aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/default
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2024-10-30 15:48:45 +0100
committerToni Uhlig <matzeton@googlemail.com>2024-11-02 15:48:45 +0100
commit2b48eb051473e240735f61f41dce1c6614ca39fd (patch)
treee7314df940c8be78adca1edba92a9cde3c85a045 /test/results/flow-info/default
parentddc96ba614e4f6d1cd4ea9526ae1ccc9d71b8f49 (diff)
Added `vlan_id` dissection of the most outer (first) 802.1Q header. Fixes #50
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/default')
-rw-r--r--test/results/flow-info/default/ajp.pcap.out12
-rw-r--r--test/results/flow-info/default/bfd.pcap.out24
-rw-r--r--test/results/flow-info/default/bot.pcap.out8
-rw-r--r--test/results/flow-info/default/cpha.pcap.out6
-rw-r--r--test/results/flow-info/default/false_positives.pcapng.out6
-rw-r--r--test/results/flow-info/default/gquic_only_from_server.pcap.out6
-rw-r--r--test/results/flow-info/default/gre.pcapng.out6
-rw-r--r--test/results/flow-info/default/hsrp0.pcap.out24
-rw-r--r--test/results/flow-info/default/kerberos-error.pcap.out6
-rw-r--r--test/results/flow-info/default/mongodb.pcap.out49
-rw-r--r--test/results/flow-info/default/mpegts.pcap.out6
-rw-r--r--test/results/flow-info/default/mqtt.pcap.out6
-rw-r--r--test/results/flow-info/default/netbios.pcap.out6
-rw-r--r--test/results/flow-info/default/rdp2.pcap.out12
-rw-r--r--test/results/flow-info/default/rtp.pcapng.out6
-rw-r--r--test/results/flow-info/default/smb_frags.pcap.out6
-rw-r--r--test/results/flow-info/default/snmp.pcap.out14
-rw-r--r--test/results/flow-info/default/soap.pcap.out6
-rw-r--r--test/results/flow-info/default/stun.pcap.out6
-rw-r--r--test/results/flow-info/default/syslog.pcap.out60
-rw-r--r--test/results/flow-info/default/ultrasurf.pcap.out28
-rw-r--r--test/results/flow-info/default/vxlan.pcap.out58
-rw-r--r--test/results/flow-info/default/whois.pcapng.out14
-rw-r--r--test/results/flow-info/default/xiaomi.pcap.out6
24 files changed, 198 insertions, 183 deletions
diff --git a/test/results/flow-info/default/ajp.pcap.out b/test/results/flow-info/default/ajp.pcap.out
index deb88f49b..fc603edcc 100644
--- a/test/results/flow-info/default/ajp.pcap.out
+++ b/test/results/flow-info/default/ajp.pcap.out
@@ -1,22 +1,22 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009]
+ new: [.....1][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
- detected: [.....1] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Unknown][Web][Acceptable]
+ detected: [.....1][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Unknown][Web][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
- new: [.....2] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010]
+ new: [.....2][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16]
- detected: [.....2] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Unknown][Web][Acceptable]
+ detected: [.....2][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Unknown][Web][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [8/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [9/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [10/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [11/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [12/16]
- idle: [.....1] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Unknown][Web][Acceptable]
- idle: [.....2] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Unknown][Web][Acceptable]
+ idle: [.....1][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Unknown][Web][Acceptable]
+ idle: [.....2][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Unknown][Web][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/bfd.pcap.out b/test/results/flow-info/default/bfd.pcap.out
index df172f5c6..cccdc094e 100644
--- a/test/results/flow-info/default/bfd.pcap.out
+++ b/test/results/flow-info/default/bfd.pcap.out
@@ -1,16 +1,16 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784]
- detected: [.....1] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] [BFD][Unknown][Network][Acceptable]
- new: [.....2] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784]
- detected: [.....2] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] [BFD][Unknown][Network][Acceptable]
- new: [.....3] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785]
- detected: [.....3] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] [BFD][Unknown][Network][Acceptable]
- new: [.....4] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785]
- detected: [.....4] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] [BFD][Unknown][Network][Acceptable]
- idle: [.....2] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] [BFD][Unknown][Network][Acceptable]
- idle: [.....1] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] [BFD][Unknown][Network][Acceptable]
- idle: [.....4] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] [BFD][Unknown][Network][Acceptable]
- idle: [.....3] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] [BFD][Unknown][Network][Acceptable]
+ new: [.....1][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784]
+ detected: [.....1][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] [BFD][Unknown][Network][Acceptable]
+ new: [.....2][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784]
+ detected: [.....2][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] [BFD][Unknown][Network][Acceptable]
+ new: [.....3][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785]
+ detected: [.....3][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] [BFD][Unknown][Network][Acceptable]
+ new: [.....4][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785]
+ detected: [.....4][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] [BFD][Unknown][Network][Acceptable]
+ idle: [.....2][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] [BFD][Unknown][Network][Acceptable]
+ idle: [.....1][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] [BFD][Unknown][Network][Acceptable]
+ idle: [.....4][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] [BFD][Unknown][Network][Acceptable]
