diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-30 18:42:10 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-30 19:28:49 +0200 |
| commit | 14f6b87551c1d03837f25755abbc8eb71d958e3e (patch) | |
| tree | 6b7f1a3e481f61e726486c8d255b14e0d9e83f12 /test/results/flow-info | |
| parent | 74f71643da536c6798d077dc1d9b13d56a9afc5d (diff) | |
Added nDPIsrvd-analysed to generate CSV files from analyse events.
* nDPIsrvd.h: iterate over JSON arrays
* nDPId: calculate l3 payload packet entropies for analysis
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info')
162 files changed, 2946 insertions, 2356 deletions
diff --git a/test/results/flow-info/1kxun.pcap.out b/test/results/flow-info/1kxun.pcap.out index 17e357fae..1d62bb6e7 100644 --- a/test/results/flow-info/1kxun.pcap.out +++ b/test/results/flow-info/1kxun.pcap.out @@ -70,50 +70,55 @@ detected: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] detected: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] analyse: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.056| 0.011| 0.020| 413.706| 0.000] - [PKTLEN......: 54.000| 1314.000| 835.900| 585.300|342554.800| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.056| 0.011| 0.020| 413.706| 3.100] + [PKTLEN......: 40.000| 1300.000| 821.900| 585.300| 342554.800| 4.500] [BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1] [IATS(ms)....: 0.0,52.1,52.2,0.0,5.5,0.0,48.2,11.6,0.8,0.1,0.1,0.0,0.3,0.0,0.0,0.0,0.5,56.2,0.0,50.5,3.5,0.1,0.1,53.9,0.0,17.7,0.1,0.1,0.1,0.0,0.1] - [PKTLENS.....: 66,66,66,54,54,414,414,60,373,1314,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,1314] + [PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.2,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.9,7.8] analyse: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.066| 0.012| 0.024| 579.055| 0.000] - [PKTLEN......: 54.000| 1314.000| 757.100| 600.300|360321.400| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.066| 0.012| 0.024| 579.055| 2.800] + [PKTLEN......: 40.000| 1300.000| 743.100| 600.300| 360321.400| 4.400] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0] [IATS(ms)....: 0.0,54.6,54.7,0.0,4.2,0.1,64.5,0.1,0.0,0.0,0.1,0.0,0.7,0.1,0.1,0.1,61.7,0.0,0.9,65.4,0.1,66.2,0.1,0.5,2.9,0.6,0.1,0.1,0.1,3.9,0.0] - [PKTLENS.....: 66,66,66,54,54,413,413,60,373,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,54,54,1314,1314,1314,1314,1314,1314,54,54] + [PKTLENS.....: 52,52,52,40,40,399,399,46,359,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40] + [ENTROPIES...: 4.5,4.5,5.0,4.7,4.7,5.8,5.8,4.4,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8] analyse: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.067| 0.012| 0.023| 544.113| 0.000] - [PKTLEN......: 54.000| 1314.000| 757.200| 600.200|360235.600| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.067| 0.012| 0.023| 544.113| 2.900] + [PKTLEN......: 40.000| 1300.000| 743.200| 600.200| 360235.600| 4.400] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1] [IATS(ms)....: 0.0,53.2,53.3,0.0,4.6,0.1,61.5,0.0,0.3,0.1,57.3,0.0,5.1,0.1,0.3,0.0,0.3,0.1,5.9,0.0,1.4,65.1,0.1,0.1,0.1,66.8,0.0,3.8,0.1,0.8,0.1] - [PKTLENS.....: 66,66,66,54,54,415,415,60,373,1314,1314,54,54,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314] + [PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,7.5,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8] analyse: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.096| 0.013| 0.026| 693.255| 0.000] - [PKTLEN......: 54.000| 1314.000| 847.000| 555.000|308021.300| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.096| 0.013| 0.026| 693.255| 2.700] + [PKTLEN......: 40.000| 1300.000| 833.000| 555.000| 308021.300| 4.600] [BINS(c->s)..: 6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0] [IATS(ms)....: 0.0,50.7,50.8,0.0,5.7,0.0,60.3,0.1,0.1,0.1,0.0,0.1,0.7,0.0,0.0,0.1,0.3,56.3,0.0,72.3,0.1,0.0,0.1,0.2,0.1,0.1,0.1,0.3,0.0,96.5,0.1] - [PKTLENS.....: 66,66,66,54,54,414,414,60,373,1314,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,1314,1314,1314,1314,932,423,423] + [PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409] + [ENTROPIES...: 4.5,4.5,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.7,5.8,5.8] analyse: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.142| 0.016| 0.032| 1046.271| 0.000] - [PKTLEN......: 54.000| 1314.000| 836.000| 585.200|342449.500| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.142| 0.016| 0.032| 1046.271| 2.800] + [PKTLEN......: 40.000| 1300.000| 822.000| 585.200| 342449.500| 4.500] [BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1] [IATS(ms)....: 0.1,51.9,52.1,0.0,5.2,0.1,60.5,0.9,0.0,0.0,0.1,0.0,0.4,0.1,0.0,0.1,0.2,85.1,142.0,0.0,40.8,2.5,0.1,0.1,0.1,43.6,0.1,0.4,0.1,0.1,0.0] - [PKTLENS.....: 66,66,66,54,54,416,416,60,373,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314] + [PKTLENS.....: 52,52,52,40,40,402,402,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,6.7,7.7,7.8,7.7,7.7,7.7,7.7,7.6,4.1,6.3,4.8,4.8,7.7,7.8,7.7,7.7,7.7,4.8,4.8,7.7,7.7,5.6,3.0] new: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][System][Dangerous] RISK: Unsafe Protocol @@ -122,14 +127,15 @@ detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] analyse: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.147| 0.015| 0.033| 1100.854| 0.000] - [PKTLEN......: 54.000| 1314.000| 707.600| 612.000|374554.600| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.147| 0.015| 0.033| 1100.854| 2.600] + [PKTLEN......: 40.000| 1300.000| 693.600| 612.000| 374554.600| 4.300] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1] [IATS(ms)....: 0.1,37.8,38.0,0.1,1.8,0.1,39.0,109.8,0.2,146.8,0.0,0.3,0.1,0.1,0.1,0.5,0.0,0.2,0.1,0.1,0.4,0.0,0.2,36.3,36.5,0.0,0.4,0.1,0.5,0.1,0.1] - [PKTLENS.....: 66,66,66,54,54,411,411,60,1314,1314,54,54,1314,1314,1314,1314,54,54,1314,1314,1314,54,54,1314,1314,54,54,1314,1314,1314,1314,1314] + [PKTLENS.....: 52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,5.0,4.8,4.8,4.8,5.3,5.2,5.1,4.7,4.7,6.0,5.1,5.2,4.8,4.8,5.8,5.1,4.7,4.7,4.5,4.7,4.7,5.6,5.2] new: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] detected: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address @@ -160,14 +166,15 @@ RISK: HTTP Numeric IP Address new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.399| 0.070| 0.104|10878.943| 0.000] - [PKTLEN......: 54.000| 1314.000| 364.600| 410.300|168364.