summaryrefslogtreecommitdiff
path: root/test/results/flow-info/default/emotet.pcap.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2023-11-09 23:18:55 +0100
committerToni Uhlig <matzeton@googlemail.com>2023-11-09 23:44:35 +0100
commit8ebaccc27d779e981b500e80b69f62396dcaa0ca (patch)
tree62993474d9ea00d23c579a649ab048fd2a8e76e6 /test/results/flow-info/default/emotet.pcap.out
parentdcb595e16153caa1600b64adea6af20009ea8419 (diff)
py-flow-info: Improved analyse result printing.1.6rc4
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/default/emotet.pcap.out')
-rw-r--r--test/results/flow-info/default/emotet.pcap.out30
1 files changed, 15 insertions, 15 deletions
diff --git a/test/results/flow-info/default/emotet.pcap.out b/test/results/flow-info/default/emotet.pcap.out
index b49c3201a..43d8d91f1 100644
--- a/test/results/flow-info/default/emotet.pcap.out
+++ b/test/results/flow-info/default/emotet.pcap.out
@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587]
detected: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable][opmta1mto02nd1]
analyse: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 3.056| 0.539| 0.774| 599161.176| 3.700]
- [PKTLEN......: 40.000| 738.000| 80.800| 121.900| 14849.500| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 3.056| 0.539| 0.774| 599161.176| 3.700]
+ [PKTLEN......: 40.000| 738.000| 80.800| 121.900| 14849.500| 4.300]
[BINS(c->s)..: 8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0]
@@ -18,9 +18,9 @@
new: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80]
detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable][fkl.co.ke]
analyse: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.204| 0.029| 0.060| 3581.477| 2.700]
- [PKTLEN......: 40.000| 1401.000| 820.000| 663.100| 439751.800| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.204| 0.029| 0.060| 3581.477| 2.700]
+ [PKTLEN......: 40.000| 1401.000| 820.000| 663.100| 439751.800| 4.400]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0]
@@ -35,9 +35,9 @@
detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable][gandhitoday.org]
RISK: Binary App Transfer
analyse: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.261| 0.031| 0.066| 4320.020| 3.000]
- [PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.261| 0.031| 0.066| 4320.020| 3.000]
+ [PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100]
[BINS(c->s)..: 16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0]
@@ -53,9 +53,9 @@
detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable][filmmogzivota.rs]
RISK: Binary App Transfer, HTTP Susp User-Agent
analyse: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.292| 0.042| 0.080| 6342.811| 2.900]
- [PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.292| 0.042| 0.080| 6342.811| 2.900]
+ [PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500]
[BINS(c->s)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,18,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0]
@@ -70,9 +70,9 @@
detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700]
- [PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700]
+ [PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200]
[BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0,1,1]
Powered by cgit, Themed by Ted Yin.