0.024| 0.021| 457.568| 0.000] [PKTLEN......: 79.000| 1107.000| 336.000| 445.100|198147.000| 4.000] [BINS(c->s)..: 0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0] - [IATS........: 416,29926,29688,118,32027,32808,298,45715,281,69635,23035,67,41991,41569,116,35956,327,59526,23042,142,31796,32196,302,44442,309,68337,22748,167,30877,30767,160,0] + [IATS(ms)....: 0.4,29.9,29.7,0.1,32.0,32.8,0.3,45.7,0.3,69.6,23.0,0.1,42.0,41.6,0.1,36.0,0.3,59.5,23.0,0.1,31.8,32.2,0.3,44.4,0.3,68.3,22.7,0.2,30.9,30.8,0.2,0.0] [PKTLENS.....: 79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79] not-detected: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] [Unknown][Unrated] new: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] @@ -78,13 +78,13 @@ new: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] new: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] analyse: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.108| 0.029| 0.031| 941.853| 0.000] [PKTLEN......: 61.000| 1107.000| 303.300| 425.300|180865.500| 3.900] [BINS(c->s)..: 0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1] - [IATS........: 939,52844,52258,255,55452,67,77746,21970,217,78270,79276,484,437,117,46524,44383,93,18436,18537,325,35971,83,108044,71536,720,28274,507,45891,16142,358,33466,0] + [IATS(ms)....: 0.9,52.8,52.3,0.3,55.5,0.1,77.7,22.0,0.2,78.3,79.3,0.5,0.4,0.1,46.5,44.4,0.1,18.4,18.5,0.3,36.0,0.1,108.0,71.5,0.7,28.3,0.5,45.9,16.1,0.4,33.5,0.0] [PKTLENS.....: 79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,79,79,1107,79,79,61] not-detected: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] [Unknown][Unrated] new: [....37] [ip4][..tcp] [..192.168.115.8][50463] -> [.101.227.200.11][...80] [MIDSTREAM] @@ -219,13 +219,13 @@ new: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [MIDSTREAM] detected: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] analyse: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.036| 0.003| 0.009| 84.840| 0.000] [PKTLEN......: 198.000| 1314.000| 1221.000| 293.900|86398.000| 4.900] [BINS(c->s)..: 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 2901,35025,35765,2,54,1038,2,1,1,1,1,1,4098,1,1,1,1,557,2,1,1,4317,82,1,1,1,1,0,0,0,0,0] + [IATS(ms)....: 2.9,35.0,35.8,0.0,0.1,1.0,0.0,0.0,0.0,0.0,0.0,0.0,4.1,0.0,0.0,0.0,0.0,0.6,0.0,0.0,0.0,4.3,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 198,566,202,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314] new: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900] detected: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] @@ -268,13 +268,13 @@ new: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [MIDSTREAM] detected: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] analyse: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.061| 0.005| 0.014| 183.828| 0.000] [PKTLEN......: 303.000| 1314.000| 1282.400| 175.900|30943.100| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 61439,3,3,1,1,30336,2,1,1,25868,1,484,2,1,1,574,2,3519,3,772,1,1,1,1,1,2191,0,0,0,0,0,0] + [IATS(ms)....: 61.4,0.0,0.0,0.0,0.0,30.3,0.0,0.0,0.0,25.9,0.0,0.5,0.0,0.0,0.0,0.6,0.0,3.5,0.0,0.8,0.0,0.0,0.0,0.0,0.0,2.2,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 303,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314] new: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] detected: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] @@ -283,13 +283,13 @@ new: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [MIDSTREAM] detected: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] analyse: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.063| 0.006| 0.016| 268.635| 0.000] [PKTLEN......: 303.000| 1314.000| 1282.400| 175.900|30943.100| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 62853,7,1,1,1,1,28633,3,1,57886,1,1,29,1,1,276,1,311,1,3236,49,2,773,2,1,1,2,0,0,0,0,0] + [IATS(ms)....: 62.9,0.0,0.0,0.0,0.0,0.0,28.6,0.0,0.0,57.9,0.0,0.0,0.0,0.0,0.0,0.3,0.0,0.3,0.0,3.2,0.0,0.0,0.8,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 303,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314] update: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [MIDSTREAM] diff --git a/test/results/flow-info/psiphon3.pcap.out b/test/results/flow-info/psiphon3.pcap.out index aa7f1f574..7bdfc5de8 100644 --- a/test/results/flow-info/psiphon3.pcap.out +++ b/test/results/flow-info/psiphon3.pcap.out @@ -9,13 +9,13 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable] RISK: Missing SNI TLS Extn analyse: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.046| 0.011| 0.012| 137.508| 0.000] [PKTLEN......: 40.000| 1500.000| 277.500| 421.900|177964.300| 3.800] [BINS(c->s)..: 10,1,3,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0] - [IATS........: 6003,17375,14372,998,15961,7000,4998,3002,27963,1997,2998,1002,7002,25852,1389,4047,20760,1037,46102,1001,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 6.0,17.4,14.4,1.0,16.0,7.0,5.0,3.0,28.0,2.0,3.0,1.0,7.0,25.9,1.4,4.0,20.8,1.0,46.1,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048] detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable] RISK: Missing SNI TLS Extn diff --git a/test/results/flow-info/quic-28.pcap.out b/test/results/flow-info/quic-28.pcap.out index 3c6efc732..bcb88f50f 100644 --- a/test/results/flow-info/quic-28.pcap.out +++ b/test/results/flow-info/quic-28.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] detected: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC.Cloudflare][Web][Acceptable] analyse: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC.Cloudflare][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.021| 0.006| 0.007| 51.479| 0.000] [PKTLEN......: 85.000| 1242.000| 343.800| 425.600|181138.200| 4.100] [BINS(c->s)..: 0,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,9,3,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,0,1,1,0,0,1,1,0,0,1] - [IATS........: 13634,13791,13932,1053,15111,1394,4,2,2195,342,15,8,10,14715,11,4,4,3,4,4,3,13849,1181,10523,11750,5487,19948,6547,20960,4038,19076,0] + [IATS(ms)....: 13.6,13.8,13.9,1.1,15.1,1.4,0.0,0.0,2.2,0.3,0.0,0.0,0.0,14.7,0.0,0.0,0.0,0.0,0.0,0.0,0.0,13.8,1.2,10.5,11.8,5.5,19.9,6.5,21.0,4.0,19.1,0.0] [PKTLENS.....: 1242,89,1242,113,203,1242,1238,1239,259,152,103,85,85,168,112,557,85,85,110,85,85,85,85,85,700,85,147,85,859,85,122,86] idle: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC.Cloudflare][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-33.pcapng.out b/test/results/flow-info/quic-33.pcapng.out index 4c09763f5..3d27e5175 100644 --- a/test/results/flow-info/quic-33.pcapng.out +++ b/test/results/flow-info/quic-33.pcapng.out @@ -5,13 +5,13 @@ detected: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.003| 0.000| 0.001| 0.627| 0.000] [PKTLEN......: 115.000| 1502.000| 1004.900| 605.000|366070.200| 4.700] [BINS(c->s)..: 0,4,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,15,0,0] [DIRECTIONS..: 0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 2813,127,21,3446,599,267,22,367,71,407,38,1140,1379,530,25,290,50,285,35,19,16,16,16,16,15,17,16,46,17,16,16,0] + [IATS(ms)....: 2.8,0.1,0.0,3.4,0.6,0.3,0.0,0.4,0.1,0.4,0.0,1.1,1.4,0.5,0.0,0.3,0.1,0.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 1294,1294,805,1502,115,117,209,117,1294,1294,373,1502,501,245,117,117,117,117,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502] idle: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn diff --git a/test/results/flow-info/quic-mvfst-22.pcap.out b/test/results/flow-info/quic-mvfst-22.pcap.out index ce8549613..87584d58c 100644 --- a/test/results/flow-info/quic-mvfst-22.pcap.out +++ b/test/results/flow-info/quic-mvfst-22.pcap.out @@ -2,13 +2,13 @@ new: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] detected: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] analyse: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.091| 0.169| 0.515|264779.547| 0.000] [PKTLEN......: 66.000| 1294.000| 630.500| 577.000|332915.800| 4.300] [BINS(c->s)..: 1,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,3,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,0,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,1,1,1,1] - [IATS........: 6626,174,24,23,15783,192,68,25740,16544,24398,2090987,2072824,30640,212689,1822,115,243417,45,25374,21896,80671,49,21,8,9,96673,35817,60860,70,11,0,0] + [IATS(ms)....: 6.6,0.2,0.0,0.0,15.8,0.2,0.1,25.7,16.5,24.4,2091.0,2072.8,30.6,212.7,1.8,0.1,243.4,0.0,25.4,21.9,80.7,0.0,0.0,0.0,0.0,96.7,35.8,60.9,0.1,0.0,0.0,0.0] [PKTLENS.....: 1274,1294,1294,235,95,1274,120,109,80,275,73,66,1142,70,74,612,1274,1235,70,70,74,66,1294,1294,1294,1294,98,79,66,1294,1294,1294] update: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] idle: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] diff --git a/test/results/flow-info/quic-mvfst-22_decryption_error.pcap.out b/test/results/flow-info/quic-mvfst-22_decryption_error.pcap.out index 8b2f79faa..21765df4b 100644 --- a/test/results/flow-info/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/flow-info/quic-mvfst-22_decryption_error.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [..10.230.40.168][62196] -> [..94.97.225.146][..443] detected: [.....1] [ip4][..udp] [..10.230.40.168][62196] -> [..94.97.225.146][..443] [QUIC][Web][Acceptable] analyse: [.....1] [ip4][..udp] [..10.230.40.168][62196] -> [..94.97.225.146][..443] [QUIC][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.003| 0.002| 0.001| 0.889| 0.000] [PKTLEN......: 60.000| 1280.000| 708.500| 531.100|282057.000| 4.500] [BINS(c->s)..: 0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,3,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 1000,3000,1000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 1.0,3.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 1260,106,106,106,698,698,698,60,60,60,66,66,66,261,261,261,400,400,400,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280] idle: [.....1] [ip4][..udp] [..10.230.40.168][62196] -> [..94.97.225.146][..443] [QUIC][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-v2-01.pcapng.out b/test/results/flow-info/quic-v2-01.pcapng.out index 9a58a143d..db094e430 100644 --- a/test/results/flow-info/quic-v2-01.pcapng.out +++ b/test/results/flow-info/quic-v2-01.pcapng.out @@ -5,13 +5,13 @@ detected: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.003| 0.000| 0.001| 0.343| 0.000] [PKTLEN......: 97.000| 1482.000| 1045.900| 592.800|351417.000| 4.700] [BINS(c->s)..: 0,4,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0] [BINS(s->c)..: 0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,18,0,0] [DIRECTIONS..: 0,1,1,1,0,0,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,0,1] - [IATS........: 2220,34,85,2611,15,161,480,75,75,407,511,344,364,20,7,7,7,5,8,6,304,236,17,5,4,4,3,7,5,393,329,0] + [IATS(ms)....: 2.2,0.0,0.1,2.6,0.0,0.2,0.5,0.1,0.1,0.4,0.5,0.3,0.4,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.3,0.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.4,0.3,0.0] [PKTLENS.....: 1294,1294,766,1482,445,1482,225,97,97,481,97,97,225,1482,1482,1482,1482,1482,1482,1482,1482,97,1482,1482,1482,1482,1482,1482,1482,1482,97,1482] idle: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn diff --git a/test/results/flow-info/quic.pcap.out b/test/results/flow-info/quic.pcap.out index 5d9fa8bd0..bbb2e87ee 100644 --- a/test/results/flow-info/quic.pcap.out +++ b/test/results/flow-info/quic.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] detected: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable] analyse: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.198| 0.584| 0.964|929164.558| 0.000] [PKTLEN......: 61.000| 1392.000| 323.100| 382.900|146578.800| 4.200] [BINS(c->s)..: 0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0] [BINS(s->c)..: 4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0] - [IATS........: 46000,60057,14787,65380,2487,93393,168067,168088,622738,681338,42,58036,3119141,3197585,40,12,54064,25544,1951118,28580,2034695,28303,25,7,56884,470823,496378,2190158,2289756,44685,126004,0] + [IATS(ms)....: 46.0,60.1,14.8,65.4,2.5,93.4,168.1,168.1,622.7,681.3,0.0,58.0,3119.1,3197.6,0.0,0.0,54.1,25.5,1951.1,28.6,2034.7,28.3,0.0,0.0,56.9,470.8,496.4,2190.2,2289.8,44.7,126.0,0.0] [PKTLENS.....: 1392,478,1392,79,74,725,82,725,79,214,508,70,82,194,170,69,101,82,79,255,163,77,71,240,61,88,215,79,1190,77,758,469] DAEMON-EVENT: [Processed: 413 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -40,13 +40,13 @@ new: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] detected: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun] analyse: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.829| 0.062| 0.199|39440.069| 0.000] [PKTLEN......: 75.000| 1392.000| 871.800| 620.800|385421.500| 4.500] [BINS(c->s)..: 0,8,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,0,1,1,1,0,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,1,1] - [IATS........: 565,35358,43,40485,132,24017,25957,16828,62,532,35459,51659,446,11,26638,25576,828641,25,803246,620,371,204,811,210,360,238,291,204,540,286,244,0] + [IATS(ms)....: 0.6,35.4,0.0,40.5,0.1,24.0,26.0,16.8,0.1,0.5,35.5,51.7,0.4,0.0,26.6,25.6,828.6,0.0,803.2,0.6,0.4,0.2,0.8,0.2,0.4,0.2,0.3,0.2,0.5,0.3,0.2,0.0] [PKTLENS.....: 1392,387,1392,1392,1392,383,79,82,1392,75,75,85,1392,1392,1188,82,79,1392,1392,82,1392,1392,1392,82,1392,82,1392,1392,1392,82,1392,1392] idle: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] [QUIC.Google][Web][Acceptable] guessed: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443] [Google][Web][Acceptable] diff --git a/test/results/flow-info/quic046.pcap.out b/test/results/flow-info/quic046.pcap.out index de26761c2..902209407 100644 --- a/test/results/flow-info/quic046.pcap.out +++ b/test/results/flow-info/quic046.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] detected: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Media][Fun] analyse: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.029| 0.002| 0.006| 39.230| 0.000] [PKTLEN......: 62.000| 1392.000| 907.100| 591.600|350034.900| 4.600] [BINS(c->s)..: 2,0,1,0,5,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1] - [IATS........: 987,559,560,557,592,573,584,606,710,21225,29469,423,216,240,242,250,248,254,253,253,237,265,240,242,256,252,6530,176,509,707,228,0] + [IATS(ms)....: 1.0,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.7,21.2,29.5,0.4,0.2,0.2,0.2,0.2,0.2,0.3,0.3,0.3,0.2,0.3,0.2,0.2,0.3,0.3,6.5,0.2,0.5,0.7,0.2,0.0] [PKTLENS.....: 1392,574,128,201,199,199,200,199,205,202,1392,1392,269,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,70,62,1392,70,1392] idle: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Media][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_q39.pcap.out b/test/results/flow-info/quic_q39.pcap.out index 9f5e9eeea..4dae20063 100644 --- a/test/results/flow-info/quic_q39.pcap.out +++ b/test/results/flow-info/quic_q39.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] detected: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Media][Fun] analyse: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.515| 0.578| 1.532|2346988.339| 0.000] [PKTLEN......: 60.000| 1392.000| 556.200| 603.700|364512.400| 4.100] [BINS(c->s)..: 0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,9,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,1,1,1,0] - [IATS........: 8931,36678,89781,7,404130,1367,298294,119221,31,434781,6185342,12819,6514643,11351,11378,22730,702601,702694,435266,435159,11351,11442,16019,15861,397203,9235,397732,33897,93428,52,499948,0] + [IATS(ms)....: 8.9,36.7,89.8,0.0,404.1,1.4,298.3,119.2,0.0,434.8,6185.3,12.8,6514.6,11.4,11.4,22.7,702.6,702.7,435.3,435.2,11.4,11.4,16.0,15.9,397.2,9.2,397.7,33.9,93.4,0.1,499.9,0.0] [PKTLENS.....: 1392,1174,77,1392,73,83,83,72,305,60,83,270,1392,78,1392,1392,75,1392,74,1392,76,1392,76,1392,76,1392,730,76,76,104,60,98] idle: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Media][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_t51.pcap.out b/test/results/flow-info/quic_t51.pcap.out index 818350ae2..a663a24eb 100644 --- a/test/results/flow-info/quic_t51.pcap.out +++ b/test/results/flow-info/quic_t51.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] detected: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] analyse: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 19.583| 2.165| 5.210|27140724.621| 0.000] [PKTLEN......: 67.000| 1392.000| 451.200| 500.300|250315.800| 4.200] [BINS(c->s)..: 0,8,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 7,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,1,0,0,0,1,1,0,0,1,1,1,1,0,0,0,1,1,1,1,0,0,0,1,1,1,1,0] - [IATS........: 5872,69285,110768,19,33,113561,2317,5835,79981,27,46402,10090862,10162287,246207,1361,7,331600,26165,19472426,19582580,120230,670,167,185037,26475,2999498,3090044,125889,1350,111,205624,0] + [IATS(ms)....: 5.9,69.3,110.8,0.0,0.0,113.6,2.3,5.8,80.0,0.0,46.4,10090.9,10162.3,246.2,1.4,0.0,331.6,26.2,19472.4,19582.6,120.2,0.7,0.2,185.0,26.5,2999.5,3090.0,125.9,1.4,0.1,205.6,0.0] [PKTLENS.....: 1392,1392,1392,1392,1392,1254,83,83,115,68,658,75,1003,67,682,68,313,75,75,511,67,734,68,151,75,75,225,67,470,68,273,75] update: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] idle: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] diff --git a/test/results/flow-info/quickplay.pcap.out b/test/results/flow-info/quickplay.pcap.out index bee258994..82c3d6a97 100644 --- a/test/results/flow-info/quickplay.pcap.out +++ b/test/results/flow-info/quickplay.pcap.out @@ -34,13 +34,13 @@ detected: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Chat][Fun] RISK: Known Proto on Non Std Port analyse: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.183| 5.871| 2.460| 1.331|1772261.736| 0.000] [PKTLEN......: 76.000| 1456.000| 656.400| 347.900|121006.600| 4.800] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,13,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,1,2,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 2337891,2470825,5776550,5871155,324615,2084534,1689148,182557,2170257,2013275,645600,519622,2223724,2353455,480927,4401947,3911834,3909668,3936554,2356476,2338349,2619995,2626526,2264068,2270477,2391541,2349518,2604523,2641967,2224884,2252137,0] + [IATS(ms)....: 2337.9,2470.8,5776.6,5871.2,324.6,2084.5,1689.1,182.6,2170.3,2013.3,645.6,519.6,2223.7,2353.5,480.9,4401.9,3911.8,3909.7,3936.6,2356.5,2338.3,2620.0,2626.5,2264.1,2270.5,2391.5,2349.5,2604.5,2642.0,2224.9,2252.1,0.0] [PKTLENS.....: 500,1456,500,240,585,502,1248,585,502,854,587,76,504,1268,585,502,158,502,658,502,1124,502,1208,502,348,502,1456,502,962,502,580,502] new: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [MIDSTREAM] detected: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Chat][Fun] diff --git a/test/results/flow-info/rdp.pcap.out b/test/results/flow-info/rdp.pcap.out index a3fd4ad80..c51d8686f 100644 --- a/test/results/flow-info/rdp.pcap.out +++ b/test/results/flow-info/rdp.pcap.out @@ -5,13 +5,13 @@ detected: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][RemoteAccess][Acceptable] RISK: Desktop/File Sharing analyse: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][RemoteAccess][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.086| 0.035| 0.023| 533.403| 0.000] [PKTLEN......: 44.000| 1223.000| 157.300| 233.300|54415.100| 4.100] [BINS(c->s)..: 12,3,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,4,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,0,1,0] - [IATS........: 42415,42485,360,46147,45785,5885,50430,44534,5170,48270,43112,41453,86174,44710,10166,53885,43706,302,43769,43467,297,43729,43444,307,149,43556,40251,83348,297,42450,42166,0] + [IATS(ms)....: 42.4,42.5,0.4,46.1,45.8,5.9,50.4,44.5,5.2,48.3,43.1,41.5,86.2,44.7,10.2,53.9,43.7,0.3,43.8,43.5,0.3,43.7,43.4,0.3,0.1,43.6,40.3,83.3,0.3,42.5,42.2,0.0] [PKTLENS.....: 68,56,44,63,63,44,217,1223,44,170,95,44,130,335,44,616,132,44,149,77,44,535,199,44,85,81,44,84,44,85,88,44] end: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][RemoteAccess][Acceptable] RISK: Desktop/File Sharing diff --git a/test/results/flow-info/reasm_crash_anon.pcapng.out b/test/results/flow-info/reasm_crash_anon.pcapng.out index 62716c65e..e16d70372 100644 --- a/test/results/flow-info/reasm_crash_anon.pcapng.out +++ b/test/results/flow-info/reasm_crash_anon.pcapng.out @@ -3,13 +3,13 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [192.168.145.147][51218] -> [...10.209.8.148][21999] [MIDSTREAM] analyse: [.....1] [ip4][..tcp] [192.168.145.147][51218] -> [...10.209.8.148][21999] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 30.166| 9.710| 14.065|197823744.180| 0.000] [PKTLEN......: 68.000| 793.000| 171.000| 234.800|55144.500| 4.200] [BINS(c->s)..: 23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0] - [IATS........: 9,1510,1527,4,1248,1237,4,30097711,30099473,1765,3,1246,1236,30097518,8,30099327,1814,1237,30097422,1775,4,30101686,1241,30097498,30165638,1254,69395,30031106,8,30032779,1670,0] + [IATS(ms)....: 0.0,1.5,1.5,0.0,1.2,1.2,0.0,30097.7,30099.5,1.8,0.0,1.2,1.2,30097.5,0.0,30099.3,1.8,1.2,30097.4,1.8,0.0,30101.7,1.2,30097.5,30165.6,1.3,69.4,30031.1,0.0,30032.8,1.7,0.0] [PKTLENS.....: 81,81,142,68,68,793,68,68,81,122,68,68,781,68,81,81,122,68,68,81,68,68,793,68,81,122,793,68,81,81,122,68] not-detected: [.....1] [ip4][..tcp] [192.168.145.147][51218] -> [...10.209.8.148][21999] [Unknown][Unrated] DAEMON-EVENT: [Processed: 93 pkts][ZLib][compressions: 0|diff: 0 / 0] diff --git a/test/results/flow-info/reasm_segv_anon.pcapng.out b/test/results/flow-info/reasm_segv_anon.pcapng.out index 4e097338f..497252823 100644 --- a/test/results/flow-info/reasm_segv_anon.pcapng.out +++ b/test/results/flow-info/reasm_segv_anon.pcapng.out @@ -13,13 +13,13 @@ ERROR-EVENT: Captured packet size is smaller than expected packet size ERROR-EVENT: Captured packet size is smaller than expected packet size analyse: [.....1] [ip4][..udp] [...145.76.2.236][.2152] -> [...187.96.52.85][.2152] [GTP.GTP_U][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.859| 0.305| 0.564|318078.976| 0.000] [PKTLEN......: 90.000| 1490.000| 934.200| 651.300|424215.900| 4.500] [BINS(c->s)..: 0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,17,0,0] [DIRECTIONS..: 0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,1,0,0,0,1,1,1,0,1,1] - [IATS........: 396021,83822,1376171,124,2,2,1,3,2,2,113,124,1859119,964928,439709,439658,123,2,1,1,1,121,163901,20078,1615354,1799040,121,3,155764,155637,124,0] + [IATS(ms)....: 396.0,83.8,1376.2,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.1,1859.1,964.9,439.7,439.7,0.1,0.0,0.0,0.0,0.0,0.1,163.9,20.1,1615.4,1799.0,0.1,0.0,155.8,155.6,0.1,0.0] [PKTLENS.....: 106,106,106,1490,1490,1490,1490,1490,1490,1490,1490,1490,1490,114,1490,114,1490,1490,1490,1490,1386,1490,1490,122,122,114,90,402,1178,114,90,402] ERROR-EVENT: Captured packet size is smaller than expected packet size ERROR-EVENT: Captured packet size is smaller than expected packet size diff --git a/test/results/flow-info/reddit.pcap.out b/test/results/flow-info/reddit.pcap.out index f55efabd5..ef632d689 100644 --- a/test/results/flow-info/reddit.pcap.out +++ b/test/results/flow-info/reddit.pcap.out @@ -16,22 +16,22 @@ detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.076| 0.015| 0.024| 570.611| 0.000] [PKTLEN......: 86.000| 1294.000| 295.100| 342.100|117045.100| 4.300] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0] - [IATS........: 24940,24984,493,75646,1,1,75219,11,11,8777,4975,582,741,37567,3490,25948,1187,485,1611,1121,59921,1,1,1,1,58810,38,10,0,0,0,0] + [IATS(ms)....: 24.9,25.0,0.5,75.6,0.0,0.0,75.2,0.0,0.0,8.8,5.0,0.6,0.7,37.6,3.5,25.9,1.2,0.5,1.6,1.1,59.9,0.0,0.0,0.0,0.0,58.8,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,586,86,86,86,150,178,910,724,86,666,86,86,117,86,117,86,86,398,436,299,125,153,86,86,86] analyse: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.288| 0.099| 0.316|100085.416| 0.000] [PKTLEN......: 86.000| 1134.000| 413.800| 437.600|191482.000| 4.300] [BINS(c->s)..: 9,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,0,1,1,1,1,1] - [IATS........: 33174,33242,863,66592,1,1,1,1,65678,11,9,6,13203,712,517,42062,2,27621,483,471,1369,59921,136,1228856,1287577,855,2,1,1,0,0,0] + [IATS(ms)....: 33.2,33.2,0.9,66.6,0.0,0.0,0.0,0.0,65.7,0.0,0.0,0.0,13.2,0.7,0.5,42.1,0.0,27.6,0.5,0.5,1.4,59.9,0.1,1228.9,1287.6,0.9,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,1134,1134,601,86,86,86,86,179,185,459,86,344,86,86,152,86,124,86,86,1134,86,1134,1134,1134,217,1134] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] new: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] @@ -95,46 +95,46 @@ detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.042| 0.008| 0.014| 206.884| 0.000] [PKTLEN......: 86.000| 1474.000| 330.100| 366.700|134435.400| 4.300] [BINS(c->s)..: 8,1,1,4,2,0,2,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] [BINS(s->c)..: 4,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,0,0] - [IATS........: 29904,29917,129,38003,2302,1,40177,45,72,17,3,2699,111,630,30,181,4,41517,1269,39145,1579,42,7307,1546,7292,2107,217,138,38,226,0,0] + [IATS(ms)....: 29.9,29.9,0.1,38.0,2.3,0.0,40.2,0.0,0.1,0.0,0.0,2.7,0.1,0.6,0.0,0.2,0.0,41.5,1.3,39.1,1.6,0.0,7.3,1.5,7.3,2.1,0.2,0.1,0.0,0.2,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,1134,86,86,1134,606,86,86,179,185,375,405,1474,283,86,344,86,209,241,86,152,86,231,124,196,197,308] detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.048| 0.010| 0.016| 264.552| 0.000] [PKTLEN......: 86.000| 1134.000| 423.600| 435.500|189657.000| 4.300] [BINS(c->s)..: 8,2,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,1,1] - [IATS........: 38700,38720,198,38531,1,38345,41,14,329,334,4,2216,2804,187,210,6465,48292,2910,39329,6844,2704,1,9551,251,801,2129,1,0,0,0,0,0] + [IATS(ms)....: 38.7,38.7,0.2,38.5,0.0,38.3,0.0,0.0,0.3,0.3,0.0,2.2,2.8,0.2,0.2,6.5,48.3,2.9,39.3,6.8,2.7,0.0,9.6,0.3,0.8,2.1,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,86,1134,86,1134,616,86,86,179,185,450,482,129,86,344,86,86,86,152,86,124,86,1134,1134,1134,1134,1134] detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.060| 0.011| 0.020| 392.540| 0.000] [PKTLEN......: 86.000| 1134.000| 311.400| 353.700|125114.100| 4.300] [BINS(c->s)..: 10,1,1,1,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,1,1,0,0,0,0] - [IATS........: 36077,36109,144,41300,1,41154,44,17,686,689,5,2344,1105,220,36,172,60278,1038,57438,31,1,25,34,2,940,0,0,0,0,0,0,0] + [IATS(ms)....: 36.1,36.1,0.1,41.3,0.0,41.2,0.0,0.0,0.7,0.7,0.0,2.3,1.1,0.2,0.0,0.2,60.3,1.0,57.4,0.0,0.0,0.0,0.0,0.0,0.9,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,86,1134,86,1134,590,86,86,179,185,460,373,241,86,344,86,86,152,86,86,86,1134,701,86,86,86,124] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.052| 0.011| 0.020| 382.734| 0.000] [PKTLEN......: 86.000| 1134.000| 377.000| 422.800|178733.300| 4.200] [BINS(c->s)..: 11,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,1,0,1] - [IATS........: 44627,44653,347,50980,1843,1,52464,10,3,2,2413,668,102,121,49031,1,45760,75,169,1186,1,1,1443,16,7,133,49,15,0,0,0,0] + [IATS(ms)....: 44.6,44.7,0.3,51.0,1.8,0.0,52.5,0.0,0.0,0.0,2.4,0.7,0.1,0.1,49.0,0.0,45.8,0.1,0.2,1.2,0.0,0.0,1.4,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,1134,1134,616,86,86,86,86,179,185,403,167,86,344,86,86,86,152,86,1134,1132,86,86,86,1134,86,1134] detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] @@ -142,13 +142,13 @@ detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.092| 0.013| 0.024| 558.351| 0.000] [PKTLEN......: 86.000| 1134.000| 377.300| 424.000|179781.300| 4.200] [BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0] - [IATS........: 25838,25880,395,66367,26055,91996,835,829,7,4,1579,121,254,42141,1,1,6209,2,1,46395,10,6,2,1,4,940,0,0,0,0,0,0] + [IATS(ms)....: 25.8,25.9,0.4,66.4,26.1,92.0,0.8,0.8,0.0,0.0,1.6,0.1,0.3,42.1,0.0,0.0,6.2,0.0,0.0,46.4,0.0,0.0,0.0,0.0,0.0,0.9,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,86,1134,1134,637,86,86,86,179,185,417,86,86,86,360,152,1134,1134,1134,1134,86,86,86,86,86,86,124] detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] @@ -161,32 +161,32 @@ detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Web][Safe] analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.009| 0.015| 214.376| 0.000] [PKTLEN......: 86.000| 1294.000| 436.500| 490.000|240053.700| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1] - [IATS........: 31477,31507,233,36835,7050,43636,16,599,576,2431,165,135,37718,689,1069,36764,111,89,22,531,8580,9121,90,75,174,158,5,98,0,0,0,0] + [IATS(ms)....: 31.5,31.5,0.2,36.8,7.0,43.6,0.0,0.6,0.6,2.4,0.2,0.1,37.7,0.7,1.1,36.8,0.1,0.1,0.0,0.5,8.6,9.1,0.1,0.1,0.2,0.2,0.0,0.1,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,547,86,150,178,347,86,86,666,86,117,86,117,86,792,86,1294,86,1294,1294,86,86,1294,1294] analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.051| 0.009| 0.016| 249.330| 0.000] [PKTLEN......: 86.000| 1474.000| 475.600| 586.500|343946.100| 4.000] [BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,1,1,0,0,0,0] - [IATS........: 38538,38619,398,37312,14166,1,1,51019,20,3,2,2,2408,107,140,31274,2,1645,1,30239,111,3355,1,3233,8,2,2,0,0,0,0,0] + [IATS(ms)....: 38.5,38.6,0.4,37.3,14.2,0.0,0.0,51.0,0.0,0.0,0.0,0.0,2.4,0.1,0.1,31.3,0.0,1.6,0.0,30.2,0.1,3.4,0.0,3.