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.399| 0.070| 0.104| 10878.943| 3.600] + [PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100] [BINS(c->s)..: 9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0] [IATS(ms)....: 0.1,76.5,76.6,0.0,1.1,0.0,62.3,0.1,61.8,0.0,298.9,0.1,399.0,66.5,0.2,166.1,0.0,60.3,0.5,0.1,60.8,0.0,117.1,0.0,178.1,0.5,62.0,0.0,102.3,44.3,349.7] - [PKTLENS.....: 66,66,62,54,54,306,306,60,79,499,499,499,499,60,1314,1314,54,54,1314,1314,542,54,54,281,281,60,79,491,491,60,747,54] + [PKTLENS.....: 52,52,48,40,40,292,292,46,65,485,485,485,485,46,1300,1300,40,40,1300,1300,528,40,40,267,267,46,65,477,477,46,733,40] + [ENTROPIES...: 4.6,4.6,5.0,5.0,5.0,5.8,5.8,4.7,5.4,6.1,6.1,6.1,6.1,4.6,5.3,4.7,4.9,4.9,4.7,5.2,4.9,4.9,4.9,5.8,5.8,4.6,5.4,6.1,6.1,4.7,5.7,4.9] detected: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address detection-update: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Media][Acceptable] @@ -185,14 +192,15 @@ new: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] detected: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Network][Acceptable] analyse: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.863| 0.183| 0.253|63925.490| 0.000] - [PKTLEN......: 54.000| 1078.000| 383.300| 452.500|204736.500| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.863| 0.183| 0.253| 63925.490| 3.600] + [PKTLEN......: 40.000| 1064.000| 369.300| 452.500| 204736.500| 3.900] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0] [IATS(ms)....: 0.0,69.3,69.4,0.0,1.9,0.0,67.9,1.4,6.1,0.3,74.0,0.0,665.9,862.8,0.0,408.6,411.0,0.0,251.4,251.8,0.0,336.8,336.0,0.1,329.9,0.2,130.8,0.1,599.5,799.2,0.1] - [PKTLENS.....: 66,66,60,54,54,557,557,60,335,1078,1078,54,54,1078,54,54,1078,54,54,1078,54,54,1078,54,54,1078,1078,54,54,1078,54,54] + [PKTLENS.....: 52,52,46,40,40,543,543,46,321,1064,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,1064,40,40,1064,40,40] + [ENTROPIES...: 4.5,4.5,4.6,4.8,4.8,5.5,5.5,4.5,5.6,3.4,2.3,4.8,4.8,2.2,4.8,4.8,2.3,4.8,4.8,2.2,4.8,4.8,2.3,4.8,4.8,2.3,2.2,4.8,4.8,2.2,4.8,4.8] new: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] new: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] [MIDSTREAM] new: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] [MIDSTREAM] @@ -332,14 +340,15 @@ update: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] update: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] analyse: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 45.001| 1.464| 7.949|63183326.806| 0.000] - [PKTLEN......: 54.000| 1314.000| 795.600| 593.200|351838.700| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 45.001| 1.464| 7.949| 63183326.806| 0.100] + [PKTLEN......: 40.000| 1300.000| 781.600| 593.200| 351838.700| 4.400] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0] [IATS(ms)....: 0.0,54.5,54.6,0.0,4.9,0.0,65.5,0.1,0.1,0.4,0.1,0.1,0.2,0.0,0.0,0.0,0.0,61.5,0.0,69.0,0.1,0.1,0.0,0.7,0.1,0.1,0.1,0.5,70.7,0.0,45001.1] - [PKTLENS.....: 66,66,66,54,54,415,415,60,373,1314,1314,1314,1314,1314,1314,1314,1314,1314,54,54,1314,1314,1314,1314,1314,1314,1314,1314,1281,54,54,55] + [PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1267,40,40,41] + [ENTROPIES...: 4.6,4.6,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.9,4.9,4.8] new: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] detected: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable] new: [...119] [ip4][..udp] [...192.168.5.16][..123] -> [..17.253.26.125][..123] @@ -580,32 +589,35 @@ new: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.895| 0.074| 0.190|35982.832| 0.000] - [PKTLEN......: 274.000|21666.000| 4548.200| 5608.100|31450230.000| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.895| 0.074| 0.190| 35982.832| 2.200] + [PKTLEN......: 260.000|21652.000| 4534.200| 5608.100| 31450232.000| 4.200] [BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1] [IATS(ms)....: 356.2,0.1,308.1,0.1,2.4,3.2,0.1,200.2,0.1,0.0,0.0,0.0,0.0,0.0,1.6,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,895.3,372.0,0.0,1.3,0.1,1.9] - [PKTLENS.....: 278,387,13026,14466,2946,2946,1506,7266,2946,1506,2946,2946,1506,1506,1506,1506,1506,4386,6338,2946,2946,1506,1506,1506,802,274,387,17346,21666,1506,4386,17346] + [PKTLENS.....: 264,373,13012,14452,2932,2932,1492,7252,2932,1492,2932,2932,1492,1492,1492,1492,1492,4372,6324,2932,2932,1492,1492,1492,788,260,373,17332,21652,1492,4372,17332] + [ENTROPIES...: 5.9,5.7,8.0,8.0,7.9,7.9,7.9,8.0,7.9,7.8,7.9,7.9,7.9,7.8,7.8,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.8,7.8,7.7,5.8,5.8,8.0,8.0,7.9,7.9,8.0] analyse: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.661| 0.481| 1.215|1476638.409| 0.000] - [PKTLEN......: 268.000|21666.000| 4999.800| 6236.200|38890032.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.661| 0.481| 1.215| 1476638.409| 2.400] + [PKTLEN......: 254.000|21652.000| 4985.800| 6236.200| 38890032.000| 4.100] [BINS(c->s)..: 0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,17] [DIRECTIONS..: 0,1,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,0,1,1,1] [IATS(ms)....: 306.1,4.8,325.8,248.8,4660.9,4604.2,0.4,0.6,0.8,1.0,367.7,0.1,0.1,2.5,311.4,0.1,1.7,0.1,878.3,204.5,1.6,1.1,216.5,375.5,0.0,1.5] - [PKTLENS.....: 268,384,6298,268,384,5682,278,386,1506,1506,7266,2946,5826,2946,10146,2946,1506,5826,2946,1506,8706,1506,5768,277,386,20226,21666,15363,278,387,2946,21666] + [PKTLENS.....: 254,370,6284,254,370,5668,264,372,1492,1492,7252,2932,5812,2932,10132,2932,1492,5812,2932,1492,8692,1492,5754,263,372,20212,21652,15349,264,373,2932,21652] + [ENTROPIES...: 5.9,5.7,7.9,5.8,5.7,7.9,5.9,5.8,7.5,7.9,8.0,7.9,7.9,7.9,8.0,7.9,7.9,7.9,7.9,7.9,8.0,7.9,7.9,5.9,5.7,8.0,8.0,8.0,5.9,5.7,7.8,8.0] analyse: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.892| 