+ idle: [.....3][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] [BFD][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/bot.pcap.out b/test/results/flow-info/default/bot.pcap.out
index 6eb194f6a..d87d5c60d 100644
--- a/test/results/flow-info/default/bot.pcap.out
+++ b/test/results/flow-info/default/bot.pcap.out
@@ -1,10 +1,10 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80]
- detected: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it]
+ new: [.....1][..77] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80]
+ detected: [.....1][..77] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it]
RISK: Crawler/Bot
- analyse: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it]
+ analyse: [.....1][..77] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.114| 0.014| 0.036| 1309.010| 2.200]
[PKTLEN......: 46.000| 1480.000| 1086.500| 631.200| 398369.000| 4.600]
@@ -14,6 +14,6 @@
[IATS(ms)....: 0.4,106.5,0.0,106.7,7.6,0.1,0.1,0.1,0.0,0.0,0.8,0.0,0.0,0.0,114.2,0.3,105.4,0.1,0.0,0.0,0.1,0.0,0.0,0.0,0.2,0.0,0.1,0.0,0.8,0.1,0.5]
[PKTLENS.....: 48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480]
[ENTROPIES...: 4.7,4.8,4.7,5.6,4.7,6.4,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.1,4.7,4.6,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.4,5.9,7.9,5.5,4.9,4.7,4.7,5.1]
- end: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it]
+ end: [.....1][..77] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it]
RISK: Crawler/Bot
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/cpha.pcap.out b/test/results/flow-info/default/cpha.pcap.out
index 73db98c0b..4735e97a8 100644
--- a/test/results/flow-info/default/cpha.pcap.out
+++ b/test/results/flow-info/default/cpha.pcap.out
@@ -1,7 +1,7 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116]
- detected: [.....1] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] [CPHA][Unknown][Network][Fun]
- idle: [.....1] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] [CPHA][Unknown][Network][Fun]
+ new: [.....1][..21] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116]
+ detected: [.....1][..21] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] [CPHA][Unknown][Network][Fun]
+ idle: [.....1][..21] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] [CPHA][Unknown][Network][Fun]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/false_positives.pcapng.out b/test/results/flow-info/default/false_positives.pcapng.out
index d2a0dbfcd..6acef84eb 100644
--- a/test/results/flow-info/default/false_positives.pcapng.out
+++ b/test/results/flow-info/default/false_positives.pcapng.out
@@ -17,8 +17,8 @@
ERROR-EVENT: Unknown packet type [14/16]
ERROR-EVENT: Unknown packet type [15/16]
ERROR-EVENT: Unknown packet type [16/16]
- new: [.....1] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160]
- detected: [.....1] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] [RTP][Unknown][Media][Acceptable]
+ new: [.....1][.107] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160]
+ detected: [.....1][.107] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] [RTP][Unknown][Media][Acceptable]
DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type [1/16]
@@ -40,7 +40,7 @@
DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..udp] [.192.168.12.156][37649] -> [..57.128.172.97][.9981]
- idle: [.....1] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] [RTP][Unknown][Media][Acceptable]
+ idle: [.....1][.107] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] [RTP][Unknown][Media][Acceptable]
not-detected: [.....2] [ip4][..udp] [.192.168.12.156][37649] -> [..57.128.172.97][.9981] [Unknown][Unknown][Unrated]
RISK: Susp Entropy
idle: [.....2] [ip4][..udp] [.192.168.12.156][37649] -> [..57.128.172.97][.9981]
diff --git a/test/results/flow-info/default/gquic_only_from_server.pcap.out b/test/results/flow-info/default/gquic_only_from_server.pcap.out
index ba5a45e21..265b25042 100644
--- a/test/results/flow-info/default/gquic_only_from_server.pcap.out
+++ b/test/results/flow-info/default/gquic_only_from_server.pcap.out
@@ -1,7 +1,7 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524]
- detected: [.....1] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable]
- idle: [.....1] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable]
+ new: [.....1][1508] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524]
+ detected: [.....1][1508] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable]
+ idle: [.....1][1508] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/gre.pcapng.out b/test/results/flow-info/default/gre.pcapng.out
index 86fe894a6..750268a11 100644
--- a/test/results/flow-info/default/gre.pcapng.out
+++ b/test/results/flow-info/default/gre.pcapng.out
@@ -1,7 +1,7 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][...47] [109.105.228.253] -> [...10.177.98.84]
- detected: [.....1] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable]
- idle: [.....1] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable]
+ new: [.....1][.142] [ip4][...47] [109.105.228.253] -> [...10.177.98.84]
+ detected: [.....1][.142] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable]
+ idle: [.....1][.142] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/hsrp0.pcap.out b/test/results/flow-info/default/hsrp0.pcap.out
index 90acfed7b..1b68fb9a5 100644
--- a/test/results/flow-info/default/hsrp0.pcap.out
+++ b/test/results/flow-info/default/hsrp0.pcap.out
@@ -1,16 +1,16 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985]
- detected: [.....1] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
- new: [.....2] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985]
- detected: [.....2] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
- new: [.....3] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985]
- detected: [.....3] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
- new: [.....4] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985]
- detected: [.....4] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
- idle: [.....3] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
- idle: [.....2] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
- idle: [.....4] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
