diff options
| author | lns <matzeton@googlemail.com> | 2023-05-30 09:26:43 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2023-05-30 09:30:24 +0200 |
| commit | 5a9b40779d3e0abbf41d5fc910a5a9e2d1679835 (patch) | |
| tree | 1908c2bc044753d6255f63482f94c718d852b580 /test/results/flow-info/default | |
| parent | d0c070a800c7577e6d437812f0d3bd976ddc475e (diff) | |
bump libnDPI to 04f5c5196e790db8b8cc39e42c8645fb7f3dd141
* added custom nDPI logging callback
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/default')
| -rw-r--r-- | test/results/flow-info/default/1kxun.pcap.out | 88 | ||||
| -rw-r--r-- | test/results/flow-info/default/alicloud.pcap.out | 60 | ||||
| -rw-r--r-- | test/results/flow-info/default/epicgames.pcapng.out | 16 | ||||
| -rw-r--r-- | test/results/flow-info/default/geforcenow.pcapng.out | 40 | ||||
| -rw-r--r-- | test/results/flow-info/default/genshin-impact.pcap.out | 12 | ||||
| -rw-r--r-- | test/results/flow-info/default/long_tls_certificate.pcap.out | 10 | ||||
| -rw-r--r-- | test/results/flow-info/default/pps.pcap.out | 4 | ||||
| -rw-r--r-- | test/results/flow-info/default/weibo.pcap.out | 16 | ||||
| -rw-r--r-- | test/results/flow-info/default/xiaomi.pcap.out | 6 |
9 files changed, 154 insertions, 98 deletions
diff --git a/test/results/flow-info/default/1kxun.pcap.out b/test/results/flow-info/default/1kxun.pcap.out index 10de2bb75..7c228723e 100644 --- a/test/results/flow-info/default/1kxun.pcap.out +++ b/test/results/flow-info/default/1kxun.pcap.out @@ -147,7 +147,7 @@ [PKTLENS.....: 52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300] [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,5.0,4.8,4.8,4.8,5.3,5.2,5.1,4.7,4.7,6.0,5.1,5.2,4.8,4.8,5.8,5.1,4.7,4.7,4.5,4.7,4.7,5.6,5.2] new: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] - detected: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Unknown][Web][Acceptable][218.244.135.170] + detected: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI new: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] detected: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] @@ -157,7 +157,7 @@ detected: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] [HTTP.QQ][Unknown][Chat][Fun][vv.video.qq.com] new: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] new: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] - detected: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Unknown][Web][Acceptable][42.120.51.152] + detected: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable][42.120.51.152] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI new: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] detected: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -176,7 +176,7 @@ detected: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145] RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] - analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Unknown][Web][Acceptable] + analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.399| 0.070| 0.104| 10878.943| 3.600] [PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100] @@ -419,18 +419,18 @@ detected: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][kankan.1kxun.mobi] + detected: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.mobi] RISK: Unidirectional Traffic new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM] detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] RISK: Unidirectional Traffic - detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Download][Fun][kankan.1kxun.mobi] + detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary App Transfer new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][kankan.1kxun.com] + detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] RISK: Unidirectional Traffic new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][kankan.1kxun.com] + detected: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] RISK: Unidirectional Traffic idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] idle: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -475,7 +475,7 @@ idle: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] idle: [...103] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][64568] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...122] [ip4][..udp] [...192.168.5.57][64428] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - idle: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Unknown][Web][Acceptable] + idle: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI idle: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] @@ -490,7 +490,7 @@ RISK: Unsafe Protocol