0.092| 0.200|39932.170| 0.000] - [PKTLEN......: 278.000|21666.000| 6946.200| 6776.100|45915728.000| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.892| 0.092| 0.200| 39932.170| 2.500] + [PKTLEN......: 264.000|21652.000| 6932.200| 6776.100| 45915728.000| 4.300] [BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,20] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 348.4,0.1,2.6,311.3,0.1,1.9,0.1,0.1,200.2,0.0,0.7,0.1,0.1,0.0,891.6,375.9,1.6,0.1,2.2,1.5,332.8,0.1,0.0,1.9,0.0,1.6,1.6] - [PKTLENS.....: 278,386,1506,11586,1506,4386,2946,13026,7266,1506,1506,1506,1506,2946,2946,1506,4605,278,388,21666,2946,10146,11586,17346,7266,18786,5826,20226,1506,10146,11586,21666] + [PKTLENS.....: 264,372,1492,11572,1492,4372,2932,13012,7252,1492,1492,1492,1492,2932,2932,1492,4591,264,374,21652,2932,10132,11572,17332,7252,18772,5812,20212,1492,10132,11572,21652] + [ENTROPIES...: 5.9,5.7,7.4,8.0,7.8,7.9,7.9,8.0,7.9,7.8,7.8,7.8,7.9,7.9,7.9,7.8,7.9,5.9,5.7,7.2,7.8,8.0,8.0,8.0,7.9,8.0,7.9,8.0,7.8,8.0,8.0,8.0] new: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [MIDSTREAM] detected: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Streaming][Fun] new: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [MIDSTREAM] @@ -626,14 +638,15 @@ new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][Web][Acceptable] analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.409| 0.085| 0.132|17528.007| 0.000] - [PKTLEN......: 490.000| 8706.000| 2615.900| 2200.300|4841425.000| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.409| 0.085| 0.132| 17528.007| 3.300] + [PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12] [DIRECTIONS..: 0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 380.4,4.6,408.6,215.7,0.5,1.0,1.0,178.5,0.3,0.5,379.6,185.4,1.4,0.7,331.7,5.7,174.2,6.1,0.3,0.9,170.5,0.4,6.0,1.1,0.3,0.7,169.5,0.5,0.6,5.3,0.4] - [PKTLENS.....: 831,1506,1267,502,1506,1506,7266,4386,1506,1506,2518,490,2946,8706,1506,2946,8706,2946,1506,1506,7266,1506,1506,2946,1506,1506,2946,1506,1506,2946,1506,1506] + [PKTLENS.....: 817,1492,1253,488,1492,1492,7252,4372,1492,1492,2504,476,2932,8692,1492,2932,8692,2932,1492,1492,7252,1492,1492,2932,1492,1492,2932,1492,1492,2932,1492,1492] + [ENTROPIES...: 5.9,7.7,7.8,5.9,7.6,7.9,8.0,8.0,7.9,7.9,7.9,5.9,7.8,8.0,7.9,7.9,8.0,7.9,7.9,7.9,8.0,7.9,7.8,7.9,7.8,7.8,7.9,7.9,7.9,7.9,7.9,7.9] new: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [MIDSTREAM] detected: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP.Tencent][SocialNetwork][Acceptable] new: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [MIDSTREAM] @@ -654,43 +667,47 @@ new: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [MIDSTREAM] detected: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.832| 0.077| 0.179|32207.956| 0.000] - [PKTLEN......: 351.000|10146.000| 3118.200| 2492.500|6212617.000| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.832| 0.077| 0.179| 32207.956| 2.400] + [PKTLEN......: 337.000|10132.000| 3104.200| 2492.500| 6212617.000| 4.600] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,16] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 207.0,0.4,1.1,0.7,203.5,0.4,0.5,0.8,0.4,1.2,0.6,204.0,0.5,1.9,0.8,831.8,413.6,1.5,1.6,0.4,0.9,201.6,0.4,0.6,1.0,0.9,0.4] - [PKTLENS.....: 592,351,1506,8706,2946,1506,1506,2946,1506,1506,5826,4386,1506,1506,1506,5826,2946,2946,3956,592,351,1506,8706,10146,5826,2946,1506,1506,2946,4386,4386,1506] + [PKTLENS.....: 578,337,1492,8692,2932,1492,1492,2932,1492,1492,5812,4372,1492,1492,1492,5812,2932,2932,3942,578,337,1492,8692,10132,5812,2932,1492,1492,2932,4372,4372,1492] + [ENTROPIES...: 5.8,5.8,7.8,8.0,7.9,7.8,7.9,7.9,7.9,7.9,8.0,8.0,7.9,7.9,7.9,8.0,7.9,7.9,8.0,5.9,5.8,7.8,8.0,8.0,8.0,7.9,7.9,7.9,7.9,8.0,8.0,7.9] detection-update: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] detection-update: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.877| 0.084| 0.182|33133.681| 0.000] - [PKTLEN......: 351.000|15906.000| 2761.900| 3042.000|9253906.000| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.877| 0.084| 0.182| 33133.681| 2.600] + [PKTLEN......: 337.000|15892.000| 2747.900| 3042.000| 9253907.000| 4.400] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,17,0,10] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1] [IATS(ms)....: 216.8,1.3,1.2,217.6,0.4,0.8,0.7,0.8,206.4,3.2,0.7,1.4,202.1,0.5,2.9,0.4,0.4,0.6,0.7,876.5,236.5,0.0,2.1,0.9,206.1,0.4] - [PKTLENS.....: 580,351,1506,4386,1506,5826,1506,1506,1506,1506,1506,2946,1506,4386,2946,2946,8706,1506,1506,1506,1506,1506,1506,1506,1204,592,351,7266,15906,4386,1506,1506] + [PKTLENS.....: 566,337,1492,4372,1492,5812,1492,1492,1492,1492,1492,2932,1492,4372,2932,2932,8692,1492,1492,1492,1492,1492,1492,1492,1190,578,337,7252,15892,4372,1492,1492] + [ENTROPIES...: 5.9,5.8,7.8,7.9,7.7,7.9,7.8,7.8,7.8,7.8,7.8,7.9,7.9,7.9,7.9,7.8,8.0,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,5.9,5.8,8.0,8.0,8.0,7.9,7.8] analyse: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.887| 0.081| 0.181|32801.006| 0.000] - [PKTLEN......: 351.000|18786.000| 3157.800| 3724.000|13867893.000| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.887| 0.081| 0.181| 32801.006| 2.600] + [PKTLEN......: 337.000|18772.000| 3143.800| 3724.000| 13867894.000| 4.300] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 223.7,209.6,1.7,207.2,0.4,1.3,0.7,0.5,0.5,1.2,204.0,0.4,1.4,0.7,0.6,3.5,886.9,237.6,0.5,1.0,2.5,0.8,206.7,0.9,0.4,0.9,0.7] - [PKTLENS.....: 580,2946,1506,1506,11586,1506,1506,2946,1506,1506,1506,7266,1506,1506,1506,1506,4386,1506,2946,4253,592,351,1506,8706,18786,1506,2946,1506,1506,5826,1506,1330] + [PKTLENS.....: 566,2932,1492,1492,11572,1492,1492,2932,1492,1492,1492,7252,1492,1492,1492,1492,4372,1492,2932,4239,578,337,1492,8692,18772,1492,2932,1492,1492,5812,1492,1316] + [ENTROPIES...: 5.9,7.9,7.8,7.8,8.0,7.8,7.9,7.9,7.9,7.9,7.8,8.0,7.8,7.8,7.8,7.9,7.9,7.8,7.9,7.9,5.9,5.8,7.8,8.0,8.0,7.9,7.9,7.9,7.9,8.0,7.9,7.9] analyse: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.900| 0.119| 0.204|41414.242| 0.000] - [PKTLEN......: 