- idle: [.....1] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
+ new: [.....1][..10] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985]
+ detected: [.....1][..10] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
+ new: [.....2][..12] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985]
+ detected: [.....2][..12] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
+ new: [.....3][..13] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985]
+ detected: [.....3][..13] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
+ new: [.....4][..10] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985]
+ detected: [.....4][..10] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
+ idle: [.....3][..13] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
+ idle: [.....2][..12] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
+ idle: [.....4][..10] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
+ idle: [.....1][..10] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/kerberos-error.pcap.out b/test/results/flow-info/default/kerberos-error.pcap.out
index 6e874eb33..b2c0ded8c 100644
--- a/test/results/flow-info/default/kerberos-error.pcap.out
+++ b/test/results/flow-info/default/kerberos-error.pcap.out
@@ -1,7 +1,7 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88]
- detected: [.....1] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] [Kerberos][Unknown][Network][Acceptable]
- idle: [.....1] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] [Kerberos][Unknown][Network][Acceptable]
+ new: [.....1][2008] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88]
+ detected: [.....1][2008] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] [Kerberos][Unknown][Network][Acceptable]
+ idle: [.....1][2008] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] [Kerberos][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/mongodb.pcap.out b/test/results/flow-info/default/mongodb.pcap.out
index 5324c968e..deace8da6 100644
--- a/test/results/flow-info/default/mongodb.pcap.out
+++ b/test/results/flow-info/default/mongodb.pcap.out
@@ -1,29 +1,40 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017]
- detected: [.....1] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable]
+ new: [.....1][.300] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017]
+ new: [.....2][..50] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017]
+ detected: [.....1][.300] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable]
DAEMON-EVENT: [Processed: 6 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....2] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017]
- detected: [.....2] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable]
- idle: [.....1] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable]
+ DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....3][.300] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017]
+ new: [.....4][..50] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017]
+ detected: [.....3][.300] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable]
+ guessed: [.....2][..50] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable]
+ RISK: Unidirectional Traffic
+ idle: [.....2][..50] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017]
+ idle: [.....1][.300] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable]
DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....3] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017]
- detected: [.....3] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] [MongoDB][Unknown][Database][Acceptable]
- idle: [.....2] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable]
+ DAEMON-EVENT: [Flows][active: 2 / 4|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0]
+ new: [.....5][.100] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017]
+ detected: [.....5][.100] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] [MongoDB][Unknown][Database][Acceptable]
+ guessed: [.....4][..50] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable]
+ RISK: Unidirectional Traffic
+ idle: [.....4][..50] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017]
+ idle: [.....3][.300] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable]
DAEMON-EVENT: [Processed: 16 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....4] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017]
- detected: [.....4] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] [MongoDB][Unknown][Database][Acceptable]
- idle: [.....3] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] [MongoDB][Unknown][Database][Acceptable]
+ DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 2|detection-updates: 0|updates: 0]
+ new: [.....6][.100] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017]
+ detected: [.....6][.100] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] [MongoDB][Unknown][Database][Acceptable]
+ idle: [.....5][.100] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] [MongoDB][Unknown][Database][Acceptable]
DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....5] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000]
- detected: [.....5] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [MongoDB][Unknown][Database][Acceptable]
+ DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 2|detection-updates: 0|updates: 0]
+ new: [.....7][.300] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000]
+ new: [.....8][..50] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000]
+ detected: [.....7][.300] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [MongoDB][Unknown][Database][Acceptable]
RISK: Known Proto on Non Std Port
- idle: [.....5] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [MongoDB][Unknown][Database][Acceptable]
+ not-detected: [.....8][..50] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [Unknown][Unknown][Unrated]
+ idle: [.....8][..50] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000]
+ idle: [.....7][.300] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [MongoDB][Unknown][Database][Acceptable]
RISK: Known Proto on Non Std Port
- idle: [.....4] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] [MongoDB][Unknown][Database][Acceptable]