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1474,1474,1474,1474,401,86,86,86,86,86,150,178,344,86,86,86,157,86,117,1474,1474,1474,1474,86,86,86,86] detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable] analyse: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.072| 0.015| 0.019| 374.318| 0.000] [PKTLEN......: 86.000| 1474.000| 446.900| 553.500|306346.900| 4.100] [BINS(c->s)..: 11,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,5,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,1,1,1,0] - [IATS........: 27356,27416,299,37313,35299,1,72269,38,3,2523,128,130,31242,2117,15088,1,45626,28,24,154,29754,10263,39831,697,1,666,0,0,0,0,0,0] + [IATS(ms)....: 27.4,27.4,0.3,37.3,35.3,0.0,72.3,0.0,0.0,2.5,0.1,0.1,31.2,2.1,15.1,0.0,45.6,0.0,0.0,0.2,29.8,10.3,39.8,0.7,0.0,0.7,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1474,1474,324,86,86,86,166,178,364,86,86,86,357,357,156,86,86,86,117,86,1474,86,1459,1474,1459,1474,86] new: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] detected: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Advertisement][Acceptable] @@ -196,22 +196,22 @@ detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] analyse: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Advertisement][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.049| 0.009| 0.015| 230.505| 0.000] [PKTLEN......: 86.000| 1474.000| 456.600| 558.600|312025.400| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,1] - [IATS........: 27211,27234,262,32139,7460,39332,541,528,9,1876,115,75,39448,325,11758,49462,14,229,1909,2,1682,24,5,95,52,1631,0,0,0,0,0,0] + [IATS(ms)....: 27.2,27.2,0.3,32.1,7.5,39.3,0.5,0.5,0.0,1.9,0.1,0.1,39.4,0.3,11.8,49.5,0.0,0.2,1.9,0.0,1.7,0.0,0.0,0.1,0.1,1.6,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1474,86,1474,188,86,86,150,178,360,86,86,86,666,117,86,86,117,522,1474,1474,86,86,86,1474,86,1474,1474] analyse: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.061| 0.009| 0.016| 263.464| 0.000] [PKTLEN......: 86.000| 1134.000| 377.200| 425.800|181298.700| 4.200] [BINS(c->s)..: 12,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1,1,1,0,0,0,0] - [IATS........: 30377,30415,332,47450,13993,61125,95,1,49,10,2,3286,115,139,30628,2061,91,29231,1271,1309,181,374,3,2,1,161,6,3,2,0,0,0] + [IATS(ms)....: 30.4,30.4,0.3,47.5,14.0,61.1,0.1,0.0,0.0,0.0,0.0,3.3,0.1,0.1,30.6,2.1,0.1,29.2,1.3,1.3,0.2,0.4,0.0,0.0,0.0,0.2,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,86,1134,1134,718,86,86,86,179,185,351,86,86,86,344,86,152,86,124,1134,1134,1134,1134,86,86,86,86] detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] new: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] @@ -219,13 +219,13 @@ detection-update: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable] new: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] analyse: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.009| 0.015| 214.690| 0.000] [PKTLEN......: 86.000| 1294.000| 429.800| 486.500|236643.500| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1] - [IATS........: 34309,34348,1675,38053,7520,1,43870,15,3,2990,179,332,37258,1,401,1,34144,24,176,2332,6921,9068,836,1,863,34,109,28,721,0,0,0] + [IATS(ms)....: 34.3,34.3,1.7,38.1,7.5,0.0,43.9,0.0,0.0,3.0,0.2,0.3,37.3,0.0,0.4,0.0,34.1,0.0,0.2,2.3,6.9,9.1,0.8,0.0,0.9,0.0,0.1,0.0,0.7,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,564,86,86,86,150,178,349,86,86,666,117,86,86,117,86,559,86,1294,1294,86,86,1294,86,1294,1294] detected: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] [TLS][Web][Safe] new: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] @@ -247,23 +247,23 @@ detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] analyse: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.180| 0.022| 0.040| 1578.121| 0.000] [PKTLEN......: 86.000| 1474.000| 460.900| 554.600|307585.900| 4.100] [BINS(c->s)..: 10,1,0,2,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1] - [IATS........: 41345,41375,239,45639,16078,1,61463,16,3,3880,365,125,94049,180245,10480,2,92307,53,428,5467,8019,1891,14882,15513,1,15533,36,263,1,0,0,0] + [IATS(ms)....: 41.3,41.4,0.2,45.6,16.1,0.0,61.5,0.0,0.0,3.9,0.4,0.1,94.0,180.2,10.5,0.0,92.3,0.1,0.4,5.5,8.0,1.9,14.9,15.5,0.0,15.5,0.0,0.3,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1474,1474,674,86,86,86,212,185,344,344,86,360,155,86,86,124,86,86,124,86,1474,1474,86,86,1474,1474,1474] detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe] analyse: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.169| 0.024| 0.039| 1530.136| 0.000] [PKTLEN......: 86.000| 1294.000| 408.800| 466.200|217386.300| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,1,1,0,0,1,0,1] - [IATS........: 34819,34839,225,53032,4946,57771,466,435,8,5,3584,2043,379,91732,168765,1823,72847,231,970,1993,2727,14555,61747,2,76315,38,696,685,116,0,0,0] + [IATS(ms)....: 34.8,34.8,0.2,53.0,4.9,57.8,0.5,0.4,0.0,0.0,3.6,2.0,0.4,91.7,168.8,1.8,72.8,0.2,1.0,2.0,2.7,14.6,61.7,0.0,76.3,0.0,0.7,0.7,0.1,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,86,1294,1294,286,86,86,86,150,178,491,491,86,666,86,117,86,117,86,86,827,1294,86,86,1294,86,1294] new: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] new: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] @@ -275,22 +275,22 @@ detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable] detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Web][Safe] analyse: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.011| 0.015| 223.794| 0.000] [PKTLEN......: 86.000| 1474.000| 264.000| 362.600|131502.000| 4.100] [BINS(c->s)..: 11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1] - [IATS........: 41079,41100,165,31856,11033,42730,469,1,470,25,2812,1299,93,34223,10205,1,40205,536,1458,1,938,16571,1,3,16547,20,17,4417,310,12670,24540,0] + [IATS(ms)....: 41.1,41.1,0.2,31.9,11.0,42.7,0.5,0.0,0.5,0.0,2.8,1.3,0.1,34.2,10.2,0.0,40.2,0.5,1.5,0.0,0.9,16.6,0.0,0.0,16.5,0.0,0.0,4.4,0.3,12.7,24.5,0.0] [PKTLENS.....: 94,94,86,603,86,1474,86,1474,186,86,86,150,178,500,86,666,86,86,117,86,117,86,807,117,125,86,86,86,125,121,296,86] analyse: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.217| 0.048| 0.068| 4645.676| 0.000] [PKTLEN......: 86.000| 1474.000| 272.400| 353.400|124913.600| 4.200] [BINS(c->s)..: 9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1] - [IATS........: 29231,29299,228,29539,187299,216552,332,326,7,1815,188,30,70254,211900,6516,1,182884,58339,20162,41757,64,46,873,11694,10868,9898,6233,112514,128634,76106,0,0] + [IATS(ms)....: 29.2,29.3,0.2,29.5,187.3,216.6,0.3,0.3,0.0,1.8,0.2,0.0,70.3,211.9,6.5,0.0,182.9,58.3,20.2,41.8,0.1,0.0,0.9,11.7,10.9,9.9,6.2,112.5,128.6,76.1,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1474,86,1474,749,86,86,212,185,376,376,86,86,86,186,86,328,86,130,86,124,124,86,86,86,545,86,352] detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] @@ -301,13 +301,13 @@ detected: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Advertisement][Acceptable] detected: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable] analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.051| 0.013| 0.018| 330.361| 0.000] [PKTLEN......: 86.000| 1294.000| 321.800| 396.400|157103.100| 4.200] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1] - [IATS........: 43010,43065,309,41280,10189,51136,400,38397,3509,41489,471,1,468,4,62,52,2291,169,102,38533,1,35978,9,3,58,5162,2233,17560,249,0,0,0] + [IATS(ms)....: 43.0,43.1,0.3,41.3,10.2,51.1,0.4,38.4,3.5,41.5,0.5,0.0,0.5,0.0,0.1,0.1,2.3,0.2,0.1,38.5,0.0,36.0,0.0,0.0,0.1,5.2,2.2,17.6,0.2,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,185,86,609,86,1294,86,1294,1294,86,86,423,86,160,178,473,86,341,341,182,86,86,86,117,86,86,117,1294] detection-update: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Advertisement][Acceptable] new: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] @@ -319,13 +319,13 @@ detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] detected: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun] analyse: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.062| 0.010| 0.018| 322.960| 0.000] [PKTLEN......: 86.000| 1294.000| 426.800| 483.300|233579.900| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,0,1,1] - [IATS........: 37391,37416,173,47446,15044,62320,24,361,320,2535,232,269,39947,114,2294,39328,242,2903,2650,782,796,254,1,2,253,13,20,95,1,0,0,0] + [IATS(ms)....: 37.4,37.4,0.2,47.4,15.0,62.3,0.0,0.4,0.3,2.5,0.2,0.3,39.9,0.1,2.3,39.3,0.2,2.9,2.6,0.8,0.8,0.3,0.0,0.0,0.3,0.0,0.0,0.1,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,303,86,150,178,372,86,86,86,666,86,117,511,86,1294,86,1294,1294,1294,86,86,86,1294,306] detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Media][Fun] detection-update: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun] @@ -333,44 +333,44 @@ detection-update: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] analyse: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.069| 0.013| 0.024| 573.258| 0.000] [PKTLEN......: 86.000| 1294.000| 399.700| 459.200|210886.500| 4.200] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1] - [IATS........: 63745,63780,224,68524,719,1,1,1,68993,14,7,6,49,23,8336,2581,2495,40185,1017,27807,170,1594,1,1430,17,147,1,0,0,0,0,0] + [IATS(ms)....: 63.7,63.8,0.2,68.5,0.7,0.0,0.0,0.0,69.0,0.0,0.0,0.0,0.0,0.0,8.3,2.6,2.5,40.2,1.0,27.8,0.2,1.6,0.0,1.4,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,1294,1294,86,86,86,86,483,86,150,178,421,86,666,86,86,86,117,117,517,86,86,1294,1294,342,125] analyse: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.073| 0.012| 0.021| 448.970| 0.000] [PKTLEN......: 86.000| 1294.000| 423.500| 484.500|234727.200| 4.200] [BINS(c->s)..: 11,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1] - [IATS........: 45331,45373,379,65680,8193,73480,42,21,5,12589,926,174,173,41157,1595,28896,105,3348,1,3744,1,1,6991,22,3,3,85,1,0,0,0,0] + [IATS(ms)....: 45.3,45.4,0.4,65.7,8.2,73.5,0.0,0.0,0.0,12.6,0.9,0.2,0.2,41.2,1.6,28.9,0.1,3.3,0.0,3.7,0.0,0.0,7.0,0.0,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,86,1294,355,86,86,150,178,387,167,86,666,86,117,86,86,86,480,1294,1294,1294,86,86,86,86,1294,1294] analyse: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.068| 0.014| 0.023| 533.315| 0.000] [PKTLEN......: 86.000| 1294.000| 434.500| 488.800|238946.400| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,0,0] - [IATS........: 63335,63360,1131,67787,769,1,1,67414,6,6,11732,1751,188,41623,368,28482,452,4153,1923,5466,17937,17942,106,77,226,1,229,7,0,0,0,0] + [IATS(ms)....: 63.3,63.4,1.1,67.8,0.8,0.0,0.0,67.4,0.0,0.0,11.7,1.8,0.2,41.6,0.4,28.5,0.5,4.2,1.9,5.5,17.9,17.9,0.1,0.1,0.2,0.0,0.2,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,765,86,86,86,150,178,389,86,666,86,117,86,86,117,86,470,86,1294,86,1294,1294,1294,1294,86,86] new: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.144| 0.017| 0.037| 1404.834| 0.000] [PKTLEN......: 86.000| 1134.000| 277.200| 320.800|102914.800| 4.300] [BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,1,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1] - [IATS........: 25745,25768,203,144189,2,143997,4,71,1,41,7,2508,597,1253,49737,1,1,45397,18,103,1,65,704,437,888,38392,2516,1067,2238,0,0,0] + [IATS(ms)....: 25.7,25.8,0.2,144.2,0.0,144.0,0.0,0.1,0.0,0.0,0.0,2.5,0.6,1.3,49.7,0.0,0.0,45.4,0.0,0.1,0.0,0.1,0.7,0.4,0.9,38.4,2.5,1.1,2.2,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1134,1134,86,86,1134,601,86,86,179,185,485,86,86,344,152,86,86,86,453,86,124,580,156,86,86,86,128] detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] @@ -387,22 +387,22 @@ detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable] analyse: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.008| 0.012| 155.374| 0.000] [PKTLEN......: 86.000| 1294.000| 294.100| 371.700|138197.800| 4.200] [BINS(c->s)..: 12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1] - [IATS........: 18528,18557,358,37185,9026,1,2,1,45875,10,14,14,8672,419,266,33620,1,89,1151,1,25433,25,482,7313,1,1,6808,24,7,3698,20526,0] + [IATS(ms)....: 18.5,18.6,0.4,37.2,9.0,0.0,0.0,0.0,45.9,0.0,0.0,0.0,8.7,0.4,0.3,33.6,0.0,0.1,1.2,0.0,25.4,0.0,0.5,7.3,0.0,0.0,6.8,0.0,0.0,3.7,20.5,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,1294,287,86,86,86,86,150,178,363,86,86,86,666,117,86,86,117,789,530,125,86,86,86,125,86] analyse: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Advertisement][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.034| 0.007| 0.011| 129.744| 0.000] [PKTLEN......: 86.000| 1294.000| 337.800| 408.200|166632.700| 4.200] [BINS(c->s)..: 13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0] - [IATS........: 28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,6424,34,8,196,1,158,22,0,0] + [IATS(ms)....: 28.1,28.1,0.7,33.2,1.6,34.2,0.1,0.0,0.6,0.6,4.6,0.2,0.2,27.0,3.5,25.5,0.2,4.3,1.4,5.5,0.1,6.3,0.0,6.4,0.0,0.0,0.2,0.0,0.2,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,86,1294,86,548,86,150,178,436,86,666,86,117,86,117,86,86,496,1294,1294,86,86,86,718,125,86,86] new: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] new: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] @@ -436,31 +436,31 @@ detection-update: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] detection-update: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] analyse: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.042| 0.008| 0.012| 152.931| 0.000] [PKTLEN......: 86.000| 1294.000| 482.500| 513.400|263601.800| 4.200] [BINS(c->s)..: 10,0,2,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,0,0] - [IATS........: 25564,25583,1059,31489,7154,1,37586,36,127,1,1,1,87,28,7124,13598,568,199,42183,2,20688,340,10112,7,263,1,3,2,10101,50,0,0] + [IATS(ms)....: 25.6,25.6,1.1,31.5,7.2,0.0,37.6,0.0,0.1,0.0,0.0,0.0,0.1,0.0,7.1,13.6,0.6,0.2,42.2,0.0,20.7,0.3,10.1,0.0,0.3,0.0,0.0,0.0,10.1,0.1,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,1294,1294,1294,1294,234,86,86,150,178,356,403,86,666,86,117,86,86,86,1076,1294,1294,86,86] analyse: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.009| 0.014| 203.864| 0.000] [PKTLEN......: 86.000| 1294.000| 334.900| 398.400|158685.900| 4.200] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1] - [IATS........: 29535,29546,105,39799,6197,1,1,45897,20,10,16645,7440,877,217,45409,188,20393,461,14689,1873,1,1,16098,2949,2,2950,29,8,1564,1,0,0] + [IATS(ms)....: 29.5,29.5,0.1,39.8,6.2,0.0,0.0,45.9,0.0,0.0,16.6,7.4,0.9,0.2,45.4,0.2,20.4,0.5,14.7,1.9,0.0,0.0,16.1,2.9,0.0,3.0,0.0,0.0,1.6,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,325,86,86,86,150,178,405,389,86,666,86,117,86,117,86,86,86,565,412,221,86,86,86,1294,1294] analyse: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.010| 0.014| 184.491| 0.000] [PKTLEN......: 86.000| 1294.000| 284.100| 336.600|113301.500| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1] - [IATS........: 28655,28663,221,37924,6057,43801,75,33,588,595,16415,9761,878,43789,3898,20653,579,14876,1700,16044,10542,2,1,1,10492,40,13,10,172,3,0,0] + [IATS(ms)....: 28.7,28.7,0.2,37.9,6.1,43.8,0.1,0.0,0.6,0.6,16.4,9.8,0.9,43.8,3.9,20.7,0.6,14.9,1.7,16.0,10.5,0.0,0.0,0.0,10.5,0.0,0.0,0.0,0.2,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,86,1294,86,586,86,150,178,369,86,666,86,117,86,117,86,86,545,911,286,371,86,86,86,86,125,86] new: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] detected: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/rtsp.pcap.out b/test/results/flow-info/rtsp.pcap.out index 865db9b47..97970b4a8 100644 --- a/test/results/flow-info/rtsp.pcap.out +++ b/test/results/flow-info/rtsp.pcap.out @@ -8,49 +8,49 @@ detected: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.021| 0.002| 0.006| 34.529| 0.000] [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1] - [IATS........: 35,2,147,185,74,3,21,233,32,2,57,13140,10,5,57,13537,3,20,31,20633,10,29,32,21135,10,3,84,464,2,22,30,0] + [IATS(ms)....: 0.0,0.0,0.1,0.2,0.1,0.0,0.0,0.2,0.0,0.0,0.1,13.1,0.0,0.0,0.1,13.5,0.0,0.0,0.0,20.6,0.0,0.0,0.0,21.1,0.0,0.0,0.1,0.5,0.0,0.0,0.0,0.0] [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,56,62,62,181,181,181,181,198,198,198,198,62,56,62,62] new: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] detected: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.021| 0.002| 0.005| 29.923| 0.000] [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1] - [IATS........: 11,6,72,280,3,19,31,588,10,4,95,9323,12,6,70,10052,3,20,30,20464,12,35,38,21234,11,6,415,877,63,5,25,0] + [IATS(ms)....: 0.0,0.0,0.1,0.3,0.0,0.0,0.0,0.6,0.0,0.0,0.1,9.3,0.0,0.0,0.1,10.1,0.0,0.0,0.0,20.5,0.0,0.0,0.0,21.2,0.0,0.0,0.4,0.9,0.1,0.0,0.0,0.0] [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,56,62,62,181,181,181,181,198,198,198,198,62,62,56,62] new: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] detected: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.021| 0.002| 0.005| 26.106| 0.000] [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1] - [IATS........: 11,6,298,316,75,4,113,848,111,3,200,4833,13,7,374,6198,62,5,77,20136,13,74,34,21000,11,7,67,946,6,27,79,0] + [IATS(ms)....: 0.0,0.0,0.3,0.3,0.1,0.0,0.1,0.8,0.1,0.0,0.2,4.8,0.0,0.0,0.4,6.2,0.1,0.0,0.1,20.1,0.0,0.1,0.0,21.0,0.0,0.0,0.1,0.9,0.0,0.0,0.1,0.0] [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,62,56,62,181,181,181,181,198,198,198,198,62,56,62,62] new: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] detected: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.505| 0.033| 0.124|15344.430| 0.000] [PKTLEN......: 56.000| 181.000| 92.300| 48.800| 2380.700| 4.800] [BINS(c->s)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] - [IATS........: 13,12,110,1319,2,16,338,505214,14,12,119,504501,5,45,55,1025,12,6,56,113,30,3,36,579,55,2,21,20351,8,26,107,0] + [IATS(ms)....: 0.0,0.0,0.1,1.3,0.0,0.0,0.3,505.2,0.0,0.0,0.1,504.5,0.0,0.0,0.1,1.0,0.0,0.0,0.1,0.1,0.0,0.0,0.0,0.6,0.1,0.0,0.0,20.4,0.0,0.0,0.1,0.0] [PKTLENS.....: 68,68,68,68,62,56,62,62,68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,62,56,62,181,181,181,181] end: [.....1] [ip4][..tcp] [......10.1.1.10][52470] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port @@ -58,13 +58,13 @@ detected: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.024| 0.002| 0.006| 34.195| 0.000] [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1] - [IATS........: 13,10,107,377,5,25,77,583,10,4,135,10337,14,11,11449,2,754,44,76,20263,13,28,87,23771,10,4,96,3496,1,20,106,0] + [IATS(ms)....: 0.0,0.0,0.1,0.4,0.0,0.0,0.1,0.6,0.0,0.0,0.1,10.3,0.0,0.0,11.4,0.0,0.8,0.0,0.1,20.3,0.0,0.0,0.1,23.8,0.0,0.0,0.1,3.5,0.0,0.0,0.1,0.0] [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,62,56,172,62,62,181,181,181,181,198,198,198,198,62,56,62,62] end: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port @@ -72,13 +72,13 @@ detected: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.021| 0.002| 0.005| 26.978| 0.000] [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1] - [IATS........: 13,12,126,440,5,40,92,581,9,4,94,6644,14,9,113,7455,6,53,93,20043,15,52,57,21029,9,6,97,810,5,21,76,0] + [IATS(ms)....: 0.0,0.0,0.1,0.4,0.0,0.0,0.1,0.6,0.0,0.0,0.1,6.6,0.0,0.0,0.1,7.5,0.0,0.1,0.1,20.0,0.0,0.1,0.1,21.0,0.0,0.0,0.1,0.8,0.0,0.0,0.1,0.0] [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,56,62,62,181,181,181,181,198,198,198,198,62,56,62,62] end: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/rx.pcap.out b/test/results/flow-info/rx.pcap.out index 449853960..1b56c5947 100644 --- a/test/results/flow-info/rx.pcap.out +++ b/test/results/flow-info/rx.pcap.out @@ -12,13 +12,13 @@ new: [.....5] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.124][.7000] detected: [.....5] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.124][.7000] [RX][RPC][Acceptable] analyse: [.....4] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.241][.7000] [RX][RPC][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.105| 0.029| 0.034| 1128.030| 0.000] [PKTLEN......: 70.000| 782.000| 176.700| 165.900|27529.200| 4.500] [BINS(c->s)..: 1,4,7,0,1,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,6,5,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1] - [IATS........: 77545,77601,57048,57152,38155,1292,39484,65722,277,65926,103176,105287,2087,8975,9068,2966,1842,4798,61436,65225,3784,52,6802,6683,61,3692,3703,4895,8042,2994,2787,0] + [IATS(ms)....: 77.5,77.6,57.0,57.2,38.2,1.3,39.5,65.7,0.3,65.9,103.2,105.3,2.1,9.0,9.1,3.0,1.8,4.8,61.4,65.2,3.8,0.1,6.8,6.7,0.1,3.7,3.7,4.9,8.0,3.0,2.8,0.0] [PKTLENS.....: 74,108,107,74,510,107,118,70,107,78,107,94,86,435,74,510,107,198,107,174,782,107,94,198,107,110,214,107,94,86,435,74] idle: [.....1] [ip4][..udp] [131.114.219.168][41559] -> [192.167.206.124][.7002] [RX][RPC][Acceptable] idle: [.....5] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.124][.7000] [RX][RPC][Acceptable] diff --git a/test/results/flow-info/s7comm.pcap.out b/test/results/flow-info/s7comm.pcap.out index 991ff42b8..00a1e3e13 100644 --- a/test/results/flow-info/s7comm.pcap.out +++ b/test/results/flow-info/s7comm.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Network][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.009| 0.005| 0.003| 11.033| 0.000] [PKTLEN......: 61.000| 275.000| 91.200| 40.300| 1625.500| 4.900] [BINS(c->s)..: 17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,5,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0] - [IATS........: 3735,3883,3114,3055,66,6981,6927,4642,8989,4385,568,7037,6437,271,5970,5746,295,9009,8666,204,8975,8763,201,9013,8819,232,8990,8762,250,4988,4713,0] + [IATS(ms)....: 3.7,3.9,3.1,3.1,0.1,7.0,6.9,4.6,9.0,4.4,0.6,7.0,6.4,0.3,6.0,5.7,0.3,9.0,8.7,0.2,9.0,8.8,0.2,9.0,8.8,0.2,9.0,8.8,0.2,5.0,4.7,0.0] [PKTLENS.....: 76,76,79,81,61,87,135,61,87,135,61,87,275,61,87,135,61,83,115,61,83,115,61,83,115,61,83,115,61,85,91,61] idle: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/safari.pcap.out b/test/results/flow-info/safari.pcap.out index 2b6647471..dcd5ceff5 100644 --- a/test/results/flow-info/safari.pcap.out +++ b/test/results/flow-info/safari.pcap.out @@ -11,13 +11,13 @@ new: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443] new: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] analyse: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.579| 0.077| 0.167|27833.076| 0.000] [PKTLEN......: 66.000| 1506.000| 569.500| 644.500|415419.900| 4.100] [BINS(c->s)..: 11,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,1,1,1,0] - [IATS........: 28338,28438,576,28670,6985,69,14,35105,3,52717,81952,29,29304,948,28144,550635,1230,579033,248,252,138,105,115,138,126,100,428094,455026,4375,1236,32565,0] + [IATS(ms)....: 28.3,28.4,0.6,28.7,7.0,0.1,0.0,35.1,0.0,52.7,82.0,0.0,29.3,0.9,28.1,550.6,1.2,579.0,0.2,0.3,0.1,0.1,0.1,0.1,0.1,0.1,428.1,455.0,4.4,1.2,32.6,0.0] [PKTLENS.....: 78,74,66,301,66,1506,1506,641,66,66,159,66,117,66,425,66,1506,1506,66,1506,66,1506,66,1506,66,1506,66,445,66,1506,1506,66] detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe] detected: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe] @@ -41,49 +41,49 @@ detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.119| 0.018| 0.029| 823.374| 0.000] [PKTLEN......: 66.000| 1506.000| 632.000| 660.500|436248.100| 4.200] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,0,0,1,1] - [IATS........: 29610,29665,2362,30524,2,28159,51917,8877,77853,8496,625,1248,27408,129,120,247,131,125,259,123,123,248,503,122,637,24023,24010,84464,7818,118862,914,0] + [IATS(ms)....: 29.6,29.7,2.4,30.5,0.0,28.2,51.9,8.9,77.9,8.5,0.6,1.2,27.4,0.1,0.1,0.2,0.1,0.1,0.3,0.1,0.1,0.2,0.5,0.1,0.6,24.0,24.0,84.5,7.8,118.9,0.9,0.0] [PKTLENS.....: 78,74,66,277,66,207,66,117,508,66,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1043,66,66,497,66,1506] analyse: [.....2] [ip4][..tcp] [..192.168.1.178][55265] -> [...146.48.58.18][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.140| 0.019| 0.033| 1086.908| 0.000] [PKTLEN......: 66.000| 1506.000| 616.100| 656.600|431150.100| 4.100] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0,1,1,0,1] - [IATS........: 30407,30442,2425,30749,1690,30065,50340,8582,78328,9234,5001,125,33713,130,749,881,125,129,16,259,3,103964,6593,140358,1494,509,31816,122,126,243,376,0] + [IATS(ms)....: 30.4,30.4,2.4,30.7,1.7,30.1,50.3,8.6,78.3,9.2,5.0,0.1,33.7,0.1,0.7,0.9,0.1,0.1,0.0,0.3,0.0,104.0,6.6,140.4,1.5,0.5,31.8,0.1,0.1,0.2,0.4,0.0] [PKTLENS.....: 78,74,66,277,66,207,66,117,472,66,66,1506,1506,66,1506,1506,66,1506,1506,565,66,66,66,500,66,1506,1506,66,1506,1506,66,1506] analyse: [.....3] [ip4][..tcp] [..192.168.1.178][55266] -> [...146.48.58.18][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.144| 0.020| 0.034| 1135.493| 0.000] [PKTLEN......: 66.000| 1506.000| 624.000| 657.100|431734.900| 4.200] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1] - [IATS........: 31343,31380,1377,32375,996,31994,49530,8158,77501,8373,630,1247,30061,122,9,127,127,136,106790,7135,144002,5758,108,35937,131,121,250,128,122,249,129,0] + [IATS(ms)....: 31.3,31.4,1.4,32.4,1.0,32.0,49.5,8.2,77.5,8.4,0.6,1.2,30.1,0.1,0.0,0.1,0.1,0.1,106.8,7.1,144.0,5.8,0.1,35.9,0.1,0.1,0.2,0.1,0.1,0.2,0.1,0.0] [PKTLENS.....: 78,74,66,277,66,207,66,117,503,66,66,1506,1506,66,1506,1506,66,791,66,66,497,66,1506,1506,66,1506,1506,66,1506,1506,66,1506] analyse: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.147| 0.020| 0.034| 1161.612| 0.000] [PKTLEN......: 66.000| 1506.000| 604.800| 660.800|436665.800| 4.100] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0] - [IATS........: 33594,33644,1195,33573,9,32379,46938,8284,78165,6257,993,261,30448,865,3,877,105414,6486,147007,2135,111,37341,124,122,246,129,624,757,125,122,244,0] + [IATS(ms)....: 33.6,33.6,1.2,33.6,0.0,32.4,46.9,8.3,78.2,6.3,1.0,0.3,30.4,0.9,0.0,0.9,105.4,6.5,147.0,2.1,0.1,37.3,0.1,0.1,0.2,0.1,0.6,0.8,0.1,0.1,0.2,0.0] [PKTLENS.....: 78,74,66,277,66,207,66,117,495,66,66,1506,1506,66,1506,181,66,66,500,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66] analyse: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.146| 0.022| 0.035| 1194.506| 0.000] [PKTLEN......: 66.000| 1506.000| 533.000| 616.900|380607.300| 4.100] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0] - [IATS........: 30429,30474,1424,31291,132,29986,50740,8293,78244,9210,246,28671,116212,146010,494,137,30426,114,380,498,130,113,14,250,2,896,5501,36248,1496,132,31482,0] + [IATS(ms)....: 30.4,30.5,1.4,31.3,0.1,30.0,50.7,8.3,78.2,9.2,0.2,28.7,116.2,146.0,0.5,0.1,30.4,0.1,0.4,0.5,0.1,0.1,0.0,0.2,0.0,0.9,5.5,36.2,1.5,0.1,31.5,0.0] [PKTLENS.....: 78,74,66,277,66,207,66,117,494,66,66,1413,66,497,66,1506,1506,66,1506,1506,66,1506,1506,425,66,66,66,503,66,1506,1506,66] new: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] detected: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/signal.pcap.out b/test/results/flow-info/signal.pcap.out index cb825c9fd..9aa8bb31f 100644 --- a/test/results/flow-info/signal.pcap.out +++ b/test/results/flow-info/signal.pcap.out @@ -19,13 +19,13 @@ detected: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] detected: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] analyse: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.052| 0.012| 0.020| 399.390| 0.000] [PKTLEN......: 66.000| 1506.000| 427.300| 522.500|272968.600| 4.100] [BINS(c->s)..: 10,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,1] - [IATS........: 44158,46025,121,45605,778,217,319,168,47796,18,50,46011,44670,7772,1684,58,381,118,52274,18,1127,18,42555,122,704,525,120,879,64,358,7,0] + [IATS(ms)....: 44.2,46.0,0.1,45.6,0.8,0.2,0.3,0.2,47.8,0.0,0.1,46.0,44.7,7.8,1.7,0.1,0.4,0.1,52.3,0.0,1.1,0.0,42.6,0.1,0.7,0.5,0.1,0.9,0.1,0.4,0.0,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,1506,66,66,66,673,66,146,112,109,101,207,337,337,66,136,66,66,66,66,97,1112,1112,1506,427] detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] RISK: TLS (probably) Not Carrying HTTPS @@ -59,13 +59,13 @@ detected: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] detected: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] analyse: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.101| 0.015| 0.025| 625.062| 0.000] [PKTLEN......: 66.000| 1506.000| 445.700| 520.400|270842.400| 4.100] [BINS(c->s)..: 9,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1] - [IATS........: 34916,37696,123,37363,772,231,309,173,37044,153,34846,100663,83343,17640,1078,2531,59,427,91,36023,34,31611,467,2412,13,489,2231,1076,233,244,7,0] + [IATS(ms)....: 34.9,37.7,0.1,37.4,0.8,0.2,0.3,0.2,37.0,0.2,34.8,100.7,83.3,17.6,1.1,2.5,0.1,0.4,0.1,36.0,0.0,31.6,0.5,2.4,0.0,0.5,2.2,1.1,0.2,0.2,0.0,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,1506,66,66,673,66,673,78,146,112,109,101,207,337,337,66,66,66,136,66,66,1112,1112,1506,427] detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] RISK: TLS (probably) Not Carrying HTTPS @@ -82,13 +82,13 @@ detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] analyse: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.115| 0.033| 0.050| 2490.513| 0.000] [PKTLEN......: 66.000| 1506.000| 533.200| 606.200|367455.800| 4.100] [BINS(c->s)..: 4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] [BINS(s->c)..: 7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1] - [IATS........: 108942,110621,122,110401,2138,28,112445,4951,114919,23,109553,1892,17,11,122,779,118,231,116,111402,211,108448,1776,614,1715,181,200,291,136,109394,1485,0] + [IATS(ms)....: 108.9,110.6,0.1,110.4,2.1,0.0,112.4,5.0,114.9,0.0,109.6,1.9,0.0,0.0,0.1,0.8,0.1,0.2,0.1,111.4,0.2,108.4,1.8,0.6,1.7,0.2,0.2,0.3,0.1,109.4,1.5,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1104,66,192,117,135,66,119,116,108,312,1506,1506,1506,378,66,104,848,66,66,1506,1506,1506,1506,151,66,66] new: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [MIDSTREAM] detected: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [TLS][Web][Safe] @@ -97,13 +97,13 @@ detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] analyse: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.012| 0.016| 257.340| 0.000] [PKTLEN......: 66.000| 1506.000| 512.200| 608.000|369644.200| 4.100] [BINS(c->s)..: 5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] [BINS(s->c)..: 7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1] - [IATS........: 32885,39763,98,40023,2747,13,39382,7752,43365,416,22,34673,57,7463,493,19,81,373,5900,119,379,42152,16,471,26781,7559,10672,123,259,280,26119,0] + [IATS(ms)....: 32.9,39.8,0.1,40.0,2.7,0.0,39.4,7.8,43.4,0.4,0.0,34.7,0.1,7.5,0.5,0.0,0.1,0.4,5.9,0.1,0.4,42.2,0.0,0.5,26.8,7.6,10.7,0.1,0.3,0.3,26.1,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1009,66,192,66,117,135,66,66,119,116,108,257,104,1506,1506,1506,66,104,66,685,66,1506,1506,1506,1506,66] detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] idle: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] diff --git a/test/results/flow-info/simple-dnscrypt.pcap.out b/test/results/flow-info/simple-dnscrypt.pcap.out index a2b4eb5fb..bfc7db580 100644 --- a/test/results/flow-info/simple-dnscrypt.pcap.out +++ b/test/results/flow-info/simple-dnscrypt.