351.000|18786.000| 3665.900| 4182.900|17496908.000| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.900| 0.119| 0.204| 41414.242| 3.000] + [PKTLEN......: 337.000|18772.000| 3651.900| 4182.900| 17496908.000| 4.300] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1] [IATS(ms)....: 205.6,2.1,0.0,224.8,0.4,0.3,1.4,193.7,0.4,0.4,1.7,1.3,1.9,226.0,899.7,238.0,0.0,2.4,199.2,0.5,1.0,1.3,407.3,371.5,1.5] - [PKTLENS.....: 580,351,1506,4386,2946,4386,1506,1506,1506,1506,5826,1506,1506,1506,2946,4386,5826,3732,592,351,7266,15906,1506,1506,7266,1506,5826,654,580,351,7801,18786] + [PKTLENS.....: 566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772] + [ENTROPIES...: 5.9,5.9,7.3,7.9,7.9,7.9,7.8,7.8,7.8,7.9,8.0,7.8,7.8,7.8,7.9,7.9,7.9,7.9,5.9,5.8,8.0,8.0,7.9,7.9,8.0,7.9,8.0,7.7,5.9,5.9,7.9,8.0] new: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [MIDSTREAM] detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Web][Acceptable] new: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [MIDSTREAM] @@ -704,14 +721,15 @@ new: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 6.045| 1.119| 2.029|4116996.948| 0.000] - [PKTLEN......: 500.000|14466.000| 2827.500| 2993.900|8963654.000| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 6.045| 1.119| 2.029| 4116996.948| 3.000] + [PKTLEN......: 486.000|14452.000| 2813.500| 2993.900| 8963654.000| 4.400] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1] [IATS(ms)....: 188.5,0.0,1.4,179.4,1.4,0.7,0.4,2.4,0.7,270.1,0.1,0.6,3892.8,3428.9,186.1,186.3,192.6,209.0,367.2,352.3,5253.8,5339.0,3.6,6045.0,5959.1,0.4,0.5,194.9,189.4] - [PKTLENS.....: 500,2946,2946,8706,2946,7266,1506,1506,14466,1506,2946,2946,7266,7266,4092,817,709,819,1525,821,1415,817,1530,1079,2946,1144,1169,1506,1506,1589,1180,1097] + [PKTLENS.....: 486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083] + [ENTROPIES...: 5.9,7.8,7.9,8.0,7.9,8.0,7.9,7.9,8.0,7.9,7.9,7.9,8.0,8.0,8.0,5.9,6.4,5.9,7.5,5.9,6.2,5.9,6.5,5.8,6.5,6.8,5.8,6.4,7.8,7.9,5.8,6.9] new: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] new: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [MIDSTREAM] @@ -719,23 +737,25 @@ new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] analyse: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 39.120| 3.011| 10.152|103072311.280| 0.000] - [PKTLEN......: 273.000|23106.000| 5201.300| 6479.700|41986288.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 39.120| 3.011| 10.152| 103072311.280| 1.300] + [PKTLEN......: 259.000|23092.000| 5187.300| 6479.700| 41986280.000| 4.100] [BINS(c->s)..: 0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,7,0,16] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1] [IATS(ms)....: 353.7,3.8,0.1,303.7,4.3,0.1,205.8,0.1,881.0,368.9,0.0,5.1,392.9,352.2,1.6,0.1,2.3,0.1,1.5,285.7,2.1,39119.7,38675.2,0.0,2.9,335.4,3.7] - [PKTLENS.....: 278,386,1506,1506,10146,2946,2946,23106,1506,1506,1172,273,386,18786,7757,278,387,1506,21666,4386,17346,4386,10146,5826,1506,5159,273,388,1506,11586,2946,2946] + [PKTLENS.....: 264,372,1492,1492,10132,2932,2932,23092,1492,1492,1158,259,372,18772,7743,264,373,1492,21652,4372,17332,4372,10132,5812,1492,5145,259,374,1492,11572,2932,2932] + [ENTROPIES...: 5.8,5.8,7.2,7.6,7.9,7.9,7.9,8.0,7.8,7.8,7.8,5.9,5.7,8.0,8.0,5.9,5.7,7.0,8.0,7.9,8.0,7.9,8.0,7.9,7.9,7.9,5.8,5.8,7.5,7.9,7.9,7.9] analyse: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.361| 0.129| 0.285|81120.911| 0.000] - [PKTLEN......: 273.000|15906.000| 6044.500| 5319.900|28301384.000| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.361| 0.129| 0.285| 81120.911| 2.500] + [PKTLEN......: 259.000|15892.000| 6030.500| 5319.900| 28301380.000| 4.400] [BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,21] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 326.1,0.2,328.8,0.2,2.7,177.6,0.5,1.3,2.9,0.1,0.2,0.8,2.3,401.3,1361.5,293.5,0.0,1.1,2.1,2.8,0.1,0.2,2.8,309.6,1.5] - [PKTLENS.....: 273,388,1506,1506,2946,7266,1506,8706,2946,15906,1506,1506,4386,13026,8706,2946,1506,15906,13200,273,388,1506,5826,15906,11586,10146,4386,14466,2946,2946,13026,4386] + [PKTLENS.....: 259,374,1492,1492,2932,7252,1492,8692,2932,15892,1492,1492,4372,13012,8692,2932,1492,15892,13186,259,374,1492,5812,15892,11572,10132,4372,14452,2932,2932,13012,4372] + [ENTROPIES...: 5.9,5.7,7.5,7.9,7.9,7.9,7.8,8.0,7.9,8.0,7.8,7.8,7.9,7.9,7.9,7.9,7.8,8.0,8.0,5.8,5.7,7.5,7.9,8.0,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9] new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Web][Acceptable] new: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [MIDSTREAM] @@ -772,24 +792,26 @@ new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] analyse: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP.AmazonAWS][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.015| 0.003| 0.003| 10.814| 0.000] - [PKTLEN......: 249.000| 7206.000| 4110.800| 1776.800|3156934.000| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.015| 0.003| 0.003| 10.814| 3.800] + [PKTLEN......: 235.000| 7192.000| 4096.800| 1776.800| 3156934.000| 4.800] [BINS(c->s)..: 0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,27] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 14.9,0.6,0.6,2.5,3.6,0.1,0.9,2.5,9.2,0.0,0.1,6.5,0.1,1.6,3.0,1.6,0.1,1.5,0.1,0.1,2.8,6.5,3.1,2.4,1.8,2.8,0.1] - [PKTLENS.....: 249,797,1494,2922,4350,4350,4350,4350,2922,1494,4350,4350,2922,4350,4350,2922,4350,5778,5778,5778,5778,4350,5778,1494,5778,4350,2922,7206,4350,7206,7206,2922] + [PKTLENS.....: 235,783,1480,2908,4336,4336,4336,4336,2908,1480,4336,4336,2908,4336,4336,2908,4336,5764,5764,5764,5764,4336,5764,1480,5764,4336,2908,7192,4336,7192,7192,2908] + [ENTROPIES...: 6.0,5.8,7.2,7.3,7.2,7.5,7.7,7.9,7.8,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.8,7.9,7.9,7.9,7.8,7.9,7.8,7.8] detection-update: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] analyse: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.021| 0.003| 0.005| 24.604| 0.000] - [PKTLEN......: 563.000| 5778.000| 3473.000| 1697.900|2882863.000| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.021| 0.003| 