+ idle: [.....6][.100] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] [MongoDB][Unknown][Database][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/mpegts.pcap.out b/test/results/flow-info/default/mpegts.pcap.out
index f643c1fbe..c19ac7028 100644
--- a/test/results/flow-info/default/mpegts.pcap.out
+++ b/test/results/flow-info/default/mpegts.pcap.out
@@ -1,7 +1,7 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234]
- detected: [.....1] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] [MPEG_TS][Unknown][Media][Fun]
- idle: [.....1] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] [MPEG_TS][Unknown][Media][Fun]
+ new: [.....1][3359] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234]
+ detected: [.....1][3359] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] [MPEG_TS][Unknown][Media][Fun]
+ idle: [.....1][3359] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] [MPEG_TS][Unknown][Media][Fun]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/mqtt.pcap.out b/test/results/flow-info/default/mqtt.pcap.out
index d1ea983a1..ca174f61d 100644
--- a/test/results/flow-info/default/mqtt.pcap.out
+++ b/test/results/flow-info/default/mqtt.pcap.out
@@ -3,8 +3,8 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.....10.10.10.1][.1883] -> [....192.168.0.1][41892]
detected: [.....1] [ip4][..tcp] [.....10.10.10.1][.1883] -> [....192.168.0.1][41892] [MQTT][Unknown][RPC][Acceptable]
- new: [.....2] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MIDSTREAM]
- detected: [.....2] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MQTT][Azure][RPC][Acceptable]
- idle: [.....2] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MQTT][Azure][RPC][Acceptable]
+ new: [.....2][1008] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MIDSTREAM]
+ detected: [.....2][1008] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MQTT][Azure][RPC][Acceptable]
+ idle: [.....2][1008] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MQTT][Azure][RPC][Acceptable]
idle: [.....1] [ip4][..tcp] [.....10.10.10.1][.1883] -> [....192.168.0.1][41892] [MQTT][Unknown][RPC][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/netbios.pcap.out b/test/results/flow-info/default/netbios.pcap.out
index bde6001fd..293fe7188 100644
--- a/test/results/flow-info/default/netbios.pcap.out
+++ b/test/results/flow-info/default/netbios.pcap.out
@@ -60,8 +60,8 @@
update: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*]
DAEMON-EVENT: [Processed: 260 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 15 / 15|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 5]
- new: [....16] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [MIDSTREAM]
- detected: [....16] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [NetBIOS][Unknown][System][Acceptable][]
+ new: [....16][2308] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [MIDSTREAM]
+ detected: [....16][2308] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [NetBIOS][Unknown][System][Acceptable][]
idle: [.....8] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.4.165][..137] [NetBIOS][Unknown][System][Acceptable][gunnar]
idle: [.....7] [ip4][..udp] [.....10.0.4.165][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][gunnar]
idle: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][ozi]
@@ -78,7 +78,7 @@
RISK: Unsafe Protocol
idle: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*]
idle: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*]
- idle: [....16] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [NetBIOS][Unknown][System][Acceptable]
+ idle: [....16][2308] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [NetBIOS][Unknown][System][Acceptable]
guessed: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [NetBIOS][Unknown][System][Acceptable][]
idle: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/rdp2.pcap.out b/test/results/flow-info/default/rdp2.pcap.out
index 708c10895..a3de605a1 100644
--- a/test/results/flow-info/default/rdp2.pcap.out
+++ b/test/results/flow-info/default/rdp2.pcap.out
@@ -6,18 +6,18 @@
RISK: Desktop/File Sharing
DAEMON-EVENT: [Processed: 6 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....2] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389]
- detected: [.....2] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable]
+ new: [.....2][1308] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389]
+ detected: [.....2][1308] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable]
RISK: Desktop/File Sharing
idle: [.....1] [ip4][..udp] [192.168.122.181][54759] -> [..192.168.122.2][.3389] [RDP][Unknown][RemoteAccess][Acceptable]
RISK: Desktop/File Sharing
DAEMON-EVENT: [Processed: 32 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....3] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389]
- detected: [.....3] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable]
+ new: [.....3][1108] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389]
+ detected: [.....3][1108] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable]
RISK: Desktop/File Sharing
- idle: [.....2] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable]
+ idle: [.....2][1308] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable]
RISK: Desktop/File Sharing
- idle: [.....3] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable]
+ idle: [.....3][1108] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable]
RISK: Desktop/File Sharing
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/rtp.pcapng.out b/test/results/flow-info/default/rtp.pcapng.out
index b5b4ff7c4..0c3cb7c85 100644
--- a/test/results/flow-info/default/rtp.pcapng.out
+++ b/test/results/flow-info/default/rtp.pcapng.out
@@ -23,8 +23,8 @@
new: [.....3] [ip4][..udp] [.150.219.118.19][54234] -> [192.113.193.227][50003]
detected: [.....3] [ip4][..udp] [.150.219.118.19][54234] -> [192.113.193.227][50003] [Discord][Unknown][Collaborative][Fun]
idle: [.....2] [ip4][..tcp] [..172.16.168.24][40252] -> [..172.16.168.64][.5000] [RTP][Unknown][Media][Acceptable]
- new: [.....4] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008]
- detected: [.....4] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable]