idle: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...104] [ip4][..udp] [...192.168.5.49][64568] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - idle: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Unknown][Web][Acceptable] + idle: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI idle: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -605,7 +605,7 @@ idle: [...115] [ip4][..udp] [..192.168.3.236][59730] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable] new: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][messages.1kxun.mobi] + detected: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][messages.1kxun.mobi] RISK: Unidirectional Traffic new: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [MIDSTREAM] detected: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] @@ -642,30 +642,30 @@ detected: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun][release.bigdata.1kxun.com] RISK: Unidirectional Traffic new: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Unknown][Streaming][Acceptable][tcad.wedolook.com] + detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable][tcad.wedolook.com] RISK: Unidirectional Traffic new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] RISK: Unidirectional Traffic - analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.409| 0.085| 0.132| 17528.007| 3.300] [PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600] @@ -726,21 +726,21 @@ detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] RISK: Unidirectional Traffic new: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic new: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun][mangaweb.1kxun.mobi] + detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] RISK: Unidirectional Traffic - analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.045| 1.047| 1.982| 3926937.043| 3.000] [PKTLEN......: 486.000|14452.000| 2813.500| 2993.900| 8963654.000| 4.400] @@ -778,7 +778,7 @@ detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] RISK: Unidirectional Traffic new: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [MIDSTREAM] - detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Unknown][Web][Acceptable][analytics.rayjump.com] + detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] RISK: Unidirectional Traffic new: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [MIDSTREAM] detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] @@ -836,19 +836,19 @@ detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] RISK: Unidirectional Traffic new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] - detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Unknown][Web][Acceptable][analytics.rayjump.com] + detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] RISK: Unidirectional Traffic new: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [MIDSTREAM] detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] RISK: Unidirectional Traffic - idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable] - idle: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Unknown][Web][Acceptable] - idle: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Unknown][Streaming][Acceptable] + idle: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable] + idle: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable] idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] @@ -872,11 +872,11 @@ idle: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun] idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] - idle: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable] idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Acceptable] @@ -895,7 +895,7 @@ RISK: Known Proto on Non Std Port idle: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun] RISK: Known Proto on Non Std Port - idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Unknown][Web][Acceptable] + idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable] idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable] idle: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable] @@ -905,14 +905,14 @@ idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Download][Fun] + idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun] RISK: Binary App Transfer idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable] idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] idle: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] - idle: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] idle: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/alicloud.pcap.out b/test/results/flow-info/default/alicloud.pcap.out index d819fe99d..fd5fca679 100644 --- a/test/results/flow-info/default/alicloud.pcap.out +++ b/test/results/flow-info/default/alicloud.pcap.out @@ -2,72 +2,72 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.2.100][39018] -> [...8.209.104.12][.8999] - detected: [.....1] [ip4][..tcp] [..192.168.2.100][39018] -> [...8.209.104.12][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.2.100][39018] -> [...8.209.104.12][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [..192.168.2.100][41056] -> [...8.209.73.197][.8999] - detected: [.....2] [ip4][..tcp] [..192.168.2.100][41056] -> [...8.209.73.197][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [.....1] [ip4][..tcp] [..192.168.2.100][39018] -> [...8.209.104.12][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [.....2] [ip4][..tcp] [..192.168.2.100][41056] -> [...8.209.73.197][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [.....1] [ip4][..tcp] [..192.168.2.100][39018] -> [...8.209.104.12][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..tcp] [..192.168.2.100][38094] -> [..8.209.104.159][.8999] - detected: [.....3] [ip4][..tcp] [..192.168.2.100][38094] -> [..8.209.104.159][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [.....2] [ip4][..tcp] [..192.168.2.100][41056] -> [...8.209.73.197][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [.....3] [ip4][..tcp] [..192.168.2.100][38094] -> [..8.209.104.159][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [.....2] [ip4][..tcp] [..192.168.2.100][41056] -> [...8.209.73.197][.8999] [AliCloud][Alibaba][Cloud][Acceptable] new: [.....4] [ip4][..tcp] [..192.168.2.100][45078] -> [..8.209.105.125][.8999] - detected: [.....4] [ip4][..tcp] [..192.168.2.100][45078] -> [..8.209.105.125][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [.....4] [ip4][..tcp] [..192.168.2.100][45078] -> [..8.209.105.125][.8999] [AliCloud][Alibaba][Cloud][Acceptable] new: [.....5] [ip4][..tcp] [..192.168.2.100][42430] -> [..8.209.104.130][.8999] - detected: [.....5] [ip4][..tcp] [..192.168.2.100][42430] -> [..8.209.104.130][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [.....5] [ip4][..tcp] [..192.168.2.100][42430] -> [..8.209.104.130][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 75 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....6] [ip4][..tcp] [..192.168.2.100][55484] -> [..8.209.107.157][.8999] - detected: [.....6] [ip4][..tcp] [..192.168.2.100][55484] -> [..8.209.107.157][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [.....3] [ip4][..tcp] [..192.168.2.100][38094] -> [..8.209.104.159][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [.....5] [ip4][..tcp] [..192.168.2.100][42430] -> [..8.209.104.130][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [.....4] [ip4][..tcp] [..192.168.2.100][45078] -> [..8.209.105.125][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [.....6] [ip4][..tcp] [..192.168.2.100][55484] -> [..8.209.107.157][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [.....3] [ip4][..tcp] [..192.168.2.100][38094] -> [..8.209.104.159][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [.....5] [ip4][..tcp] [..192.168.2.100][42430] -> [..8.209.104.130][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [.....4] [ip4][..tcp] [..192.168.2.100][45078] -> [..8.209.105.125][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 90 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.2.100][40154] -> [..8.209.104.159][.8999] - detected: [.....7] [ip4][..tcp] [..192.168.2.100][40154] -> [..8.209.104.159][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [.....6] [ip4][..tcp] [..192.168.2.100][55484] -> [..8.209.107.157][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [.....7] [ip4][..tcp] [..192.168.2.100][40154] -> [..8.209.104.159][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [.....6] [ip4][..tcp] [..192.168.2.100][55484] -> [..8.209.107.157][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 105 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....8] [ip4][..tcp] [..192.168.2.100][42600] -> [..8.209.105.125][.8999] - detected: [.....8] [ip4][..tcp] [..192.168.2.100][42600] -> [..8.209.105.125][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [.....7] [ip4][..tcp] [..192.168.2.100][40154] -> [..8.209.104.159][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [.....8] [ip4][..tcp] [..192.168.2.100][42600] -> [..8.209.105.125][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [.....7] [ip4][..tcp] [..192.168.2.100][40154] -> [..8.209.104.159][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 120 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....9] [ip4][..tcp] [..192.168.2.100][51682] -> [...8.209.73.197][.8999] - detected: [.....9] [ip4][..tcp] [..192.168.2.100][51682] -> [...8.209.73.197][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [.....8] [ip4][..tcp] [..192.168.2.100][42600] -> [..8.209.105.125][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [.....9] [ip4][..tcp] [..192.168.2.100][51682] -> [...8.209.73.197][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [.....8] [ip4][..tcp] [..192.168.2.100][42600] -> [..8.209.105.125][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 