0.005| 24.604| 3.600] + [PKTLEN......: 549.000| 5764.000| 3459.000| 1697.900| 2882863.000| 4.800] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,1,21] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 21.0,0.2,0.1,3.1,1.7,3.1,15.8,2.2,2.0,2.7,0.1,1.5,0.6,2.9,1.6,1.5,0.1,0.1,3.5,1.6,2.8,10.5,1.4,0.1,1.6] - [PKTLENS.....: 563,1494,1494,2922,1494,2922,1494,4350,4350,4350,2922,1494,4350,1494,4350,4350,4350,5778,5778,4350,1494,1494,1494,4350,5778,5778,3214,4202,5590,1538,5778,5778] + [PKTLENS.....: 549,1480,1480,2908,1480,2908,1480,4336,4336,4336,2908,1480,4336,1480,4336,4336,4336,5764,5764,4336,1480,1480,1480,4336,5764,5764,3200,4188,5576,1524,5764,5764] + [ENTROPIES...: 5.8,7.8,7.8,7.9,7.8,7.9,7.9,7.9,8.0,8.0,7.9,7.9,7.9,7.8,7.9,8.0,7.9,8.0,8.0,7.9,7.8,7.8,7.8,7.9,8.0,8.0,7.9,7.9,8.0,7.9,8.0,8.0] new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP.AmazonAWS][Cloud][Acceptable] new: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [MIDSTREAM] diff --git a/test/results/flow-info/443-curl.pcap.out b/test/results/flow-info/443-curl.pcap.out index bd98c00f4..c8ce20105 100644 --- a/test/results/flow-info/443-curl.pcap.out +++ b/test/results/flow-info/443-curl.pcap.out @@ -6,13 +6,14 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.784| 0.063| 0.190|36203.258| 0.000] - [PKTLEN......: 66.000| 1506.000| 411.200| 558.700|312115.000| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.784| 0.063| 0.190| 36203.258| 2.200] + [PKTLEN......: 52.000| 1492.000| 397.200| 558.700| 312115.000| 3.800] [BINS(c->s)..: 10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1] [IATS(ms)....: 38.7,38.8,9.6,47.6,2.8,1.1,0.0,41.9,0.0,11.8,50.9,0.0,39.1,0.0,0.7,0.0,0.0,0.1,0.1,38.5,8.9,46.6,784.1,784.0,0.4,0.1,0.5,0.1,0.1,0.2,0.2] - [PKTLENS.....: 78,74,66,583,66,1506,1506,197,66,66,192,117,123,66,66,119,122,108,133,104,66,104,66,281,66,1506,1506,66,1506,1062,66,1506] + [PKTLENS.....: 64,60,52,569,52,1492,1492,183,52,52,178,103,109,52,52,105,108,94,119,90,52,90,52,267,52,1492,1492,52,1492,1048,52,1492] + [ENTROPIES...: 4.4,5.3,4.9,4.3,5.1,7.4,7.5,6.8,4.9,4.9,6.3,6.0,6.2,5.0,4.9,5.8,5.8,5.5,6.0,5.5,5.2,5.9,5.1,7.2,5.1,7.9,7.9,5.1,7.9,7.8,5.1,7.9] end: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/443-firefox.pcap.out b/test/results/flow-info/443-firefox.pcap.out index 95be754d9..c006bc12b 100644 --- a/test/results/flow-info/443-firefox.pcap.out +++ b/test/results/flow-info/443-firefox.pcap.out @@ -6,13 +6,14 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.656| 0.130| 0.404|163175.268| 0.000] - [PKTLEN......: 66.000| 1506.000| 532.700| 610.400|372566.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.656| 0.130| 0.404| 163175.268| 2.000] + [PKTLEN......: 52.000| 1492.000| 518.700| 610.400| 372566.000| 4.000] [BINS(c->s)..: 11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1] [IATS(ms)....: 38.5,38.6,1.8,40.0,4.1,0.1,0.0,42.3,0.0,2.1,40.7,0.0,38.7,0.0,193.8,0.1,0.2,231.1,10.0,47.0,1655.7,0.1,1655.7,0.2,0.0,0.2,0.2,0.1,0.3,0.1,0.2] - [PKTLENS.....: 78,74,66,583,66,1506,1506,140,66,66,151,332,115,66,66,235,312,96,66,96,66,1506,1506,66,1506,1030,66,1506,1506,66,1506,1030] + [PKTLENS.....: 64,60,52,569,52,1492,1492,126,52,52,137,318,101,52,52,221,298,82,52,82,52,1492,1492,52,1492,1016,52,1492,1492,52,1492,1016] + [ENTROPIES...: 4.4,5.4,4.9,5.2,5.1,7.4,7.5,6.3,5.0,5.0,6.1,7.2,6.2,5.1,5.1,6.9,7.2,5.7,5.2,5.8,4.9,7.9,7.9,5.0,7.9,7.8,5.0,7.9,7.9,4.9,7.9,7.8] end: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/443-git.pcap.out b/test/results/flow-info/443-git.pcap.out index 618ef736f..9857ef1f2 100644 --- a/test/results/flow-info/443-git.pcap.out +++ b/test/results/flow-info/443-git.pcap.out @@ -6,13 +6,14 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.144| 0.033| 0.053| 2832.982| 0.000] - [PKTLEN......: 66.000| 1490.000| 351.800| 464.400|215710.400| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.144| 0.033| 0.053| 2832.982| 3.200] + [PKTLEN......: 52.000| 1476.000| 337.800| 464.400| 215710.400| 4.000] [BINS(c->s)..: 14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0] [IATS(ms)....: 110.5,110.6,6.6,119.4,0.0,0.0,112.8,0.0,11.1,124.0,112.9,0.6,143.5,0.0,142.9,0.0,6.5,0.0,0.0,6.5,0.0,0.0,0.1,0.1,1.2,0.0,1.3,0.0,0.2,0.0,0.2] - [PKTLENS.....: 78,74,66,583,1490,1490,768,66,66,192,117,66,273,437,140,66,66,100,358,99,66,66,66,164,66,1465,622,66,66,1465,486,66] + [PKTLENS.....: 64,60,52,569,1476,1476,754,52,52,178,103,52,259,423,126,52,52,86,344,85,52,52,52,150,52,1451,608,52,52,1451,472,52] + [ENTROPIES...: 4.3,5.2,4.8,4.2,7.0,7.4,7.6,5.0,5.0,6.4,5.9,4.9,7.0,7.4,6.2,4.9,5.0,5.6,7.4,5.7,4.9,4.9,4.9,6.4,5.0,7.9,7.6,5.0,5.0,7.9,7.5,5.0] end: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/443-opvn.pcap.out b/test/results/flow-info/443-opvn.pcap.out index 7522dc10e..c19215273 100644 --- a/test/results/flow-info/443-opvn.pcap.out +++ b/test/results/flow-info/443-opvn.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] detected: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][VPN][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.161| 0.158| 0.364|132701.856| 0.000] - [PKTLEN......: 66.000| 1506.000| 274.300| 407.400|166005.600| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.161| 0.158| 0.364| 132701.856| 2.700] + [PKTLEN......: 52.000| 1492.000| 260.300| 407.400| 166005.600| 3.800] [BINS(c->s)..: 7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1] [IATS(ms)....: 21.6,21.7,1053.8,1075.1,1.0,22.2,0.3,57.4,57.1,21.2,11.8,33.0,0.2,0.2,20.6,20.5,9.1,0.0,20.0,11.3,22.2,20.0,20.0,0.2,21.4,21.2,0.1,58.6,1160.7,1122.5,1.3] - [PKTLENS.....: 78,74,66,110,66,122,66,118,66,387,66,1236,66,1506,118,69,118,1506,863,66,118,66,173,66,619,382,66,118,66,152,66,118] + [PKTLENS.....: 64,60,52,96,52,108,52,104,52,373,52,1222,52,1492,104,55,104,1492,849,52,104,52,159,52,605,368,52,104,52,138,52,104] + [ENTROPIES...: 4.4,5.1,4.8,5.5,5.1,5.6,5.0,5.8,5.1,6.1,5.1,6.9,4.9,7.3,5.7,5.0,5.8,6.8,7.4,5.2,5.8,4.9,6.3,5.0,7.6,7.2,5.0,5.7,5.1,6.2,5.2,5.8] end: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][VPN][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/443-safari.pcap.out