diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-09-09 09:29:08 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2024-09-09 09:29:08 +0200 |
| commit | aef9d629f01b66a5e1985f265e9c74fd40542fe1 (patch) | |
| tree | 7ef5f363f149395ee4fe40a893894361da42a846 /test/results/flow-info/caches_global | |
| parent | f97b3880b6d6e577bdd197faab25baf139dd9254 (diff) | |
bump libnDPI to 92507c014626bc542f2ab11c729742802c0bc345
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/caches_global')
3 files changed, 49 insertions, 32 deletions
diff --git a/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out index 8d8174ec0..f78bd9ee9 100644 --- a/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out +++ b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] - detected: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable][] + detected: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [RTCP][Unknown][VoIP][Acceptable] new: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] detected: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port @@ -27,21 +27,21 @@ detection-update: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] RISK: Unidirectional Traffic new: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] - detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe][] + detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe] RISK: Unidirectional Traffic - detection-update: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable][] + detection-update: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable] RISK: Unidirectional Traffic new: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] - detected: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable][] + detected: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable] RISK: Unidirectional Traffic - detection-update: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable][] + detection-update: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable] RISK: Unidirectional Traffic detection-update: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] - detected: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable][] + detected: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable] RISK: Unidirectional Traffic - detection-update: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable][] + detection-update: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable] RISK: Unidirectional Traffic new: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] detected: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] @@ -69,7 +69,7 @@ RISK: Unidirectional Traffic idle: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable] + idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [RTCP][Unknown][VoIP][Acceptable] idle: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic idle: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable] diff --git a/test/results/flow-info/caches_global/teams.pcap.out b/test/results/flow-info/caches_global/teams.pcap.out index 9c24be31a..e04e45d16 100644 --- a/test/results/flow-info/caches_global/teams.pcap.out +++ b/test/results/flow-info/caches_global/teams.pcap.out @@ -369,7 +369,7 @@ detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] - detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]] + detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] @@ -377,13 +377,13 @@ detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] - detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????] + detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][>??i)?<????????????r] - detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][s?>?ed???[??+ez4???m] + detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152] @@ -414,12 +414,12 @@ new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]] - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port @@ -527,7 +527,7 @@ idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] RISK: Known Proto on Non Std Port idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] - guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable] + guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_TeamsCall][Azure][VoIP][Acceptable] RISK: Susp Entropy idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe] diff --git a/test/results/flow-info/caches_global/zoom_p2p.pcapng.out b/test/results/flow-info/caches_global/zoom_p2p.pcapng.out index 99a03c91a..794bfd0a9 100644 --- a/test/results/flow-info/caches_global/zoom_p2p.pcapng.out +++ b/test/results/flow-info/caches_global/zoom_p2p.pcapng.out @@ -15,12 +15,18 @@ detected: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] new: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] detected: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + RISK: Susp Entropy update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] new: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] + detected: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] [Zoom][Unknown][Video][Acceptable] + detection-update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] [Zoom][Unknown][Video][Acceptable] + RISK: Unidirectional Traffic update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + RISK: Susp Entropy update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] new: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] - analyse: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] + detected: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable] + analyse: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.089| 0.026| 0.021| 430.173| 4.500] [PKTLEN......: 113.000| 1277.000| 673.700| 485.600| 235788.400| 4.500] @@ -33,28 +39,32 @@ update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + RISK: Susp Entropy update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] - update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] + update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] [Zoom][Unknown][Video][Acceptable] + RISK: Unidirectional Traffic update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] - update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] + RISK: Susp Entropy + update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable] update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + RISK: Susp Entropy update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] - update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] - update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] + RISK: Susp Entropy + update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] [Zoom][Unknown][Video][Acceptable] + RISK: Unidirectional Traffic + update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable] update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] idle: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] - guessed: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] [Zoom][Unknown][Video][Acceptable] + idle: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] [Zoom][Unknown][Video][Acceptable] RISK: Unidirectional Traffic - idle: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] - guessed: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable] - idle: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] + idle: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable] idle: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] idle: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] new: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] @@ -63,6 +73,7 @@ detected: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] new: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] detected: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + RISK: Susp Entropy new: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] detected: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] @@ -77,9 +88,16 @@ [PKTLENS.....: 100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100] [ENTROPIES...: 5.4,5.3,5.2,5.3,5.4,5.3,5.4,5.3,5.4,5.3,5.3,5.4,5.3,5.3,5.3,5.4,5.3,5.4,5.3,5.3,5.3,5.3,5.3,5.3,5.4,5.3,5.3,5.4,5.4,5.3,5.4,5.3] new: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] + detected: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable] + detection-update: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable] + RISK: Unidirectional Traffic new: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] + detected: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable] + detection-update: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable] + RISK: Unidirectional Traffic update: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] - analyse: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] + RISK: Susp Entropy + analyse: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.052| 0.013| 0.016| 253.890| 4.000] [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000] @@ -89,7 +107,7 @@ [IATS(ms)....: 0.2,27.3,11.2,7.7,6.8,1.5,0.1,13.3,6.9,1.7,40.5,0.2,15.5,0.6,33.3,0.2,50.8,0.4,5.9,5.7,52.3,0.4,7.2,2.3,22.7,0.2,31.0,0.2,40.9,0.2,22.6] [PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112] [ENTROPIES...: 5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0] - analyse: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] + analyse: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.055| 0.027| 0.014| 209.331| 4.700] [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000] @@ -100,14 +118,13 @@ [PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112] [ENTROPIES...: 4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9] idle: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] - guessed: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable] + RISK: Susp Entropy + idle: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable] RISK: Unidirectional Traffic - idle: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] idle: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable] idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] - guessed: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable] + idle: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable] RISK: Unidirectional Traffic - idle: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] idle: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable] DAEMON-EVENT: shutdown |