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS][Web][Safe] detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] analyse: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.222| 0.043| 0.053| 2772.255| 0.000] [PKTLEN......: 54.000| 1364.000| 397.400| 516.900|267229.700| 4.000] [BINS(c->s)..: 7,4,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1] - [IATS........: 110617,111151,27928,119560,18487,5167,114877,3012,7467,5,1,10608,4894,14894,118,54,378,91813,2,71462,3132,28841,26832,76361,36004,32630,95192,61613,221977,1,0,0] + [IATS(ms)....: 110.6,111.2,27.9,119.6,18.5,5.2,114.9,3.0,7.5,0.0,0.0,10.6,4.9,14.9,0.1,0.1,0.4,91.8,0.0,71.5,3.1,28.8,26.8,76.4,36.0,32.6,95.2,61.6,222.0,0.0,0.0,0.0] [PKTLENS.....: 66,66,54,260,54,1364,1364,54,1364,1364,1364,360,54,180,107,110,96,272,312,123,54,92,54,92,54,54,54,415,54,119,1364,1324] detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] new: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] @@ -28,13 +28,13 @@ detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] analyse: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.106| 0.026| 0.036| 1310.829| 0.000] [PKTLEN......: 54.000| 1364.000| 333.100| 456.800|208637.000| 4.000] [BINS(c->s)..: 7,4,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,0,1,1,1,0] - [IATS........: 76904,76992,229,75549,27738,2534,105611,594,1,590,1297,3,1553,3254,3682,128,52,3057,79,49,84732,1,74133,4254,9610,25085,23405,82024,4138,98354,0,0] + [IATS(ms)....: 76.9,77.0,0.2,75.5,27.7,2.5,105.6,0.6,0.0,0.6,1.3,0.0,1.6,3.3,3.7,0.1,0.1,3.1,0.1,0.0,84.7,0.0,74.1,4.3,9.6,25.1,23.4,82.0,4.1,98.4,0.0,0.0] [PKTLENS.....: 66,66,54,264,54,1364,1364,54,1364,1364,54,1364,360,54,180,107,110,96,334,133,132,312,123,54,54,92,54,92,54,416,415,54] detection-update: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] idle: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] diff --git a/test/results/flow-info/sip.pcap.out b/test/results/flow-info/sip.pcap.out index 632e42e10..19f45a18b 100644 --- a/test/results/flow-info/sip.pcap.out +++ b/test/results/flow-info/sip.pcap.out @@ -19,13 +19,13 @@ update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] analyse: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.026| 279.042| 42.751| 57.874|3349363405.357| 0.000] [PKTLEN......: 47.000| 867.000| 429.300| 273.000|74531.700| 4.600] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0] - [IATS........: 136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102,0] + [IATS(ms)....: 136.8,17415.6,17425.0,49.8,89928.6,89874.9,17280.7,17290.4,150200.0,150188.2,17325.2,17335.8,73916.0,73902.7,17325.0,17333.2,25.9,17725.0,29031.8,29092.7,34118.2,34119.1,29272.4,29031.8,29031.6,29031.5,17105.0,497.7,1001.8,279041.8,227.1,0.0] [PKTLENS.....: 509,528,722,348,388,509,528,722,533,509,528,722,533,509,528,722,348,512,47,47,47,47,47,47,47,47,47,867,867,867,635,382] update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] diff --git a/test/results/flow-info/sites.pcapng.out b/test/results/flow-info/sites.pcapng.out index 3e513f925..b81ffda19 100644 --- a/test/results/flow-info/sites.pcapng.out +++ b/test/results/flow-info/sites.pcapng.out @@ -23,13 +23,13 @@ detected: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] analyse: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.053| 0.020| 0.024| 571.173| 0.000] [PKTLEN......: 66.000| 1514.000| 613.800| 646.400|417856.700| 4.200] [BINS(c->s)..: 10,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0] - [IATS........: 46836,50076,2241,52937,230,52220,1478,638,2420,52443,779,3077,237,199,47900,235,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 46.8,50.1,2.2,52.9,0.2,52.2,1.5,0.6,2.4,52.4,0.8,3.1,0.2,0.2,47.9,0.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 74,74,66,583,66,1514,1514,1266,166,66,66,66,66,146,236,304,369,109,97,1514,1514,1514,1514,1514,1514,1514,1514,388,66,66,66,97] detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] end: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] @@ -38,13 +38,13 @@ new: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] detected: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][SocialNetwork][Fun] analyse: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.031| 0.138| 0.327|107215.077| 0.000] [PKTLEN......: 60.000| 1514.000| 659.100| 701.200|491744.000| 4.100] [BINS(c->s)..: 15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0] - [IATS........: 27914,29082,9509,39180,2950,249,59912,307,304,974261,1031142,29550,491,2002,490,730,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 27.9,29.1,9.5,39.2,3.0,0.2,59.9,0.3,0.3,974.3,1031.1,29.6,0.5,2.0,0.5,0.7,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 74,66,60,244,60,1514,1514,1514,1514,1514,1514,1396,60,60,60,60,60,60,60,244,1514,1514,1514,1514,60,60,1514,1514,60,60,60,60] end: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] DAEMON-EVENT: [Processed: 230 pkts][ZLib][compressions: 0|diff: 0 / 0] diff --git a/test/results/flow-info/skinny.pcap.out b/test/results/flow-info/skinny.pcap.out index cf32597a0..01a13d34a 100644 --- a/test/results/flow-info/skinny.pcap.out +++ b/test/results/flow-info/skinny.pcap.out @@ -6,13 +6,13 @@ new: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [MIDSTREAM] detected: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [CiscoSkinny][VoIP][Acceptable] analyse: [.....1] [ip4][..tcp] [.192.168.195.58][49399] -> [.192.168.193.12][.2000] [CiscoSkinny][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.610| 0.245| 0.877|769437.794| 0.000] [PKTLEN......: 60.000| 378.000| 114.200| 74.300| 5521.700| 4.800] [BINS(c->s)..: 9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,2,0,0,5,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,0,1,1,1,1,0,1,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,0,1,0] - [IATS........: 2211,18,14,5962,3780,258,15,49,20014,19685,10391,48806,3559643,16,82,3609828,11683,20052,16478,36490,7020,23440,32822,19981,11660,17,20000,11522,27273,50735,26736,0] + [IATS(ms)....: 2.2,0.0,0.0,6.0,3.8,0.3,0.0,0.0,20.0,19.7,10.4,48.8,3559.6,0.0,0.1,3609.8,11.7,20.1,16.5,36.5,7.0,23.4,32.8,20.0,11.7,0.0,20.0,11.5,27.3,50.7,26.7,0.0] [PKTLENS.....: 78,82,70,78,60,378,82,90,82,60,214,74,60,78,194,90,60,266,60,102,60,198,60,198,60,198,186,60,106,106,60,106] new: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] detected: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] [RTP][Media][Acceptable] @@ -25,60 +25,60 @@ new: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] detected: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] [RTP][Media][Acceptable] analyse: [.....4] [ip4][..udp] [.192.168.195.58][32144] -> [.192.168.195.50][17718] [RTP][Media][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.026| 0.010| 0.010| 104.356| 0.000] [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0] - [IATS........: 25,19949,10,25564,11,20009,15,19949,15,19947,7,19983,8,20009,7,20042,7,20010,7,19977,4,19971,13,19997,11,20024,12,20020,11,19956,10,0] + [IATS(ms)....: 0.0,19.9,0.0,25.6,0.0,20.0,0.0,19.9,0.0,19.9,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,0.0] [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] analyse: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] [RTP][Media][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 0.000] [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 20010,20035,19901,20015,19977,20040,20015,20006,19996,20018,19974,20009,19997,20001,20001,19982,20073,20009,20000,19999,20061,19944,19990,19953,20026,19940,20010,20055,20010,19978,19998,0] + [IATS(ms)....: 20.0,20.0,19.9,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.1,20.0,20.0,20.0,20.1,19.9,20.0,20.0,20.0,19.9,20.0,20.1,20.0,20.0,20.0,0.0] [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] analyse: [.....5] [ip4][..udp] [.192.168.195.50][17726] -> [.192.168.193.24][.9399] [RTP][Media][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 0.000] [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 19962,19969,20095,19966,20007,20019,20010,19970,19996,20019,19982,19965,20001,20006,19994,20032,19986,19999,19985,19996,20021,19995,20005,19995,19975,19984,19971,20037,20033,19973,20008,0] + [IATS(ms)....: 20.0,20.0,20.1,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,0.0] [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] analyse: [.....6] [ip4][..udp] [.192.168.195.58][32152] -> [.192.168.193.24][.9396] [RTP][Media][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.019| 0.021| 0.020| 0.000| 0.020| 0.000] [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 19831,19959,20146,19907,20018,20014,20011,20005,20001,20003,20045,19895,20035,19968,20008,20010,19972,20003,20520,19475,20014,19970,20034,19981,19987,19986,19966,20048,20036,19972,20021,0] + [IATS(ms)....: 19.8,20.0,20.1,19.9,20.0,20.0,20.0,20.0,20.0,20.0,20.0,19.9,20.0,20.0,20.0,20.0,20.0,20.0,20.5,19.5,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,0.0] [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] analyse: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] [RTP][Media][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 0.000] [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 19977,19980,20100,19974,19997,19973,19984,19994,20002,20000,19996,19991,19980,20100,20004,19971,19986,20073,19948,19997,19947,20007,19941,20015,20065,19981,19993,20024,20019,20002,20013,0] + [IATS(ms)....: 20.0,20.0,20.1,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.1,20.0,20.0,20.0,20.1,19.9,20.0,19.9,20.0,19.9,20.0,20.1,20.0,20.0,20.0,20.0,20.0,20.0,0.0] [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] new: [.....8] [ip4][..tcp] [.192.168.195.58][50917] -> [.....10.16.2.25][.2000] [MIDSTREAM] detected: [.....8] [ip4][..tcp] [.192.168.195.58][50917] -> [.....10.16.2.25][.2000] [CiscoSkinny][VoIP][Acceptable] analyse: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [CiscoSkinny][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 7.046| 0.705| 1.877|3523893.789| 0.000] [PKTLEN......: 60.000| 546.000| 110.900| 93.800| 8793.000| 4.700] [BINS(c->s)..: 10,2,0,0,4,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,0,1,1,1,0,0,0,0,1,0,1,0,0,1,0,1,1,0,1,1,1,0,1,0,0,0,0,1] - [IATS........: 15,57,704,686,19914,3582983,19282,3622236,2065,19,22,17967,15924,20052,36329,2146,19966,30884,40036,6899,19067,13061,64116,28324,103909,42273,80357,6999604,16,5837,7045910,0] + [IATS(ms)....: 0.0,0.1,0.7,0.7,19.9,3583.0,19.3,3622.2,2.1,0.0,0.0,18.0,15.9,20.1,36.3,2.1,20.0,30.9,40.0,6.9,19.1,13.1,64.1,28.3,103.9,42.3,80.4,6999.6,0.0,5.8,7045.9,0.0] [PKTLENS.....: 90,82,86,60,266,60,74,74,60,82,70,78,60,546,60,198,198,60,198,60,102,186,60,106,106,60,106,60,82,82,78,60] new: [.....9] [ip4][.icmp] [.192.168.195.50] -> [.192.168.195.58] detected: [.....9] [ip4][.icmp] [.192.168.195.50] -> [.192.168.195.58] [ICMP][Network][Acceptable] diff --git a/test/results/flow-info/skype-conference-call.pcap.out b/test/results/flow-info/skype-conference-call.pcap.out index 0268b4dd8..1fa3eb162 100644 --- a/test/results/flow-info/skype-conference-call.pcap.out +++ b/test/results/flow-info/skype-conference-call.pcap.out @@ -5,13 +5,13 @@ detected: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.100| 0.011| 0.022| 503.840| 0.000] [PKTLEN......: 77.000| 957.000| 299.500| 317.000|100457.800| 4.400] [BINS(c->s)..: 0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0] - [IATS........: 7339,44500,54477,177,54879,336,10342,20091,24441,100094,319,61,211,59,179,235,59,177,199,208,82,2810,14708,381,241,219,267,215,202,197,3718,0] + [IATS(ms)....: 7.3,44.5,54.5,0.2,54.9,0.3,10.3,20.1,24.4,100.1,0.3,0.1,0.2,0.1,0.2,0.2,0.1,0.2,0.2,0.2,0.1,2.8,14.7,0.4,0.2,0.2,0.3,0.2,0.2,0.2,3.7,0.0] [PKTLENS.....: 146,146,114,114,146,114,150,152,145,137,209,77,169,169,169,169,169,169,169,169,169,169,114,85,957,957,957,957,957,957,169,135] idle: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/skype.pcap.out b/test/results/flow-info/skype.pcap.out index 2f9139640..ecb8662d2 100644 --- a/test/results/flow-info/skype.pcap.out +++ b/test/results/flow-info/skype.pcap.out @@ -45,13 +45,13 @@ detected: [....18] [ip4][..tcp] [...192.168.1.34][50029] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS.Skype_Teams][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.301| 0.083| 0.084| 7113.901| 0.000] [PKTLEN......: 66.000| 1506.000| 371.800| 468.900|219872.600| 4.100] [BINS(c->s)..: 10,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,1,0,0,0,1,0,1,1,0] - [IATS........: 75158,75224,28759,111209,161,82580,77181,227,77415,12662,300868,288212,83419,83480,324,86654,86327,3080,96533,93421,270,253866,5,253632,1,362,87184,86820,115773,3,115745,0] + [IATS(ms)....: 75.2,75.2,28.8,111.2,0.2,82.6,77.2,0.2,77.4,12.7,300.9,288.2,83.4,83.5,0.3,86.7,86.3,3.1,96.5,93.4,0.3,253.9,0.0,253.6,0.0,0.4,87.2,86.8,115.8,0.0,115.7,0.0] [PKTLENS.....: 78,70,66,160,1506,86,66,1506,864,66,173,66,125,125,66,295,247,66,695,247,66,263,759,279,66,66,631,167,1383,1506,71,66] new: [....19] [ip4][..tcp] [...192.168.1.34][50030] -> [...65.55.223.33][..443] new: [....20] [ip4][..udp] [...192.168.1.34][60288] -> [....192.168.1.1][...53] @@ -448,13 +448,13 @@ new: [...225] [ip4][..tcp] [...192.168.1.34][50102] -> [...65.55.223.15][..443] new: [...226] [ip4][..tcp] [...192.168.1.34][50103] -> [....64.4.23.166][..443] analyse: [....22] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.015| 19.851| 1.938| 5.863|34377878.733| 0.000] [PKTLEN......: 327.000| 405.000| 372.000| 29.200| 851.500| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,3,10,6,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 15861,16704,16998,17146,15818,17029,16643,16363,16834,19850743,15743,18751,14698,83170,16831,19850724,16057,16593,16866,16918,16233,17002,16501,16455,16854,19850599,16277,16449,16736,16676,16486,0] + [IATS(ms)....: 15.9,16.7,17.0,17.1,15.8,17.0,16.6,16.4,16.8,19850.7,15.7,18.8,14.7,83.2,16.8,19850.7,16.1,16.6,16.9,16.9,16.2,17.0,16.5,16.5,16.9,19850.6,16.3,16.4,16.7,16.7,16.5,0.0] [PKTLENS.....: 333,351,405,397,327,369,401,347,399,393,333,351,405,397,399,393,333,351,405,397,327,369,401,347,399,393,333,351,405,397,327,369] update: [....69] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.24][40001] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [....76] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.21][40004] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] @@ -521,13 +521,13 @@ detected: [...231] [ip4][.icmp] [....192.168.1.1] -> [...192.168.1.34] [ICMP][Network][Acceptable] new: [...232] [ip4][..tcp] [...192.168.1.34][50109] -> [.91.190.216.125][12350] analyse: [...227] [ip4][..tcp] [...192.168.1.34][50108] -> [...157.56.52.28][40009] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.965| 0.176| 0.204|41803.604| 0.000] [PKTLEN......: 66.000| 1506.000| 178.600| 286.000|81813.500| 4.000] [BINS(c->s)..: 10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,1] - [IATS........: 243983,244064,543,204260,761004,964718,546,202004,201464,40219,40223,162241,162248,40183,40179,200900,6,200973,204113,204068,127,240781,240640,207489,6,207586,2955,4516,199645,198010,41627,0] + [IATS(ms)....: 244.0,244.1,0.5,204.3,761.0,964.7,0.5,202.0,201.5,40.2,40.2,162.2,162.2,40.2,40.2,200.9,0.0,201.0,204.1,204.1,0.1,240.8,240.6,207.5,0.0,207.6,3.0,4.5,199.6,198.0,41.6,0.0] [PKTLENS.....: 78,74,66,138,66,123,66,74,74,66,66,102,134,66,66,105,66,69,66,210,66,70,66,675,66,70,66,1506,120,619,549,66] not-detected: [...227] [ip4][..tcp] [...192.168.1.34][50108] -> [...157.56.52.28][40009] [Unknown][Unrated] new: [...233] [ip4][..tcp] [...192.168.1.34][50110] -> [.91.190.216.125][12350] @@ -559,13 +559,13 @@ new: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639] new: [...252] [ip4][..tcp] [...192.168.1.34][50122] -> [..81.133.19.185][44431] analyse: [...250] [ip4][..tcp] [...192.168.1.34][50119] -> [....86.31.35.30][59621] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.200| 0.063| 0.061| 3703.968| 0.000] [PKTLEN......: 66.000| 1249.000| 173.800| 252.000|63524.500| 4.200] [BINS(c->s)..: 14,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,1,1,1,0,0,0,1,1,0,0] - [IATS........: 83391,83495,120,64053,63956,403,68492,68085,2947,71202,68249,199756,199749,154162,154128,2646,133845,131248,179,107,71,64327,8428,55511,127901,188,164,70489,3,70121,226,0] + [IATS(ms)....: 83.4,83.5,0.1,64.1,64.0,0.4,68.5,68.1,2.9,71.2,68.2,199.8,199.7,154.2,154.1,2.6,133.8,131.2,0.2,0.1,0.1,64.3,8.4,55.5,127.9,0.2,0.2,70.5,0.0,70.1,0.2,0.0] [PKTLENS.....: 78,74,66,126,113,66,83,80,66,820,80,66,66,70,1249,66,623,166,144,94,133,123,66,66,146,66,94,87,361,66,66,93] not-detected: [...250] [ip4][..tcp] [...192.168.1.34][50119] -> [....86.31.35.30][59621] [Unknown][Unrated] new: [...253] [ip4][..tcp] [...192.168.1.34][50123] -> [...80.14.46.121][.4415] @@ -586,13 +586,13 @@ RISK: TLS (probably) Not Carrying HTTPS new: [...261] [ip4][..tcp] [...192.168.1.34][50129] -> [.91.190.218.125][12350] analyse: [...260] [ip4][..tcp] [...192.168.1.34][50128] -> [..17.172.100.36][..443] [TLS.AppleiCloud][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.605| 0.068| 0.136|18472.737| 0.000] [PKTLEN......: 54.000| 1494.000| 248.900| 350.900|123149.100| 4.000] [BINS(c->s)..: 9,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,3,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1] - [IATS........: 148679,148806,840,151642,7,49,150807,1,231,1,31483,95,153251,682,32561,5239,16750,14,176748,67,2129,1532,4,3534,1,449491,70,604696,5454,16453,7,0] + [IATS(ms)....: 148.7,148.8,0.8,151.6,0.0,0.0,150.8,0.0,0.2,0.0,31.5,0.1,153.3,0.7,32.6,5.2,16.8,0.0,176.7,0.1,2.1,1.5,0.0,3.5,0.0,449.5,0.1,604.7,5.5,16.5,0.0,0.0] [PKTLENS.....: 78,60,54,287,60,146,91,54,54,60,91,680,620,60,60,60,60,387,90,54,54,1494,1221,80,54,54,673,632,60,60,387,90] update: [...108] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.26][40026] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [...111] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.47][40029] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] @@ -635,13 +635,13 @@ new: [...263] [ip4][..udp] [...192.168.1.34][56387] -> [....192.168.1.1][...53] detected: [...263] [ip4][..udp] [...192.168.1.34][56387] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] analyse: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.782| 0.325| 0.510|259840.393| 0.000] [PKTLEN......: 66.000| 1190.000| 157.300| 243.100|59118.200| 4.100] [BINS(c->s)..: 14,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,1,0] - [IATS........: 60786,60878,104,60135,60019,392,72414,72021,2895,63202,60274,262292,262312,157419,157474,3644,187775,184138,1852,62855,110047,171036,158,63674,63522,1468105,1782015,746099,1060012,1410290,1410276,0] + [IATS(ms)....: 60.8,60.9,0.1,60.1,60.0,0.4,72.4,72.0,2.9,63.2,60.3,262.3,262.3,157.4,157.5,3.6,187.8,184.1,1.9,62.9,110.0,171.0,0.2,63.7,63.5,1468.1,1782.0,746.1,1060.0,1410.3,1410.3,0.0] [PKTLENS.....: 78,74,66,111,127,66,82,80,66,819,80,66,66,70,1190,66,623,111,102,86,66,109,66,95,94,66,103,66,104,66,105,66] not-detected: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639] [Unknown][Unrated] new: [...264] [ip4][..udp] [...192.168.1.34][52714] -> [....192.168.1.1][...53] @@ -729,13 +729,13 @@ update: [....11] [ip4][..udp] [...192.168.1.34][65045] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] update: [...206] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.145][40027] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] analyse: [...248] [ip4][..tcp] [...192.168.1.34][50117] -> [...71.238.7.203][18767] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 25.524| 1.927| 6.197|38401982.071| 0.000] [PKTLEN......: 66.000| 1090.000| 156.500| 232.300|53983.100| 4.100] [BINS(c->s)..: 14,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,1,0] - [IATS........: 228112,228245,119,219602,219451,352,214503,214173,209707,209682,96,381818,2061048,2011661,148181,480497,212142,212191,3594,275159,271497,162,220246,3,220142,134,216099,215969,136225,25387599,25523822,0] + [IATS(ms)....: 228.1,228.2,0.1,219.6,219.5,0.4,214.5,214.2,209.7,209.7,0.1,381.8,2061.0,2011.7,148.2,480.5,212.1,212.2,3.6,275.2,271.5,0.2,220.2,0.0,220.1,0.1,216.1,216.0,136.2,25387.6,25523.8,0.0] [PKTLENS.....: 78,78,66,123,101,66,83,80,66,80,66,70,66,843,66,1090,66,156,66,623,108,134,93,66,112,66,95,122,66,66,81,66] not-detected: [...248] [ip4][..tcp] [...192.168.1.34][50117] -> [...71.238.7.203][18767] [Unknown][Unrated] new: [...274] [ip4][..udp] [...192.168.1.34][56886] -> [239.255.255.250][.1900] @@ -984,13 +984,13 @@ update: [....25] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.155][40020] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [....32] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.235.176][40022] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] analyse: [...283] [ip4][..tcp] [...192.168.1.34][50138] -> [...71.238.7.203][18767] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 30.126| 1.349| 5.301|28102044.418| 0.000] [PKTLEN......: 66.000| 1090.000| 155.400| 232.500|54056.900| 4.100] [BINS(c->s)..: 15,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,0,1,1,0,1,0,0] - [IATS........: 214728,214808,140,223488,223372,360,217535,217176,213636,213655,98,315319,2988490,3022192,145311,494208,215912,215930,3576,275623,272053,209,291401,291140,160,74979,137019,211866,164254,30125563,821148,0] + [IATS(ms)....: 214.7,214.8,0.1,223.5,223.4,0.4,217.5,217.2,213.6,213.7,0.1,315.3,2988.5,3022.2,145.3,494.2,215.9,215.9,3.6,275.6,272.1,0.2,291.4,291.1,0.2,75.0,137.0,211.9,164.3,30125.6,821.1,0.0] [PKTLENS.....: 78,78,66,106,101,66,83,80,66,80,66,70,66,842,66,1090,66,156,66,622,101,146,95,111,66,95,66,114,66,66,66,66] not-detected: [...283] [ip4][..tcp] [...192.168.1.34][50138] -> [...71.238.7.203][18767] [Unknown][Unrated] not-detected: [...221] [ip4][..tcp] [...192.168.1.34][50098] -> [...65.55.223.15][40026] [Unknown][Unrated] diff --git a/test/results/flow-info/skype_no_unknown.pcap.out b/test/results/flow-info/skype_no_unknown.pcap.out index 8d2dad4fb..8978e840f 100644 --- a/test/results/flow-info/skype_no_unknown.pcap.out +++ b/test/results/flow-info/skype_no_unknown.pcap.out @@ -46,13 +46,13 @@ detected: [....19] [ip4][..tcp] [.17.143.160.149][.5223] -> [...192.168.1.34][50407] [TLS.Apple][Web][Safe] RISK: Known Proto on Non Std Port analyse: [....13] [ip4][..tcp] [...192.168.1.34][51230] -> [.157.56.126.211][..443] [TLS.Skype_Teams][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.302| 0.085| 0.091| 8331.101| 0.000] [PKTLEN......: 66.000| 1506.000| 371.800| 468.900|219872.600| 4.100] [BINS(c->s)..: 9,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,1] - [IATS........: 75602,75664,27532,108847,162,81462,75632,793,76430,15396,302172,286823,74727,74702,490,91055,90550,1676,83562,81907,257,247113,246931,287,176,301,92281,92015,289787,38677,4,0] + [IATS(ms)....: 75.6,75.7,27.5,108.8,0.2,81.5,75.6,0.8,76.4,15.4,302.2,286.8,74.7,74.7,0.5,91.1,90.5,1.7,83.6,81.9,0.3,247.1,246.9,0.3,0.2,0.3,92.3,92.0,289.8,38.7,0.0,0.0] [PKTLENS.....: 78,70,66,160,1506,86,66,1506,864,66,173,66,125,125,66,295,247,66,695,247,66,263,759,66,279,66,631,167,1383,66,1506,71] new: [....20] [ip4][..udp] [...192.168.1.34][50055] -> [....192.168.1.1][...53] detected: [....20] [ip4][..udp] [...192.168.1.34][50055] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] @@ -62,13 +62,13 @@ new: [....23] [ip4][..tcp] [...192.168.1.34][51227] -> [..17.172.100.36][..443] [MIDSTREAM] detected: [....23] [ip4][..tcp] [...192.168.1.34][51227] -> [..17.172.100.36][..443] [TLS.Apple][Web][Safe] analyse: [....23] [ip4][..tcp] [...192.168.1.34][51227] -> [..17.172.100.36][..443] [TLS.Apple][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.077| 0.169| 0.340|115831.161| 0.000] [PKTLEN......: 54.000| 680.000| 238.900| 252.700|63877.700| 4.300] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,3,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0] - [IATS........: 72,141755,4583,11838,4,158204,1417,4,1400,933119,61,1077385,3887,16084,4,164206,1860,3,1840,866377,142,1010555,4963,11788,160778,157,141,0,0,0,0,0] + [IATS(ms)....: 0.1,141.8,4.6,11.8,0.0,158.2,1.4,0.0,1.4,933.1,0.1,1077.4,3.9,16.1,0.0,164.2,1.9,0.0,1.8,866.4,0.1,1010.6,5.0,11.8,160.8,0.2,0.1,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 680,622,60,60,387,90,54,54,656,80,54,54,673,630,60,60,387,90,54,54,661,80,54,54,677,556,60,60,387,54,90,54] new: [....24] [ip4][..udp] [...192.168.1.34][..137] -> [..192.168.1.255][..137] detected: [....24] [ip4][..udp] [...192.168.1.34][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] @@ -464,13 +464,13 @@ new: [...227] [ip4][..tcp] [...192.168.1.34][51284] -> [.91.190.218.125][12350] new: [...228] [ip4][..tcp] [...192.168.1.34][51285] -> [.91.190.218.125][12350] analyse: [...210] [ip4][..tcp] [...192.168.1.34][51279] -> [..111.221.74.48][40008] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.297| 0.245| 0.278|77244.252| 0.000] [PKTLEN......: 66.000| 1506.000| 180.600| 288.600|83264.900| 4.000] [BINS(c->s)..: 11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0] - [IATS........: 1006187,1296903,290818,554,292771,2163,294344,530,293322,292842,39566,39558,253265,253274,40127,40121,350396,3,350380,293934,293924,133,334278,334179,299989,7,300043,2124,4226,292441,290303,0] + [IATS(ms)....: 1006.2,1296.9,290.8,0.6,292.8,2.2,294.3,0.5,293.3,292.8,39.6,39.6,253.3,253.3,40.1,40.1,350.4,0.0,350.4,293.9,293.9,0.1,334.3,334.2,300.0,0.0,300.0,2.1,4.2,292.4,290.3,0.0] [PKTLENS.....: 78,78,74,66,116,66,169,66,74,74,66,66,112,95,66,66,105,66,69,66,210,66,70,66,675,66,70,66,1506,120,617,609] not-detected: [...210] [ip4][..tcp] [...192.168.1.34][51279] -> [..111.221.74.48][40008] [Unknown][Unrated] new: [...229] [ip4][..tcp] [...192.168.1.34][51286] -> [.91.190.218.125][..443] @@ -531,13 +531,13 @@ new: [...251] [ip4][..tcp] [...192.168.1.34][51302] -> [.91.190.216.125][..443] new: [...252] [ip4][..tcp] [...192.168.1.34][51303] -> [...80.121.84.93][62381] analyse: [...242] [ip4][..tcp] [...192.168.1.34][51294] -> [...81.83.77.141][17639] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.004| 0.281| 0.501|251090.993| 0.000] [PKTLEN......: 66.000| 1190.000| 157.200| 243.000|59065.600| 4.100] [BINS(c->s)..: 13,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1] - [IATS........: 69753,69875,128,64112,63941,396,65391,64977,1952,66745,64884,268026,267948,126507,126511,3724,173414,169731,172,68870,95737,164424,174,67018,66860,198434,1936170,2004084,795927,1062252,592589,0] + [IATS(ms)....: 69.8,69.9,0.1,64.1,63.9,0.4,65.4,65.0,2.0,66.7,64.9,268.0,267.9,126.5,126.5,3.7,173.4,169.7,0.2,68.9,95.7,164.4,0.2,67.0,66.9,198.4,1936.2,2004.1,795.9,1062.3,592.6,0.0] [PKTLENS.....: 78,74,66,131,94,66,82,80,66,818,80,66,66,70,1190,66,622,109,110,92,66,109,66,93,87,66,66,104,66,105,66,111] not-detected: [...242] [ip4][..tcp] [...192.168.1.34][51294] -> [...81.83.77.141][17639] [Unknown][Unrated] new: [...253] [ip4][..tcp] [...192.168.1.34][51305] -> [...149.13.32.15][13392] @@ -619,13 +619,13 @@ new: [...266] [ip4][..udp] [...192.168.1.34][13021] -> [..133.236.67.25][49195] detected: [...266] [ip4][..udp] [...192.168.1.34][13021] -> [..133.236.67.25][49195] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] analyse: [....49] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 19.857| 1.935| 5.865|34398418.239| 0.000] [PKTLEN......: 327.000| 405.000| 370.700| 29.100| 844.300| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,4,9,7,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 557,584,518,491,526,99678,590,558,630,19856559,16227,16968,16620,16461,16743,19850608,16179,16542,16730,16663,16557,16953,16553,16675,16584,19850616,15995,16653,16828,16721,16628,0] + [IATS(ms)....: 0.6,0.6,0.5,0.5,0.5,99.7,0.6,0.6,0.6,19856.6,16.2,17.0,16.6,16.5,16.7,19850.6,16.2,16.5,16.7,16.7,16.6,17.0,16.6,16.7,16.6,19850.6,16.0,16.7,16.8,16.7,16.6,0.0] [PKTLENS.....: 333,351,405,397,327,369,401,347,399,393,327,369,401,347,399,393,333,351,405,397,327,369,401,347,399,393,333,351,405,397,327,369] new: [...267] [ip4][..tcp] [...192.168.1.34][51319] -> [...212.161.8.36][13392] idle: [...233] [ip4][..udp] [...192.168.1.34][13021] -> [189.188.134.174][22436] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] diff --git a/test/results/flow-info/smb_deletefile.pcap.out b/test/results/flow-info/smb_deletefile.pcap.out index 70e783b89..c6cf15daf 100644 --- a/test/results/flow-info/smb_deletefile.pcap.out +++ b/test/results/flow-info/smb_deletefile.