b/test/results/flow-info/443-safari.pcap.out index 064487eaf..4223a04a8 100644 --- a/test/results/flow-info/443-safari.pcap.out +++ b/test/results/flow-info/443-safari.pcap.out @@ -6,13 +6,14 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.696| 0.070| 0.175|30530.335| 0.000] - [PKTLEN......: 66.000| 1506.000| 398.700| 559.600|313139.800| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.696| 0.070| 0.175| 30530.335| 2.600] + [PKTLEN......: 52.000| 1492.000| 384.700| 559.600| 313139.800| 3.800] [BINS(c->s)..: 11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1] [IATS(ms)....: 38.2,38.3,1.1,39.8,4.1,0.1,0.0,42.8,0.0,225.7,264.3,0.0,38.7,0.0,1.6,0.0,0.0,0.0,0.1,40.0,0.0,9.9,48.2,695.6,0.1,695.6,0.1,0.1,0.1,0.1,0.1] - [PKTLENS.....: 78,74,66,299,66,1506,1506,168,66,66,151,109,115,66,66,111,108,100,394,96,66,66,96,66,1506,1506,66,1506,66,1030,66,1506] + [PKTLENS.....: 64,60,52,285,52,1492,1492,154,52,52,137,95,101,52,52,97,94,86,380,82,52,52,82,52,1492,1492,52,1492,52,1016,52,1492] + [ENTROPIES...: 4.3,5.3,4.9,5.7,5.2,7.4,7.4,6.4,4.9,4.9,6.0,5.8,6.1,4.9,5.0,5.9,5.8,5.8,7.4,5.6,5.0,5.1,5.8,5.0,7.9,7.9,4.9,7.9,4.8,7.8,4.9,7.9] idle: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/6in4tunnel.pcap.out b/test/results/flow-info/6in4tunnel.pcap.out index c43599320..0b1ea816d 100644 --- a/test/results/flow-info/6in4tunnel.pcap.out +++ b/test/results/flow-info/6in4tunnel.pcap.out @@ -3,14 +3,15 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] analyse: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.005| 0.495| 0.455|206990.442| 0.000] - [PKTLEN......: 106.000| 1911.000| 250.400| 383.000|146712.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.005| 0.495| 0.455| 206990.442| 4.200] + [PKTLEN......: 92.000| 1897.000| 236.400| 383.000| 146712.700| 4.100] [BINS(c->s)..: 0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1] [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0] [IATS(ms)....: 104.8,780.1,221.1,1000.5,1001.7,1001.1,1001.7,1005.1,1001.1,1000.8,1001.1,1001.1,1001.4,999.9,1001.9,1003.1,365.4,1.1,349.0,4.1,96.7,99.1,95.7,0.8,97.9,1.0,0.1,98.1,0.1,8.8,0.5] - [PKTLENS.....: 138,138,200,138,138,138,138,138,138,138,138,138,138,138,138,138,138,133,133,273,261,114,114,106,310,106,1504,1911,106,106,268,159] + [PKTLENS.....: 124,124,186,124,124,124,124,124,124,124,124,124,124,124,124,124,124,119,119,259,247,100,100,92,296,92,1490,1897,92,92,254,145] + [ENTROPIES...: 5.7,5.7,5.6,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.8,5.6,5.7,5.7,5.7,5.7,5.7,4.7,4.7,4.8,4.9,5.2,5.8,5.5,5.8,5.6,6.9,7.0,5.5,5.5,6.7,6.0] not-detected: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] [Unknown][Unrated] idle: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] [Unknown][Unrated] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-info/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 769222cd2..c5cc54154 100644 --- a/test/results/flow-info/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/flow-info/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -10,35 +10,38 @@ new: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] detected: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] [SIP][VoIP][Acceptable] analyse: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.370| 1.692| 2.031|4125948.903| 0.000] - [PKTLEN......: 87.000| 414.000| 168.800| 98.900| 9786.300| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.370| 1.692| 2.031| 4125948.903| 3.700] + [PKTLEN......: 73.000| 400.000| 154.800| 98.900| 9786.300| 4.700] [BINS(c->s)..: 0,15,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,0,7,0,0,0,7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1] [IATS(ms)....: 0.1,2.6,0.1,4369.7,0.2,4369.4,0.1,4370.2,0.1,4370.2,0.1,4369.9,0.1,4370.1,0.3,4370.0,0.1,4369.4,0.1,3508.4,3524.3,204.4,193.0,657.5,0.0,652.5,0.2,4369.7,0.1,4370.2,0.6] - [PKTLENS.....: 87,87,292,164,87,87,292,164,87,87,292,164,87,87,292,164,87,87,292,164,376,414,94,101,88,88,293,165,88,88,293,165] + [PKTLENS.....: 73,73,278,150,73,73,278,150,73,73,278,150,73,73,278,150,73,73,278,150,362,400,80,87,74,74,279,151,74,74,279,151] + [ENTROPIES...: 5.2,5.1,5.4,5.4,5.2,5.2,5.4,5.4,5.2,5.2,5.4,5.4,5.2,5.2,5.4,5.4,5.2,5.1,5.4,5.4,5.8,5.2,5.3,5.1,5.2,5.2,5.4,5.5,5.2,5.2,5.4,5.4] new: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] detected: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Media][Acceptable] analyse: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 0.040| 0.020| 0.005| 23.656| 0.000] - [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 0.040| 0.020| 0.005| 23.656| 4.900] + [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 20.8,19.1,39.5,1.4,20.0,20.0,19.3,20.5,19.6,19.9,21.0,20.3,18.5,20.4,19.7,19.9,20.4,20.2,19.7,20.4,19.3,20.5,20.1,20.0,19.6,20.0,19.9,20.3,20.2,19.8,20.0] - [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] + [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] + [ENTROPIES...: 1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,2.4,2.4,2.4,2.5,2.4,2.5,2.5,2.5,2.5,2.5,2.4,2.4,2.4,2.4,2.5,2.5,2.5,2.5,2.4,2.4,2.5] update: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][VoIP][Acceptable] analyse: [.....3] [ip4][..udp] [....10.35.40.25][.5060] -> [...10.35.40.200][.5060] [SIP][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 27.628| 2.809| 6.896|47549159.309| 0.000] - [PKTLEN......: 304.000| 923.000| 605.300| 211.900|44888.200| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 27.628| 2.809| 6.896| 47549159.309| 2.500] + [PKTLEN......: 290.000| 909.000| 591.300| 211.900| 44888.200| 4.900] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,2,4,2,0,0,0,0,0,0,0,0,0,2,0,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,2,0,2,0,0,4,2,0,2,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,1,1,1,1,0,0,0,0] [IATS(ms)....: 1.4,6.0,0.3,162.7,0.4,6673.1,0.7,6843.3,0.4,2041.5,0.8,2040.7,0.3,12.4,0.7,131.8,0.4,27628.4,0.4,27585.5,0.5,6913.8,0.7,6841.3,0.3,84.0,0.4,88.1,0.4,19.8,1.0] - [PKTLENS.....: 