135 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [....10] [ip4][..tcp] [..192.168.2.100][52228] -> [...8.209.73.197][.8999] - detected: [....10] [ip4][..tcp] [..192.168.2.100][52228] -> [...8.209.73.197][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [....10] [ip4][..tcp] [..192.168.2.100][52228] -> [...8.209.73.197][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 150 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 10|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [....11] [ip4][..tcp] [..192.168.2.100][44388] -> [..8.209.107.125][.8999] - detected: [....11] [ip4][..tcp] [..192.168.2.100][44388] -> [..8.209.107.125][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [....10] [ip4][..tcp] [..192.168.2.100][52228] -> [...8.209.73.197][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [.....9] [ip4][..tcp] [..192.168.2.100][51682] -> [...8.209.73.197][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [....11] [ip4][..tcp] [..192.168.2.100][44388] -> [..8.209.107.125][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [....10] [ip4][..tcp] [..192.168.2.100][52228] -> [...8.209.73.197][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [.....9] [ip4][..tcp] [..192.168.2.100][51682] -> [...8.209.73.197][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 165 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 11|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [....12] [ip4][..tcp] [..192.168.2.100][37160] -> [..8.209.107.125][.8999] - detected: [....12] [ip4][..tcp] [..192.168.2.100][37160] -> [..8.209.107.125][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [....11] [ip4][..tcp] [..192.168.2.100][44388] -> [..8.209.107.125][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [....12] [ip4][..tcp] [..192.168.2.100][37160] -> [..8.209.107.125][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [....11] [ip4][..tcp] [..192.168.2.100][44388] -> [..8.209.107.125][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 180 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 12|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [....13] [ip4][..tcp] [..192.168.2.100][45094] -> [...8.209.76.194][.8999] - detected: [....13] [ip4][..tcp] [..192.168.2.100][45094] -> [...8.209.76.194][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [....12] [ip4][..tcp] [..192.168.2.100][37160] -> [..8.209.107.125][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [....13] [ip4][..tcp] [..192.168.2.100][45094] -> [...8.209.76.194][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [....12] [ip4][..tcp] [..192.168.2.100][37160] -> [..8.209.107.125][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 195 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 13|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [....14] [ip4][..tcp] [..192.168.2.100][57322] -> [..8.209.107.122][.8999] - detected: [....14] [ip4][..tcp] [..192.168.2.100][57322] -> [..8.209.107.122][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [....13] [ip4][..tcp] [..192.168.2.100][45094] -> [...8.209.76.194][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [....14] [ip4][..tcp] [..192.168.2.100][57322] -> [..8.209.107.122][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [....13] [ip4][..tcp] [..192.168.2.100][45094] -> [...8.209.76.194][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: [Processed: 210 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 14|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [....15] [ip4][..tcp] [..192.168.2.100][51774] -> [....8.209.77.36][.8999] - detected: [....15] [ip4][..tcp] [..192.168.2.100][51774] -> [....8.209.77.36][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [....14] [ip4][..tcp] [..192.168.2.100][57322] -> [..8.209.107.122][.8999] [AliCloud][Unknown][Cloud][Acceptable] - idle: [....15] [ip4][..tcp] [..192.168.2.100][51774] -> [....8.209.77.36][.8999] [AliCloud][Unknown][Cloud][Acceptable] + detected: [....15] [ip4][..tcp] [..192.168.2.100][51774] -> [....8.209.77.36][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [....14] [ip4][..tcp] [..192.168.2.100][57322] -> [..8.209.107.122][.8999] [AliCloud][Alibaba][Cloud][Acceptable] + idle: [....15] [ip4][..tcp] [..192.168.2.100][51774] -> [....8.209.77.36][.8999] [AliCloud][Alibaba][Cloud][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/epicgames.pcapng.out b/test/results/flow-info/default/epicgames.pcapng.out new file mode 100644 index 000000000..fe57187b3 --- /dev/null +++ b/test/results/flow-info/default/epicgames.pcapng.out @@ -0,0 +1,16 