diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-22 19:07:08 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-22 19:07:08 +0200 |
| commit | 9a28475bba88b711b7075b58473b7e5b5df1f393 (patch) | |
| tree | 73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/anyconnect-vpn.pcap.out | |
| parent | 28971cd7647a79253000fb33e52b5d2129e5ba62 (diff) | |
Improved flown analyse event:
* store packet directions
* merged direction based IATs
* merged direction based PKTLENs
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/anyconnect-vpn.pcap.out')
| -rw-r--r-- | test/results/flow-info/anyconnect-vpn.pcap.out | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/test/results/flow-info/anyconnect-vpn.pcap.out b/test/results/flow-info/anyconnect-vpn.pcap.out index 3dbd9d25e..28061e313 100644 --- a/test/results/flow-info/anyconnect-vpn.pcap.out +++ b/test/results/flow-info/anyconnect-vpn.pcap.out @@ -44,12 +44,14 @@ detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn analyse: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.072| 0.022| 0.022] - [IAT(c->s)...: 0.000| 0.045| 0.023| 0.020][IAT(s->c)...: 0.000| 0.072| 0.021| 0.023] - [PKTLEN(c->s): 66.000|1514.000| 422.600| 556.700][PKTLEN(s->c): 66.000|1514.000| 597.800| 627.100] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.072| 0.022| 0.022| 465.545| 0.000] + [PKTLEN......: 66.000| 1514.000| 504.700| 597.200|356597.600| 4.000] [BINS(c->s)..: 11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,2,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,0,0,0] + [IATS........: 39490,39550,431,43733,1217,44517,40926,4,40928,1,38216,8,38254,1,33217,1,71520,5,38273,6102,35094,41225,217,42300,2869,5,1,44938,58,0,0,0] + [PKTLENS.....: 78,70,66,233,66,1514,66,1514,1514,66,66,1514,1181,66,66,1514,1514,1333,66,66,677,66,141,66,1175,66,359,711,119,66,66,66] detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn new: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] @@ -108,12 +110,14 @@ detection-update: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] analyse: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.385| 0.079| 0.122] - [IAT(c->s)...: 0.000| 0.358| 0.081| 0.117][IAT(s->c)...: 0.002| 0.385| 0.078| 0.126] - [PKTLEN(c->s): 66.000|1261.000| 250.700| 328.900][PKTLEN(s->c): 66.000|1434.000| 347.300| 483.300] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.385| 0.079| 0.122|14784.686| 0.000] + [PKTLEN......: 66.000| 1434.000| 299.000| 416.200|173206.900| 4.000] [BINS(c->s)..: 9,2,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1] + [IATS........: 28537,28596,272,35158,11581,46466,4231,33144,2963,31899,1468,30539,1730,30777,254948,281121,5133,31326,314965,342213,26303,53543,25788,25778,4801,30501,2712,28408,358152,384774,2066,0] + [PKTLENS.....: 78,78,66,214,66,1374,66,1261,66,117,66,510,66,477,66,377,66,181,66,791,66,1434,66,1174,66,128,66,136,66,124,66,124] new: [....37] [ip4][..tcp] [.....10.0.0.227][56881] -> [.162.222.43.153][..443] [MIDSTREAM] new: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] detected: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] @@ -123,12 +127,14 @@ detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.138| 0.027| 0.033] - [IAT(c->s)...: 0.000| 0.097| 0.033| 0.029][IAT(s->c)...: 0.000| 0.138| 0.022| 0.035] - [PKTLEN(c->s): 66.000|1031.000| 164.900| 249.400][PKTLEN(s->c): 66.000|1514.000| 854.600| 666.400] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.138| 0.027| 0.033| 1098.419| 0.000] + [PKTLEN......: 66.000| 1514.000| 531.300| 619.300|383541.000| 4.100] [BINS(c->s)..: 12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0] + [IATS........: 42362,42438,1999,46916,1210,46124,40336,4,40344,1,37231,6,37243,1,97159,138032,40854,1159,43270,9027,4,1,1,9,1,1,51168,0,0,0,0,0] + [PKTLENS.....: 78,70,66,218,66,1514,66,1514,1514,66,66,1514,1181,66,66,420,141,66,1031,66,1514,223,1514,223,1514,223,1514,223,66,66,66,66] detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [....39] [ip4][..tcp] [.....10.0.0.227][56865] -> [.....10.0.0.149][.8008] [MIDSTREAM] @@ -185,12 +191,14 @@ detection-update: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) analyse: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.047| 0.016| 0.019] - [IAT(c->s)...: 0.000| 0.047| 0.016| 0.018][IAT(s->c)...: 0.000| 0.047| 0.015| 0.019] - [PKTLEN(c->s): 135.000| 199.000| 168.000| 16.800][PKTLEN(s->c): 90.000| 407.000| 258.100| 75.200] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.047| 0.016| 0.019| 352.973| 0.000] + [PKTLEN......: 90.000| 407.000| 213.100| 70.700| 5001.800| 4.900] [BINS(c->s)..: 0,0,1,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,0,0,2,5,1,2,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,0,0,0,1,1,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0,1,0,0,0,1] + [IATS........: 43486,43887,46602,46963,13778,22397,136,45366,3,1,180,3,8893,184,3220,4,34551,3,41128,530,5716,3654,11825,10035,4233,4600,46982,47070,168,405,3845,0] + [PKTLENS.....: 141,90,161,230,135,167,167,167,263,215,215,215,199,151,167,359,311,183,231,167,167,311,167,279,199,407,199,279,167,183,183,343] new: [....60] [ip4][..udp] [.....10.0.0.227][52595] -> [.......10.0.0.1][..192] new: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] detected: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] |