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][System][Acceptable] analyse: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][System][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.158| 0.143| 0.529|280112.169| 0.000] [PKTLEN......: 54.000| 554.000| 266.600| 190.900|36432.900| 4.600] [BINS(c->s)..: 10,0,0,2,0,0,0,1,0,0,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,1,2,0,0,0,0,0,1,0,1,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1] - [IATS........: 1172,1225,2157281,2158424,1159,87,1253,1160,7461,9355,1883,124,103,75,20,492,151,550,5618,5637,4741,5866,1131,107,1245,1127,130,997,857,25951,26895,0] + [IATS(ms)....: 1.2,1.2,2157.3,2158.4,1.2,0.1,1.3,1.2,7.5,9.4,1.9,0.1,0.1,0.1,0.0,0.5,0.2,0.6,5.6,5.6,4.7,5.9,1.1,0.1,1.2,1.1,0.1,1.0,0.9,26.0,26.9,0.0] [PKTLENS.....: 434,554,54,378,522,54,394,538,54,466,180,54,554,54,158,154,60,158,54,130,54,394,538,54,434,410,54,298,370,54,402,466] idle: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][System][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/smtp-starttls.pcap.out b/test/results/flow-info/smtp-starttls.pcap.out index 66756fd89..1d6d8bae3 100644 --- a/test/results/flow-info/smtp-starttls.pcap.out +++ b/test/results/flow-info/smtp-starttls.pcap.out @@ -11,13 +11,13 @@ detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Email][Acceptable] RISK: Obsolete TLS (v1.1 or older) analyse: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Email][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.157| 0.030| 0.035| 1204.841| 0.000] [PKTLEN......: 66.000| 1484.000| 254.300| 368.100|135468.500| 4.100] [BINS(c->s)..: 9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1] - [IATS........: 11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080,0] + [IATS(ms)....: 11.2,11.2,11.9,11.8,0.1,11.2,39.2,67.1,28.2,11.5,12.2,0.3,12.3,0.0,24.8,37.9,13.5,11.9,11.6,11.6,11.8,51.4,103.7,157.0,13.6,11.5,11.1,16.4,67.3,42.9,94.1,0.0] [PKTLENS.....: 74,74,66,117,66,94,66,220,76,96,178,1484,1484,66,919,380,276,119,231,127,131,127,66,172,752,66,94,66,142,66,97,147] DAEMON-EVENT: [Processed: 36 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] @@ -28,13 +28,13 @@ detection-update: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Email][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS analyse: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Email][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.203| 0.019| 0.049| 2372.381| 0.000] [PKTLEN......: 78.000| 1218.000| 198.500| 257.100|66086.800| 4.300] [BINS(c->s)..: 7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0] - [IATS........: 744,995,19017,29506,11113,127,1248,999,1000,6126,12754,624,8625,202034,202908,998,7251,6751,7252,7260,1247,2128,2995,378,21009,21750,990,6762,2,6750,736,0] + [IATS(ms)....: 0.7,1.0,19.0,29.5,11.1,0.1,1.2,1.0,1.0,6.1,12.8,0.6,8.6,202.0,202.9,1.0,7.3,6.8,7.3,7.3,1.2,2.1,3.0,0.4,21.0,21.8,1.0,6.8,0.0,6.8,0.7,0.0] [PKTLENS.....: 90,90,78,136,128,78,230,88,108,260,1218,204,157,336,245,78,167,121,141,121,113,144,78,1112,78,143,113,122,109,78,109,78] end: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Email][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow-info/smtp.pcap.out b/test/results/flow-info/smtp.pcap.out index 4882fc206..204d460b9 100644 --- a/test/results/flow-info/smtp.pcap.out +++ b/test/results/flow-info/smtp.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] detected: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Email][Acceptable] analyse: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Email][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.055| 0.006| 0.012| 143.094| 0.000] [PKTLEN......: 60.000| 138.000| 87.600| 15.200| 230.100| 5.000] [BINS(c->s)..: 5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 316,1134,19693,31096,24595,55118,2208,21382,1142,1166,1125,1230,1225,1086,1083,1063,1064,1068,1066,1077,1106,1085,1057,1068,1067,1048,1046,1060,1062,1055,1054,0] + [IATS(ms)....: 0.3,1.1,19.7,31.1,24.6,55.1,2.2,21.4,1.1,1.2,1.1,1.2,1.2,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.0,1.0,1.1,1.1,1.1,1.1,0.0] [PKTLENS.....: 60,60,60,138,60,76,60,80,76,98,90,97,93,92,93,92,94,93,93,92,93,92,94,93,92,91,91,90,94,93,92,91] end: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Email][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/snapchat_call.pcapng.out b/test/results/flow-info/snapchat_call.pcapng.out index 6fa783631..a07ebf64b 100644 --- a/test/results/flow-info/snapchat_call.pcapng.out +++ b/test/results/flow-info/snapchat_call.pcapng.out @@ -7,13 +7,13 @@ detection-update: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][VoIP][Acceptable] RISK: Missing SNI TLS Extn analyse: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.447| 0.221| 0.397|157833.134| 0.000] [PKTLEN......: 62.000| 1392.000| 345.900| 468.500|219532.900| 4.000] [BINS(c->s)..: 4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1] - [IATS........: 16846,68,30414,96,24231,5110,25,16,20308,29142,5531,102,7,211,2051,54351,38,19,507575,1447282,48721,53521,57932,1172660,3328,7500,379723,803486,440070,1155688,589800,0] + [IATS(ms)....: 16.8,0.1,30.4,0.1,24.2,5.1,0.0,0.0,20.3,29.1,5.5,0.1,0.0,0.2,2.1,54.4,0.0,0.0,507.6,1447.3,48.7,53.5,57.9,1172.7,3.3,7.5,379.7,803.5,440.1,1155.7,589.8,0.0] [PKTLENS.....: 1392,1392,1392,1392,625,78,1392,62,428,70,86,80,80,80,201,100,62,62,62,86,351,303,351,303,86,70,70,86,70,86,86,86] idle: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][VoIP][Acceptable] RISK: Missing SNI TLS Extn diff --git a/test/results/flow-info/softether.pcap.out b/test/results/flow-info/softether.pcap.out index a26ebe9e4..52efa3030 100644 --- a/test/results/flow-info/softether.pcap.out +++ b/test/results/flow-info/softether.pcap.out @@ -72,13 +72,13 @@ DAEMON-EVENT: [Processed: 130 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 29] analyse: [.....6] [ip4][..udp] [..192.168.2.100][51381] -> [..130.158.6.113][.5004] [Softether][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.257| 1566.080| 36.711| 451.865|204182401654.456| 0.000] [PKTLEN......: 43.000| 522.000| 104.300| 132.500|17556.200| 4.300] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1] - [IATS........: 257000,27676000,27674000,26195000,26194000,26159000,26161000,10299000,10301000,14858000,14853000,27814000,27815000,25788000,1540291232,1566080232,18689000,18689000,5427000,5426000,27856000,27856000,26072000,26072000,26524000,26524000,24993000,24993000,25093000,862645000,887738000,0] + [IATS(ms)....: 257.0,27676.0,27674.0,26195.0,26194.0,26159.0,26161.0,10299.0,10301.0,14858.0,14853.0,27814.0,27815.0,25788.0,1540291.2,1566080.2,18689.0,18689.0,5427.0,5426.0,27856.0,27856.0,26072.0,26072.0,26524.0,26524.0,24993.0,24993.0,25093.0,862645.0,887738.0,0.0] [PKTLENS.....: 43,70,43,70,43,70,43,70,522,370,43,70,43,70,43,43,70,522,370,43,70,43,70,43,70,43,70,43,70,43,43,70] update: [.....6] [ip4][..udp] [..192.168.2.100][51381] -> [..130.158.6.113][.5004] [Softether][VPN][Acceptable] update: [.....6] [ip4][..udp] [..192.168.2.100][51381] -> [..130.158.6.113][.5004] [Softether][VPN][Acceptable] diff --git a/test/results/flow-info/ssh.pcap.out b/test/results/flow-info/ssh.pcap.out index 97b5110b1..21ec1e688 100644 --- a/test/results/flow-info/ssh.pcap.out +++ b/test/results/flow-info/ssh.pcap.out @@ -13,13 +13,13 @@ detection-update: [.....1] [ip4][..tcp] [...172.16.238.1][58395] -> [.172.16.238.168][...22] [SSH][RemoteAccess][Acceptable] RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher analyse: [.....1] [ip4][..tcp] [...172.16.238.1][58395] -> [.172.16.238.168][...22] [SSH][RemoteAccess][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.907| 0.395| 0.889|789856.780| 0.000] [PKTLEN......: 66.000| 970.000| 172.700| 230.100|52961.800| 4.200] [BINS(c->s)..: 12,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0] - [IATS........: 26,41,8112,8146,295,788,470,140,1469,1611,306,1791,1560,1614,14729,13069,1842,42337,40496,170,257,393,251,40593,51194,91555,2632288,2632557,1868772,1869058,2907110,0] + [IATS(ms)....: 0.0,0.0,8.1,8.1,0.3,0.8,0.5,0.1,1.5,1.6,0.3,1.8,1.6,1.6,14.7,13.1,1.8,42.3,40.5,0.2,0.3,0.4,0.3,40.6,51.2,91.6,2632.3,2632.6,1868.8,1869.1,2907.1,0.0] [PKTLENS.....: 78,74,66,87,66,87,66,970,66,850,66,90,218,66,210,786,66,82,66,114,66,114,66,130,66,146,66,210,66,146,66,210] end: [.....1] [ip4][..tcp] [...172.16.238.1][58395] -> [.172.16.238.168][...22] [SSH][RemoteAccess][Acceptable] RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher diff --git a/test/results/flow-info/starcraft_battle.pcap.out b/test/results/flow-info/starcraft_battle.pcap.out index 0ced38f42..186b5e91a 100644 --- a/test/results/flow-info/starcraft_battle.pcap.out +++ b/test/results/flow-info/starcraft_battle.pcap.out @@ -42,13 +42,13 @@ detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer, Suspicious DGA Domain name analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Download][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.072| 0.012| 0.024| 562.008| 0.000] [PKTLEN......: 54.000| 1514.000| 699.500| 719.000|516967.300| 4.100] [BINS(c->s)..: 15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 58058,58113,96,58244,14251,72387,112,82,193,195,145,152,166,165,184,184,148,146,165,165,56805,56877,234,178,216,245,157,122,91,74,234,0] + [IATS(ms)....: 58.1,58.1,0.1,58.2,14.3,72.4,0.1,0.1,0.2,0.2,0.1,0.2,0.2,0.2,0.2,0.2,0.1,0.1,0.2,0.2,56.8,56.9,0.2,0.2,0.2,0.2,0.2,0.1,0.1,0.1,0.2,0.0] [PKTLENS.....: 66,66,54,241,60,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514] new: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] detected: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Game][Fun] @@ -86,13 +86,13 @@ detected: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Game][Fun] detected: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Web][Acceptable] analyse: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Game][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.166| 0.038| 0.053| 2837.592| 0.000] [PKTLEN......: 54.000| 797.000| 116.400| 136.000|18494.500| 4.500] [BINS(c->s)..: 23,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 52549,52614,94628,145687,24327,95105,95914,166321,70940,49609,160290,31197,128649,15235,41,28,25,24,29,35,25,23,24,30,27,23,28,23,22,29,22,0] + [IATS(ms)....: 52.5,52.6,94.6,145.7,24.3,95.1,95.9,166.3,70.9,49.6,160.3,31.2,128.6,15.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 66,60,54,156,60,797,54,234,317,54,249,60,122,56,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77] new: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] new: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119] @@ -129,13 +129,13 @@ detected: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] detected: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] analyse: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.034| 0.007| 0.013| 169.003| 0.000] [PKTLEN......: 54.000| 1514.000| 880.800| 718.400|516058.300| 4.400] [BINS(c->s)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] - [IATS........: 32476,32510,1623,34324,1138,65,33880,153,130,283,141,278,419,213,122,339,108,139,244,139,597,734,100,131,232,130,134,265,32899,285,33184,0] + [IATS(ms)....: 32.5,32.5,1.6,34.3,1.1,0.1,33.9,0.2,0.1,0.3,0.1,0.3,0.4,0.2,0.1,0.3,0.1,0.1,0.2,0.1,0.6,0.7,0.1,0.1,0.2,0.1,0.1,0.3,32.9,0.3,33.2,0.0] [PKTLENS.....: 66,66,54,203,60,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54] guessed: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119] [Starcraft][Game][Fun] idle: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119] diff --git a/test/results/flow-info/stun.pcap.out b/test/results/flow-info/stun.pcap.out index 6e7012c4f..0ed7b85bf 100644 --- a/test/results/flow-info/stun.pcap.out +++ b/test/results/flow-info/stun.pcap.out @@ -6,13 +6,13 @@ update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] analyse: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.003| 10.359| 9.105| 2.980|8880623.976| 0.000] [PKTLEN......: 82.000| 106.000| 94.000| 12.000| 144.000| 5.000] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259,0] + [IATS(ms)....: 6.9,10132.2,10132.3,10358.5,2.9,10358.5,2.9,10055.4,10055.5,10056.9,10056.9,10057.2,10057.2,10053.9,10054.0,10069.5,10069.5,10027.1,10027.1,10027.3,10027.3,10064.0,10063.9,10098.3,10098.4,10035.5,10035.4,10061.4,10061.4,10028.4,10028.3,0.0] [PKTLENS.....: 82,106,82,106,82,82,106,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106] update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] DAEMON-EVENT: [Processed: 42 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -21,13 +21,13 @@ detected: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.004| 0.447| 1.463|2139022.033| 0.000] [PKTLEN......: 70.000| 182.000| 153.600| 32.100| 1033.400| 5.000] [BINS(c->s)..: 1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1] - [IATS........: 11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153,0] + [IATS(ms)....: 11.5,15.6,15.9,6004.4,4.7,5997.4,4.5,7.5,7.1,108.4,344.5,499.2,68.5,0.2,19.7,29.0,92.2,23.6,96.4,1.6,50.3,48.3,0.3,50.1,3.3,0.0,52.9,0.4,9.7,44.9,232.2,0.0] [PKTLENS.....: 70,146,178,118,182,182,154,182,154,86,178,178,174,182,142,86,178,142,174,142,178,174,142,178,142,174,142,182,142,86,174,174] idle: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] DAEMON-EVENT: [Processed: 117 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -41,13 +41,13 @@ new: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] detected: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][VoIP][Acceptable] analyse: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.836| 0.131| 0.227|51553.292| 0.000] [PKTLEN......: 76.000| 1240.000| 193.200| 221.300|48965.100| 4.500] [BINS(c->s)..: 0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0] - [IATS........: 22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681,0] + [IATS(ms)....: 22.9,25.6,18.8,27.0,9.0,16.5,8.2,0.0,96.0,9.4,96.1,13.9,9.7,14.0,0.0,0.0,28.4,12.0,233.2,17.4,835.9,625.3,352.7,699.8,203.7,550.7,72.1,9.0,20.6,28.1,14.7,0.0] [PKTLENS.....: 150,134,195,154,1240,588,134,123,612,123,154,159,175,134,155,107,111,107,127,76,107,154,134,76,124,154,134,108,108,109,109,109] idle: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][VoIP][Acceptable] idle: [.....3] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Network][Acceptable] diff --git a/test/results/flow-info/stun_signal.pcapng.out b/test/results/flow-info/stun_signal.pcapng.out index 3ab39e963..2289e243b 100644 --- a/test/results/flow-info/stun_signal.pcapng.out +++ b/test/results/flow-info/stun_signal.pcapng.out @@ -33,13 +33,13 @@ detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.AmazonAWS][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.679| 0.149| 0.201|40331.911| 0.000] [PKTLEN......: 70.000| 146.000| 105.900| 24.900| 621.500| 5.000] [BINS(c->s)..: 4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1] - [IATS........: 83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177,0] + [IATS(ms)....: 83.9,0.0,92.5,7.8,46.1,91.4,0.0,37.9,40.0,9.1,41.9,367.7,0.1,441.0,0.0,600.8,610.2,117.9,49.9,49.8,64.2,212.9,679.4,8.7,0.0,503.8,102.9,201.0,101.8,9.3,62.2,0.0] [PKTLENS.....: 138,106,138,106,146,146,106,138,106,106,138,106,98,70,98,70,138,106,98,98,138,106,70,98,70,70,70,138,106,98,70,98] update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][Network][Acceptable] detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.AmazonAWS][Cloud][Acceptable] @@ -47,13 +47,13 @@ detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 17.079| 1.597| 3.547|12584568.750| 0.000] [PKTLEN......: 90.000| 138.000| 95.500| 11.600| 133.800| 5.000] [BINS(c->s)..: 0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065,0] + [IATS(ms)....: 4.1,63.0,0.0,180.8,3.5,1499.2,2002.8,0.0,4842.0,0.1,17079.4,30.0,28.1,10.0,178.6,30.7,1472.4,2000.5,31.0,3968.8,29.9,37.3,7.8,7927.3,28.5,35.4,6.5,7931.2,29.2,34.6,5.1,0.0] [PKTLENS.....: 90,90,98,98,90,90,90,90,90,138,138,90,90,98,98,90,90,90,90,90,90,90,98,98,90,90,98,98,90,90,98,98] update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port @@ -89,13 +89,13 @@ detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.665| 0.153| 0.189|35784.253| 0.000] [PKTLEN......: 70.000| 146.000| 108.200| 24.600| 605.900| 5.000] [BINS(c->s)..: 3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0] - [IATS........: 68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176,0] + [IATS(ms)....: 68.5,0.1,70.3,29.3,44.7,113.4,0.0,43.2,26.5,8.5,31.0,313.6,0.3,410.7,0.0,665.0,630.5,122.5,190.5,61.6,378.1,7.9,325.5,42.2,76.0,424.9,96.8,5.4,434.3,47.7,66.2,0.0] [PKTLENS.....: 138,106,138,106,146,146,106,138,106,106,138,106,98,70,98,70,138,106,138,106,98,98,70,70,70,98,138,98,70,106,138,106] update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable] update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable] diff --git a/test/results/flow-info/teams.pcap.out b/test/results/flow-info/teams.pcap.out index 7085cba5d..16882c437 100644 --- a/test/results/flow-info/teams.pcap.out +++ b/test/results/flow-info/teams.pcap.out @@ -20,13 +20,13 @@ detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.030| 0.006| 0.009| 77.930| 0.000] [PKTLEN......: 54.000| 1506.000| 407.900| 548.100|300365.600| 3.900] [BINS(c->s)..: 10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0] - [IATS........: 12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537,0] + [IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5,0.0] [PKTLENS.....: 78,66,54,264,60,1506,1506,54,1506,54,1506,271,54,212,60,380,54,123,54,147,92,312,92,60,54,60,570,54,1506,1506,685,54] detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] @@ -36,13 +36,13 @@ detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable] detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable] analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.221| 0.032| 0.054| 2931.592| 0.000] [PKTLEN......: 66.000| 1506.000| 921.900| 687.500|472618.500| 4.500] [BINS(c->s)..: 5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0] [BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0] - [IATS........: 43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3,0] + [IATS(ms)....: 43.2,43.3,94.0,139.8,0.2,45.9,0.1,0.1,1.4,46.8,45.4,177.2,0.0,0.0,221.2,44.0,0.0,0.0,0.0,21.3,21.2,0.0,23.0,23.0,0.0,0.0,0.0,1.2,1.2,0.0,0.0,0.0] [PKTLENS.....: 78,74,66,240,1506,1506,66,1389,66,159,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,66,1494,1494,1494,1494,66,1494,1494,1494] detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS @@ -53,22 +53,22 @@ detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.050| 0.018| 0.021| 449.200| 0.000] [PKTLEN......: 66.000| 1506.000| 694.600| 673.100|453031.800| 4.200] [BINS(c->s)..: 7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0] - [IATS........: 45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321,0] + [IATS(ms)....: 45.3,45.4,0.3,49.2,0.0,48.8,0.2,0.2,1.3,46.5,45.3,1.9,0.0,0.0,47.7,45.8,0.0,0.0,0.0,37.7,37.7,0.0,8.0,8.1,0.0,0.7,37.0,7.8,4.3,49.8,1.3,0.0] [PKTLENS.....: 78,74,66,272,1506,1389,78,1506,66,159,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,66,1494,839,66,66,66,511,66,97] analyse: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.050| 0.005| 0.010| 94.878| 0.000] [PKTLEN......: 54.000| 1506.000| 430.000| 569.700|324516.500| 3.900] [BINS(c->s)..: 8,1,2,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 7,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,0,0,0,0,1,1,0,1,1,1,1,1] - [IATS........: 11421,11522,225,11256,2751,92,13830,124,124,124,3,141,4803,15532,11803,1342,15,233,10,306,235,4,56,10886,31,10351,1699,244,14,50397,30,0] + [IATS(ms)....: 11.4,11.5,0.2,11.3,2.8,0.1,13.8,0.1,0.1,0.1,0.0,0.1,4.8,15.5,11.8,1.3,0.0,0.2,0.0,0.3,0.2,0.0,0.1,10.9,0.0,10.4,1.7,0.2,0.0,50.4,0.0,0.0] [PKTLENS.....: 78,66,54,268,60,1506,1506,54,1506,54,1506,271,54,212,60,147,380,123,54,54,92,1494,1061,138,60,92,54,60,60,60,1506,1069] detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] ERROR-EVENT: Unknown packet type @@ -143,13 +143,13 @@ detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe] detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe] analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.153| 0.028| 0.040| 1626.047| 0.000] [PKTLEN......: 66.000| 1506.000| 833.700| 699.200|488828.900| 4.400] [BINS(c->s)..: 5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0] - [IATS........: 50532,50647,291,64604,72036,210,136507,124,96,1421,68048,86231,152917,2268,6,3,46387,44112,4,2,3,23630,23615,4,20861,20866,7,7,3,845,765,0] + [IATS(ms)....: 50.5,50.6,0.3,64.6,72.0,0.2,136.5,0.1,0.1,1.4,68.0,86.2,152.9,2.3,0.0,0.0,46.4,44.1,0.0,0.0,0.0,23.6,23.6,0.0,20.9,20.9,0.0,0.0,0.0,0.8,0.8,0.0] [PKTLENS.....: 78,74,66,272,66,1506,1506,66,1389,66,159,66,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,66,1494,1494,1494,1494,66,1494] detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS @@ -159,13 +159,13 @@ detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe] RISK: Known Proto on Non Std Port analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.201| 0.025| 0.047| 2215.159| 0.000] [PKTLEN......: 54.000| 1506.000| 354.200| 510.300|260451.700| 3.900] [BINS(c->s)..: 11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1] - [IATS........: 45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222,0] + [IATS(ms)....: 45.7,45.8,0.2,47.9,0.0,47.7,0.0,0.1,0.2,0.1,0.2,9.9,9.9,3.5,10.4,0.4,51.4,37.1,0.2,0.2,0.2,7.1,7.0,1.3,1.2,79.2,201.4,0.0,0.0,167.5,0.2,0.0] [PKTLENS.....: 78,66,54,273,1506,1506,66,54,54,1506,1506,54,467,54,212,147,517,105,54,123,54,92,92,54,493,54,60,1494,164,220,60,96] new: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] @@ -179,13 +179,13 @@ detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Collaborative][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.115| 0.021| 0.031| 968.681| 0.000] [PKTLEN......: 66.000| 1506.000| 391.200| 521.700|272149.200| 4.000] [BINS(c->s)..: 11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] [BINS(s->c)..: 3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1] - [IATS........: 34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185,0] + [IATS(ms)....: 34.2,34.3,0.3,36.9,0.0,36.6,0.0,0.2,0.2,0.1,0.0,0.1,1.0,12.0,0.3,36.0,22.7,0.2,0.2,0.1,10.4,10.3,0.6,0.6,77.1,91.7,0.0,49.1,80.4,115.1,0.2,0.0] [PKTLENS.....: 78,74,66,287,1506,1506,78,66,1506,66,1506,316,66,192,159,547,117,66,135,66,104,104,66,428,66,66,1494,261,66,241,66,1153] ERROR-EVENT: Unknown packet type new: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] @@ -195,24 +195,24 @@ detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable] analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.010| 0.146| 0.490|239614.050| 0.000] [PKTLEN......: 54.000| 1506.000| 319.200| 468.100|219152.800| 3.900] [BINS(c->s)..: 9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1] - [IATS........: 12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632,0] + [IATS(ms)....: 12.7,12.8,0.2,12.4,2.5,0.3,14.9,0.5,0.5,0.2,0.0,0.8,4.9,17.1,1.4,0.0,13.1,0.0,0.2,0.3,0.1,11.8,0.0,11.2,0.1,0.6,112.9,113.7,1998.1,2009.8,174.6,0.0] [PKTLENS.....: 78,66,54,271,60,1506,1506,54,1506,54,1506,195,54,212,60,380,123,54,54,147,92,575,60,92,54,60,60,454,54,356,60,359] detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] ERROR-EVENT: Unknown packet type analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.540| 0.024| 0.095| 8949.939| 0.000] [PKTLEN......: 54.000| 1506.000| 345.500| 473.500|224192.200| 4.000] [BINS(c->s)..: 9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0] - [IATS........: 11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314,0] + [IATS(ms)....: 11.5,11.6,0.3,11.9,32.5,0.1,44.2,0.2,0.0,0.2,3.8,7.7,0.3,0.1,14.6,1.5,0.0,4.2,0.0,0.3,6.5,0.5,6.7,4.3,9.9,14.2,10.7,10.7,539.6,0.0,0.3,0.0] [PKTLENS.....: 78,66,54,265,60,1506,1506,54,1506,94,54,212,147,592,186,60,380,123,54,54,92,60,92,54,60,703,54,373,54,1494,708,262] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable] new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] @@ -259,13 +259,13 @@ detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.154| 0.015| 0.036| 1274.324| 0.000] [PKTLEN......: 54.000| 1506.000| 599.700| 671.400|450756.000| 4.100] [BINS(c->s)..: 10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1] - [IATS........: 12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243,0] + [IATS(ms)....: 12.9,13.0,0.5,12.4,2.0,1.5,15.4,0.1,0.1,0.1,0.0,0.1,21.6,33.0,11.5,11.7,0.1,11.8,0.6,13.4,140.4,0.7,154.0,0.2,0.2,0.2,0.2,0.5,0.0,0.1,0.2,0.0] [PKTLENS.....: 78,66,54,240,60,1506,1506,54,1506,54,1506,182,54,161,60,105,60,105,54,1136,60,1506,1506,54,1331,54,1506,1506,54,54,1506,1506] detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS @@ -281,13 +281,13 @@ detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.053| 0.020| 0.022| 492.470| 0.000] [PKTLEN......: 66.000| 1506.000| 654.900| 667.900|446080.700| 4.200] [BINS(c->s)..: 9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0] - [IATS........: 48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111,0] + [IATS(ms)....: 48.6,48.7,0.3,51.0,0.1,50.7,0.0,0.3,0.3,1.7,49.8,48.1,1.4,0.0,0.0,50.5,49.1,0.0,0.0,0.0,37.2,37.2,0.0,11.5,11.5,1.0,36.0,16.0,53.0,0.7,0.1,0.0] [PKTLENS.....: 78,74,66,272,1506,1506,78,66,1389,66,159,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,66,999,66,66,511,66,97,66] ERROR-EVENT: Unknown packet type new: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] @@ -308,26 +308,26 @@ RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Azure][Cloud][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.126| 0.019| 0.032| 1006.354| 0.000] [PKTLEN......: 66.000| 1506.000| 359.200| 499.900|249913.200| 4.000] [BINS(c->s)..: 12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [BINS(s->c)..: 2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0] - [IATS........: 29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561,0] + [IATS(ms)....: 29.5,29.6,0.2,45.7,0.2,45.7,0.1,0.1,0.1,0.1,0.0,0.1,0.6,23.2,0.2,30.2,0.0,6.1,0.0,0.2,22.9,22.6,1.5,1.4,2.9,0.0,32.7,0.2,30.1,125.5,125.6,0.0] [PKTLENS.....: 78,74,66,280,1506,1506,78,1506,66,66,1506,295,66,159,159,438,117,135,66,66,104,104,66,562,66,1379,149,66,108,66,524,66] new: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] detected: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.162| 0.032| 0.044| 1964.919| 0.000] [PKTLEN......: 66.000| 1506.000| 750.700| 694.000|481656.100| 4.300] [BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0] [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1] - [IATS........: 48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749,0] + [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7,0.0] [PKTLENS.....: 