+ new: [.....4][1508] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008]
+ detected: [.....4][1508] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable]
idle: [.....3] [ip4][..udp] [.150.219.118.19][54234] -> [192.113.193.227][50003] [Discord][Unknown][Collaborative][Fun]
- idle: [.....4] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable]
+ idle: [.....4][1508] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/smb_frags.pcap.out b/test/results/flow-info/default/smb_frags.pcap.out
index c17116df7..3713e7898 100644
--- a/test/results/flow-info/default/smb_frags.pcap.out
+++ b/test/results/flow-info/default/smb_frags.pcap.out
@@ -1,9 +1,9 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445]
- detected: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][Unknown][System][Dangerous][]
+ new: [.....1][1608] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445]
+ detected: [.....1][1608] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][Unknown][System][Dangerous][]
RISK: Known Proto on Non Std Port, SMB Insecure Vers, Unsafe Protocol
- end: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][Unknown][System][Dangerous]
+ end: [.....1][1608] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][Unknown][System][Dangerous]
RISK: Known Proto on Non Std Port, SMB Insecure Vers, Unsafe Protocol
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/snmp.pcap.out b/test/results/flow-info/default/snmp.pcap.out
index cf0062bda..61eb2be77 100644
--- a/test/results/flow-info/default/snmp.pcap.out
+++ b/test/results/flow-info/default/snmp.pcap.out
@@ -69,20 +69,20 @@
update: [....13] [ip4][..udp] [.113.19.156.111][54318] -> [.135.201.124.55][..162] [SNMP][Unknown][Network][Acceptable]
DAEMON-EVENT: [Processed: 62 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 15|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 10]
- new: [....16] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088]
- detected: [....16] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] [SNMP][Unknown][Network][Acceptable]
+ new: [....16][.908] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088]
+ detected: [....16][.908] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] [SNMP][Unknown][Network][Acceptable]
RISK: Error Code
idle: [....12] [ip4][..udp] [.200.76.132.137][54318] -> [189.111.255.214][..162] [SNMP][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
idle: [....13] [ip4][..udp] [.113.19.156.111][54318] -> [.135.201.124.55][..162] [SNMP][Unknown][Network][Acceptable]
idle: [....15] [ip4][..udp] [.124.53.196.176][54318] -> [..103.248.22.47][..162] [SNMP][Unknown][Network][Acceptable]
idle: [....14] [ip4][..udp] [..205.83.36.228][54318] -> [.160.174.106.32][..162] [SNMP][Unknown][Network][Acceptable]
- new: [....17] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161]
- detected: [....17] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable]
- detection-update: [....17] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable]
+ new: [....17][1308] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161]
+ detected: [....17][1308] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable]
+ detection-update: [....17][1308] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable]
RISK: Error Code
- idle: [....17] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable]
+ idle: [....17][1308] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable]
RISK: Error Code
- idle: [....16] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] [SNMP][Unknown][Network][Acceptable]
+ idle: [....16][.908] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] [SNMP][Unknown][Network][Acceptable]
RISK: Error Code
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/soap.pcap.out b/test/results/flow-info/default/soap.pcap.out
index fa0eedb0c..4a974492b 100644
--- a/test/results/flow-info/default/soap.pcap.out
+++ b/test/results/flow-info/default/soap.pcap.out
@@ -7,9 +7,9 @@
RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028]
- detected: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable]
- idle: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable]
+ new: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028]
+ detected: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable]
+ idle: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable]
idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Cloud][Acceptable]
RISK: Known Proto on Non Std Port
guessed: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [HTTP][Unknown][Web][Acceptable][]
diff --git a/test/results/flow-info/default/stun.pcap.out b/test/results/flow-info/default/stun.pcap.out
index 71db8e90f..bfc198108 100644
--- a/test/results/flow-info/default/stun.pcap.out
+++ b/test/results/flow-info/default/stun.pcap.out
@@ -1,8 +1,8 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000]
- detected: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ new: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000]
+ detected: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478]
@@ -14,7 +14,7 @@
new: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128]
detected: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable]
RISK: Susp Entropy
- end: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+ end: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
DAEMON-EVENT: [Processed: 24 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0]
new: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478]
diff --git a/test/results/flow-info/default/syslog.pcap.out b/test/results/flow-info/default/syslog.pcap.out
index 84acf374d..e3f97f683 100644
--- a/test/results/flow-info/default/syslog.pcap.out
+++ b/test/results/flow-info/default/syslog.pcap.out
@@ -13,19 +13,19 @@
update: [.....2] [ip4][..udp] [..10.251.23.139][59194] -> [....62.39.3.142][..514] [Syslog][Unknown][System][Acceptable]
DAEMON-EVENT: [Processed: 17 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1]
- new: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514]
- detected: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
+ new: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514]
