aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/safari.pcap.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2022-09-22 19:07:08 +0200
committerToni Uhlig <matzeton@googlemail.com>2022-09-22 19:07:08 +0200
commit9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/safari.pcap.out
parent28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)
Improved flown analyse event:
* store packet directions * merged direction based IATs * merged direction based PKTLENs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/safari.pcap.out')
-rw-r--r--test/results/flow-info/safari.pcap.out60
1 files changed, 36 insertions, 24 deletions
diff --git a/test/results/flow-info/safari.pcap.out b/test/results/flow-info/safari.pcap.out
index f7fc1d3a1..2b6647471 100644
--- a/test/results/flow-info/safari.pcap.out
+++ b/test/results/flow-info/safari.pcap.out
@@ -11,12 +11,14 @@
new: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443]
new: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443]
analyse: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.579| 0.077| 0.167]
- [IAT(c->s)...: 0.000| 0.579| 0.085| 0.174][IAT(s->c)...: 0.000| 0.551| 0.070| 0.160]
- [PKTLEN(c->s): 66.000| 445.000| 137.900| 131.400][PKTLEN(s->c): 66.000|1506.000| 950.400| 676.200]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.579| 0.077| 0.167|27833.076| 0.000]
+ [PKTLEN......: 66.000| 1506.000| 569.500| 644.500|415419.900| 4.100]
[BINS(c->s)..: 11,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,1,1,1,0]
+ [IATS........: 28338,28438,576,28670,6985,69,14,35105,3,52717,81952,29,29304,948,28144,550635,1230,579033,248,252,138,105,115,138,126,100,428094,455026,4375,1236,32565,0]
+ [PKTLENS.....: 78,74,66,301,66,1506,1506,641,66,66,159,66,117,66,425,66,1506,1506,66,1506,66,1506,66,1506,66,1506,66,445,66,1506,1506,66]
detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe]
detected: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe]
RISK: TLS (probably) Not Carrying HTTPS
@@ -39,40 +41,50 @@
detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.119| 0.018| 0.029]
- [IAT(c->s)...: 0.000| 0.084| 0.020| 0.024][IAT(s->c)...: 0.000| 0.119| 0.016| 0.032]
- [PKTLEN(c->s): 66.000| 508.000| 147.900| 154.600][PKTLEN(s->c): 66.000|1506.000|1008.600| 658.000]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.119| 0.018| 0.029| 823.374| 0.000]
+ [PKTLEN......: 66.000| 1506.000| 632.000| 660.500|436248.100| 4.200]
[BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,0,0,1,1]
+ [IATS........: 29610,29665,2362,30524,2,28159,51917,8877,77853,8496,625,1248,27408,129,120,247,131,125,259,123,123,248,503,122,637,24023,24010,84464,7818,118862,914,0]
+ [PKTLENS.....: 78,74,66,277,66,207,66,117,508,66,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1043,66,66,497,66,1506]
analyse: [.....2] [ip4][..tcp] [..192.168.1.178][55265] -> [...146.48.58.18][..443] [TLS][Web][Safe]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.140| 0.019| 0.033]
- [IAT(c->s)...: 0.000| 0.104| 0.023| 0.028][IAT(s->c)...: 0.000| 0.140| 0.017| 0.036]
- [PKTLEN(c->s): 66.000| 500.000| 145.600| 149.200][PKTLEN(s->c): 66.000|1506.000| 982.000| 665.600]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.140| 0.019| 0.033| 1086.908| 0.000]
+ [PKTLEN......: 66.000| 1506.000| 616.100| 656.600|431150.100| 4.100]
[BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0,1,1,0,1]
+ [IATS........: 30407,30442,2425,30749,1690,30065,50340,8582,78328,9234,5001,125,33713,130,749,881,125,129,16,259,3,103964,6593,140358,1494,509,31816,122,126,243,376,0]
+ [PKTLENS.....: 78,74,66,277,66,207,66,117,472,66,66,1506,1506,66,1506,1506,66,1506,1506,565,66,66,66,500,66,1506,1506,66,1506,1506,66,1506]
analyse: [.....3] [ip4][..tcp] [..192.168.1.178][55266] -> [...146.48.58.18][..443] [TLS][Web][Safe]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.144| 0.020| 0.034]
- [IAT(c->s)...: 0.000| 0.107| 0.023| 0.029][IAT(s->c)...: 0.000| 0.144| 0.017| 0.036]
- [PKTLEN(c->s): 66.000| 503.000| 147.600| 153.700][PKTLEN(s->c): 66.000|1506.000| 994.600| 659.800]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.144| 0.020| 0.034| 1135.493| 0.000]
+ [PKTLEN......: 66.000| 1506.000| 624.000| 657.100|431734.900| 4.200]
[BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1]
+ [IATS........: 31343,31380,1377,32375,996,31994,49530,8158,77501,8373,630,1247,30061,122,9,127,127,136,106790,7135,144002,5758,108,35937,131,121,250,128,122,249,129,0]
+ [PKTLENS.....: 78,74,66,277,66,207,66,117,503,66,66,1506,1506,66,1506,1506,66,791,66,66,497,66,1506,1506,66,1506,1506,66,1506,1506,66,1506]
analyse: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.147| 0.020| 0.034]
- [IAT(c->s)...: 0.000| 0.105| 0.023| 0.029][IAT(s->c)...: 0.000| 0.147| 0.017| 0.037]
- [PKTLEN(c->s): 66.000| 500.000| 147.200| 152.900][PKTLEN(s->c): 66.000|1506.000| 960.700| 684.600]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.147| 0.020| 0.034| 1161.612| 0.000]
+ [PKTLEN......: 66.000| 1506.000| 604.800| 660.800|436665.800| 4.100]
[BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0]
+ [IATS........: 33594,33644,1195,33573,9,32379,46938,8284,78165,6257,993,261,30448,865,3,877,105414,6486,147007,2135,111,37341,124,122,246,129,624,757,125,122,244,0]
+ [PKTLENS.....: 78,74,66,277,66,207,66,117,495,66,66,1506,1506,66,1506,181,66,66,500,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66]
analyse: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443] [TLS][Web][Safe]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.146| 0.022| 0.035]
- [IAT(c->s)...: 0.000| 0.116| 0.024| 0.030][IAT(s->c)...: 0.000| 0.146| 0.020| 0.038]
- [PKTLEN(c->s): 66.000| 503.000| 170.700| 171.800][PKTLEN(s->c): 66.000|1506.000| 852.800| 687.200]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.146| 0.022| 0.035| 1194.506| 0.000]
+ [PKTLEN......: 66.000| 1506.000| 533.000| 616.900|380607.300| 4.100]
[BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,8,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0]
+ [IATS........: 30429,30474,1424,31291,132,29986,50740,8293,78244,9210,246,28671,116212,146010,494,137,30426,114,380,498,130,113,14,250,2,896,5501,36248,1496,132,31482,0]
+ [PKTLENS.....: 78,74,66,277,66,207,66,117,494,66,66,1413,66,497,66,1506,1506,66,1506,1506,66,1506,1506,425,66,66,66,503,66,1506,1506,66]
new: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443]
detected: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe]
detection-update: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe]
Powered by cgit, Themed by Ted Yin.