78,74,66,272,272,78,1506,1506,66,1389,66,159,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,1494,1494,66,1476,66,66,66] detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS @@ -350,23 +350,23 @@ detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe] ERROR-EVENT: Unknown packet type analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.277| 0.019| 0.049| 2449.644| 0.000] [PKTLEN......: 66.000| 1506.000| 384.200| 512.100|262257.700| 4.000] [BINS(c->s)..: 11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1] - [IATS........: 19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869,0] + [IATS(ms)....: 19.2,19.3,0.2,22.0,0.0,21.8,0.0,0.2,0.2,0.2,0.0,0.2,1.1,12.3,0.3,19.9,0.0,6.3,0.0,0.6,12.0,11.4,1.5,1.4,55.0,62.1,0.0,25.5,0.0,18.4,276.9,0.0] [PKTLENS.....: 78,74,66,288,1506,1506,78,66,1506,66,1506,485,66,192,159,539,117,135,66,66,104,104,66,525,66,66,1060,148,66,108,66,1349] ERROR-EVENT: Unknown packet type analyse: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Collaborative][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 8.978| 0.329| 1.582|2503841.415| 0.000] [PKTLEN......: 54.000| 1506.000| 353.200| 486.100|236250.500| 4.000] [BINS(c->s)..: 10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1] - [IATS........: 47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7,0] + [IATS(ms)....: 47.1,47.2,0.5,44.4,0.0,43.9,0.0,0.0,0.2,0.1,0.0,0.2,0.0,4.4,9.7,0.3,46.5,32.1,0.5,0.4,0.1,18.9,1.4,20.2,62.9,403.2,425.0,8978.2,0.0,0.0,0.0,0.0] [PKTLENS.....: 78,66,54,290,1506,1506,66,54,54,1506,1506,323,54,54,212,147,582,105,54,123,54,92,60,423,54,60,1114,60,425,429,100,92] new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] ERROR-EVENT: Unknown packet type @@ -442,13 +442,13 @@ detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.567| 0.072| 0.275|75449.426| 0.000] [PKTLEN......: 54.000| 1506.000| 270.900| 427.000|182315.300| 3.800] [BINS(c->s)..: 15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1] - [IATS........: 44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873,0] + [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9,0.0] [PKTLENS.....: 78,66,54,241,1506,66,1506,602,66,66,1506,602,66,54,602,180,54,54,54,161,60,99,60,105,54,155,238,54,85,54,60,60] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type @@ -460,13 +460,13 @@ new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Network][Acceptable] analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.168| 0.160| 0.366|133702.353| 0.000] [PKTLEN......: 80.000| 1256.000| 267.400| 374.400|140199.200| 4.100] [BINS(c->s)..: 0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257,0] + [IATS(ms)....: 24.8,0.2,101.3,1168.2,1167.0,967.1,50.8,1119.2,0.0,0.0,51.0,80.3,2.0,2.7,3.7,0.0,0.0,0.0,10.7,24.2,9.3,21.5,4.5,19.9,25.3,9.2,24.4,24.6,9.5,26.0,24.3,0.0] [PKTLENS.....: 154,130,154,130,158,130,152,150,80,1256,1256,150,115,80,1256,1256,84,208,140,108,110,117,122,124,116,112,126,120,117,115,116,116] idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] end: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe] diff --git a/test/results/flow-info/teamviewer.pcap.out b/test/results/flow-info/teamviewer.pcap.out index fa7eac76b..bdf9eeb9c 100644 --- a/test/results/flow-info/teamviewer.pcap.out +++ b/test/results/flow-info/teamviewer.pcap.out @@ -2,25 +2,25 @@ new: [.....1] [ip4][..tcp] [......10.0.2.15][35732] -> [..162.250.2.170][.5938] detected: [.....1] [ip4][..tcp] [......10.0.2.15][35732] -> [..162.250.2.170][.5938] [TeamViewer][RemoteAccess][Acceptable] analyse: [.....1] [ip4][..tcp] [......10.0.2.15][35732] -> [..162.250.2.170][.5938] [TeamViewer][RemoteAccess][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.274| 0.067| 0.088| 7794.386| 0.000] [PKTLEN......: 54.000| 1514.000| 383.000| 516.400|266637.300| 3.900] [BINS(c->s)..: 5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1] - [IATS........: 136273,137235,573,1795,12093,11937,35737,56,35774,25,88318,88631,11617,11587,151937,89,151972,35682,35919,255841,274397,18558,256484,257570,1057,306,258,28908,45,29127,29,0] + [IATS(ms)....: 136.3,137.2,0.6,1.8,12.1,11.9,35.7,0.1,35.8,0.0,88.3,88.6,11.6,11.6,151.9,0.1,152.0,35.7,35.9,255.8,274.4,18.6,256.5,257.6,1.1,0.3,0.3,28.9,0.0,29.1,0.0,0.0] [PKTLENS.....: 74,58,60,91,54,120,54,1514,432,54,54,102,60,201,60,1514,1290,60,1132,54,1143,1155,54,494,110,54,102,54,1514,429,54,54] new: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] detected: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] [TeamViewer][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing analyse: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] [TeamViewer][RemoteAccess][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.443| 0.037| 0.097| 9363.771| 0.000] [PKTLEN......: 58.000| 1066.000| 452.800| 450.400|202865.500| 4.300] [BINS(c->s)..: 0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,7,4,1,2,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 12327,12251,57,40726,3898,3159,6600,81845,9028,72,7415,9247,442863,41858,345075,64,9,8,11,9,7,2034,57,13,9567,57,8,51028,58831,63,12,0] + [IATS(ms)....: 12.3,12.3,0.1,40.7,3.9,3.2,6.6,81.8,9.0,0.1,7.4,9.2,442.9,41.9,345.1,0.1,0.0,0.0,0.0,0.0,0.0,2.0,0.1,0.0,9.6,0.1,0.0,51.0,58.8,0.1,0.0,0.0] [PKTLENS.....: 138,138,506,1066,62,98,90,90,90,191,118,66,66,90,90,1066,1066,1066,1066,1066,1066,1066,1066,1066,1066,182,118,118,58,239,131,85] update: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] [TeamViewer][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing diff --git a/test/results/flow-info/telegram.pcap.out b/test/results/flow-info/telegram.pcap.out index 6ca903744..528ff31c0 100644 --- a/test/results/flow-info/telegram.pcap.out +++ b/test/results/flow-info/telegram.pcap.out @@ -28,22 +28,22 @@ new: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] detected: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] [MDNS][Network][Acceptable] analyse: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.089| 0.260| 0.238|56779.682| 0.000] [PKTLEN......: 142.000| 308.000| 198.700| 56.400| 3176.800| 4.900] [BINS(c->s)..: 0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 549364,840,252816,249231,102809,152763,104881,141371,2649,102162,252500,506171,1089013,524484,451,254547,249123,108883,146831,101026,145194,2416,102114,255962,497942,504741,600172,564928,424,248284,249193,0] + [IATS(ms)....: 549.4,0.8,252.8,249.2,102.8,152.8,104.9,141.4,2.6,102.2,252.5,506.2,1089.0,524.5,0.5,254.5,249.1,108.9,146.8,101.0,145.2,2.4,102.1,256.0,497.9,504.7,600.2,564.9,0.4,248.3,249.2,0.0] [PKTLENS.....: 142,233,308,169,153,169,153,211,184,308,153,167,275,142,233,308,169,153,169,153,211,184,308,153,167,211,167,142,233,308,169,153] analyse: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.089| 0.260| 0.238|56762.626| 0.000] [PKTLEN......: 162.000| 328.000| 218.700| 56.400| 3176.800| 5.000] [BINS(c->s)..: 0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 549636,368,252675,249340,102637,153314,104807,140890,2645,102602,252497,506250,1088510,524637,499,254511,249377,108993,147062,100772,145197,1893,102609,256062,497966,504718,600438,564206,375,249009,248380,0] + [IATS(ms)....: 549.6,0.4,252.7,249.3,102.6,153.3,104.8,140.9,2.6,102.6,252.5,506.2,1088.5,524.6,0.5,254.5,249.4,109.0,147.1,100.8,145.2,1.9,102.6,256.1,498.0,504.7,600.4,564.2,0.4,249.0,248.4,0.0] [PKTLENS.....: 162,253,328,189,173,189,173,231,204,328,173,187,295,162,253,328,189,173,189,173,231,204,328,173,187,231,187,162,253,328,189,173] detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] detection-update: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] @@ -78,26 +78,26 @@ detected: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521] [Telegram][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.501| 0.118| 0.112|12556.351| 0.000] [PKTLEN......: 74.000| 234.000| 158.000| 57.300| 3288.000| 4.900] [BINS(c->s)..: 0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,4,4,0,8,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,1,0,1,1,1,1,1,1,0,1] - [IATS........: 33725,303789,500928,195774,135671,308435,212114,658,38919,154099,154494,74510,133656,63749,29902,38640,63854,177395,37753,25997,43596,64156,189778,58771,4478,63507,64504,42995,64523,315929,64393,0] + [IATS(ms)....: 33.7,303.8,500.9,195.8,135.7,308.4,212.1,0.7,38.9,154.1,154.5,74.5,133.7,63.7,29.9,38.6,63.9,177.4,37.8,26.0,43.6,64.2,189.8,58.8,4.5,63.5,64.5,43.0,64.5,315.9,64.4,0.0] [PKTLENS.....: 82,106,138,82,106,138,138,74,138,90,82,106,234,138,234,138,234,218,138,138,218,234,218,82,106,218,218,202,218,218,138,234] new: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] detected: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable] detection-update: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable] RISK: Suspicious DNS Traffic analyse: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.042| 1.999| 0.261| 0.473|223426.380| 0.000] [PKTLEN......: 90.000| 282.000| 205.500| 54.500| 2971.800| 4.900] [BINS(c->s)..: 0,1,2,0,0,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,3,0,0,5,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,0,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 176557,505731,492773,1175336,327643,331901,1681273,64229,63452,64312,42308,63943,1998754,63768,58341,64131,69558,64360,57812,43094,58078,62201,58103,63786,58195,64166,58195,62003,69553,66619,57696,0] + [IATS(ms)....: 176.6,505.7,492.8,1175.3,327.6,331.9,1681.3,64.2,63.5,64.3,42.3,63.9,1998.8,63.8,58.3,64.1,69.6,64.4,57.8,43.1,58.1,62.2,58.1,63.8,58.2,64.2,58.2,62.0,69.6,66.6,57.7,0.0] [PKTLENS.....: 122,122,122,90,106,90,106,234,266,282,266,266,250,218,234,234,234,218,202,234,218,218,218,234,218,218,218,218,234,218,234,234] not-detected: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] [Unknown][Unrated] new: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] @@ -139,23 +139,23 @@ new: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] detected: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] analyse: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] [Telegram][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.008| 0.505| 0.099| 0.138|18965.475| 0.000] [PKTLEN......: 74.000| 234.000| 158.000| 55.400| 3064.000| 4.900] [BINS(c->s)..: 0,5,0,4,0,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1] - [IATS........: 38704,504672,472194,31371,48787,83063,90104,75511,57499,58021,58053,58125,51991,386634,9517,8470,27260,36050,21667,40197,58112,58011,58152,57862,69999,57869,58016,8183,436304,11258,25605,0] + [IATS(ms)....: 38.7,504.7,472.2,31.4,48.8,83.1,90.1,75.5,57.5,58.0,58.1,58.1,52.0,386.6,9.5,8.5,27.3,36.0,21.7,40.2,58.1,58.0,58.2,57.9,70.0,57.9,58.0,8.2,436.3,11.3,25.6,0.0] [PKTLENS.....: 82,106,82,138,106,138,138,74,218,218,218,234,218,82,138,138,218,106,138,218,90,218,218,202,218,202,218,218,82,138,138,106] new: [....44] [ip4][..udp] [...192.168.1.77][28150] -> [..87.11.205.195][59772] analyse: [....40] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.1][..533] [Telegram][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.007| 0.505| 0.113| 0.151|22855.887| 0.000] [PKTLEN......: 74.000| 218.000| 157.000| 54.200| 2943.000| 4.900] [BINS(c->s)..: 0,5,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,4,5,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,1] - [IATS........: 34096,504936,476895,26281,48588,90140,359286,474896,22927,53992,44091,48774,32735,70515,63740,63677,64572,42031,447918,51385,12513,7087,54201,56023,36226,28925,63945,41904,63934,64562,64617,0] + [IATS(ms)....: 34.1,504.9,476.9,26.3,48.6,90.1,359.3,474.9,22.9,54.0,44.1,48.8,32.7,70.5,63.7,63.7,64.6,42.0,447.9,51.4,12.5,7.1,54.2,56.0,36.2,28.9,63.9,41.9,63.9,64.6,64.6,0.0] [PKTLENS.....: 82,106,82,138,106,138,74,82,138,106,138,90,138,218,218,202,218,218,218,82,138,218,106,138,218,138,218,218,202,218,202,218] new: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] detected: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] diff --git a/test/results/flow-info/telnet.pcap.out b/test/results/flow-info/telnet.pcap.out index 1e9a1a938..8320b0ab7 100644 --- a/test/results/flow-info/telnet.pcap.out +++ b/test/results/flow-info/telnet.pcap.out @@ -9,13 +9,13 @@ detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe] RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.233| 0.125| 0.337|113396.253| 0.000] [PKTLEN......: 66.000| 151.000| 77.200| 18.800| 354.000| 5.000] [BINS(c->s)..: 15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0] - [IATS........: 2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372,0] + [IATS(ms)....: 2.5,2.6,1.6,147.8,146.2,0.2,1.6,1.7,3.3,1.3,0.6,1.8,1.1,2.4,3.6,0.6,1.2,22.3,20.4,1.2,13.8,15.0,1.2,0.8,12.8,12.2,20.0,1107.3,1100.0,1232.8,1.4,0.0] [PKTLENS.....: 74,74,66,93,69,66,69,66,91,130,66,84,75,66,90,66,151,66,69,69,66,78,72,66,81,66,98,66,73,66,72,66] detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe] RISK: Unsafe Protocol diff --git a/test/results/flow-info/tftp.pcap.out b/test/results/flow-info/tftp.pcap.out index 465fc3451..02ae7ad35 100644 --- a/test/results/flow-info/tftp.pcap.out +++ b/test/results/flow-info/tftp.pcap.out @@ -13,13 +13,13 @@ detected: [.....4] [ip4][..udp] [...192.168.0.10][.3445] -> [..192.168.0.253][50618] [TFTP][DataTransfer][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....4] [ip4][..udp] [...192.168.0.10][.3445] -> [..192.168.0.253][50618] [TFTP][DataTransfer][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] [PKTLEN......: 60.000| 558.000| 309.000| 249.000|62001.000| 4.500] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60] DAEMON-EVENT: [Processed: 101 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/tinc.pcap.out b/test/results/flow-info/tinc.pcap.out index bf88815dd..9b715901b 100644 --- a/test/results/flow-info/tinc.pcap.out +++ b/test/results/flow-info/tinc.pcap.out @@ -14,22 +14,22 @@ detected: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656] [TINC][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....3] [ip4][..udp] [.131.114.168.27][55655] -> [.185.83.218.112][55655] [TINC][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.070| 0.172| 0.377|142420.984| 0.000] [PKTLEN......: 190.000| 1510.000| 1149.200| 450.400|202833.500| 4.900] [BINS(c->s)..: 0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,2,6,0,0] [BINS(s->c)..: 0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,6,0,0] [DIRECTIONS..: 0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,0,0] - [IATS........: 157,27472,47,25,27522,244,68,237,181,126,15445,30,41839,33,23,1057953,304,258,1003680,53,1840,184,45315,102,25,1024085,82,1069532,137,1001358,279,0] + [IATS(ms)....: 0.2,27.5,0.0,0.0,27.5,0.2,0.1,0.2,0.2,0.1,15.4,0.0,41.8,0.0,0.0,1058.0,0.3,0.3,1003.7,0.1,1.8,0.2,45.3,0.1,0.0,1024.1,0.1,1069.5,0.1,1001.4,0.3,0.0] [PKTLENS.....: 686,734,238,1486,782,230,1270,190,1310,1478,774,686,734,1278,190,1310,1358,1478,1374,1486,1502,1486,1494,1358,1486,1374,1502,1502,1502,1494,1510,1494] analyse: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656] [TINC][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.412| 0.291| 0.559|312123.949| 0.000] [PKTLEN......: 118.000| 1494.000| 1025.000| 450.300|202783.000| 4.800] [BINS(c->s)..: 0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,2,1,0,0,1,0,0] [BINS(s->c)..: 0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,2,2,2,0,0,2,3,0,0] [DIRECTIONS..: 0,0,0,1,1,1,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,0] - [IATS........: 50,27,594,482,207,142,1049148,39,24,1048033,86,239,119,120,91,44079,43,25,1044735,279,1021999,20586,1001463,275,241,363633,1001240,149,123,2412459,39,0] + [IATS(ms)....: 0.1,0.0,0.6,0.5,0.2,0.1,1049.1,0.0,0.0,1048.0,0.1,0.2,0.1,0.1,0.1,44.1,0.0,0.0,1044.7,0.3,1022.0,20.6,1001.5,0.3,0.2,363.6,1001.2,0.1,0.1,2412.5,0.0,0.0] [PKTLENS.....: 766,1486,958,734,1270,1486,958,1070,670,334,1062,190,1310,526,670,334,190,1310,526,1478,1374,1374,1374,1486,1350,1318,118,1494,1478,1342,1390,1374] end: [.....2] [ip4][..tcp] [.131.114.168.27][49290] -> [.185.83.218.112][55656] [TINC][VPN][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/tls-appdata.pcap.out b/test/results/flow-info/tls-appdata.pcap.out index 029ed3136..49fd8f9c1 100644 --- a/test/results/flow-info/tls-appdata.pcap.out +++ b/test/results/flow-info/tls-appdata.pcap.out @@ -9,13 +9,13 @@ detected: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] [TLS.Twitch][Video][Fun] end: [.....1] [ip4][..tcp] [.179.60.195.173][..443] -> [..192.168.2.100][60636] analyse: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 15.956| 2.459| 5.752|33086771.298| 0.000] [PKTLEN......: 54.000| 2958.000| 1143.200| 1252.100|1567845.500| 4.000] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,9] [DIRECTIONS..: 0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0] - [IATS........: 2000,15000,3000,16000,1000,1000,15941000,1000,15956000,5000,19000,1000,1000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 2.0,15.0,3.0,16.0,1.0,1.0,15941.0,1.0,15956.0,5.0,19.0,1.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 1506,74,60,1506,2958,54,2958,54,54,2958,2885,54,54,54,54,1506,74,60,1506,2958,54,2958,54,2958,1506,74,60,1506,2958,54,2958,54] detection-update: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] [TLS.Twitch][Video][Fun] DAEMON-EVENT: [Processed: 45 pkts][ZLib][compressions: 0|diff: 0 / 0] diff --git a/test/results/flow-info/tls_certificate_too_long.pcap.out b/test/results/flow-info/tls_certificate_too_long.pcap.out index 1b387e31e..91c179f52 100644 --- a/test/results/flow-info/tls_certificate_too_long.pcap.out +++ b/test/results/flow-info/tls_certificate_too_long.pcap.out @@ -70,22 +70,22 @@ detected: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS.Outlook][Email][Acceptable] detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] analyse: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS.Outlook][Email][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.067| 0.005| 0.015| 217.103| 0.000] [PKTLEN......: 54.000| 1502.000| 423.600| 443.800|196953.100| 4.400] [BINS(c->s)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [BINS(s->c)..: 2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1] - [IATS........: 1268,1,22712,2791,42219,7,1,1,2,1,1,3,1,2,1,1,1,1,2,1,1,1,66556,1,207,4,1,1,0,0,0,0] + [IATS(ms)....: 1.3,0.0,22.7,2.8,42.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,66.6,0.0,0.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 1502,936,1502,1502,1020,54,54,1372,166,112,269,281,285,281,267,273,287,273,275,275,271,281,273,283,273,114,54,54,254,275,341,96] analyse: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS.Outlook][Email][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.048| 0.009| 0.014| 206.122| 0.000] [PKTLEN......: 54.000| 1502.000| 453.200| 490.600|240677.500| 4.200] [BINS(c->s)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1] - [IATS........: 1,1055,23210,47617,37039,8,1,2,1,1,11720,448,454,9939,10211,1,619,25332,48024,32224,8,8662,433,9,3,3,2,1,2,508,12955,0] + [IATS(ms)....: 0.0,1.1,23.2,47.6,37.0,0.0,0.0,0.0,0.0,0.0,11.7,0.4,0.5,9.9,10.2,0.0,0.6,25.3,48.0,32.2,0.0,8.7,0.4,0.0,0.0,0.0,0.0,0.0,0.0,0.5,13.0,0.0] [PKTLENS.....: 1502,936,1292,54,1292,1366,189,273,452,96,99,54,88,54,66,1502,935,708,54,708,1003,445,54,193,253,295,137,96,99,88,54,66] new: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] new: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] diff --git a/test/results/flow-info/tls_long_cert.pcap.out b/test/results/flow-info/tls_long_cert.pcap.out index 6dee0be6f..782424c97 100644 --- a/test/results/flow-info/tls_long_cert.pcap.out +++ b/test/results/flow-info/tls_long_cert.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] analyse: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.034| 0.008| 0.011| 130.013| 0.000] [PKTLEN......: 66.000| 1514.000| 546.900| 584.900|342142.300| 4.200] [BINS(c->s)..: 11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1] - [IATS........: 25199,25284,303,30105,3339,1074,34221,792,742,1850,1850,782,8352,423,28143,18603,6453,607,7069,119,26007,3,43,25894,1,59,186,154,696,4,1,0] + [IATS(ms)....: 25.2,25.3,0.3,30.1,3.3,1.1,34.2,0.8,0.7,1.9,1.9,0.8,8.4,0.4,28.1,18.6,6.5,0.6,7.1,0.1,26.0,0.0,0.0,25.9,0.0,0.1,0.2,0.2,0.7,0.0,0.0,0.0] [PKTLENS.....: 78,74,66,583,66,1514,1514,66,1266,66,855,66,192,159,902,308,66,66,143,66,104,1119,1119,1514,66,66,66,724,66,1514,1514,1514] end: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_verylong_certificate.pcap.out b/test/results/flow-info/tls_verylong_certificate.pcap.out index 132eac076..582d53efb 100644 --- a/test/results/flow-info/tls_verylong_certificate.pcap.out +++ b/test/results/flow-info/tls_verylong_certificate.pcap.out @@ -6,13 +6,13 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Web][Safe] detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe] analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.022| 0.005| 0.007| 43.853| 0.000] [PKTLEN......: 66.000| 1434.000| 532.600| 615.300|378610.900| 4.100] [BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1] - [IATS........: 11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2,0] + [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0,0.0] [PKTLENS.....: 78,74,66,583,66,1434,1434,66,1434,66,1434,276,66,192,117,66,236,1434,1434,118,66,66,66,1434,1434,118,66,66,1434,66,1434,118] detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe] end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe] diff --git a/test/results/flow-info/tor.pcap.out b/test/results/flow-info/tor.pcap.out index 6d66c6e4a..a89d330de 100644 --- a/test/results/flow-info/tor.pcap.out +++ b/test/results/flow-info/tor.pcap.out @@ -45,22 +45,22 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type analyse: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 31.166| 2.329| 7.550|56997495.964| 0.000] [PKTLEN......: 54.000| 1514.000| 369.800| 354.900|125974.500| 4.300] [BINS(c->s)..: 4,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1] - [IATS........: 143824,144206,386,152663,157,159633,171698,164686,190851,113,190713,627,185098,185495,145105,5747,151688,184201,104686,289985,146556,2535956,2930532,30770666,31166013,871,147027,185685,696487,885191,147130,0] + [IATS(ms)....: 143.8,144.2,0.4,152.7,0.2,159.6,171.7,164.7,190.9,0.1,190.7,0.6,185.1,185.5,145.1,5.7,151.7,184.2,104.7,290.0,146.6,2536.0,2930.5,30770.7,31166.0,0.9,147.0,185.7,696.5,885.2,147.1,0.0] [PKTLENS.....: 66,66,60,278,54,983,252,113,128,1514,140,60,640,54,640,54,640,640,54,640,640,54,640,60,640,54,640,640,54,640,640,54] analyse: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 37.996| 2.549| 9.274|86002509.021| 0.000] [PKTLEN......: 54.000| 1514.000| 462.800| 476.200|226793.400| 4.300] [BINS(c->s)..: 5,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,0,1,0,1,1,1,0,1,1] - [IATS........: 70996,71325,6669,104314,10783,112643,88567,84606,73691,120,73665,754,108431,107711,67797,2260,74630,103567,101811,113368,368689,686539,37720424,37995839,68191,67504,104050,189003,360821,68695,181,0] + [IATS(ms)....: 71.0,71.3,6.7,104.3,10.8,112.6,88.6,84.6,73.7,0.1,73.7,0.8,108.4,107.7,67.8,2.3,74.6,103.6,101.8,113.4,368.7,686.5,37720.4,37995.8,68.2,67.5,104.0,189.0,360.8,68.7,0.2,0.0] [PKTLENS.....: 66,66,60,269,54,802,188,113,128,1514,156,60,640,54,640,54,640,640,640,640,54,640,60,640,54,640,54,640,1514,60,1514,1514] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type @@ -102,13 +102,13 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type analyse: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][VPN][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 71.328| 4.658| 14.789|218716025.389| 0.000] [PKTLEN......: 54.000| 1514.000| 344.600| 347.100|120444.200| 4.300] [BINS(c->s)..: 6,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0,0] - [IATS........: 73367,74408,357,74070,3203,80209,86098,83238,77261,90,76164,838,117183,116350,75240,23977,101877,114494,465564,429267,3455,80828,117031,388775,507320,75910,393949,666205,34353103,34399015,71328355,0] + [IATS(ms)....: 73.4,74.4,0.4,74.1,3.2,80.2,86.1,83.2,77.3,0.1,76.2,0.8,117.2,116.3,75.2,24.0,101.9,114.5,465.6,429.3,3.5,80.8,117.0,388.8,507.3,75.9,393.9,666.2,34353.1,34399.0,71328.4,0.0] [PKTLENS.....: 66,66,60,276,54,803,188,113,128,1514,156,60,640,54,640,54,640,640,54,640,54,640,640,54,640,640,54,640,60,640,60,60] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type @@ -136,23 +136,23 @@ detection-update: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) analyse: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][VPN][Potentially Dangerous] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.991| 0.147| 0.220|48576.569| 0.000] [PKTLEN......: 54.000| 1514.000| 362.200| 347.100|120448.800| 4.400] [BINS(c->s)..: 4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1] - [IATS........: 64392,65808,9514,82112,4238,79785,91000,88446,79568,146,78186,925,110026,109380,69120,1548,80197,113582,35660,145791,70785,343658,637547,693937,990883,1625,71983,109022,69049,180072,69902,0] + [IATS(ms)....: 64.4,65.8,9.5,82.1,4.2,79.8,91.0,88.4,79.6,0.1,78.2,0.9,110.0,109.4,69.1,1.5,80.2,113.6,35.7,145.8,70.8,343.7,637.5,693.9,990.9,1.6,72.0,109.0,69.0,180.1,69.9,0.0] [PKTLENS.....: 66,66,60,267,54,802,188,113,128,1514,156,60,640,54,640,54,640,640,54,640,640,54,640,60,640,54,640,640,54,640,640,54] ERROR-EVENT: Unknown packet type analyse: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.755| 0.186| 0.164|26767.544| 0.000] [PKTLEN......: 54.000| 1514.000| 351.400| 355.400|126324.200| 4.300] [BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,0] - [IATS........: 143944,144327,714,149478,37247,195972,163599,153986,192261,56166,215,255054,2118,152835,143919,143900,44572,192109,147551,608487,755290,145485,149387,149841,132696,281585,155046,87778,477208,367752,127492,0] + [IATS(ms)....: 143.9,144.3,0.7,149.5,37.2,196.0,163.6,154.0,192.3,56.2,0.2,255.1,2.1,152.8,143.9,143.9,44.6,192.1,147.6,608.5,755.3,145.5,149.4,149.8,132.7,281.6,155.0,87.8,477.2,367.8,127.5,0.0] [PKTLENS.....: 66,66,60,264,54,983,252,113,128,54,1514,140,60,640,54,640,54,640,640,54,640,640,54,640,54,640,640,54,640,60,640,66] end: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) @@ -243,13 +243,13 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type analyse: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 72.890| 8.727| 22.569|509351076.823| 0.000] [PKTLEN......: 54.000| 1514.000| 326.000| 345.900|119666.800| 4.300] [BINS(c->s)..: 9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0] - [IATS........: 59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034,0] + [IATS(ms)....: 59.4,61.6,13.8,72.1,2.1,62.9,63.5,60.0,79.4,0.3,78.8,1.7,98.3,96.6,56.5,4.5,61.8,64.9,64.0,73.7,275.7,252.8,50.8,9.7,261.4,61538.3,61491.4,72591.4,72890.0,4.0,98.0,0.0] [PKTLENS.....: 66,66,60,263,54,797,188,113,128,1514,140,60,640,54,640,54,640,640,640,640,640,60,640,66,640,60,640,60,60,54,54,60] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type diff --git a/test/results/flow-info/trickbot.pcap.out b/test/results/flow-info/trickbot.pcap.out index 1fe781cb4..9bafcdc01 100644 --- a/test/results/flow-info/trickbot.pcap.out +++ b/test/results/flow-info/trickbot.pcap.out @@ -7,13 +7,13 @@ detection-update: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, HTTP Suspicious Content analyse: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.931| 0.157| 0.258|66793.452| 0.000] [PKTLEN......: 54.000| 1514.000| 944.000| 662.500|438885.500| 4.500] [BINS(c->s)..: 7,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,3,0,0,14,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1] - [IATS........: 245675,245918,203,81,530,37,931085,931328,2339,2280,480234,19,480300,297566,15,8,7,8,7,8,8,7,7,6,9,297680,227938,227937,482874,14,14,0] + [IATS(ms)....: 245.7,245.9,0.2,0.1,0.5,0.0,931.1,931.3,2.3,2.3,480.2,0.0,480.3,297.6,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,297.7,227.9,227.9,482.9,0.0,0.0,0.0] [PKTLENS.....: 66,58,54,403,982,54,54,1412,54,1412,54,1514,1337,54,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,290,54,1412,54,1514,1514,1208] end: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, HTTP Suspicious Content diff --git a/test/results/flow-info/tumblr.pcap.out b/test/results/flow-info/tumblr.pcap.out index f9c635f70..3510c7fa4 100644 --- a/test/results/flow-info/tumblr.pcap.out +++ b/test/results/flow-info/tumblr.pcap.out @@ -12,13 +12,13 @@ detected: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42908] -> [.....................64:ff9b::98c7:1593][..443] [TLS][Web][Safe] new: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [MIDSTREAM] analyse: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42908] -> [.....................64:ff9b::98c7:1593][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.701| 0.084| 0.189|35694.846| 0.000] [PKTLEN......: 86.000| 1486.000| 463.500| 576.400|332266.900| 4.000] [BINS(c->s)..: 11,3,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,1,0,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0] - [IATS........: 870,91738,194148,2,1,2772,104383,700859,700827,1324,5830,44963,352,357119,395282,1534,2,2,1,1,1,1,2,1529,39,13,18,11,13,13,12,0] + [IATS(ms)....: 0.9,91.7,194.1,0.0,0.0,2.8,104.4,700.9,700.8,1.3,5.8,45.0,0.4,357.1,395.3,1.5,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.5,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 468,125,125,86,86,86,125,86,958,86,121,198,86,86,1474,86,98,1486,1486,1486,1486,849,1486,1486,86,86,86,86,86,86,86,86] new: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] [MIDSTREAM] detected: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] @@ -26,24 +26,24 @@ detected: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] new: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] analyse: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.037| 0.003| 0.008| 65.352| 0.000] [PKTLEN......: 86.000| 1486.000| 472.500| 599.100|358951.000| 4.000] [BINS(c->s)..: 14,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0] - [IATS........: 469,25881,1104,10603,37135,1897,1,1911,13,717,678,9927,9935,107,1,101,8,237,229,116,116,308,309,92,91,472,1,479,15,99,79,0] + [IATS(ms)....: 0.5,25.9,1.1,10.6,37.1,1.9,0.0,1.9,0.0,0.7,0.7,9.9,9.9,0.1,0.0,0.1,0.0,0.2,0.2,0.1,0.1,0.3,0.3,0.1,0.1,0.5,0.0,0.5,0.0,0.1,0.1,0.0] [PKTLENS.....: 246,237,86,86,905,86,125,1474,86,86,98,86,1486,86,1486,1474,86,86,98,86,1486,86,1486,86,1474,86,98,1474,86,86,98,86] detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] analyse: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.045| 0.004| 0.009| 88.667| 0.000] [PKTLEN......: 86.000| 1486.000| 622.300| 669.700|448506.000| 4.100] [BINS(c->s)..: 12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0] - [IATS........: 365,4822,355,27249,2992,337,2701,17288,45055,519,518,603,1,579,9,7282,1,7292,34,289,2,248,25,174,1,157,27,1036,1,1005,28,0] + [IATS(ms)....: 0.4,4.8,0.4,27.2,3.0,0.3,2.7,17.3,45.1,0.5,0.5,0.6,0.0,0.6,0.0,7.3,0.0,7.3,0.0,0.3,0.0,0.2,0.0,0.2,0.0,0.2,0.0,1.0,0.0,1.0,0.0,0.0] [PKTLENS.....: 198,125,197,186,86,86,86,86,1486,86,1486,86,1486,1486,86,86,1486,1486,86,86,1486,1486,86,86,1486,1486,86,86,1486,1486,86,86] detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] @@ -51,13 +51,13 @@ detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] analyse: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.048| 0.012| 0.017| 287.486| 0.000] [PKTLEN......: 86.000| 1294.000| 314.700| 381.900|145812.800| 4.200] [BINS(c->s)..: 10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0] - [IATS........: 33179,33247,488,47694,47160,1225,37725,2106,38598,23,3,754,718,796,796,2589,248,171,60,26260,592,1,74,1362,25234,8,0,0,0,0,0,0] + [IATS(ms)....: 33.2,33.2,0.5,47.7,47.2,1.2,37.7,2.1,38.6,0.0,0.0,0.8,0.7,0.8,0.8,2.6,0.2,0.2,0.1,26.3,0.6,0.0,0.1,1.4,25.