+ detected: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
idle: [.....2] [ip4][..udp] [..10.251.23.139][59194] -> [....62.39.3.142][..514] [Syslog][Unknown][System][Acceptable]
- update: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
- new: [.....4] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514]
- detected: [.....4] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
- update: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
+ update: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
+ new: [.....4][.121] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514]
+ detected: [.....4][.121] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
+ update: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
DAEMON-EVENT: [Processed: 23 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3]
new: [.....5] [ip4][...41] [..193.24.227.10] -> [..216.66.86.114]
new: [.....6] [ip4][...41] [...216.66.80.30] -> [..193.24.227.12]
- idle: [.....4] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
- idle: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
+ idle: [.....4][.121] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
+ idle: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable]
DAEMON-EVENT: [Processed: 29 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3]
new: [.....7] [ip4][..udp] [..172.21.251.36][62679] -> [..172.19.196.11][..514]
@@ -67,33 +67,37 @@
idle: [....13] [ip4][..udp] [..10.224.43.149][57166] -> [..172.23.243.89][..514] [Syslog][Unknown][System][Acceptable]
idle: [....11] [ip4][..udp] [..10.22.179.215][57166] -> [...172.26.54.76][..514] [Syslog][Unknown][System][Acceptable]
idle: [....12] [ip4][..udp] [.192.168.45.162][57166] -> [..10.208.120.95][..514] [Syslog][Unknown][System][Acceptable]
- new: [....15] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173]
+ new: [....15][1506] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173]
update: [....14] [ip4][..udp] [.172.26.229.190][..514] -> [..172.23.80.196][..514] [Syslog][Unknown][System][Acceptable]
- detected: [....15] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] [Syslog][Unknown][System][Acceptable]
- RISK: Known Proto on Non Std Port
+ new: [....16][1906] [ip4][..tcp] [..169.46.82.162][52173] -> [.10.186.117.194][49948]
+ detected: [....15][1506] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] [Syslog][Unknown][System][Acceptable]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....14] [ip4][..udp] [.172.26.229.190][..514] -> [..172.23.80.196][..514] [Syslog][Unknown][System][Acceptable]
- new: [....16] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514]
- detected: [....16] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] [Syslog][Unknown][System][Acceptable]
+ new: [....17] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514]
+ detected: [....17] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] [Syslog][Unknown][System][Acceptable]
DAEMON-EVENT: [Processed: 81 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 2 / 16|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10]
- new: [....17] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514]
- detected: [....17] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] [Syslog][Unknown][System][Acceptable]
- idle: [....16] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] [Syslog][Unknown][System][Acceptable]
- end: [....15] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] [Syslog][Unknown][System][Acceptable]
- RISK: Known Proto on Non Std Port
+ DAEMON-EVENT: [Flows][active: 3 / 17|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10]
+ new: [....18][.408] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514]
+ detected: [....18][.408] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] [Syslog][Unknown][System][Acceptable]
+ idle: [....17] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] [Syslog][Unknown][System][Acceptable]
+ not-detected: [....16][1906] [ip4][..tcp] [..169.46.82.162][52173] -> [.10.186.117.194][49948] [Unknown][Unknown][Unrated]
+ RISK: Unidirectional Traffic
+ idle: [....16][1906] [ip4][..tcp] [..169.46.82.162][52173] -> [.10.186.117.194][49948]
+ end: [....15][1506] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] [Syslog][Unknown][System][Acceptable]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
DAEMON-EVENT: [Processed: 82 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 17|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10]
+ DAEMON-EVENT: [Flows][active: 1 / 18|skipped: 0|!detected: 3|guessed: 0|detection-updates: 0|updates: 10]
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
ERROR-EVENT: Unknown packet type [4/16]
DAEMON-EVENT: [Processed: 82 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 17|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10]
- new: [....18] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514]
- detected: [....18] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] [Syslog][Unknown][System][Acceptable]
- new: [....19] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514]
- detected: [....19] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] [Syslog][Unknown][System][Acceptable]
- idle: [....19] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] [Syslog][Unknown][System][Acceptable]
- idle: [....17] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] [Syslog][Unknown][System][Acceptable]
- idle: [....18] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] [Syslog][Unknown][System][Acceptable]
+ DAEMON-EVENT: [Flows][active: 1 / 18|skipped: 0|!detected: 3|guessed: 0|detection-updates: 0|updates: 10]
+ new: [....19][2005] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514]
+ detected: [....19][2005] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] [Syslog][Unknown][System][Acceptable]
+ new: [....20][2005] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514]
+ detected: [....20][2005] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] [Syslog][Unknown][System][Acceptable]
+ idle: [....20][2005] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] [Syslog][Unknown][System][Acceptable]