919,919,304,304,488,488,825,825,452,452,894,894,425,425,793,793,493,493,460,460,572,572,846,846,364,364,475,475,452,452,923,923] + [PKTLENS.....: 905,905,290,290,474,474,811,811,438,438,880,880,411,411,779,779,479,479,446,446,558,558,832,832,350,350,461,461,438,438,909,909] + [ENTROPIES...: 5.7,5.7,5.6,5.6,5.6,5.6,5.7,5.7,5.6,5.6,5.7,5.7,5.6,5.6,5.8,5.8,5.6,5.6,5.6,5.6,5.7,5.7,5.7,5.7,5.6,5.6,5.6,5.6,5.6,5.6,5.7,5.7] update: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] [SIP][VoIP][Acceptable] update: [.....2] [ip4][..udp] [....10.35.60.72][.5060] -> [...10.35.60.100][.5060] [SIP][VoIP][Acceptable] update: [.....3] [ip4][..udp] [....10.35.40.25][.5060] -> [...10.35.40.200][.5060] [SIP][VoIP][Acceptable] diff --git a/test/results/flow-info/KakaoTalk_chat.pcap.out b/test/results/flow-info/KakaoTalk_chat.pcap.out index 516ed1dbd..ffe984843 100644 --- a/test/results/flow-info/KakaoTalk_chat.pcap.out +++ b/test/results/flow-info/KakaoTalk_chat.pcap.out @@ -103,14 +103,15 @@ detected: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port analyse: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.174| 0.038| 0.043| 1891.518| 0.000] - [PKTLEN......: 56.000| 1336.000| 272.100| 386.900|149674.200| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.174| 0.038| 0.043| 1891.518| 4.000] + [PKTLEN......: 40.000| 1320.000| 256.100| 386.900| 149674.200| 3.800] [BINS(c->s)..: 10,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,3,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1] [IATS(ms)....: 37.0,40.3,0.3,47.7,4.0,72.1,0.7,124.0,0.2,15.9,0.7,16.6,0.2,12.2,67.2,36.0,15.8,0.7,105.9,38.1,60.4,4.5,0.1,3.9,174.3,67.7,16.8,17.0,108.5,0.7,81.1] - [PKTLENS.....: 76,60,56,621,60,56,1336,174,56,56,1336,949,56,56,1053,56,314,113,101,56,56,109,846,103,93,101,56,477,56,56,56,56] + [PKTLENS.....: 60,44,40,605,44,40,1320,158,40,40,1320,933,40,40,1037,40,298,97,85,40,40,93,830,87,77,85,40,461,40,40,40,40] + [ENTROPIES...: 4.7,5.2,4.9,6.7,4.6,5.0,6.4,5.9,4.8,4.7,7.0,7.0,4.7,4.7,7.8,4.9,7.0,6.1,6.0,4.8,4.8,6.0,7.7,5.9,5.8,6.0,4.8,7.5,4.8,5.0,4.9,5.0] new: [....31] [ip4][..tcp] [...10.24.82.188][42332] -> [.210.103.240.15][..443] [MIDSTREAM] new: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] detected: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] [HTTP.Facebook][SocialNetwork][Fun] @@ -118,14 +119,15 @@ detected: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] RISK: Obsolete TLS (v1.1 or older) analyse: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.004| 3.803| 0.501| 0.832|692202.045| 0.000] - [PKTLEN......: 56.000| 1336.000| 225.000| 352.300|124085.100| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.004| 3.803| 0.501| 0.832| 692202.045| 3.700] + [PKTLEN......: 40.000| 1320.000| 209.000| 352.300| 124085.100| 3.700] [BINS(c->s)..: 11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0] [IATS(ms)....: 995.9,1037.9,49.3,6.7,695.5,683.6,56.0,2329.9,2320.4,251.6,299.0,4.5,4.4,4.1,3.7,105.5,239.4,242.2,376.5,82.6,125.8,244.5,287.3,18.1,164.6,239.0,428.1,146.0,274.1,3803.0,24.7] - [PKTLENS.....: 76,76,60,56,240,60,56,60,240,56,1336,56,1336,56,1043,56,178,56,103,56,710,56,85,56,358,56,99,56,196,56,83,132] + [PKTLENS.....: 60,60,44,40,224,44,40,44,224,40,1320,40,1320,40,1027,40,162,40,87,40,694,40,69,40,342,40,83,40,180,40,67,116] + [ENTROPIES...: 4.7,4.7,5.0,4.9,5.2,5.1,5.0,4.7,5.2,4.9,6.5,4.7,7.1,4.8,6.7,4.9,6.6,4.9,5.7,4.8,7.7,4.9,5.5,4.9,7.4,5.0,5.9,4.8,6.8,5.0,5.6,6.4] detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] RISK: Obsolete TLS (v1.1 or older) new: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] @@ -146,14 +148,15 @@ new: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM] detected: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable] analyse: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 27.031| 1.853| 6.601|43576507.498| 0.000] - [PKTLEN......: 56.000| 1336.000| 214.800| 348.100|121165.000| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 27.031| 1.853| 6.601| 43576507.498| 1.500] + [PKTLEN......: 40.000| 1320.000| 198.800| 348.100| 121165.000| 3.700] [BINS(c->s)..: 10,0,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,0,1,1] [IATS(ms)....: 41.7,45.8,2.2,39.5,11.3,448.4,0.2,2.9,498.7,0.2,0.1,36.9,124.2,229.9,322.0,23.0,161.8,229.9,405.3,0.2,57.4,108.2,76.0,156.0,245.1,68.0,69.5,26937.8,56.9,27030.7,8.1] - [PKTLENS.....: 76,60,56,240,60,56,1336,1336,1043,56,56,56,178,56,103,56,578,56,85,56,215,328,56,56,94,56,85,56,83,132,56,56] + [PKTLENS.....: 60,44,40,224,44,40,1320,1320,1027,40,40,40,162,40,87,40,562,40,69,40,199,312,40,40,78,40,69,40,67,116,40,40] + [ENTROPIES...: 4.7,5.0,4.9,5.2,4.7,5.0,6.5,7.1,6.7,4.8,4.9,4.9,6.5,4.9,5.9,4.8,7.7,5.0,5.6,4.8,6.9,7.1,5.0,5.0,5.8,4.9,5.5,4.9,5.6,6.3,5.0,5.0] update: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Network][Acceptable] new: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] detected: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS.AmazonAWS][Cloud][Acceptable] diff --git a/test/results/flow-info/KakaoTalk_talk.pcap.out b/test/results/flow-info/KakaoTalk_talk.pcap.out index 2115cde19..7d21bba55 100644 --- a/test/results/flow-info/KakaoTalk_talk.pcap.out +++ b/test/results/flow-info/KakaoTalk_talk.pcap.out @@ -33,45 +33,49 @@ new: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] detected: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable] analyse: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.389| 0.067| 0.073| 5302.569| 0.000] - [PKTLEN......: 99.000| 192.000| 103.200| 16.700| 278.800| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.389| 0.067| 0.073| 5302.569| 4.200] + [PKTLEN......: 83.000| 176.000| 87.200| 16.700| 278.800| 5.000] [BINS(c->s)..: 0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,9,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1] [IATS(ms)....: 2.1,0.1,91.3,0.2,98.3,0.1,103.5,389.0,99.4,0.2,41.7,34.1,94.1,1.2,99.9,98.5,32.0,72.3,100.1,1.0,27.9,87.8,99.7,0.0,76.1,16.1,99.2,84.2,99.9,1.1,113.1] - [PKTLENS.....: 100,99,99,99,99,99,99,99,123,99,99,192,115,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99] + [PKTLENS.....: 