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,185,86,609,86,1294,1294,1294,86,86,86,558,86,1069,86,160,178,343,142,86,86,86,86,341,341,182,86,86] new: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47118] -> [.................2001:4998:14:800::1001][..443] @@ -67,13 +67,13 @@ new: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [MIDSTREAM] detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Web][Safe] analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.037| 0.004| 0.009| 82.581| 0.000] [PKTLEN......: 86.000| 1486.000| 449.700| 586.000|343353.700| 4.000] [BINS(c->s)..: 8,2,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,1,1,1,1,1,1,0,1,0,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0] - [IATS........: 375,92,385,236,26419,36646,2159,376,10012,21697,203,197,169,221,406,8,175,469,1,620,51,101,150,197,535,21,562,0,0,0,0,0] + [IATS(ms)....: 0.4,0.1,0.4,0.2,26.4,36.6,2.2,0.4,10.0,21.7,0.2,0.2,0.2,0.2,0.4,0.0,0.2,0.5,0.0,0.6,0.1,0.1,0.1,0.2,0.5,0.0,0.6,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 206,125,215,216,157,122,86,86,86,86,86,1486,86,1486,86,1474,98,1486,86,86,1474,98,1341,117,86,86,125,1474,86,98,1474,86] detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Web][Safe] new: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [MIDSTREAM] @@ -87,13 +87,13 @@ detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun] detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun] analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.070| 0.013| 0.021| 430.743| 0.000] [PKTLEN......: 86.000| 1486.000| 377.800| 486.500|236637.800| 4.100] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,4,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,1,0,1,1,1,1,1,0,0,0] - [IATS........: 22637,22712,440,30662,24781,1,1,54941,10,7,4,36,7,1509,240,132,59732,70171,1,28567,37136,504,1,1,500,15,4,0,0,0,0,0] + [IATS(ms)....: 22.6,22.7,0.4,30.7,24.8,0.0,0.0,54.9,0.0,0.0,0.0,0.0,0.0,1.5,0.2,0.1,59.7,70.2,0.0,28.6,37.1,0.5,0.0,0.0,0.5,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1486,1486,1382,1486,86,86,86,86,207,86,150,178,417,417,86,86,86,357,86,357,148,117,1486,422,86,86,86] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [MIDSTREAM] new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [MIDSTREAM] @@ -121,13 +121,13 @@ detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] analyse: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.189| 0.029| 0.050| 2509.587| 0.000] [PKTLEN......: 86.000| 1486.000| 468.000| 568.300|322990.400| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,6,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1] - [IATS........: 21421,21468,523,29545,160398,189403,235,213,14,842,826,3808,144,202,28681,1,1011,77988,2,103570,74,656,29813,79144,108203,110,95,435,441,86,0,0] + [IATS(ms)....: 21.4,21.5,0.5,29.5,160.4,189.4,0.2,0.2,0.0,0.8,0.8,3.8,0.1,0.2,28.7,0.0,1.0,78.0,0.0,103.6,0.1,0.7,29.8,79.1,108.2,0.1,0.1,0.4,0.4,0.1,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1486,86,1486,1382,86,86,1087,86,171,177,537,86,86,86,352,156,86,86,116,86,1486,86,1486,86,1486,86,1486] detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] new: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] @@ -135,35 +135,35 @@ detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable] new: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] analyse: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 19.514| 1.561| 5.288|27962124.534| 0.000] [PKTLEN......: 86.000| 1134.000| 614.100| 520.100|270533.200| 4.400] [BINS(c->s)..: 13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1] - [IATS........: 19473275,346,19513573,40000,58,14,3,47,46,590,601,1080,1,1,1,1081,15,50,4,2,3,4,112,1,1,0,0,0,0,0,0,0] + [IATS(ms)....: 19473.3,0.3,19513.6,40.0,0.1,0.0,0.0,0.0,0.0,0.6,0.6,1.1,0.0,0.0,0.0,1.1,0.0,0.1,0.0,0.0,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 86,172,132,86,1134,86,1134,1134,86,86,1134,86,1134,86,1134,1134,1134,1134,1134,1134,1134,86,86,86,86,86,86,86,1134,1134,1134,1134] detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Web][Safe] detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable] detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable] detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable] analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.067| 0.012| 0.020| 413.573| 0.000] [PKTLEN......: 86.000| 1294.000| 392.400| 464.300|215557.600| 4.100] [BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0] - [IATS........: 67445,67472,269,44078,5271,1,49097,3,94,53,18571,10150,718,42370,12940,229,14297,2020,1,16083,2556,1,2570,25,64,1,22,4,8,0,0,0] + [IATS(ms)....: 67.4,67.5,0.3,44.1,5.3,0.0,49.1,0.0,0.1,0.1,18.6,10.2,0.7,42.4,12.9,0.2,14.3,2.0,0.0,16.1,2.6,0.0,2.6,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,586,86,150,178,364,86,666,86,117,86,117,86,86,535,1294,86,86,1294,1294,1294,86,86,86] analyse: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.083| 0.015| 0.021| 439.399| 0.000] [PKTLEN......: 86.000| 1294.000| 398.200| 474.800|225406.500| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1] - [IATS........: 30258,30298,226,70679,12575,2,1,83018,62,4,882,32413,31475,5911,16277,137,34580,1914,14156,7168,10659,16853,1,1,34679,24,2,2,942,0,0,0] + [IATS(ms)....: 30.3,30.3,0.2,70.7,12.6,0.0,0.0,83.0,0.1,0.0,0.9,32.4,31.5,5.9,16.3,0.1,34.6,1.9,14.2,7.2,10.7,16.9,0.0,0.0,34.7,0.0,0.0,0.0,0.9,0.0,0.0,0.0] [PKTLENS.....: 94,94,86,603,86,1294,1294,325,86,86,86,150,86,666,86,178,117,344,86,117,86,86,86,999,1294,1294,1294,86,86,86,86,1294] detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] [TLS][Web][Safe] detected: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS][Web][Safe] @@ -172,13 +172,13 @@ new: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] [MIDSTREAM] detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] analyse: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 16.589| 1.119| 4.059|16477581.214| 0.000] [PKTLEN......: 86.000| 1365.000| 364.400| 367.900|135349.600| 4.300] [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,1,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0] - [IATS........: 29466,29487,204,37942,9029,46759,696,98,30996,1834,7035,39073,52635,52694,371915,406395,20731,55185,2451,32929,9268,39721,16556740,16588707,11402,43353,16903,58413,9807,93158,46822,0] + [IATS(ms)....: 29.5,29.5,0.2,37.9,9.0,46.8,0.7,0.1,31.0,1.8,7.0,39.1,52.6,52.7,371.9,406.4,20.7,55.2,2.5,32.9,9.3,39.7,16556.7,16588.7,11.4,43.4,16.9,58.4,9.8,93.2,46.8,0.0] [PKTLENS.....: 94,94,86,706,86,356,86,166,503,86,86,373,86,1273,86,838,86,869,86,850,86,356,86,514,86,1365,86,658,86,686,86,670] new: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] [MIDSTREAM] guessed: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48988] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/tunnelbear.pcap.out b/test/results/flow-info/tunnelbear.pcap.out index 83239694f..9f143a4ff 100644 --- a/test/results/flow-info/tunnelbear.pcap.out +++ b/test/results/flow-info/tunnelbear.pcap.out @@ -20,13 +20,13 @@ detected: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe] detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe] analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.266| 0.037| 0.060| 3626.297| 0.000] [PKTLEN......: 54.000| 3711.000| 440.000| 812.300|659832.900| 3.600] [BINS(c->s)..: 7,1,1,1,0,0,0,0,1,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1] - [IATS........: 4811,10763,14,6027,71146,71669,62476,63085,171,99,103,116,2258,2217,58331,58816,497,202,194,148,171,85,633,797,214474,265866,52392,51419,53825,54567,51776,0] + [IATS(ms)....: 4.8,10.8,0.0,6.0,71.1,71.7,62.5,63.1,0.2,0.1,0.1,0.1,2.3,2.2,58.3,58.8,0.5,0.2,0.2,0.1,0.2,0.1,0.6,0.8,214.5,265.9,52.4,51.4,53.8,54.6,51.8,0.0] [PKTLENS.....: 74,54,54,571,54,3711,54,147,54,590,54,590,54,319,54,390,375,54,590,54,164,54,54,92,54,1646,54,705,54,366,54,2885] new: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] new: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] @@ -35,13 +35,13 @@ detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] analyse: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.234| 0.036| 0.055| 3015.001| 0.000] [PKTLEN......: 54.000| 803.000| 163.700| 198.300|39337.400| 4.200] [BINS(c->s)..: 9,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0] - [IATS........: 3428,3938,2003,2864,57273,107978,750,51373,305,140,145,128,138,133,50874,51892,1049,50443,50842,196795,233720,37672,51488,50853,51099,141,51026,454,234,444,1019,0] + [IATS(ms)....: 3.4,3.9,2.0,2.9,57.3,108.0,0.8,51.4,0.3,0.1,0.1,0.1,0.1,0.1,50.9,51.9,1.0,50.4,50.8,196.8,233.7,37.7,51.5,50.9,51.1,0.1,51.0,0.5,0.2,0.4,1.0,0.0] [PKTLENS.....: 74,54,54,571,54,210,54,105,54,590,54,590,54,317,54,132,377,54,92,54,803,54,227,54,92,54,85,54,54,54,54,54] new: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] @@ -91,13 +91,13 @@ detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe] analyse: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.340| 0.040| 0.084| 7024.527| 0.000] [PKTLEN......: 54.000| 2954.000| 254.400| 516.400|266681.900| 3.700] [BINS(c->s)..: 3,3,1,2,0,0,0,0,0,0,2,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,0,1,0,1,1] - [IATS........: 4054,5298,2009,3384,237730,240091,25,2380,9328,9409,226,61,1426,1484,112,59,79,69,100518,152574,52262,7046,20588,16017,10024,8002,820,1293,7036,6175,340372,0] + [IATS(ms)....: 4.1,5.3,2.0,3.4,237.7,240.1,0.0,2.4,9.3,9.4,0.2,0.1,1.4,1.5,0.1,0.1,0.1,0.1,100.5,152.6,52.3,7.0,20.6,16.0,10.0,8.0,0.8,1.3,7.0,6.2,340.4,0.0] [PKTLENS.....: 74,54,54,571,54,210,54,105,54,107,54,140,54,590,54,590,54,179,54,123,92,54,92,375,54,590,54,162,54,377,54,2954] new: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] detected: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] diff --git a/test/results/flow-info/ultrasurf.pcap.out b/test/results/flow-info/ultrasurf.pcap.out index 7e5ca73bb..92e0ffd86 100644 --- a/test/results/flow-info/ultrasurf.pcap.out +++ b/test/results/flow-info/ultrasurf.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][VPN][Acceptable] analyse: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.150| 0.021| 0.036| 1271.455| 0.000] [PKTLEN......: 98.000| 2646.000| 1366.500| 1007.200|1014474.800| 4.500] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,10] [BINS(s->c)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,0,0,0,0] - [IATS........: 7,21335,5,10969,29128,61453,2,10832,4,9189,30801,10791,6,19965,5,29291,5,3,3,9324,30618,150485,11,11883,141836,4,17858,20033,9,20018,10094,0] + [IATS(ms)....: 0.0,21.3,0.0,11.0,29.1,61.5,0.0,10.8,0.0,9.2,30.8,10.8,0.0,20.0,0.0,29.3,0.0,0.0,0.0,9.3,30.6,150.5,0.0,11.9,141.8,0.0,17.9,20.0,0.0,20.0,10.1,0.0] [PKTLENS.....: 2646,2646,1358,1358,2646,2646,98,98,1358,1358,2646,98,1358,1358,1350,2646,98,98,98,98,1358,98,1358,1358,2646,98,98,2646,1358,1358,2646,2646] new: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] detected: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] @@ -18,13 +18,13 @@ detection-update: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.271| 0.063| 0.099| 9897.855| 0.000] [PKTLEN......: 70.000| 1418.000| 367.300| 449.600|202163.000| 4.100] [BINS(c->s)..: 7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0] [BINS(s->c)..: 4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1] - [IATS........: 211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4,0] + [IATS(ms)....: 211.2,260.4,0.0,269.6,0.0,10.1,9.9,260.4,0.0,20.0,20.0,10.9,0.0,270.8,9.7,0.0,10.3,229.5,0.0,20.0,40.1,29.9,0.0,10.1,29.9,210.9,0.0,0.0,0.0,9.4,0.0,0.0] [PKTLENS.....: 78,78,70,587,70,1358,1358,1274,70,70,70,134,156,708,125,105,101,126,101,70,112,1418,104,1166,698,668,70,105,262,205,105,131] new: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] detected: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe] @@ -32,13 +32,13 @@ detection-update: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.269| 0.059| 0.101|10170.351| 0.000] [PKTLEN......: 70.000| 1418.000| 403.600| 479.700|230117.000| 4.200] [BINS(c->s)..: 7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] - [IATS........: 209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3,0] + [IATS(ms)....: 209.5,239.7,0.0,251.1,0.0,11.4,0.0,260.7,0.0,9.6,20.0,20.0,269.1,20.0,0.0,231.0,0.0,20.0,0.0,0.0,0.0,0.0,0.0,249.6,0.0,0.0,0.0,0.0,10.1,0.0,0.0,0.0] [PKTLENS.....: 78,78,70,587,70,1358,1358,1274,70,70,70,134,386,125,105,157,70,101,1418,446,1418,498,268,252,70,105,131,218,262,105,205,1358] end: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][VPN][Acceptable] end: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] diff --git a/test/results/flow-info/viber.pcap.out b/test/results/flow-info/viber.pcap.out index 2b3e07e4f..5be65d076 100644 --- a/test/results/flow-info/viber.pcap.out +++ b/test/results/flow-info/viber.pcap.out @@ -33,13 +33,13 @@ detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] analyse: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.048| 0.009| 0.015| 217.133| 0.000] [PKTLEN......: 66.000| 1514.000| 728.100| 673.400|453425.200| 4.300] [BINS(c->s)..: 11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0] - [IATS........: 19470,21663,1023,22292,3214,249,21,217,39369,88,574,349,10837,47784,22339,40800,258,54,169,260,19,213,268,217,249,532,41188,70,47,44,1080,0] + [IATS(ms)....: 19.5,21.7,1.0,22.3,3.2,0.2,0.0,0.2,39.4,0.1,0.6,0.3,10.8,47.8,22.3,40.8,0.3,0.1,0.2,0.3,0.0,0.2,0.3,0.2,0.2,0.5,41.2,0.1,0.0,0.0,1.1,0.0] [PKTLENS.....: 74,74,66,249,66,1514,1514,1514,411,66,66,66,66,192,308,774,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,808,66,66,66,66,66] detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] new: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443] @@ -60,13 +60,13 @@ detected: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe] detection-update: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.702| 1.934| 2.902|8424002.683| 0.000] [PKTLEN......: 66.000| 596.000| 155.700| 133.200|17739.800| 4.600] [BINS(c->s)..: 4,1,6,2,0,0,0,0,0,0,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,1,1,0,1,0] - [IATS........: 54240,95930,270,43992,41788,57048,16087,92087,91609,10563926,10701681,4192149,4152724,4422076,4422070,309467,309552,21641,197002,97,215011,3974475,3934854,3635331,52554,3635290,52615,12721,140816,167507,4361173,0] + [IATS(ms)....: 54.2,95.9,0.3,44.0,41.8,57.0,16.1,92.1,91.6,10563.9,10701.7,4192.1,4152.7,4422.1,4422.1,309.5,309.6,21.6,197.0,0.1,215.0,3974.5,3934.9,3635.3,52.6,3635.3,52.6,12.7,140.8,167.5,4361.2,0.0] [PKTLENS.....: 167,122,66,142,66,508,130,66,134,66,163,66,160,66,160,66,405,66,164,66,150,66,160,66,160,424,66,66,164,150,66,596] guessed: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] [Viber][VoIP][Acceptable] detected: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] [Viber][VoIP][Acceptable] @@ -80,13 +80,13 @@ detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] analyse: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.525| 0.329| 0.210|44226.417| 0.000] [PKTLEN......: 62.000| 299.000| 163.200| 100.400|10086.100| 4.700] [BINS(c->s)..: 6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810,0] + [IATS(ms)....: 0.1,33.1,500.3,500.3,503.5,15.2,503.2,15.3,516.1,515.7,477.7,477.6,36.8,36.8,525.0,525.0,440.4,440.7,68.1,67.8,523.1,523.2,412.0,411.8,84.1,84.2,517.8,517.8,399.8,399.7,114.8,0.0] [PKTLENS.....: 299,62,118,299,118,62,299,76,118,299,118,62,76,299,118,299,118,62,76,299,118,299,118,62,76,299,118,299,118,62,76,299] new: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443] new: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] @@ -95,13 +95,13 @@ detected: [....24] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7987] [Viber][VoIP][Acceptable] update: [....15] [ip6][icmp6] [..............fe80::3207:4dff:fea3:5fa7] -> [................................ff02::2] [ICMPV6][Network][Acceptable] analyse: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.531| 0.262| 0.245|59968.385| 0.000] [PKTLEN......: 54.000| 299.000| 143.800| 99.700| 9932.100| 4.700] [BINS(c->s)..: 10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0] - [IATS........: 2549,75,31700,2304,505528,505691,496908,2109,6670,496650,8720,505323,505404,490799,100,14960,490657,15090,513169,513225,531417,103,49,531356,217,492947,492967,448249,97,448143,58424,0] + [IATS(ms)....: 2.5,0.1,31.7,2.3,505.5,505.7,496.9,2.1,6.7,496.6,8.7,505.3,505.4,490.8,0.1,15.0,490.7,15.1,513.2,513.2,531.4,0.1,0.0,531.4,0.2,492.9,493.0,448.2,0.1,448.1,58.4,0.0] [PKTLENS.....: 299,60,62,118,76,299,118,62,54,299,76,118,299,118,62,54,299,76,118,299,118,62,54,299,76,118,299,118,62,54,76,299] new: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] detected: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Web][Acceptable] diff --git a/test/results/flow-info/vnc.pcap.out b/test/results/flow-info/vnc.pcap.out index 90b6ab529..460456186 100644 --- a/test/results/flow-info/vnc.pcap.out +++ b/test/results/flow-info/vnc.pcap.out @@ -5,25 +5,25 @@ detected: [.....1] [ip4][..tcp] [..95.237.48.208][59791] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing analyse: [.....1] [ip4][..tcp] [..95.237.48.208][59791] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.545| 0.058| 0.113|12857.595| 0.000] [PKTLEN......: 54.000| 89.000| 70.600| 12.800| 163.200| 5.000] [BINS(c->s)..: 12,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,1,1,1,0,0,0,1] - [IATS........: 524,38820,49897,50306,38760,37061,157832,7049,164493,745,37544,181,35,36356,3,37327,1189,1,198,747,2,747,516,199031,310273,46,50,545295,719,22308,59473,0] + [IATS(ms)....: 0.5,38.8,49.9,50.3,38.8,37.1,157.8,7.0,164.5,0.7,37.5,0.2,0.0,36.4,0.0,37.3,1.2,0.0,0.2,0.7,0.0,0.7,0.5,199.0,310.3,0.0,0.1,545.3,0.7,22.3,59.5,0.0] [PKTLENS.....: 66,66,60,66,66,62,60,54,73,60,83,88,88,76,60,89,54,88,86,54,82,86,54,77,54,84,82,86,60,60,81,54] new: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] detected: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing analyse: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.539| 0.054| 0.125|15641.482| 0.000] [PKTLEN......: 54.000| 89.000| 70.800| 12.600| 158.000| 5.000] [BINS(c->s)..: 13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0] - [IATS........: 107,37501,48667,49552,38334,36850,46381,48516,45667,1708,45497,182,37420,547,413,36764,2984,39898,772,181,762,824,181,2,1005,501772,46,703,538844,2,97724,0] + [IATS(ms)....: 0.1,37.5,48.7,49.6,38.3,36.9,46.4,48.5,45.7,1.7,45.5,0.2,37.4,0.5,0.4,36.8,3.0,39.9,0.8,0.2,0.8,0.8,0.2,0.0,1.0,501.8,0.0,0.7,538.8,0.0,97.7,0.0] [PKTLENS.....: 66,66,60,66,66,62,60,54,60,54,73,60,83,88,88,76,60,89,54,88,86,54,82,86,77,54,84,82,86,60,60,81] idle: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing diff --git a/test/results/flow-info/vxlan.pcap.out b/test/results/flow-info/vxlan.pcap.out index 184892c76..cc3e2a4f5 100644 --- a/test/results/flow-info/vxlan.pcap.out +++ b/test/results/flow-info/vxlan.pcap.out @@ -20,22 +20,22 @@ new: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] detected: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Network][Acceptable] analyse: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.141| 0.010| 0.031| 963.930| 0.000] [PKTLEN......: 120.000| 1500.000| 1169.700| 546.600|298767.600| 4.800] [BINS(c->s)..: 0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 10532,1402,105,10,11439,530,9521,113264,10571,140558,101,64,3057,190,558,175,1284,181,1316,3621,187,402,189,2282,184,313,186,833,189,694,184,0] + [IATS(ms)....: 10.5,1.4,0.1,0.0,11.4,0.5,9.5,113.3,10.6,140.6,0.1,0.1,3.1,0.2,0.6,0.2,1.3,0.2,1.3,3.6,0.2,0.4,0.2,2.3,0.2,0.3,0.2,0.8,0.2,0.7,0.2,0.0] [PKTLENS.....: 128,120,1500,1500,588,120,289,120,572,120,1500,1500,874,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] analyse: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.151| 0.011| 0.030| 901.957| 0.000] [PKTLEN......: 120.000| 438.000| 143.100| 68.200| 4655.600| 4.900] [BINS(c->s)..: 0,0,28,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 10329,305,11530,200,4,1301,10031,41817,81536,403,150839,3109,802,1504,1403,3811,602,2508,504,1003,903,802,707,803,710,2107,301,402,2307,401,201,0] + [IATS(ms)....: 10.3,0.3,11.5,0.2,0.0,1.3,10.0,41.8,81.5,0.4,150.8,3.1,0.8,1.5,1.4,3.8,0.6,2.5,0.5,1.0,0.9,0.8,0.7,0.8,0.7,2.1,0.3,0.4,2.3,0.4,0.2,0.0] [PKTLENS.....: 128,120,438,120,120,120,184,285,120,120,303,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120] idle: [.....5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Network][Acceptable] idle: [.....6] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Network][Acceptable] diff --git a/test/results/flow-info/wa_video.pcap.out b/test/results/flow-info/wa_video.pcap.out index 720dee6ac..3e5258b1c 100644 --- a/test/results/flow-info/wa_video.pcap.out +++ b/test/results/flow-info/wa_video.pcap.out @@ -17,24 +17,24 @@ new: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] detected: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] analyse: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.404| 0.182| 0.481|231053.525| 0.000] [PKTLEN......: 66.000| 1454.000| 282.400| 335.200|112371.900| 4.300] [BINS(c->s)..: 11,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,1,1,4,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0] - [IATS........: 51726,176830,2,439642,1227815,753,306057,108901,2404473,241,10,252,9,41,323,133116,635,40681,277,7651,7949,1743,1602,528764,1087,660,696,654,2651,2561,0,0] + [IATS(ms)....: 51.7,176.8,0.0,439.6,1227.8,0.8,306.1,108.9,2404.5,0.2,0.0,0.3,0.0,0.0,0.3,133.1,0.6,40.7,0.3,7.7,7.9,1.7,1.6,528.8,1.1,0.7,0.7,0.7,2.7,2.6,0.0,0.0] [PKTLENS.....: 614,66,1454,169,522,522,346,203,239,1454,66,66,78,66,66,66,78,242,242,66,66,242,66,418,66,228,226,220,220,220,220,220] guessed: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable] detected: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable] analyse: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.550| 0.064| 0.136|18373.693| 0.000] [PKTLEN......: 44.000| 514.000| 345.600| 205.800|42355.100| 4.700] [BINS(c->s)..: 3,0,0,4,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,4,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0] - [IATS........: 95,13142,1109,548212,794,550126,16210,117,20333,106,23568,573,14505,979,116,79305,29641,99,23164,167,19951,342,24390,3500,104447,150456,15882,197610,75380,2499,68245,0] + [IATS(ms)....: 0.1,13.1,1.1,548.2,0.8,550.1,16.2,0.1,20.3,0.1,23.6,0.6,14.5,1.0,0.1,79.3,29.6,0.1,23.2,0.2,20.0,0.3,24.4,3.5,104.4,150.5,15.9,197.6,75.4,2.5,68.2,0.0] [PKTLENS.....: 168,168,86,86,168,514,86,514,514,514,514,514,514,48,514,514,44,514,514,514,514,514,514,514,168,86,62,514,62,514,514,62] new: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] detected: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] @@ -45,13 +45,13 @@ detected: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.979| 0.150| 0.383|146861.081| 0.000] [PKTLEN......: 86.000| 1160.000| 537.500| 432.000|186635.800| 4.500] [BINS(c->s)..: 0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1] - [IATS........: 707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189,0] + [IATS(ms)....: 707.1,619.8,619.1,1979.4,36.3,69.7,132.0,26.4,100.1,1.5,36.5,24.6,0.1,0.2,0.3,0.3,10.7,26.1,102.4,15.1,0.3,0.6,0.5,0.9,0.2,0.8,7.6,0.9,0.1,0.6,131.2,0.0] [PKTLENS.....: 86,86,86,86,86,86,86,170,86,179,164,144,913,913,913,912,1160,208,157,212,1036,1036,1036,1036,1036,1034,164,934,934,934,1062,224] new: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] detected: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] diff --git a/test/results/flow-info/wa_voice.pcap.out b/test/results/flow-info/wa_voice.pcap.out index 83f2274af..142b38a44 100644 --- a/test/results/flow-info/wa_voice.pcap.out +++ b/test/results/flow-info/wa_voice.pcap.out @@ -14,13 +14,13 @@ new: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] detected: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable] analyse: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.304| 0.044| 0.076| 5836.115| 0.000] [PKTLEN......: 66.000| 1454.000| 309.400| 467.500|218553.500| 3.900] [BINS(c->s)..: 11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1] - [IATS........: 40742,137033,170366,304081,130232,56,30959,5260,28,391,1,177,42,1186,210132,335,9,41,206,11,311,41447,129925,50,6,6,5,1043,24269,131853,38,0] + [IATS(ms)....: 40.7,137.0,170.4,304.1,130.2,0.1,31.0,5.3,0.0,0.4,0.0,0.2,0.0,1.2,210.1,0.3,0.0,0.0,0.2,0.0,0.3,41.4,129.9,0.1,0.0,0.0,0.0,1.0,24.3,131.9,0.0,0.0] [PKTLENS.....: 78,74,66,322,66,123,117,151,1454,106,1454,169,1454,178,1454,66,66,66,66,66,66,66,1059,98,112,133,96,125,66,352,66,66] new: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable] @@ -29,13 +29,13 @@ detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] analyse: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.163| 0.021| 0.048| 2262.349| 0.000] [PKTLEN......: 66.000| 1454.000| 357.600| 489.700|239839.300| 4.000] [BINS(c->s)..: 10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0] - [IATS........: 19749,127653,2783,126251,2925,28,22,21046,163,145211,12,6,5,40,5,163286,2,38,250,1,16,17472,279,12,8,2386,284,150,389,567,0,0] + [IATS(ms)....: 19.7,127.7,2.8,126.3,2.9,0.0,0.0,21.0,0.2,145.2,0.0,0.0,0.0,0.0,0.0,163.3,0.0,0.0,0.2,0.0,0.0,17.5,0.3,0.0,0.0,2.4,0.3,0.1,0.4,0.6,0.0,0.0] [PKTLENS.....: 78,74,66,583,66,1454,1454,349,66,66,130,112,109,101,402,325,66,237,140,97,66,114,498,66,66,66,66,1454,66,1454,1454,97] new: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] detected: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] @@ -68,13 +68,13 @@ detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] analyse: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.129| 0.020| 0.031| 949.768| 0.000] [PKTLEN......: 66.000| 1454.000| 388.400| 526.300|277041.400| 4.000] [BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1] - [IATS........: 37234,38970,11147,51469,985,103,11,42805,136,34645,3771,380,216,299,76165,5,34895,421,279,3605,27,2938,1342,3436,77447,53735,129132,1406,40,219,120,0] + [IATS(ms)....: 