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.12.156][49693] -> [..18.157.15.184][15011] + new: [.....2] [ip4][..udp] [.192.168.12.156][47446] -> [..18.157.15.184][15011] + detected: [.....2] [ip4][..udp] [.192.168.12.156][47446] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] + detected: [.....1] [ip4][..udp] [.192.168.12.156][49693] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] + new: [.....3] [ip4][..udp] [.192.168.12.156][39322] -> [..18.157.15.184][.9011] + detected: [.....3] [ip4][..udp] [.192.168.12.156][39322] -> [..18.157.15.184][.9011] [EpicGames][AmazonAWS][Game][Fun] + new: [.....4] [ip4][..udp] [.192.168.12.156][37989] -> [..18.157.15.184][15011] + detected: [.....4] [ip4][..udp] [.192.168.12.156][37989] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] + idle: [.....2] [ip4][..udp] [.192.168.12.156][47446] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] + idle: [.....1] [ip4][..udp] [.192.168.12.156][49693] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] + idle: [.....3] [ip4][..udp] [.192.168.12.156][39322] -> [..18.157.15.184][.9011] [EpicGames][AmazonAWS][Game][Fun] + idle: [.....4] [ip4][..udp] [.192.168.12.156][37989] -> [..18.157.15.184][15011] [EpicGames][AmazonAWS][Game][Fun] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/geforcenow.pcapng.out b/test/results/flow-info/default/geforcenow.pcapng.out new file mode 100644 index 000000000..3fa64cb03 --- /dev/null +++ b/test/results/flow-info/default/geforcenow.pcapng.out @@ -0,0 +1,40 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] + detected: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun][80-84-167-206.cloudmatchbeta.nvidiagrid.net] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun][80-84-167-206.cloudmatchbeta.nvidiagrid.net] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun][80-84-167-206.cloudmatchbeta.nvidiagrid.net] + RISK: Known Proto on Non Std Port + analyse: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.047| 0.015| 0.018| 312.463| 3.900] + [PKTLEN......: 52.000| 2948.000| 1089.800| 1283.500| 1647314.500| 4.000] + [BINS(c->s)..: 10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,10] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,1,1,0,1,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 41.2,41.2,0.2,42.7,42.5,0.1,0.0,5.9,47.3,42.0,42.4,0.0,42.0,0.2,4.2,2.5,15.9,0.0,0.0,0.0,9.3,25.2,0.0,25.2,4.2,4.3,11.8,11.7,0.0,0.0,0.0] + [PKTLENS.....: 60,60,52,569,2948,52,575,52,145,326,721,324,235,52,217,96,96,2948,2948,2948,1500,52,2948,2948,52,2948,52,2948,52,2948,52,2948] + [ENTROPIES...: 4.8,5.3,5.2,4.8,7.3,5.2,7.6,5.2,6.1,7.2,7.7,7.3,7.0,5.2,6.9,5.8,5.7,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,5.2,7.9,5.3,7.9,5.2,7.9] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun][80-84-167-206.cloudmatchbeta.nvidiagrid.net] + RISK: Known Proto on Non Std Port + new: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] + detected: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + analyse: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.690| 0.065| 0.136| 18500.616| 3.200] + [PKTLEN......: 53.000| 689.000| 156.400| 133.900| 17933.500| 4.700] + [BINS(c->s)..: 0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1] + [IATS(ms)....: 66.1,63.3,171.7,44.0,99.9,183.8,360.1,689.5,48.5,47.1,0.0,0.0,0.0,0.0,4.5,1.5,52.7,0.0,46.0,42.3,0.4,0.3,0.2,0.0,0.1,42.1,0.3,0.1,0.2,42.5,0.3] + [PKTLENS.....: 124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105] + [ENTROPIES...: 5.8,5.8,5.8,5.7,5.0,5.0,5.0,5.0,6.5,6.7,4.8,6.6,6.2,4.4,3.8,5.3,6.0,5.8,6.4,6.3,5.9,6.0,5.4,6.0,6.2,6.1,5.4,5.6,5.8,6.1,5.7,6.1] + idle: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/genshin-impact.pcap.out b/test/results/flow-info/default/genshin-impact.pcap.out index 31022c0ef..8b1a512a1 100644 --- a/test/results/flow-info/default/genshin-impact.pcap.out +++ b/test/results/flow-info/default/genshin-impact.pcap.out @@ -2,27 +2,27 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.2.100][58766] -> [..47.245.143.85][22101] - detected: [.....1] [ip4][..udp] [..192.168.2.100][58766] -> [..47.245.143.85][22101] [GenshinImpact][Unknown][Game][Fun] + detected: [.....1] [ip4][..udp] [..192.168.2.100][58766] -> [..47.245.143.85][22101] [GenshinImpact][Alibaba][Game][Fun] RISK: Known Proto on Non Std Port, Unidirectional Traffic DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [..192.168.2.100][59145] -> [.47.254.169.109][22102] - detected: [.....2] [ip4][..udp] [..192.168.2.100][59145] -> [.47.254.169.109][22102] [GenshinImpact][Unknown][Game][Fun] + detected: [.....2] [ip4][..udp] [..192.168.2.100][59145] -> [.47.254.169.109][22102] [GenshinImpact][Alibaba][Game][Fun] RISK: Unidirectional Traffic - idle: [.....1] [ip4][..udp] [..192.168.2.100][58766] -> [..47.245.143.85][22101] [GenshinImpact][Unknown][Game][Fun] + idle: [.....1] [ip4][..udp] [..192.168.2.100][58766] -> [..47.245.143.85][22101] [GenshinImpact][Alibaba][Game][Fun] RISK: Known Proto on Non Std Port, Unidirectional Traffic DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..udp] [..192.168.2.100][52575] -> [...8.209.69.191][22101] - detected: [.....3] [ip4][..udp] [..192.168.2.100][52575] -> [...8.209.69.191][22101] [GenshinImpact][Unknown][Game][Fun] + detected: [.....3] [ip4][..udp] [..192.168.2.100][52575] -> [...8.209.69.191][22101] [GenshinImpact][Alibaba][Game][Fun] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [.....2] [ip4][..udp] [..192.168.2.100][59145] -> [.47.254.169.109][22102] [GenshinImpact][Unknown][Game][Fun] + idle: [.....2] [ip4][..udp] [..192.168.2.100][59145] -> [.47.254.169.109][22102] [GenshinImpact][Alibaba][Game][Fun] RISK: Unidirectional Traffic DAEMON-EVENT: [Processed: 45 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....4] [ip4][..tcp] [..192.168.2.100][39822] -> [..49.51.190.178][...80] detected: [.....4] [ip4][..tcp] [..192.168.2.100][39822] -> [..49.51.190.178][...80] [GenshinImpact][Tencent][Game][Fun] - idle: [.....3] [ip4][..udp] [..192.168.2.100][52575] -> [...8.209.69.191][22101] [GenshinImpact][Unknown][Game][Fun] + idle: [.....3] [ip4][..udp] [..192.168.2.100][52575] -> [...8.209.69.191][22101] [GenshinImpact][Alibaba][Game][Fun] RISK: Known Proto on Non Std Port, Unidirectional Traffic DAEMON-EVENT: [Processed: 60 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/default/long_tls_certificate.pcap.out b/test/results/flow-info/default/long_tls_certificate.pcap.out index b1ecba86f..9a2d3607f 100644 --- a/test/results/flow-info/default/long_tls_certificate.pcap.out +++ b/test/results/flow-info/default/long_tls_certificate.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Unknown][Web][Acceptable][beacon-api.aliyuncs.com] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Unknown][Web][Acceptable][beacon-api.aliyuncs.com] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Unknown][Web][Acceptable][beacon-api.aliyuncs.com] + detected: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable][beacon-api.aliyuncs.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable][beacon-api.aliyuncs.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable][beacon-api.aliyuncs.com] analyse: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.371| 0.087| 0.130| 17024.252| 3.400] @@ -15,6 +15,6 @@ [IATS(ms)....: 370.8,370.9,9.4,360.9,2.8,0.1,0.1,354.4,0.1,0.1,0.1,0.1,8.1,8.1,5.8,200.3,194.6,174.3,0.0,174.3,0.0,2.3,0.1,0.1,0.1,0.1,94.1,91.5,274.6,0.0,0.0] [PKTLENS.....: 64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52] [ENTROPIES...: 4.4,4.3,4.7,4.4,4.6,6.2,4.7,4.7,4.6,6.8,4.7,7.5,4.6,7.5,4.7,6.3,6.2,4.9,5.9,6.2,4.7,4.7,5.7,5.7,5.2,6.0,5.3,6.1,4.8,5.1,5.0,5.1] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Unknown][Web][Acceptable][beacon-api.aliyuncs.com] - end: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Unknown][Web][Acceptable] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable][beacon-api.aliyuncs.com] + end: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/pps.pcap.out b/test/results/flow-info/default/pps.pcap.out index 5a7f2868b..fb0103dd2 100644 --- a/test/results/flow-info/default/pps.pcap.out +++ b/test/results/flow-info/default/pps.pcap.out @@ -137,7 +137,7 @@ detected: [....49] [ip4][..tcp] [..117.79.81.135][...80] -> [..192.168.115.8][50443] [HTTP][Unknown][Web][Acceptable][] RISK: HTTP Susp User-Agent, Unidirectional Traffic new: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [MIDSTREAM] - detected: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [HTTP][Unknown][Web][Acceptable][cmc.tanx.com] + detected: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [HTTP][Alibaba][Web][Acceptable][cmc.tanx.com] RISK: Unidirectional Traffic new: [....51] [ip4][..tcp] [..192.168.115.8][50483] -> [.202.108.14.219][...80] [MIDSTREAM] detected: [....51] [ip4][..tcp] [..192.168.115.8][50483] -> [.202.108.14.219][...80] [HTTP][Unknown][Streaming][Acceptable][msg.71.am] @@ -492,7 +492,7 @@ idle: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] [PPStream][Unknown][Streaming][Fun] RISK: Unidirectional Traffic end: [....68] [ip4][..tcp] [..192.168.115.8][50497] -> [.123.125.112.49][...80] [HTTP][Unknown][Web][Acceptable] - idle: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [HTTP][Unknown][Web][Acceptable] + idle: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [HTTP][Alibaba][Web][Acceptable] not-detected: [....18] [ip4][..udp] [..192.168.115.8][22793] -> [..61.227.170.88][20227] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....18] [ip4][..udp] [..192.168.115.8][22793] -> [..61.227.170.88][20227] diff --git a/test/results/flow-info/default/weibo.pcap.out b/test/results/flow-info/default/weibo.pcap.out index 8b4acfed1..02ba168ee 100644 --- a/test/results/flow-info/default/weibo.pcap.out +++ b/test/results/flow-info/default/weibo.pcap.out @@ -177,21 +177,21 @@ idle: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] guessed: [....38] [ip4][..tcp] [..192.168.1.105][50831] -> [...47.89.65.229][..443] [TLS][Unknown][Web][Safe] idle: [....38] [ip4][..tcp] [..192.168.1.105][50831] -> [...47.89.65.229][..443] - guessed: [....42] [ip4][..tcp] [..192.168.1.105][47721] -> [.140.205.170.63][..443] [TLS][Unknown][Web][Safe] + guessed: [....42] [ip4][..tcp] [..192.168.1.105][47721] -> [.140.205.170.63][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....42] [ip4][..tcp] [..192.168.1.105][47721] -> [.140.205.170.63][..443] - guessed: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443] [TLS][Unknown][Web][Safe] + guessed: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443] idle: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable] idle: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable] - guessed: [....40] [ip4][..tcp] [..192.168.1.105][52271] -> [..42.156.184.19][..443] [TLS][Unknown][Web][Safe] + guessed: [....40] [ip4][..tcp] [..192.168.1.105][52271] -> [..42.156.184.19][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....40] [ip4][..tcp] [..192.168.1.105][52271] -> [..42.156.184.19][..443] - guessed: [....41] [ip4][..tcp] [..192.168.1.105][52272] -> [..42.156.184.19][..443] [TLS][Unknown][Web][Safe] + guessed: [....41] [ip4][..tcp] [..192.168.1.105][52272] -> [..42.156.184.19][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....41] [ip4][..tcp] [..192.168.1.105][52272] -> [..42.156.184.19][..443] - guessed: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] [TLS][Unknown][Web][Safe] + guessed: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] idle: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] @@ -200,13 +200,13 @@ idle: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] guessed: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [TLS][Google][Web][Safe] idle: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] - guessed: [....35] [ip4][..tcp] [..192.168.1.105][48352] -> [..140.205.174.1][..443] [TLS][Unknown][Web][Safe] + guessed: [....35] [ip4][..tcp] [..192.168.1.105][48352] -> [..140.205.174.1][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....35] [ip4][..tcp] [..192.168.1.105][48352] -> [..140.205.174.1][..443] - guessed: [....36] [ip4][..tcp] [..192.168.1.105][48353] -> [..140.205.174.1][..443] [TLS][Unknown][Web][Safe] + guessed: [....36] [ip4][..tcp] [..192.168.1.105][48353] -> [..140.205.174.1][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....36] [ip4][..tcp] [..192.168.1.105][48353] -> [..140.205.174.1][..443] - guessed: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] [TLS][Unknown][Web][Safe] + guessed: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] diff --git a/test/results/flow-info/default/xiaomi.pcap.out b/test/results/flow-info/default/xiaomi.pcap.out index 471997fdf..d100f0782 100644 --- a/test/results/flow-info/default/xiaomi.pcap.out +++ b/test/results/flow-info/default/xiaomi.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Unknown][Web][Acceptable][] + detected: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable][] RISK: Unidirectional Traffic DAEMON-EVENT: [Processed: 1 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -10,7 +10,7 @@ detected: [.....2] [ip4][..tcp] [.115.164.74.232][.5222] -> [192.168.244.219][45904] [Xiaomi][Unknown][Web][Acceptable][47.241.35.73] new: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018] detected: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018] [Xiaomi][Unknown][Web][Acceptable][47.241.35.73] - idle: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Unknown][Web][Acceptable] + idle: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable] RISK: Unidirectional Traffic new: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488] detected: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488] [Xiaomi][Unknown][Web][Acceptable][47.241.59.87] @@ -29,7 +29,7 @@ DAEMON-EVENT: [Processed: 48 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] - detected: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] [HTTP.Xiaomi][Unknown][Web][Acceptable][203.107.1.65] + detected: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] [HTTP.Xiaomi][Alibaba][Web][Acceptable][203.107.1.65] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI idle: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] idle: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] [Xiaomi][AmazonAWS][Web][Acceptable] |