aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/KakaoTalk_chat.pcap.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2022-09-22 19:07:08 +0200
committerToni Uhlig <matzeton@googlemail.com>2022-09-22 19:07:08 +0200
commit9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/KakaoTalk_chat.pcap.out
parent28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)
Improved flown analyse event:
* store packet directions * merged direction based IATs * merged direction based PKTLENs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/KakaoTalk_chat.pcap.out')
-rw-r--r--test/results/flow-info/KakaoTalk_chat.pcap.out30
1 files changed, 18 insertions, 12 deletions
diff --git a/test/results/flow-info/KakaoTalk_chat.pcap.out b/test/results/flow-info/KakaoTalk_chat.pcap.out
index 90c8731eb..5edf2c461 100644
--- a/test/results/flow-info/KakaoTalk_chat.pcap.out
+++ b/test/results/flow-info/KakaoTalk_chat.pcap.out
@@ -103,12 +103,14 @@
detected: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][SocialNetwork][Fun]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.174| 0.038| 0.043]
- [IAT(c->s)...: 0.000| 0.124| 0.033| 0.039][IAT(s->c)...: 0.001| 0.174| 0.042| 0.047]
- [PKTLEN(c->s): 56.000|1053.000| 212.800| 311.300][PKTLEN(s->c): 56.000|1336.000| 331.300| 442.100]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.174| 0.038| 0.043| 1891.518| 0.000]
+ [PKTLEN......: 56.000| 1336.000| 272.100| 386.900|149674.200| 3.900]
[BINS(c->s)..: 10,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,3,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1]
+ [IATS........: 36956,40344,305,47699,3998,72083,702,123993,153,15869,671,16632,152,12207,67230,35950,15778,732,105866,38147,60424,4517,92,3936,174316,67658,16785,16968,108490,672,81115,0]
+ [PKTLENS.....: 76,60,56,621,60,56,1336,174,56,56,1336,949,56,56,1053,56,314,113,101,56,56,109,846,103,93,101,56,477,56,56,56,56]
new: [....31] [ip4][..tcp] [...10.24.82.188][42332] -> [.210.103.240.15][..443] [MIDSTREAM]
new: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80]
detected: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] [HTTP.Facebook][SocialNetwork][Fun]
@@ -116,12 +118,14 @@
detected: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
analyse: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.004| 3.803| 0.501| 0.832]
- [IAT(c->s)...: 0.004| 3.803| 0.567| 0.983][IAT(s->c)...: 0.004| 2.320| 0.421| 0.590]
- [PKTLEN(c->s): 56.000| 710.000| 152.100| 160.300][PKTLEN(s->c): 56.000|1336.000| 318.700| 484.700]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.004| 3.803| 0.501| 0.832|692202.045| 0.000]
+ [PKTLEN......: 56.000| 1336.000| 225.000| 352.300|124085.100| 3.900]
[BINS(c->s)..: 11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0]
+ [IATS........: 995911,1037903,49316,6684,695526,683563,56000,2329864,2320373,251618,299011,4547,4395,4089,3723,105469,239411,242157,376495,82611,125763,244537,287323,18128,164581,238983,428131,146027,274079,3802978,24719,0]
+ [PKTLENS.....: 76,76,60,56,240,60,56,60,240,56,1336,56,1336,56,1043,56,178,56,103,56,710,56,85,56,358,56,99,56,196,56,83,132]
detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
new: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443]
@@ -142,12 +146,14 @@
new: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM]
detected: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable]
analyse: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 27.031| 1.853| 6.601]
- [IAT(c->s)...: 0.000| 26.938| 1.913| 6.690][IAT(s->c)...: 0.000| 27.031| 1.796| 6.517]
- [PKTLEN(c->s): 56.000| 578.000| 142.400| 138.700][PKTLEN(s->c): 56.000|1336.000| 287.100| 461.100]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 27.031| 1.853| 6.601|43576507.498| 0.000]
+ [PKTLEN......: 56.000| 1336.000| 214.800| 348.100|121165.000| 3.900]
[BINS(c->s)..: 10,0,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,0,1,1]
+ [IATS........: 41748,45806,2228,39459,11261,448395,183,2868,498749,183,122,36927,124176,229920,321990,23011,161804,229858,405273,183,57404,108246,75989,156006,245086,67993,69489,26937805,56885,27030701,8087,0]
+ [PKTLENS.....: 76,60,56,240,60,56,1336,1336,1043,56,56,56,178,56,103,56,578,56,85,56,215,328,56,56,94,56,85,56,83,132,56,56]
update: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Network][Acceptable]
new: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223]
detected: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS.AmazonAWS][Cloud][Acceptable]
Powered by cgit, Themed by Ted Yin.