37.2,39.0,11.1,51.5,1.0,0.1,0.0,42.8,0.1,34.6,3.8,0.4,0.2,0.3,76.2,0.0,34.9,0.4,0.3,3.6,0.0,2.9,1.3,3.4,77.4,53.7,129.1,1.4,0.0,0.2,0.1,0.0] [PKTLENS.....: 78,74,66,583,66,1454,1454,347,66,66,130,112,109,101,258,237,140,66,66,97,66,97,66,101,66,66,516,66,1454,1454,1454,1454] new: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] detected: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] @@ -82,25 +82,25 @@ detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 12.196| 1.588| 3.050|9304956.469| 0.000] [PKTLEN......: 44.000| 320.000| 124.000| 87.200| 7598.900| 4.700] [BINS(c->s)..: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1] - [IATS........: 61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546,0] + [IATS(ms)....: 0.1,13.4,0.1,12194.2,12196.2,104.4,0.1,105.1,0.0,108.6,104.6,3043.3,3048.9,3100.9,3096.0,3015.3,3016.6,2001.9,2.2,107.1,164.0,190.1,88.5,28.8,198.6,134.0,3008.1,91.0,35.6,0.3,36.5,0.0] [PKTLENS.....: 168,168,86,86,48,44,168,168,86,86,48,44,48,44,48,44,48,44,88,68,246,275,254,164,320,248,316,48,44,168,168,86] new: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.204| 0.182| 0.229|52393.320| 0.000] [PKTLEN......: 68.000| 315.000| 158.900| 51.700| 2672.500| 4.900] [BINS(c->s)..: 1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1] - [IATS........: 578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448,0] + [IATS(ms)....: 578.2,623.6,1203.7,72.5,167.2,11.6,115.7,158.4,0.0,172.8,173.6,169.8,156.2,136.6,155.3,179.8,99.3,157.4,38.3,163.4,181.3,166.6,142.4,3.0,26.0,115.3,6.1,171.8,106.3,56.2,143.4,0.0] [PKTLENS.....: 86,86,86,86,86,86,213,274,164,175,315,151,173,173,147,163,150,164,186,178,169,173,178,184,164,68,164,164,170,164,153,193] detection-update: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] diff --git a/test/results/flow-info/waze.pcap.out b/test/results/flow-info/waze.pcap.out index a307c289c..a7d28ebf4 100644 --- a/test/results/flow-info/waze.pcap.out +++ b/test/results/flow-info/waze.pcap.out @@ -65,22 +65,22 @@ detected: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] analyse: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Download][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 3.681| 0.340| 0.885|782653.260| 0.000] [PKTLEN......: 54.000|11833.000| 1966.700| 3090.500|9551439.000| 3.500] [BINS(c->s)..: 15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 3747,3915,21835,22372,3677989,3680611,286073,284297,338879,393453,330278,329396,54620,2041,179324,179523,2610,51219,50746,3092,28507,76268,51141,51323,122745,73523,10248,59104,52582,58295,56477,0] + [IATS(ms)....: 3.7,3.9,21.8,22.4,3678.0,3680.6,286.1,284.3,338.9,393.5,330.3,329.4,54.6,2.0,179.3,179.5,2.6,51.2,50.7,3.1,28.5,76.3,51.1,51.3,122.7,73.5,10.2,59.1,52.6,58.3,56.5,0.0] [PKTLENS.....: 74,54,54,317,54,1422,54,2790,54,5526,54,8262,54,2687,54,1422,54,1422,54,9630,54,2790,54,5526,54,5526,54,2790,54,11833,54,54] analyse: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.659| 0.289| 0.505|255075.107| 0.000] [PKTLEN......: 54.000| 5515.000| 567.800| 1270.800|1615041.000| 3.100] [BINS(c->s)..: 5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1] - [IATS........: 1230,10859,357221,367097,474392,475318,8069,9038,265872,317654,51992,865,554,304,254,1430075,1483289,119461,172808,51439,51948,1420,901,467,433,340,381,1601922,1658841,169,57061,0] + [IATS(ms)....: 1.2,10.9,357.2,367.1,474.4,475.3,8.1,9.0,265.9,317.7,52.0,0.9,0.6,0.3,0.3,1430.1,1483.3,119.5,172.8,51.4,51.9,1.4,0.9,0.5,0.4,0.3,0.4,1601.9,1658.8,0.2,57.1,0.0] [PKTLENS.....: 74,54,54,236,54,3201,54,380,54,288,203,54,590,54,115,54,5515,54,203,54,590,54,590,54,590,54,115,54,4411,54,203,54] detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher @@ -128,33 +128,33 @@ new: [....29] [ip4][..tcp] [.......10.8.0.1][43089] -> [..200.160.4.198][..443] [MIDSTREAM] new: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [MIDSTREAM] analyse: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.416| 0.170| 0.135|18249.146| 0.000] [PKTLEN......: 54.000|21942.000| 1838.800| 4660.800|21723254.000| 2.600] [BINS(c->s)..: 12,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,1] - [IATS........: 1325,1585,226918,227495,336533,387205,51299,1169,297221,297772,252519,309444,358705,415925,755,475,490,567,254342,305451,51846,52474,211304,161331,247956,249119,81326,79510,208662,209727,563,0] + [IATS(ms)....: 1.3,1.6,226.9,227.5,336.5,387.2,51.3,1.2,297.2,297.8,252.5,309.4,358.7,415.9,0.8,0.5,0.5,0.6,254.3,305.5,51.8,52.5,211.3,161.3,248.0,249.1,81.3,79.5,208.7,209.7,0.6,0.0] [PKTLENS.....: 74,54,54,236,54,1422,54,2177,54,188,54,288,54,203,54,590,54,77,54,1422,54,12366,54,5526,54,21942,54,11359,54,54,54,54] analyse: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.449| 0.192| 0.280|78147.936| 0.000] [PKTLEN......: 54.000|11186.000| 1394.300| 2994.000|8963944.000| 3.000] [BINS(c->s)..: 12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0] - [IATS........: 2413,2787,291811,292494,279839,332432,52742,50748,425063,475681,259886,310653,731,51371,620,734,450,330,293909,545953,252820,1543,20204,21185,56923,56823,156171,205918,52727,4217,1449192,0] + [IATS(ms)....: 2.4,2.8,291.8,292.5,279.8,332.4,52.7,50.7,425.1,475.7,259.9,310.7,0.7,51.4,0.6,0.7,0.5,0.3,293.9,546.0,252.8,1.5,20.2,21.2,56.9,56.8,156.2,205.9,52.7,4.2,1449.2,0.0] [PKTLENS.....: 74,54,54,236,54,1066,54,2533,54,188,54,288,54,590,54,403,54,91,54,10174,54,8150,54,1066,54,11186,54,1066,54,6590,54,54] detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) analyse: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 5.891| 1.026| 1.779|3164212.036| 0.000] [PKTLEN......: 54.000| 3660.000| 366.100| 731.900|535720.000| 3.500] [BINS(c->s)..: 10,0,0,0,1,2,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1] - [IATS........: 9060,9459,461199,462055,319157,370793,51463,554,58722,59273,267346,318521,5838678,5890947,1921,3057,232692,285896,1892628,1892382,50926,52168,293028,345106,632,413,1258587,1309974,5014758,5014527,51517,0] + [IATS(ms)....: 9.1,9.5,461.2,462.1,319.2,370.8,51.5,0.6,58.7,59.3,267.3,318.5,5838.7,5890.9,1.9,3.1,232.7,285.9,1892.6,1892.4,50.9,52.2,293.0,345.1,0.6,0.4,1258.6,1310.0,5014.8,5014.5,51.5,0.0] [PKTLENS.....: 74,54,54,236,54,1066,54,2189,54,380,54,288,54,235,54,555,54,107,54,1066,54,3660,54,203,54,315,54,331,54,91,54,54] new: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] detected: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] diff --git a/test/results/flow-info/webex.pcap.out b/test/results/flow-info/webex.pcap.out index 16ab0b366..71c6b6072 100644 --- a/test/results/flow-info/webex.pcap.out +++ b/test/results/flow-info/webex.pcap.out @@ -7,13 +7,13 @@ detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.557| 0.113| 0.156|24421.341| 0.000] [PKTLEN......: 54.000| 2774.000| 401.900| 588.900|346810.600| 3.900] [BINS(c->s)..: 9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0] - [IATS........: 6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546,0] + [IATS(ms)....: 6.5,6.7,0.2,0.6,505.7,557.3,57.9,60.1,0.9,55.6,257.5,309.3,10.1,61.4,0.8,0.7,299.2,351.3,56.0,56.2,0.8,52.9,0.4,2.8,268.6,322.3,52.3,51.9,18.4,69.5,0.5,0.0] [PKTLENS.....: 74,54,54,249,54,2774,54,1273,54,364,54,97,54,590,54,138,54,1414,54,823,54,590,54,328,54,1414,54,762,54,590,54,518] detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] RISK: TLS (probably) Not Carrying HTTPS @@ -33,13 +33,13 @@ detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.455| 0.115| 0.126|15828.845| 0.000] [PKTLEN......: 54.000|18020.000| 1588.700| 3700.100|13691056.000| 2.900] [BINS(c->s)..: 10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449,0] + [IATS(ms)....: 5.6,6.8,0.2,1.5,404.7,455.3,0.6,51.3,245.8,245.9,0.4,0.3,223.3,274.8,51.6,0.4,0.3,283.1,286.1,84.1,131.8,50.9,51.2,56.8,56.7,181.0,181.0,56.1,58.6,54.5,58.4,0.0] [PKTLENS.....: 74,54,54,281,54,183,54,97,54,590,54,533,54,1658,590,54,503,54,6854,54,1414,54,9477,54,1414,54,1414,54,18020,54,6871,54] new: [.....5] [ip4][..tcp] [..10.133.206.47][54651] -> [..185.63.147.10][..443] [MIDSTREAM] new: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] [MIDSTREAM] @@ -59,13 +59,13 @@ detection-update: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher analyse: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.031| 0.154| 0.247|61096.366| 0.000] [PKTLEN......: 54.000| 8901.000| 1122.500| 2294.900|5266404.000| 3.200] [BINS(c->s)..: 12,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,4] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 3053,3185,1891,2192,397016,448096,52033,52145,383,52378,209850,261823,51847,1288,975,979869,1031495,52580,53500,94069,93832,53071,53864,119063,117547,148351,147839,51431,51376,96737,96627,0] + [IATS(ms)....: 3.1,3.2,1.9,2.2,397.0,448.1,52.0,52.1,0.4,52.4,209.8,261.8,51.8,1.3,1.0,979.9,1031.5,52.6,53.5,94.1,93.8,53.1,53.9,119.1,117.5,148.4,147.8,51.4,51.4,96.7,96.6,0.0] [PKTLENS.....: 74,54,54,117,54,1414,54,2633,54,380,54,113,590,54,88,54,1414,54,8171,54,1414,54,8901,54,187,54,1414,54,6731,54,1414,54] new: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] new: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] @@ -192,24 +192,24 @@ detected: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older) analyse: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.215| 0.340| 0.548|300050.219| 0.000] [PKTLEN......: 54.000|10581.000| 633.600| 1915.700|3669828.500| 2.600] [BINS(c->s)..: 13,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,1,1,0,1,1,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] - [IATS........: 14198,16626,142,3176,966820,968167,50625,52096,160025,217339,56893,151808,203416,506402,456173,506119,506174,257962,307348,51007,1799,210726,261737,55501,54303,51893,51311,2214636,2165090,3222,2890,0] + [IATS(ms)....: 14.2,16.6,0.1,3.2,966.8,968.2,50.6,52.1,160.0,217.3,56.9,151.8,203.4,506.4,456.2,506.1,506.2,258.0,307.3,51.0,1.8,210.7,261.7,55.5,54.3,51.9,51.3,2214.6,2165.1,3.2,2.9,0.0] [PKTLENS.....: 74,54,54,117,54,3961,54,380,54,113,528,54,272,54,1024,54,10581,54,171,54,288,54,123,54,219,54,399,54,560,54,602,54] detection-update: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher analyse: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.270| 0.347| 0.598|357673.959| 0.000] [PKTLEN......: 54.000| 3961.000| 324.600| 685.400|469733.500| 3.600] [BINS(c->s)..: 3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 9053,24144,367,16512,915259,917382,50710,52699,154574,206585,52440,7882,9392,3319,2120,963298,961965,473,411,393,309,561975,562100,368561,368512,670,601,2270083,2270107,1037,1021,0] + [IATS(ms)....: 9.1,24.1,0.4,16.5,915.3,917.4,50.7,52.7,154.6,206.6,52.4,7.9,9.4,3.3,2.1,963.3,962.0,0.5,0.4,0.4,0.3,562.0,562.1,368.6,368.5,0.7,0.6,2270.1,2270.1,1.0,1.0,0.0] [PKTLENS.....: 74,54,54,117,54,3961,54,380,54,113,560,54,590,54,136,54,590,54,590,54,400,54,400,54,590,54,168,54,590,54,264,54] new: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] detected: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable] @@ -273,13 +273,13 @@ new: [....53] [ip4][..udp] [.......10.8.0.1][51772] -> [.62.109.229.158][.9000] new: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] analyse: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.367| 0.190| 0.352|124124.103| 0.000] [PKTLEN......: 54.000| 3961.000| 248.000| 677.200|458632.100| 3.200] [BINS(c->s)..: 7,0,2,3,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,2,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,1] - [IATS........: 4232,4962,6442,7614,1312624,1366658,17526,71444,145665,198977,339,53733,129549,180935,213,51454,121214,172258,51492,51164,125484,176177,50764,50844,546,1023,264310,263832,849,855,1006853,0] + [IATS(ms)....: 4.2,5.0,6.4,7.6,1312.6,1366.7,17.5,71.4,145.7,199.0,0.3,53.7,129.5,180.9,0.2,51.5,121.2,172.3,51.5,51.2,125.5,176.2,50.8,50.8,0.5,1.0,264.3,263.8,0.8,0.9,1006.9,0.0] [PKTLENS.....: 74,54,54,241,54,3961,54,380,54,113,54,128,54,91,54,432,54,123,54,543,54,144,54,208,54,176,54,176,54,160,54,123] new: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] detected: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] diff --git a/test/results/flow-info/wechat.pcap.out b/test/results/flow-info/wechat.pcap.out index a6c77316f..428b72691 100644 --- a/test/results/flow-info/wechat.pcap.out +++ b/test/results/flow-info/wechat.pcap.out @@ -41,13 +41,13 @@ detection-update: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detected: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] analyse: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.411| 0.155| 0.181|32640.860| 0.000] [PKTLEN......: 66.000| 5892.000| 729.500| 1101.200|1212669.500| 3.900] [BINS(c->s)..: 9,0,0,1,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,1,0,1,0] - [IATS........: 361610,361650,376,378130,3564,381307,56857,56856,287,287,2657,376606,375028,3327,373835,38287,2818,410564,21157,3298,393374,30885,401110,383706,785,383140,2859,2894,5754,1113,1113,0] + [IATS(ms)....: 361.6,361.6,0.4,378.1,3.6,381.3,56.9,56.9,0.3,0.3,2.7,376.6,375.0,3.3,373.8,38.3,2.8,410.6,21.2,3.3,393.4,30.9,401.1,383.7,0.8,383.1,2.9,2.9,5.8,1.1,1.1,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1306,541,66,1494,233,66,1239,443,66,264,1154,1494,1494,66,1494,1494,66,5892,66] detection-update: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detection-update: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] @@ -73,31 +73,31 @@ detection-update: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] new: [....25] [ip4][..tcp] [..192.168.1.103][40740] -> [203.205.151.211][..443] [MIDSTREAM] analyse: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.544| 0.482| 1.044|1090167.570| 0.000] [PKTLEN......: 66.000| 1754.000| 537.200| 556.000|309130.700| 4.200] [BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0] - [IATS........: 359228,359315,435,360585,1948,362066,491,468,3580,359717,357128,3318,369214,32832,2766,400529,15038,3260,381959,38044,403106,2395,369120,36996,438834,4139732,3287,4544256,34139,398836,1152600,0] + [IATS(ms)....: 359.2,359.3,0.4,360.6,1.9,362.1,0.5,0.5,3.6,359.7,357.1,3.3,369.2,32.8,2.8,400.5,15.0,3.3,382.0,38.0,403.1,2.4,369.1,37.0,438.8,4139.7,3.3,4544.3,34.1,398.8,1152.6,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1306,541,66,1494,235,66,1239,443,66,264,1306,541,66,1002,66,1306,541,66,1003,66,1234] analyse: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.384| 0.466| 0.827|684250.497| 0.000] [PKTLEN......: 66.000| 8291.000| 760.100| 1463.300|2141136.500| 3.600] [BINS(c->s)..: 9,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,1] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,0,0,0] - [IATS........: 353750,353837,953113,1178147,225005,127739,4445,132165,453,438,626,638,1531,362180,361114,370977,4561,375090,3297,3310,3017858,3341,3383945,31235,408978,7414,382158,34643,434308,1925965,3353,0] + [IATS(ms)....: 353.8,353.8,953.1,1178.1,225.0,127.7,4.4,132.2,0.5,0.4,0.6,0.6,1.5,362.2,361.1,371.0,4.6,375.1,3.3,3.3,3017.9,3.3,3383.9,31.2,409.0,7.4,382.2,34.6,434.3,1926.0,3.4,0.0] [PKTLENS.....: 74,74,66,304,74,66,66,1494,66,1494,66,326,66,192,117,1153,1494,1494,66,8291,66,1306,541,66,1377,1239,443,66,264,66,1306,541] analyse: [....13] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54058] [TLS][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 11.774| 2.195| 3.338|11139408.724| 0.000] [PKTLEN......: 66.000| 1254.000| 412.500| 492.500|242574.800| 4.100] [BINS(c->s)..: 8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0] - [IATS........: 67,1713342,2033838,5903,326356,805535,1165376,11414547,11774429,393649,716591,9325022,9647966,1906296,2225757,6412,325847,425651,784494,2983400,3342263,487827,806732,9168,328050,421461,782117,1181667,1542348,420552,739953,0] + [IATS(ms)....: 0.1,1713.3,2033.8,5.9,326.4,805.5,1165.4,11414.5,11774.4,393.6,716.6,9325.0,9648.0,1906.3,2225.8,6.4,325.8,425.7,784.5,2983.4,3342.3,487.8,806.7,9.2,328.1,421.5,782.1,1181.7,1542.3,420.6,740.0,0.0] [PKTLENS.....: 264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66] update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] @@ -116,31 +116,31 @@ detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] analyse: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 6.862| 1.014| 1.948|3793749.017| 0.000] [PKTLEN......: 66.000| 1754.000| 510.000| 523.800|274414.800| 4.300] [BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0] - [IATS........: 362688,362730,698,359771,652,359747,1773,1754,3156,359980,358071,7205,373852,64622,431388,4503,369570,39986,442333,4042219,3253,4448907,74384,439211,6493521,3286,6862195,32133,397513,4719084,3239,0] + [IATS(ms)....: 362.7,362.7,0.7,359.8,0.7,359.7,1.8,1.8,3.2,360.0,358.1,7.2,373.9,64.6,431.4,4.5,369.6,40.0,442.3,4042.2,3.3,4448.9,74.4,439.2,6493.5,3.3,6862.2,32.1,397.5,4719.1,3.2,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1234,535,66,297,1306,541,66,1002,66,1234,525,66,297,66,1306,541,66,1003,66,1234,530] analyse: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 6.095| 1.335| 2.042|4168801.845| 0.000] [PKTLEN......: 66.000| 1754.000| 451.700| 521.000|271486.500| 4.100] [BINS(c->s)..: 9,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1] - [IATS........: 346826,346918,899535,1092804,193235,160456,1799,162254,554,539,2941,351941,387151,4178860,3305,4577735,29191,386626,5733723,3651,6095000,83021,440653,5485473,3274,5845918,30151,387318,1889056,2742,2249980,0] + [IATS(ms)....: 346.8,346.9,899.5,1092.8,193.2,160.5,1.8,162.3,0.6,0.5,2.9,351.9,387.2,4178.9,3.3,4577.7,29.2,386.6,5733.7,3.7,6095.0,83.0,440.7,5485.5,3.3,5845.9,30.2,387.3,1889.1,2.7,2250.0,0.0] [PKTLENS.....: 74,74,66,304,74,66,66,1494,66,1754,66,192,117,66,1306,541,66,1003,66,1234,522,66,297,66,1306,541,66,1003,66,1234,527,66] analyse: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Web][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 45.056| 5.827| 15.097|227916113.773| 0.000] [PKTLEN......: 66.000| 1484.000| 267.200| 422.200|178253.900| 3.900] [BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1] - [IATS........: 48172,48219,208,52487,725,52995,2368,2380,502,490,4525,7884,13634,51249,2766,53,28029,293,26129,2791,10149,38903,378,801,249,45379,2766,45043937,45047542,45056034,45052882,0] + [IATS(ms)....: 48.2,48.2,0.2,52.5,0.7,53.0,2.4,2.4,0.5,0.5,4.5,7.9,13.6,51.2,2.8,0.1,28.0,0.3,26.1,2.8,10.1,38.9,0.4,0.8,0.2,45.4,2.8,45043.9,45047.5,45056.0,45052.9,0.0] [PKTLENS.....: 74,74,66,288,66,1484,66,1484,66,1442,66,151,111,895,336,114,100,66,96,66,96,572,66,104,104,100,66,66,66,66,66,66] new: [....28] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] detected: [....28] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] [IGMP][Network][Acceptable] @@ -176,35 +176,35 @@ detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] new: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] analyse: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.469| 0.183| 0.190|36094.243| 0.000] [PKTLEN......: 66.000| 1754.000| 605.500| 612.000|374517.100| 4.200] [BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,1,1,0,1,1,0] - [IATS........: 366115,366204,470,368626,765,368875,8160,8175,3097,367881,365600,3239,378746,92724,1992,469392,27762,1703,407097,30016,408635,3752,397818,10943,404654,396022,789,396156,518,1239,1756,0] + [IATS(ms)....: 366.1,366.2,0.5,368.6,0.8,368.9,8.2,8.2,3.1,367.9,365.6,3.2,378.7,92.7,2.0,469.4,27.8,1.7,407.1,30.0,408.6,3.8,397.8,10.9,404.7,396.0,0.8,396.2,0.5,1.2,1.8,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1306,541,66,1494,344,66,1239,443,66,264,1239,443,66,264,1154,1494,1494,66,1494,1494,66] detected: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] analyse: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.647| 0.130| 0.182|33080.510| 0.000] [PKTLEN......: 66.000| 3134.000| 831.600| 861.600|742326.200| 4.200] [BINS(c->s)..: 11,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,2] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1] - [IATS........: 360844,360859,1106,320164,2049,321124,836,835,489,485,2516,331784,329811,339551,757,339771,547,4542,5088,2482,2487,1143,1132,271360,646724,757,376133,549,914,1456,539,0] + [IATS(ms)....: 360.8,360.9,1.1,320.2,2.0,321.1,0.8,0.8,0.5,0.5,2.5,331.8,329.8,339.6,0.8,339.8,0.5,4.5,5.1,2.5,2.5,1.1,1.1,271.4,646.7,0.8,376.1,0.5,0.9,1.5,0.5,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1154,1494,1494,66,1494,1494,66,2922,66,3134,66,1154,1494,1494,66,1494,1494,66,1494] detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] analyse: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.952| 0.213| 0.233|54375.543| 0.000] [PKTLEN......: 66.000| 1754.000| 557.300| 599.100|358890.200| 4.200] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,1,0,0,1,0,1,0,1] - [IATS........: 378875,378978,383,354036,2419,355982,2806,2818,1046,367448,367322,4404,365806,31144,394889,3196,367851,55930,2766,420112,17934,846,381296,34840,434328,543113,951677,371599,549,523,1340,0] + [IATS(ms)....: 378.9,379.0,0.4,354.0,2.4,356.0,2.8,2.8,1.0,367.4,367.3,4.4,365.8,31.1,394.9,3.2,367.9,55.9,2.8,420.1,17.9,0.8,381.3,34.8,434.3,543.1,951.7,371.6,0.5,0.5,1.3,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1239,443,66,264,1306,541,66,1494,230,66,1239,443,66,264,66,1154,1494,66,1494,66,1494] guessed: [.....1] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54084] [TLS][Web][Safe] end: [.....1] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54084] @@ -262,13 +262,13 @@ new: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun] analyse: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.615| 0.560| 1.552|2408711.979| 0.000] [PKTLEN......: 66.000| 1494.000| 492.200| 547.100|299293.400| 4.200] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,1,1,0,0,1,1] - [IATS........: 315233,315308,441,318358,1918,319817,471,453,1116,1109,2559,316619,315146,4640,327259,29671,2699,353912,21653,4624,349989,32226,392645,18020,3295,380639,36894,359501,6259002,6615415,265584,0] + [IATS(ms)....: 315.2,315.3,0.4,318.4,1.9,319.8,0.5,0.5,1.1,1.1,2.6,316.6,315.1,4.6,327.3,29.7,2.7,353.9,21.7,4.6,350.0,32.2,392.6,18.0,3.3,380.6,36.9,359.5,6259.0,6615.4,265.6,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1306,541,66,1494,126,66,1239,443,66,264,66,1306,541,66,1003,66,1127,66,1494] detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun] RISK: Weak TLS Cipher @@ -296,31 +296,31 @@ update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Web][Acceptable] analyse: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 7.807| 0.648| 1.839|3381034.746| 0.000] [PKTLEN......: 66.000| 1494.000| 459.300| 494.600|244586.200| 4.200] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0] - [IATS........: 325248,325323,463,328002,697,328217,391,370,3942,3944,2661,325903,324620,3183,337595,77061,411866,3780,340251,28032,402656,7430680,3764,7806976,79928,412549,2872,372,340125,30342,405762,0] + [IATS(ms)....: 325.2,325.3,0.5,328.0,0.7,328.2,0.4,0.4,3.9,3.9,2.7,325.9,324.6,3.2,337.6,77.1,411.9,3.8,340.3,28.0,402.7,7430.7,3.8,7807.0,79.9,412.5,2.9,0.4,340.1,30.3,405.8,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1234,538,66,297,1306,541,66,1002,66,1234,533,66,297,66,1306,541,66,1003,66] analyse: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 183.801| 12.094| 33.303|1109122757.951| 0.000] [PKTLEN......: 82.000| 82.000| 82.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 304,1000351,2000370,14687423,324,1000207,2000433,21831590,431,1000458,2000811,26318928,434,1000298,2000470,41917186,377,1000169,2000682,183800554,363,1000944,2000954,33299722,386,1000653,2000531,29036990,312,1000238,2000730,0] + [IATS(ms)....: 0.3,1000.4,2000.4,14687.4,0.3,1000.2,2000.4,21831.6,0.4,1000.5,2000.8,26318.9,0.4,1000.3,2000.5,41917.2,0.4,1000.2,2000.7,183800.6,0.4,1000.9,2001.0,33299.7,0.4,1000.7,2000.5,29037.0,0.3,1000.2,2000.7,0.0] [PKTLENS.....: 82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82] analyse: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 183.800| 12.094| 33.303|1109120811.794| 0.000] [PKTLEN......: 102.000| 102.000| 102.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 285,1000432,2000369,14687365,298,1000306,2000399,21831547,409,1000568,2000773,26318883,413,1000363,2000495,41917120,347,1000193,2000827,183800433,319,1000975,2001003,33299664,360,1000743,2000515,29036936,291,1000323,2000677,0] + [IATS(ms)....: 0.3,1000.4,2000.4,14687.4,0.3,1000.3,2000.4,21831.5,0.4,1000.6,2000.8,26318.9,0.4,1000.4,2000.5,41917.1,0.3,1000.2,2000.8,183800.4,0.3,1001.0,2001.0,33299.7,0.4,1000.7,2000.5,29036.9,0.3,1000.3,2000.7,0.0] [PKTLENS.....: 102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102] new: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] new: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] @@ -335,13 +335,13 @@ RISK: Unsafe Protocol update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] analyse: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 7.133| 0.619| 1.664|2769657.004| 0.000] [PKTLEN......: 66.000| 1494.000| 492.200| 547.100|299307.700| 4.200] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,1,1,0] - [IATS........: 356187,356245,409,353317,672,353556,677,668,333,334,2390,365567,364474,5597,381303,26713,2760,403898,13549,5018,378842,57192,418881,4165,370546,28172,433154,6695589,7132743,143519,540660,0] + [IATS(ms)....: 356.2,356.2,0.4,353.3,0.7,353.6,0.7,0.7,0.3,0.3,2.4,365.6,364.5,5.6,381.3,26.7,2.8,403.9,13.5,5.0,378.8,57.2,418.9,4.2,370.5,28.2,433.2,6695.6,7132.7,143.5,540.7,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1306,541,66,1494,126,66,1239,443,66,263,1306,541,66,1003,66,1127,66,1494,66] guessed: [....37] [ip4][..tcp] [..192.168.1.103][54109] -> [203.205.151.162][..443] [TLS][Web][Safe] end: [....37] [ip4][..tcp] [..192.168.1.103][54109] -> [203.205.151.162][..443] @@ -367,13 +367,13 @@ detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] analyse: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.509| 0.286| 0.565|319614.583| 0.000] [PKTLEN......: 66.000| 1754.000| 551.900| 561.400|315202.600| 4.200] [BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0] - [IATS........: 266637,266706,433,272250,1305,273110,594,572,2940,271769,269630,3217,281421,29714,327642,3217,299639,37418,350851,50937,3180,368575,30208,307140,2227616,3191,2508511,50935,328714,16106,3139,0] + [IATS(ms)....: 266.6,266.7,0.4,272.2,1.3,273.1,0.6,0.6,2.9,271.8,269.6,3.2,281.4,29.7,327.6,3.2,299.6,37.4,350.9,50.9,3.2,368.6,30.2,307.1,2227.6,3.2,2508.5,50.9,328.7,16.1,3.1,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1306,541,66,1371,1239,443,66,264,66,1306,541,66,1004,66,1306,541,66,1381,66,1239,443] guessed: [....41] [ip4][..tcp] [..192.168.1.103][54106] -> [203.205.151.162][..443] [TLS][Web][Safe] end: [....41] [ip4][..tcp] [..192.168.1.103][54106] -> [203.205.151.162][..443] @@ -444,13 +444,13 @@ detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] analyse: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.577| 0.182| 0.352|123851.137| 0.000] [PKTLEN......: 66.000| 1494.000| 559.600| 599.000|358844.300| 4.200] [BINS(c->s)..: 7,0,0,1,0,0,0,1,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,5,0,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,0,0] - [IATS........: 268280,268366,474,270444,798,270739,392,385,993,969,2788,273097,271415,164,26,13,12,11,1155,289376,22800,22424,9724,380702,1255603,4960,1577028,73342,350958,5989,3258,0] + [IATS(ms)....: 268.3,268.4,0.5,270.4,0.8,270.7,0.4,0.4,1.0,1.0,2.8,273.1,271.4,0.2,0.0,0.0,0.0,0.0,1.2,289.4,22.8,22.4,9.7,380.7,1255.6,5.0,1577.0,73.3,351.0,6.0,3.3,0.0] [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1246,1494,1494,1494,1494,1494,329,66,66,66,157,66,1234,527,66,297,66,1306,541] detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] detected: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] diff --git a/test/results/flow-info/weibo.pcap.out b/test/results/flow-info/weibo.pcap.out index e7c6da89d..c91383ed0 100644 --- a/test/results/flow-info/weibo.pcap.out +++ b/test/results/flow-info/weibo.pcap.out @@ -23,13 +23,13 @@ new: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [MIDSTREAM] detection-update: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] analyse: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.482| 0.042| 0.114|12948.299| 0.000] [PKTLEN......: 66.000| 2938.000| 462.100| 693.400|480801.900| 3.800] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 29171,29227,299,28208,454492,482409,111,67,13207,13244,85,48,39,29,8363,8394,90,62,24,21,24,24,26,28,15403,15440,68319,68302,68,48,54797,0] + [IATS(ms)....: 29.2,29.2,0.3,28.2,454.5,482.4,0.1,0.1,13.2,13.2,0.1,0.0,0.0,0.0,8.4,8.4,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,15.4,15.4,68.3,68.3,0.1,0.0,54.8,0.0] [PKTLENS.....: 74,74,66,516,66,71,78,1502,78,1502,78,68,86,1078,78,72,78,2938,78,294,86,68,86,1502,78,819,66,72,66,1502,66,1502] new: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] @@ -44,22 +44,22 @@ new: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.314| 