+ idle: [....18][.408] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] [Syslog][Unknown][System][Acceptable]
+ idle: [....19][2005] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] [Syslog][Unknown][System][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/ultrasurf.pcap.out b/test/results/flow-info/default/ultrasurf.pcap.out
index 9d2351f75..cca0be479 100644
--- a/test/results/flow-info/default/ultrasurf.pcap.out
+++ b/test/results/flow-info/default/ultrasurf.pcap.out
@@ -1,9 +1,9 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [MIDSTREAM]
- detected: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable]
- analyse: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable]
+ new: [.....1][.200] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [MIDSTREAM]
+ detected: [.....1][.200] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable]
+ analyse: [.....1][.200] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.150| 0.021| 0.036| 1271.455| 3.600]
[PKTLEN......: 80.000| 2628.000| 1348.500| 1007.200| 1014474.800| 4.500]
@@ -13,12 +13,12 @@
[IATS(ms)....: 0.0,21.3,0.0,11.0,29.1,61.5,0.0,10.8,0.0,9.2,30.8,10.8,0.0,20.0,0.0,29.3,0.0,0.0,0.0,9.3,30.6,150.5,0.0,11.9,141.8,0.0,17.9,20.0,0.0,20.0,10.1]
[PKTLENS.....: 2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628]
[ENTROPIES...: 7.9,7.9,7.8,7.8,7.9,7.9,5.5,5.4,7.9,7.9,7.9,5.5,7.9,7.9,7.8,7.9,5.5,5.3,5.4,5.4,7.8,5.5,7.8,7.9,7.9,5.5,5.5,7.9,7.9,7.9,7.9,7.9]
- new: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053]
- detected: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
+ new: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053]
+ detected: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
- detection-update: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
+ detection-update: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
- analyse: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
+ analyse: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.271| 0.063| 0.099| 9897.855| 3.400]
[PKTLEN......: 52.000| 1400.000| 349.300| 449.600| 202163.000| 4.000]
@@ -28,12 +28,12 @@
[IATS(ms)....: 211.2,260.4,0.0,269.6,0.0,10.1,9.9,260.4,0.0,20.0,20.0,10.9,0.0,270.8,9.7,0.0,10.3,229.5,0.0,20.0,40.1,29.9,0.0,10.1,29.9,210.9,0.0,0.0,0.0,9.4,0.0]
[PKTLENS.....: 60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113]
[ENTROPIES...: 4.7,5.2,5.3,6.1,5.1,7.8,7.8,7.8,5.2,5.2,5.2,6.1,6.4,7.7,6.3,5.9,5.7,6.1,5.8,5.2,6.0,7.9,5.9,7.8,7.7,7.7,5.2,5.9,6.9,6.8,5.9,6.2]
- new: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053]
- detected: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
+ new: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053]
+ detected: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
- detection-update: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
+ detection-update: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
- analyse: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
+ analyse: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.269| 0.059| 0.101| 10170.351| 3.100]
[PKTLEN......: 52.000| 1400.000| 385.600| 479.700| 230117.000| 4.100]
@@ -43,9 +43,9 @@
[IATS(ms)....: 209.5,239.7,0.0,251.1,0.0,11.4,0.0,260.7,0.0,9.6,20.0,20.0,269.1,20.0,0.0,231.0,0.0,20.0,0.0,0.0,0.0,0.0,0.0,249.6,0.0,0.0,0.0,0.0,10.1,0.0,0.0]
[PKTLENS.....: 60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340]
[ENTROPIES...: 4.7,5.2,5.0,6.1,5.2,7.8,7.9,7.9,5.2,5.2,5.1,6.0,7.4,6.0,5.8,6.3,5.1,5.7,7.9,7.4,7.8,7.6,7.1,7.0,5.1,5.9,6.1,6.8,6.9,5.9,6.8,7.9]
- idle: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable]
- idle: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
+ idle: [.....1][.200] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable]
+ idle: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
- idle: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
+ idle: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/vxlan.pcap.out b/test/results/flow-info/default/vxlan.pcap.out
index 21686884b..acb2e943a 100644
--- a/test/results/flow-info/default/vxlan.pcap.out
+++ b/test/results/flow-info/default/vxlan.pcap.out
@@ -1,25 +1,25 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789]
- detected: [.....1] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- new: [.....2] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789]
- detected: [.....2] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
- new: [.....3] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789]
- detected: [.....3] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- new: [.....4] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789]
- detected: [.....4] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
- new: [.....5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789]
- detected: [.....5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- new: [.....6] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789]
- detected: [.....6] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
- new: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789]
- detected: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- new: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789]
- detected: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
- new: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789]
- detected: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- analyse: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
+ new: [.....1][...5] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789]
+ detected: [.....1][...5] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ new: [.....2][...5] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789]
+ detected: [.....2][...5] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
+ new: [.....3][...5] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789]
+ detected: [.....3][...5] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ new: [.....4][...5] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789]
+ detected: [.....4][...5] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
+ new: [.....5][...5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789]
