aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/viber.pcap.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2022-09-22 19:07:08 +0200
committerToni Uhlig <matzeton@googlemail.com>2022-09-22 19:07:08 +0200
commit9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/viber.pcap.out
parent28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)
Improved flown analyse event:
* store packet directions * merged direction based IATs * merged direction based PKTLENs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/viber.pcap.out')
-rw-r--r--test/results/flow-info/viber.pcap.out40
1 files changed, 24 insertions, 16 deletions
diff --git a/test/results/flow-info/viber.pcap.out b/test/results/flow-info/viber.pcap.out
index 698ddeb71..2b3e07e4f 100644
--- a/test/results/flow-info/viber.pcap.out
+++ b/test/results/flow-info/viber.pcap.out
@@ -33,12 +33,14 @@
detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable]
detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable]
analyse: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.048| 0.009| 0.015]
- [IAT(c->s)...: 0.000| 0.041| 0.011| 0.015][IAT(s->c)...: 0.000| 0.048| 0.008| 0.015]
- [PKTLEN(c->s): 66.000| 774.000| 139.200| 184.300][PKTLEN(s->c): 66.000|1514.000|1186.100| 547.900]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.048| 0.009| 0.015| 217.133| 0.000]
+ [PKTLEN......: 66.000| 1514.000| 728.100| 673.400|453425.200| 4.300]
[BINS(c->s)..: 11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0]
+ [IATS........: 19470,21663,1023,22292,3214,249,21,217,39369,88,574,349,10837,47784,22339,40800,258,54,169,260,19,213,268,217,249,532,41188,70,47,44,1080,0]
+ [PKTLENS.....: 74,74,66,249,66,1514,1514,1514,411,66,66,66,66,192,308,774,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,808,66,66,66,66,66]
detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable]
new: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443]
new: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53]
@@ -58,12 +60,14 @@
detected: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe]
detection-update: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe]
analyse: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 10.702| 1.934| 2.902]
- [IAT(c->s)...: 0.000| 10.564| 2.006| 2.878][IAT(s->c)...: 0.000| 10.702| 1.858| 2.926]
- [PKTLEN(c->s): 66.000| 596.000| 211.100| 159.700][PKTLEN(s->c): 66.000| 164.000| 92.900| 39.000]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 10.702| 1.934| 2.902|8424002.683| 0.000]
+ [PKTLEN......: 66.000| 596.000| 155.700| 133.200|17739.800| 4.600]
[BINS(c->s)..: 4,1,6,2,0,0,0,0,0,0,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,1,1,0,1,0]
+ [IATS........: 54240,95930,270,43992,41788,57048,16087,92087,91609,10563926,10701681,4192149,4152724,4422076,4422070,309467,309552,21641,197002,97,215011,3974475,3934854,3635331,52554,3635290,52615,12721,140816,167507,4361173,0]
+ [PKTLENS.....: 167,122,66,142,66,508,130,66,134,66,163,66,160,66,160,66,405,66,164,66,150,66,160,66,160,424,66,66,164,150,66,596]
guessed: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] [Viber][VoIP][Acceptable]
detected: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] [Viber][VoIP][Acceptable]
new: [....18] [ip4][..tcp] [...192.168.0.17][45424] -> [....18.201.4.32][..443]
@@ -76,12 +80,14 @@
detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable]
detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable]
analyse: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][VoIP][Acceptable]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.525| 0.329| 0.210]
- [IAT(c->s)...: 0.000| 0.525| 0.321| 0.212][IAT(s->c)...: 0.015| 0.525| 0.337| 0.208]
- [PKTLEN(c->s): 62.000| 299.000| 215.400| 113.300][PKTLEN(s->c): 76.000| 118.000| 104.000| 19.800]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.525| 0.329| 0.210|44226.417| 0.000]
+ [PKTLEN......: 62.000| 299.000| 163.200| 100.400|10086.100| 4.700]
[BINS(c->s)..: 6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
+ [IATS........: 129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810,0]
+ [PKTLENS.....: 299,62,118,299,118,62,299,76,118,299,118,62,76,299,118,299,118,62,76,299,118,299,118,62,76,299,118,299,118,62,76,299]
new: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443]
new: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985]
detected: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][VoIP][Acceptable]
@@ -89,12 +95,14 @@
detected: [....24] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7987] [Viber][VoIP][Acceptable]
update: [....15] [ip6][icmp6] [..............fe80::3207:4dff:fea3:5fa7] -> [................................ff02::2] [ICMPV6][Network][Acceptable]
analyse: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][VoIP][Acceptable]
- [min|max|avg|stddev]
- [IAT(flow)...: 0.000| 0.531| 0.262| 0.245]
- [IAT(c->s)...: 0.000| 0.531| 0.226| 0.244][IAT(s->c)...: 0.000| 0.531| 0.311| 0.237]
- [PKTLEN(c->s): 54.000| 299.000| 172.500| 120.100][PKTLEN(s->c): 76.000| 118.000| 101.800| 20.400]
+ [min|max|avg|stddev|variance|entropy]
+ [IAT.........: 0.000| 0.531| 0.262| 0.245|59968.385| 0.000]
+ [PKTLEN......: 54.000| 299.000| 143.800| 99.700| 9932.100| 4.700]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0]
+ [IATS........: 2549,75,31700,2304,505528,505691,496908,2109,6670,496650,8720,505323,505404,490799,100,14960,490657,15090,513169,513225,531417,103,49,531356,217,492947,492967,448249,97,448143,58424,0]
+ [PKTLENS.....: 299,60,62,118,76,299,118,62,54,299,76,118,299,118,62,54,299,76,118,299,118,62,54,299,76,118,299,118,62,54,76,299]
new: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53]
detected: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Web][Acceptable]
detection-update: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Web][Acceptable]
Powered by cgit, Themed by Ted Yin.