0.038| 0.072| 5116.345| 0.000] [PKTLEN......: 66.000| 2938.000| 710.700| 831.300|691142.800| 4.100] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,2] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 26765,26778,207,31365,283150,314329,2585,2590,16662,16689,12849,12816,59,38,45726,45760,5061,5035,70980,70980,5479,5518,32285,32296,43007,42980,3236,3222,2548,2543,2807,0] + [IATS(ms)....: 26.8,26.8,0.2,31.4,283.1,314.3,2.6,2.6,16.7,16.7,12.8,12.8,0.1,0.0,45.7,45.8,5.1,5.0,71.0,71.0,5.5,5.5,32.3,32.3,43.0,43.0,3.2,3.2,2.5,2.5,2.8,0.0] [PKTLENS.....: 74,74,66,498,66,580,66,1502,66,2938,66,1502,66,1078,78,1502,66,893,66,580,78,2938,78,1502,78,1502,78,1502,78,1502,78,1502] analyse: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.401| 0.041| 0.093| 8612.838| 0.000] [PKTLEN......: 66.000| 4374.000| 847.800| 1162.900|1352437.000| 3.900] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 26749,26781,151,28232,372448,400547,6653,6652,6583,6577,15474,15480,6563,6553,9179,9174,23391,23365,49260,49303,71669,71670,3337,3323,2937,2940,2804,2796,5515,5515,3734,0] + [IATS(ms)....: 26.7,26.8,0.2,28.2,372.4,400.5,6.7,6.7,6.6,6.6,15.5,15.5,6.6,6.6,9.2,9.2,23.4,23.4,49.3,49.3,71.7,71.7,3.3,3.3,2.9,2.9,2.8,2.8,5.5,5.5,3.7,0.0] [PKTLENS.....: 74,74,66,486,66,581,66,1502,66,4374,66,1502,66,4374,66,2938,66,581,78,581,78,1502,66,1502,66,1502,78,1502,78,1502,78,1502] new: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] @@ -109,31 +109,31 @@ new: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] new: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443] analyse: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.439| 0.087| 0.119|14239.990| 0.000] [PKTLEN......: 66.000| 1502.000| 528.000| 578.700|334896.400| 4.200] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 26772,26783,259,31384,276129,307295,6901,6886,153887,153903,2935,2946,375915,438815,4367,67220,2924,2959,31457,31439,138473,138467,6109,6114,4495,4505,193484,193526,28775,28708,2661,0] + [IATS(ms)....: 26.8,26.8,0.3,31.4,276.1,307.3,6.9,6.9,153.9,153.9,2.9,2.9,375.9,438.8,4.4,67.2,2.9,3.0,31.5,31.4,138.5,138.5,6.1,6.1,4.5,4.5,193.5,193.5,28.8,28.7,2.7,0.0] [PKTLENS.....: 74,74,66,476,66,577,66,1026,66,577,78,1026,78,525,66,494,66,1502,66,494,78,1502,66,1502,66,1502,66,1502,78,1502,66,1502] analyse: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.184| 0.031| 0.055| 2983.622| 0.000] [PKTLEN......: 66.000| 1502.000| 647.200| 674.000|454231.700| 4.100] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 62151,62179,142,161101,22711,183686,5733,5740,2565,2546,10538,10551,5220,5299,3225,3182,2451,2404,5526,5539,2866,2854,2576,2563,4789,4821,162100,162064,26294,26318,3143,0] + [IATS(ms)....: 62.2,62.2,0.1,161.1,22.7,183.7,5.7,5.7,2.6,2.5,10.5,10.6,5.2,5.3,3.2,3.2,2.5,2.4,5.5,5.5,2.9,2.9,2.6,2.6,4.8,4.8,162.1,162.1,26.3,26.3,3.1,0.0] [PKTLENS.....: 74,74,66,550,66,493,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,493,78,1502,66,1502] analyse: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.252| 0.036| 0.056| 3089.619| 0.000] [PKTLEN......: 66.000| 1502.000| 647.700| 673.800|454044.400| 4.100] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 50173,50197,137,181460,70884,252228,2685,2690,2552,2523,4210,4257,31840,31804,8134,8135,11411,11401,8727,8746,2645,2641,7148,7148,13606,13617,66334,66313,92394,92405,2753,0] + [IATS(ms)....: 50.2,50.2,0.1,181.5,70.9,252.2,2.7,2.7,2.6,2.5,4.2,4.3,31.8,31.8,8.1,8.1,11.4,11.4,8.7,8.7,2.6,2.6,7.1,7.1,13.6,13.6,66.3,66.3,92.4,92.4,2.8,0.0] [PKTLENS.....: 74,74,66,539,66,507,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,507,78,1502,66,1502] idle: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] guessed: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] [HTTP][Web][Acceptable] diff --git a/test/results/flow-info/whatsapp_login_call.pcap.out b/test/results/flow-info/whatsapp_login_call.pcap.out index db5110440..eed131e81 100644 --- a/test/results/flow-info/whatsapp_login_call.pcap.out +++ b/test/results/flow-info/whatsapp_login_call.pcap.out @@ -30,38 +30,38 @@ detected: [....16] [ip4][..tcp] [....192.168.2.4][49193] -> [..17.110.229.14][.5223] [ApplePush][Cloud][Acceptable] detected: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Chat][Acceptable] analyse: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.712| 0.120| 0.179|32210.293| 0.000] [PKTLEN......: 54.000| 1494.000| 446.900| 595.100|354099.200| 3.900] [BINS(c->s)..: 9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1] - [IATS........: 281831,283163,8705,294373,1121,35,286034,828,475,587,39758,240,307,326381,1436,373,2981,289942,5828,471,9,317531,1875,68938,587,382640,405162,707,17,712466,1952,0] + [IATS(ms)....: 281.8,283.2,8.7,294.4,1.1,0.0,286.0,0.8,0.5,0.6,39.8,0.2,0.3,326.4,1.4,0.4,3.0,289.9,5.8,0.5,0.0,317.5,1.9,68.9,0.6,382.6,405.2,0.7,0.0,712.5,2.0,0.0] [PKTLENS.....: 78,66,54,244,1494,1494,585,54,54,54,54,321,60,91,54,54,54,97,54,1494,1494,167,54,54,1494,1210,54,1494,1494,167,54,54] detection-update: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Web][Safe] RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] analyse: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.709| 0.199| 0.171|29317.118| 0.000] [PKTLEN......: 66.000| 267.000| 116.800| 60.800| 3698.600| 4.800] [BINS(c->s)..: 9,0,2,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,1,0] - [IATS........: 153871,242175,244771,708056,709350,35643,213202,306,145666,324955,262756,250323,148242,98446,249378,163432,164508,351063,174021,177975,4,178327,331,171720,16,302683,276,301856,4,204047,0,0] + [IATS(ms)....: 153.9,242.2,244.8,708.1,709.4,35.6,213.2,0.3,145.7,325.0,262.8,250.3,148.2,98.4,249.4,163.4,164.5,351.1,174.0,178.0,0.0,178.3,0.3,171.7,0.0,302.7,0.3,301.9,0.0,204.0,0.0,0.0] [PKTLENS.....: 78,74,66,66,232,144,87,66,66,267,98,85,87,66,241,98,66,132,98,198,98,98,200,66,99,99,266,66,99,99,99,132] detected: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.246| 0.057| 0.089| 7910.915| 0.000] [PKTLEN......: 54.000| 1494.000| 303.300| 408.500|166890.900| 4.000] [BINS(c->s)..: 9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0] - [IATS........: 139279,206534,8183,215650,62,2706,195534,776,251,20,1876,267,2144,191589,2382,13135,3735,6431,14684,18,200945,301,63298,290,2226,246332,5270,14887,15,241033,179,0] + [IATS(ms)....: 139.3,206.5,8.2,215.7,0.1,2.7,195.5,0.8,0.3,0.0,1.9,0.3,2.1,191.6,2.4,13.1,3.7,6.4,14.7,0.0,200.9,0.3,63.3,0.3,2.2,246.3,5.3,14.9,0.0,241.0,0.2,0.0] [PKTLENS.....: 78,66,54,281,54,146,91,54,54,60,91,1494,531,610,54,54,54,54,54,1002,400,54,54,1494,540,610,54,54,1002,400,54,54] new: [....18] [ip4][..tcp] [....192.168.2.4][49192] -> [...93.186.135.8][...80] [MIDSTREAM] new: [....19] [ip4][..tcp] [....192.168.2.4][49191] -> [..17.172.100.49][..443] [MIDSTREAM] @@ -100,13 +100,13 @@ detected: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.352| 0.131| 0.070| 4931.355| 0.000] [PKTLEN......: 64.000| 351.000| 213.000| 98.800| 9763.600| 4.800] [BINS(c->s)..: 1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1] - [IATS........: 85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877,0] + [IATS(ms)....: 85.5,95.2,66.1,60.4,102.7,208.4,184.1,159.6,139.1,188.5,352.4,23.4,152.9,55.1,31.1,91.6,0.1,141.2,0.0,163.2,159.2,188.6,161.9,163.6,162.1,156.8,164.9,143.2,181.6,163.3,123.9,0.0] [PKTLENS.....: 86,86,342,86,86,315,225,311,248,315,220,148,64,249,199,148,137,68,260,68,274,134,351,117,315,117,319,243,320,331,329,305] new: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] detected: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Network][Acceptable] @@ -159,13 +159,13 @@ detected: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][VoIP][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.307| 0.114| 0.086| 7398.241| 0.000] [PKTLEN......: 68.000| 320.000| 155.000| 58.800| 3453.300| 4.900] [BINS(c->s)..: 1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0] - [IATS........: 304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436,0] + [IATS(ms)....: 304.3,307.4,8.4,89.9,31.9,6.5,226.2,154.2,0.0,188.0,0.3,163.9,163.4,160.1,21.8,153.7,0.1,168.1,122.6,138.9,158.5,186.7,16.2,65.9,114.2,83.7,193.2,164.5,1.3,77.1,55.4,0.0] [PKTLENS.....: 86,86,86,86,86,148,138,320,181,68,246,148,242,226,117,148,165,68,186,170,175,186,170,148,128,154,219,154,223,68,148,185] update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port @@ -194,13 +194,13 @@ detection-update: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.272| 0.058| 0.092| 8444.798| 0.000] [PKTLEN......: 54.000| 1494.000| 303.300| 408.500|166876.700| 4.000] [BINS(c->s)..: 9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0] - [IATS........: 139873,225073,4218,228888,70,2672,200693,278,1388,194,2268,310,435,198176,1008,14244,4721,5042,13250,23,199875,308,34695,427,52,217025,5837,15994,11,271808,275,0] + [IATS(ms)....: 139.9,225.1,4.2,228.9,0.1,2.7,200.7,0.3,1.4,0.2,2.3,0.3,0.4,198.2,1.0,14.2,4.7,5.0,13.2,0.0,199.9,0.3,34.7,0.4,0.1,217.0,5.8,16.0,0.0,271.8,0.3,0.0] [PKTLENS.....: 78,66,54,281,54,146,91,54,54,60,91,1494,530,610,54,54,54,54,54,1002,400,54,54,1494,540,610,54,54,1002,400,54,54] guessed: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] [HTTP][Web][Acceptable] end: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] diff --git a/test/results/flow-info/whatsapp_login_chat.pcap.out b/test/results/flow-info/whatsapp_login_chat.pcap.out index 0d8198c9d..34b71026b 100644 --- a/test/results/flow-info/whatsapp_login_chat.pcap.out +++ b/test/results/flow-info/whatsapp_login_chat.pcap.out @@ -11,13 +11,13 @@ new: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.Apple][Web][Safe] analyse: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.Apple][Web][Safe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.031| 0.229| 0.711|505750.847| 0.000] [PKTLEN......: 54.000| 1494.000| 529.600| 518.700|269058.200| 4.300] [BINS(c->s)..: 4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0] [BINS(s->c)..: 9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0] - [IATS........: 307,68,156057,6041,20562,3,205015,214,59650,355,76,237850,6388,13739,3,246436,156,2803227,690,58,155,163,149,3030585,5762,13968,11,3,10327,10365,268249,0] + [IATS(ms)....: 0.3,0.1,156.1,6.0,20.6,0.0,205.0,0.2,59.6,0.4,0.1,237.8,6.4,13.7,0.0,246.4,0.2,2803.2,0.7,0.1,0.2,0.2,0.1,3030.6,5.8,14.0,0.0,0.0,10.3,10.4,268.2,0.0] [PKTLENS.....: 1494,531,610,54,54,1000,400,54,54,1494,538,610,54,54,1002,400,54,54,1494,531,610,1494,1254,1254,54,54,1002,400,54,54,54,127] new: [.....5] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] detected: [.....5] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] diff --git a/test/results/flow-info/whatsapp_voice_and_message.pcap.out b/test/results/flow-info/whatsapp_voice_and_message.pcap.out index e5bfed23a..4b09de9e7 100644 --- a/test/results/flow-info/whatsapp_voice_and_message.pcap.out +++ b/test/results/flow-info/whatsapp_voice_and_message.pcap.out @@ -20,26 +20,26 @@ new: [.....9] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.73.48][.3478] detected: [.....9] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.73.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][35480] -> [.184.173.179.46][..443] [WhatsApp][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.749| 0.839| 2.600|6759456.965| 0.000] [PKTLEN......: 54.000| 469.000| 107.400| 97.600| 9526.400| 4.600] [BINS(c->s)..: 9,2,4,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,0,1,0] - [IATS........: 61035,61126,147705,147918,346802,397248,61,50507,310058,310119,199799,397950,91,198181,50507,50568,386718,386688,54077,104523,50476,50446,398316,399963,10696747,10748901,336,153,244,335,183,0] + [IATS(ms)....: 61.0,61.1,147.7,147.9,346.8,397.2,0.1,50.5,310.1,310.1,199.8,397.9,0.1,198.2,50.5,50.6,386.7,386.7,54.1,104.5,50.5,50.4,398.3,400.0,10696.7,10748.9,0.3,0.2,0.2,0.3,0.2,0.0] [PKTLENS.....: 74,54,54,231,54,132,54,84,54,77,54,223,54,86,54,104,54,410,54,77,54,75,54,469,54,133,54,133,54,133,54,133] new: [....10] [ip4][..tcp] [.......10.8.0.1][44819] -> [...158.85.58.42][.5222] detected: [....10] [ip4][..tcp] [.......10.8.0.1][44819] -> [...158.85.58.42][.5222] [WhatsApp][Chat][Acceptable] new: [....11] [ip4][..tcp] [.......10.8.0.1][42241] -> [173.192.222.189][.5222] detected: [....11] [ip4][..tcp] [.......10.8.0.1][42241] -> [173.192.222.189][.5222] [WhatsApp][Chat][Acceptable] analyse: [....11] [ip4][..tcp] [.......10.8.0.1][42241] -> [173.192.222.189][.5222] [WhatsApp][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.458| 0.064| 0.104|10787.211| 0.000] [PKTLEN......: 54.000| 559.000| 102.200| 100.300|10067.600| 4.600] [BINS(c->s)..: 10,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,0] - [IATS........: 1312,2441,29816,31189,401459,457947,56427,244,122,152,50476,50415,214,112548,112763,50812,57282,6500,274,183,50385,50538,122,50415,131042,50415,131164,122,50507,50629,793,0] + [IATS(ms)....: 1.3,2.4,29.8,31.2,401.5,457.9,56.4,0.2,0.1,0.2,50.5,50.4,0.2,112.5,112.8,50.8,57.3,6.5,0.3,0.2,50.4,50.5,0.1,50.4,131.0,50.4,131.2,0.1,50.5,50.6,0.8,0.0] [PKTLENS.....: 74,54,54,228,54,132,54,559,84,54,54,77,54,54,79,54,76,135,54,299,54,76,78,54,108,54,72,105,54,223,54,54] update: [.....5] [ip4][..udp] [.......10.8.0.1][53620] -> [..173.252.121.1][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] update: [.....6] [ip4][..udp] [.......10.8.0.1][53620] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] @@ -52,13 +52,13 @@ new: [....12] [ip4][..tcp] [.......10.8.0.1][49721] -> [..158.85.58.109][.5222] detected: [....12] [ip4][..tcp] [.......10.8.0.1][49721] -> [..158.85.58.109][.5222] [WhatsApp][Chat][Acceptable] analyse: [....12] [ip4][..tcp] [.......10.8.0.1][49721] -> [..158.85.58.109][.5222] [WhatsApp][Chat][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.768| 0.148| 0.316|100094.116| 0.000] [PKTLEN......: 54.000| 308.000| 99.100| 70.400| 4957.000| 4.700] [BINS(c->s)..: 11,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0] - [IATS........: 2014,2563,34089,34790,390289,440887,50599,183,91,50446,50537,139282,139252,92,50506,50445,92,51240,51147,213,122,77789,128296,50873,179230,229706,260559,260559,50476,50476,1768433,0] + [IATS(ms)....: 2.0,2.6,34.1,34.8,390.3,440.9,50.6,0.2,0.1,50.4,50.5,139.3,139.3,0.1,50.5,50.4,0.1,51.2,51.1,0.2,0.1,77.8,128.3,50.9,179.2,229.7,260.6,260.6,50.5,50.5,1768.4,0.0] [PKTLENS.....: 74,54,54,228,54,132,54,308,84,54,77,54,79,54,76,135,54,76,299,54,54,54,223,112,54,113,54,179,54,76,54,90] update: [.....5] [ip4][..udp] [.......10.8.0.1][53620] -> [..173.252.121.1][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] update: [.....6] [ip4][..udp] [.......10.8.0.1][53620] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] diff --git a/test/results/flow-info/whatsappfiles.pcap.out b/test/results/flow-info/whatsappfiles.pcap.out index 1771bccf4..af408851f 100644 --- a/test/results/flow-info/whatsappfiles.pcap.out +++ b/test/results/flow-info/whatsappfiles.pcap.out @@ -6,25 +6,25 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 24.640| 0.846| 4.345|18880535.724| 0.000] [PKTLEN......: 66.000| 1464.000| 343.100| 491.800|241822.200| 3.900] [BINS(c->s)..: 9,4,0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0] [BINS(s->c)..: 5,1,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,0,0] - [IATS........: 89960,91931,2998,95622,1439,1232,31,95929,999,78942,282792,460945,6,97926,4,3994,6995,998,5,4,115136,17,1231,43,102916,998,41079,24639770,4996,5995,2998,0] + [IATS(ms)....: 90.0,91.9,3.0,95.6,1.4,1.2,0.0,95.9,1.0,78.9,282.8,460.9,0.0,97.9,0.0,4.0,7.0,1.0,0.0,0.0,115.1,0.0,1.2,0.0,102.9,1.0,41.1,24639.8,5.0,6.0,3.0,0.0] [PKTLENS.....: 78,74,66,309,66,1464,1464,478,66,66,66,192,324,147,66,66,119,116,108,249,104,66,104,66,176,66,66,66,289,1464,1464,1464] new: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] detected: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] detection-update: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] analyse: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.108| 0.019| 0.031| 953.946| 0.000] [PKTLEN......: 66.000| 1464.000| 499.400| 599.200|359069.100| 4.000] [BINS(c->s)..: 6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 56726,60954,999,65972,116,64953,998,4998,4,994,4,59896,50958,5,7285,18,4137,107,10987,4,86355,107518,6,1398,909,1355,1209,1240,1010,1222,1201,0] + [IATS(ms)....: 56.7,61.0,1.0,66.0,0.1,65.0,1.0,5.0,0.0,1.0,0.0,59.9,51.0,0.0,7.3,0.0,4.1,0.1,11.0,0.0,86.4,107.5,0.0,1.4,0.9,1.4,1.2,1.2,1.0,1.2,1.2,0.0] [PKTLENS.....: 78,74,66,583,66,212,66,117,119,116,108,290,147,66,104,66,104,66,108,66,66,66,1464,234,1464,1282,1464,1464,1464,1464,1464,1464] end: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] idle: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] diff --git a/test/results/flow-info/wireguard.pcap.out b/test/results/flow-info/wireguard.pcap.out index 4b50869ce..853f95343 100644 --- a/test/results/flow-info/wireguard.pcap.out +++ b/test/results/flow-info/wireguard.pcap.out @@ -4,13 +4,13 @@ new: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] detected: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] [WireGuard][VPN][Acceptable] analyse: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] [WireGuard][VPN][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 5.526| 0.606| 1.489|2218508.681| 0.000] [PKTLEN......: 138.000| 842.000| 260.000| 181.000|32764.000| 4.700] [BINS(c->s)..: 0,0,0,6,7,0,0,0,0,1,1,0,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,7,1,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,0,1] - [IATS........: 23,158,13304,82421,23440,98,92806,699,114421,124480,180,238536,14265,86010,36434,91,108248,778,113616,3087006,3060616,97488,183654,5525873,24,5525882,16499,87990,44371,59,115907,0] + [IATS(ms)....: 0.0,0.2,13.3,82.4,23.4,0.1,92.8,0.7,114.4,124.5,0.2,238.5,14.3,86.0,36.4,0.1,108.2,0.8,113.6,3087.0,3060.6,97.5,183.7,5525.9,0.0,5525.9,16.5,88.0,44.4,0.1,115.9,0.0] [PKTLENS.....: 842,186,138,314,138,330,186,138,298,138,666,186,138,314,138,362,186,138,298,138,186,154,186,154,698,186,138,314,138,570,186,138] update: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] [WireGuard][VPN][Acceptable] update: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] [WireGuard][VPN][Acceptable] diff --git a/test/results/flow-info/youtube_quic.pcap.out b/test/results/flow-info/youtube_quic.pcap.out index 57a72ea83..f40492250 100644 --- a/test/results/flow-info/youtube_quic.pcap.out +++ b/test/results/flow-info/youtube_quic.pcap.out @@ -6,13 +6,13 @@ new: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] detected: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Media][Fun] analyse: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.047| 0.007| 0.013| 177.503| 0.000] [PKTLEN......: 73.000| 1392.000| 865.500| 620.100|384534.200| 4.500] [BINS(c->s)..: 0,8,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1] - [IATS........: 43682,599,47402,292,154,45,22593,22345,6,41882,73,4311,1249,5208,1009,1199,2078,995,1205,2173,1079,939,1972,1276,1007,2312,930,1274,2300,574,7716,0] + [IATS(ms)....: 43.7,0.6,47.4,0.3,0.2,0.0,22.6,22.3,0.0,41.9,0.1,4.3,1.2,5.2,1.0,1.2,2.1,1.0,1.2,2.2,1.1,0.9,2.0,1.3,1.0,2.3,0.9,1.3,2.3,0.6,7.7,0.0] [PKTLENS.....: 1392,1392,1392,1392,459,177,178,77,1392,73,83,83,1392,1392,80,1392,1392,80,1392,1392,80,1392,1392,80,1392,1392,80,1392,1392,80,1030,1392] new: [.....3] [ip4][..udp] [....192.168.1.7][53859] -> [..216.58.205.66][..443] detected: [.....3] [ip4][..udp] [....192.168.1.7][53859] -> [..216.58.205.66][..443] [QUIC.Google][Advertisement][Acceptable] diff --git a/test/results/flow-info/youtubeupload.pcap.out b/test/results/flow-info/youtubeupload.pcap.out index 5ee09c99b..f6c2edc21 100644 --- a/test/results/flow-info/youtubeupload.pcap.out +++ b/test/results/flow-info/youtubeupload.pcap.out @@ -10,13 +10,13 @@ new: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443] detected: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] analyse: [.....1] [ip4][..udp] [...192.168.2.27][51925] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.883| 0.207| 0.510|259988.193| 0.000] [PKTLEN......: 58.000| 1392.000| 781.800| 621.300|386013.800| 4.400] [BINS(c->s)..: 0,6,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0] [BINS(s->c)..: 4,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,1,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS........: 56118,973,59784,1844,356,60874,87,57514,351,30658,1096880,488,1126775,721,1825776,1883081,71241,80,128481,3345,2763,363,669,1041,1120,1220,1141,1157,1131,1161,1163,0] + [IATS(ms)....: 56.1,1.0,59.8,1.8,0.4,60.9,0.1,57.5,0.4,30.7,1096.9,0.5,1126.8,0.7,1825.8,1883.1,71.2,0.1,128.5,3.3,2.8,0.4,0.7,1.0,1.1,1.2,1.1,1.2,1.1,1.2,1.2,0.0] [PKTLENS.....: 1392,1392,1392,80,1392,424,1392,73,83,80,72,58,611,83,77,344,78,154,58,83,387,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392] idle: [.....2] [ip4][..tcp] [...192.168.2.27][57452] -> [.172.217.23.111][..443] idle: [.....1] [ip4][..udp] [...192.168.2.27][51925] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] diff --git a/test/results/flow-info/zcash.pcap.out b/test/results/flow-info/zcash.pcap.out index 2df9651ad..a82c94fbb 100644 --- a/test/results/flow-info/zcash.pcap.out +++ b/test/results/flow-info/zcash.pcap.out @@ -5,13 +5,13 @@ detected: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Mining][Unsafe] RISK: Known Proto on Non Std Port, Unsafe Protocol analyse: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Mining][Unsafe] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 50.191| 6.014| 12.034|144808530.149| 0.000] [PKTLEN......: 66.000| 369.000| 156.600| 98.900| 9779.100| 4.700] [BINS(c->s)..: 9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1] - [IATS........: 82662,82715,169,82626,1477,83954,12149836,12261597,111733,2618837,2732392,113543,6931182,7043979,112799,7848884,7848880,48786215,308388,319989,608003,50191373,143,24,41664,210617,4833234,4833228,8034710,8116947,41430,0] + [IATS(ms)....: 82.7,82.7,0.2,82.6,1.5,84.0,12149.8,12261.6,111.7,2618.8,2732.4,113.5,6931.2,7044.0,112.8,7848.9,7848.9,48786.2,308.4,320.0,608.0,50191.4,0.1,0.0,41.7,210.6,4833.2,4833.2,8034.7,8116.9,41.4,0.0] [PKTLENS.....: 74,74,66,326,66,369,66,249,129,66,249,129,66,249,129,66,319,66,249,249,249,249,78,78,78,129,66,319,66,249,66,129] DAEMON-EVENT: [Processed: 87 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/zoom.pcap.out b/test/results/flow-info/zoom.pcap.out index 23ffccae8..1c39b9f5c 100644 --- a/test/results/flow-info/zoom.pcap.out +++ b/test/results/flow-info/zoom.pcap.out @@ -58,13 +58,13 @@ detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] analyse: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.211| 0.038| 0.059| 3527.760| 0.000] [PKTLEN......: 54.000| 1506.000| 677.000| 660.100|435695.100| 4.200] [BINS(c->s)..: 11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0] - [IATS........: 112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148,0] + [IATS(ms)....: 112.4,112.5,31.1,144.0,1.8,0.2,0.0,114.8,0.2,0.2,7.2,2.9,121.9,111.9,4.3,0.0,116.6,98.0,0.5,0.0,210.7,0.0,0.2,0.1,0.2,0.1,0.1,0.2,0.1,0.0,0.1,0.0] [PKTLENS.....: 78,66,54,571,60,1506,1506,1506,54,1306,54,54,245,105,54,745,864,60,1506,1506,1506,54,54,1506,1506,54,1506,1506,54,1506,459,54] detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] new: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621] @@ -114,13 +114,13 @@ detection-update: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.156| 0.028| 0.040| 1628.090| 0.000] [PKTLEN......: 66.000| 1506.000| 434.500| 552.400|305116.100| 4.000] [BINS(c->s)..: 10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0] - [IATS........: 31621,31782,223,32749,1986,135,18,34538,3,10485,3,10554,60088,93852,33789,375,31290,30856,4598,4,36582,6223,38193,156062,156067,114,1,94,10606,59053,3101,0] + [IATS(ms)....: 31.6,31.8,0.2,32.7,2.0,0.1,0.0,34.5,0.0,10.5,0.0,10.6,60.1,93.9,33.8,0.4,31.3,30.9,4.6,0.0,36.6,6.2,38.2,156.1,156.1,0.1,0.0,0.1,10.6,59.1,3.1,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,66,66,1506,93,66,192,308,66,206,132,66,1506,547,66,104,66,1331,66,1506,160,66,104,216,237] new: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] detected: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable] @@ -128,13 +128,13 @@ new: [....32] [ip4][..udp] [..192.168.1.117][60620] -> [..109.94.160.99][.8801] detected: [....32] [ip4][..udp] [..192.168.1.117][60620] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable] analyse: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.036| 0.010| 0.009| 72.691| 0.000] [PKTLEN......: 55.000| 1071.000| 886.800| 383.700|147246.200| 4.800] [BINS(c->s)..: 1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 31967,28,32217,4719,35562,13763,10264,10242,9996,63,10130,10327,9979,9966,107,9866,10246,10252,10251,126,10146,9980,10130,10478,32,9954,10261,9714,10315,406,9850,0] + [IATS(ms)....: 32.0,0.0,32.2,4.7,35.6,13.8,10.3,10.2,10.0,0.1,10.1,10.3,10.0,10.0,0.1,9.9,10.2,10.3,10.3,0.1,10.1,10.0,10.1,10.5,0.0,10.0,10.3,9.7,10.3,0.4,9.8,0.0] [PKTLENS.....: 149,77,60,55,105,85,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071] new: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] detected: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable] diff --git a/test/results/flow-info/zoom2.pcap.out b/test/results/flow-info/zoom2.pcap.out index 24c0365d3..d6417a349 100644 --- a/test/results/flow-info/zoom2.pcap.out +++ b/test/results/flow-info/zoom2.pcap.out @@ -9,47 +9,47 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.199| 0.059| 0.083| 6897.605| 0.000] [PKTLEN......: 66.000| 1506.000| 464.300| 547.400|299645.500| 4.100] [BINS(c->s)..: 11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 3,1,1,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,1,0,1,0,0,1,0,1,1] - [IATS........: 174660,174776,564,174002,1305,35,10,9,175382,5,1,23625,1263,198571,173076,348,174461,174128,5783,7,187559,672,15,182407,110,83,84,878,803,496,2,0] + [IATS(ms)....: 174.7,174.8,0.6,174.0,1.3,0.0,0.0,0.0,175.4,0.0,0.0,23.6,1.3,198.6,173.1,0.3,174.5,174.1,5.8,0.0,187.6,0.7,0.0,182.4,0.1,0.1,0.1,0.9,0.8,0.5,0.0,0.0] [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,828,66,66,66,66,192,117,66,222,141,66,1506,781,66,1506,456,66,214,66,116,1344,66,1344,270] new: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] analyse: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.167| 0.025| 0.040| 1639.456| 0.000] [PKTLEN......: 60.000| 1078.000| 718.700| 464.600|215864.300| 4.600] [BINS(c->s)..: 0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS........: 101379,166585,27,72990,12330,100439,29,101849,72959,11921,4860,10860,10480,10129,246,9160,10351,10320,11352,21,292,9440,8565,5418,4862,82,10799,10006,10476,9401,205,0] + [IATS(ms)....: 101.4,166.6,0.0,73.0,12.3,100.4,0.0,101.8,73.0,11.9,4.9,10.9,10.5,10.1,0.2,9.2,10.4,10.3,11.4,0.0,0.3,9.4,8.6,5.4,4.9,0.1,10.8,10.0,10.5,9.4,0.2,0.0] [PKTLENS.....: 165,165,86,60,170,170,86,60,170,102,102,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,102,1078,1078,1078,1078,1078,1078,1078] guessed: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] detected: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] new: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] new: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] analyse: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.176| 0.043| 0.049| 2389.122| 0.000] [PKTLEN......: 60.000| 203.000| 143.000| 35.800| 1279.800| 4.900] [BINS(c->s)..: 0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1] - [IATS........: 98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502,0] + [IATS(ms)....: 98.5,176.4,0.1,85.5,9.5,94.8,0.0,99.9,94.2,12.3,1.9,12.4,20.6,17.0,20.1,168.4,18.0,3.6,10.9,10.3,19.4,32.1,20.9,115.3,0.0,17.8,18.7,20.1,20.2,21.5,85.5,0.0] [PKTLENS.....: 165,165,86,60,170,170,86,60,170,102,102,175,178,168,163,159,130,102,163,106,157,158,148,149,180,203,130,164,162,157,158,130] guessed: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] detected: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] analyse: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] - [min|max|avg|stddev|variance|entropy] + min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.188| 0.047| 0.043| 1844.784| 0.000] [PKTLEN......: 60.000| 185.000| 105.100| 44.600| 1993.400| 4.900] [BINS(c->s)..: 7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0] - [IATS........: 102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582,0] + [IATS(ms)....: 102.1,187.6,0.0,105.6,0.1,93.5,0.0,87.6,70.7,0.1,106.0,0.0,21.5,32.8,59.0,0.0,48.4,5.5,49.5,50.2,0.0,0.0,55.2,45.7,56.3,52.4,0.0,59.8,52.1,47.7,58.6,0.0] [PKTLENS.....: 167,167,86,60,177,177,86,60,177,177,177,117,117,69,69,185,69,69,117,69,117,117,69,69,69,69,117,69,69,69,69,69] guessed: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] detected: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] |