+ detected: [.....5][...5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ new: [.....6][...5] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789]
+ detected: [.....6][...5] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
+ new: [.....7][...5] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789]
+ detected: [.....7][...5] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ new: [.....8][...5] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789]
+ detected: [.....8][...5] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
+ new: [.....9][...5] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789]
+ detected: [.....9][...5] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ analyse: [.....8][...5] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.141| 0.010| 0.031| 963.930| 2.200]
[PKTLEN......: 102.000| 1482.000| 1151.700| 546.600| 298767.600| 4.800]
@@ -29,7 +29,7 @@
[IATS(ms)....: 10.5,1.4,0.1,0.0,11.4,0.5,9.5,113.3,10.6,140.6,0.1,0.1,3.1,0.2,0.6,0.2,1.3,0.2,1.3,3.6,0.2,0.4,0.2,2.3,0.2,0.3,0.2,0.8,0.2,0.7,0.2]
[PKTLENS.....: 110,102,1482,1482,570,102,271,102,554,102,1482,1482,856,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482]
[ENTROPIES...: 5.6,5.7,7.8,7.9,7.6,5.6,7.1,5.6,7.6,5.6,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9]
- analyse: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ analyse: [.....7][...5] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.151| 0.011| 0.030| 901.957| 2.500]
[PKTLEN......: 102.000| 420.000| 125.100| 68.200| 4655.600| 4.800]
@@ -39,13 +39,13 @@
[IATS(ms)....: 10.3,0.3,11.5,0.2,0.0,1.3,10.0,41.8,81.5,0.4,150.8,3.1,0.8,1.5,1.4,3.8,0.6,2.5,0.5,1.0,0.9,0.8,0.7,0.8,0.7,2.1,0.3,0.4,2.3,0.4,0.2]
[PKTLENS.....: 110,102,420,102,102,102,166,267,102,102,285,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102]
[ENTROPIES...: 5.3,5.6,6.2,5.6,5.6,5.6,6.3,6.9,5.6,5.6,7.0,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.5,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.7]
- idle: [.....5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- idle: [.....6] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
- idle: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
- idle: [.....1] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- idle: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- idle: [.....3] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- idle: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
- idle: [.....4] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
- idle: [.....2] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
+ idle: [.....5][...5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ idle: [.....6][...5] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
+ idle: [.....8][...5] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
+ idle: [.....1][...5] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ idle: [.....7][...5] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ idle: [.....3][...5] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ idle: [.....9][...5] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable]
+ idle: [.....4][...5] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
+ idle: [.....2][...5] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/whois.pcapng.out b/test/results/flow-info/default/whois.pcapng.out
index 0da278786..4934d5388 100644
--- a/test/results/flow-info/default/whois.pcapng.out
+++ b/test/results/flow-info/default/whois.pcapng.out
@@ -5,18 +5,18 @@
detected: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] [Whois-DAS][Unknown][Network][Acceptable][example.com]
DAEMON-EVENT: [Processed: 11 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343]
- detected: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][]
+ new: [.....2][1603] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343]
+ detected: [.....2][1603] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
- detection-update: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][]
+ detection-update: [.....2][1603] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
end: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] [Whois-DAS][Unknown][Network][Acceptable][example.com]
DAEMON-EVENT: [Processed: 18 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0]
- new: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217]
- idle: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe]
+ new: [.....3][1908] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217]
+ idle: [.....2][1603] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch
- guessed: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] [Whois-DAS][Unknown][Network][Acceptable][]
+ guessed: [.....3][1908] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] [Whois-DAS][Unknown][Network][Acceptable][]
RISK: Unidirectional Traffic
- end: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217]
+ end: [.....3][1908] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/xiaomi.pcap.out b/test/results/flow-info/default/xiaomi.pcap.out
index 2418d1698..9c77e99d9 100644
--- a/test/results/flow-info/default/xiaomi.pcap.out
+++ b/test/results/flow-info/default/xiaomi.pcap.out
@@ -1,8 +1,8 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [MIDSTREAM]
- detected: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable][]
+ new: [.....1][.208] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [MIDSTREAM]
+ detected: [.....1][.208] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable][]
DAEMON-EVENT: [Processed: 1 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..tcp] [.115.164.74.232][.5222] -> [192.168.244.219][45904]
@@ -11,7 +11,7 @@
new: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018]
detected: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018] [Xiaomi][Unknown][Web][Acceptable][47.241.35.73]
RISK: Susp Entropy
- idle: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable]
+ idle: [.....1][.208] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable]
new: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488]
detected: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488] [Xiaomi][Unknown][Web][Acceptable][47.241.59.87]
RISK: Susp Entropy
Powered by cgit, Themed by Ted Yin.