84,83,83,83,83,83,83,83,107,83,83,176,99,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83] + [ENTROPIES...: 6.0,5.9,5.8,5.8,5.9,5.8,5.9,5.9,6.2,6.0,5.8,6.7,6.2,5.9,5.9,5.9,5.8,6.0,5.9,5.9,5.9,5.9,6.0,5.9,5.8,6.0,6.0,5.9,6.0,5.9,5.9,6.0] analyse: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.004| 0.144| 0.063| 0.038| 1440.325| 0.000] - [PKTLEN......: 99.000| 192.000| 106.600| 20.800| 434.500| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.004| 0.144| 0.063| 0.038| 1440.325| 4.700] + [PKTLEN......: 83.000| 176.000| 90.600| 20.800| 434.500| 5.000] [BINS(c->s)..: 0,13,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,1,0,0,0,1] [IATS(ms)....: 36.1,39.2,140.3,102.0,35.2,98.1,7.9,55.8,42.0,93.4,6.8,89.9,91.8,48.2,40.2,100.1,12.0,81.5,89.4,7.0,84.1,40.7,87.7,54.9,38.8,107.9,4.2,87.6,68.5,32.3,143.9] - [PKTLENS.....: 123,192,115,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,166,141,99] + [PKTLENS.....: 107,176,99,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,150,125,83] + [ENTROPIES...: 6.2,6.7,6.2,5.8,5.8,5.9,6.0,5.9,5.9,5.9,5.9,6.0,5.9,5.8,5.9,5.9,6.0,6.0,6.0,6.0,5.8,5.9,5.9,5.9,6.0,6.0,5.9,6.0,5.8,6.7,6.3,6.0] new: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM] detected: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable] new: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [MIDSTREAM] new: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [MIDSTREAM] analyse: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.002| 20.337| 1.801| 4.155|17264411.673| 0.000] - [PKTLEN......: 68.000| 920.000| 241.500| 230.000|52885.800| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.002| 20.337| 1.801| 4.155| 17264411.673| 2.900] + [PKTLEN......: 52.000| 904.000| 225.500| 230.000| 52885.800| 4.400] [BINS(c->s)..: 8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,0,0,1,1,0,0] [IATS(ms)....: 141.6,151.9,11.8,244.9,5.7,231.7,5.3,268.9,267.9,260.5,295.7,6066.9,6069.5,2.3,183.7,177.4,76.0,36.6,148.1,8359.6,8676.0,4.5,469.8,147.4,147.1,2.6,694.9,724.2,479.8,20336.8,1138.4] - [PKTLENS.....: 76,76,68,210,68,920,68,394,302,814,574,68,782,68,238,366,68,68,238,68,254,68,238,68,366,68,238,238,68,80,254,254] + [PKTLENS.....: 60,60,52,194,52,904,52,378,286,798,558,52,766,52,222,350,52,52,222,52,238,52,222,52,350,52,222,222,52,64,238,238] + [ENTROPIES...: 4.7,5.2,5.2,5.3,5.1,7.4,5.1,7.2,7.1,7.7,7.6,5.1,7.7,5.1,7.0,7.3,5.2,5.1,7.0,5.2,7.0,5.1,6.9,5.1,7.3,5.2,6.9,6.9,5.1,5.1,7.1,7.1] analyse: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 21.237| 2.444| 5.342|28541506.814| 0.000] - [PKTLEN......: 68.000| 920.000| 267.100| 266.400|70953.500| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 21.237| 2.444| 5.342| 28541506.814| 2.900] + [PKTLEN......: 52.000| 904.000| 251.100| 266.400| 70953.500| 4.300] [BINS(c->s)..: 9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,1] [IATS(ms)....: 148.0,148.3,14.4,196.3,3.7,185.6,22.2,228.4,215.7,291.7,316.8,4536.4,4872.6,301.5,147.9,147.9,122.3,336.2,8596.6,8810.7,73.7,557.6,700.9,602.5,20472.0,917.8,21237.1,519.3,0.3,0.2,1054.3] - [PKTLENS.....: 76,76,68,210,68,920,68,394,302,766,734,68,862,846,68,366,68,238,68,366,68,238,238,68,80,254,254,430,68,68,68,80] + [PKTLENS.....: 60,60,52,194,52,904,52,378,286,750,718,52,846,830,52,350,52,222,52,350,52,222,222,52,64,238,238,414,52,52,52,64] + [ENTROPIES...: 4.7,5.2,5.2,5.3,5.2,7.4,5.2,7.4,7.0,7.7,7.7,5.2,7.8,7.8,5.2,7.3,5.1,7.0,5.2,7.2,5.2,6.8,6.8,5.1,5.1,7.1,7.0,7.4,5.2,5.2,5.2,5.2] new: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [MIDSTREAM] new: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [MIDSTREAM] new: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] diff --git a/test/results/flow-info/Oscar.pcap.out b/test/results/flow-info/Oscar.pcap.out index 60a7e57ae..b366df01b 100644 --- a/test/results/flow-info/Oscar.pcap.out +++ b/test/results/flow-info/Oscar.pcap.out @@ -3,14 +3,15 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443] analyse: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 58.215| 3.883| 14.268|203566836.875| 0.000] - [PKTLEN......: 54.000| 1414.000| 186.500| 263.300|69345.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 58.215| 3.883| 14.268| 203566836.875| 1.300] + [PKTLEN......: 40.000| 1400.000| 172.500| 263.300| 69345.600| 4.000] [BINS(c->s)..: 11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0] [IATS(ms)....: 28.7,28.8,8.9,42.4,33.5,0.5,0.5,0.1,33.5,33.4,0.3,33.6,0.8,34.1,0.2,44.6,44.3,32.8,32.8,0.2,0.1,0.3,31.3,31.1,58175.5,58215.2,0.0,39.6,1457.4,1490.1,502.6] - [PKTLENS.....: 78,60,54,369,64,54,619,54,106,144,54,70,1414,351,54,80,60,166,511,54,284,54,266,60,349,90,60,92,54,92,60,90] + [PKTLENS.....: 64,46,40,355,50,40,605,40,92,130,40,56,1400,337,40,66,46,152,497,40,270,40,252,46,335,76,46,78,40,78,46,76] + [ENTROPIES...: 4.4,4.9,4.7,7.1,4.7,4.7,5.2,4.7,4.0,4.3,4.6,4.3,3.8,3.9,4.6,4.3,4.5,3.5,4.2,4.6,3.7,4.6,5.5,4.5,3.4,4.8,4.5,5.0,4.6,4.5,4.5,4.8] guessed: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443] [TLS][Web][Safe] detected: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443] [TLS][Web][Safe] idle: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/WebattackXSS.pcap.out b/test/results/flow-info/WebattackXSS.pcap.out index a891c05a6..f3a126fe8 100644 --- a/test/results/flow-info/WebattackXSS.pcap.out +++ b/test/results/flow-info/WebattackXSS.pcap.out @@ -14,14 +14,15 @@ new: [.....7] [ip4][..tcp] [.....172.16.0.1][52220] -> [..192.168.10.50][...80] new: [.....8] [ip4][..tcp] [.....172.16.0.1][52222] -> [..192.168.10.50][...80] analyse: [.....5] [ip4][..tcp] [.....172.16.0.1][52200] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.805| 0.259| 0.699|488344.093| 0.000] - [PKTLEN......: 66.000| 7992.000| 586.000| 1374.100|1888110.100| 3.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.805| 0.259| 0.699| 488344.093| 2.400] + [PKTLEN......: 52.000| 7978.000| 572.000| 1374.100| 1888110.000| 3.400] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1] [IATS(ms)....: 0.1,0.9,0.0,0.9,1.5,2.3,23.6,26.5,34.2,32.2,1.1,1.0,0.2,0.9,0.2,0.4,39.8,69.9,111.2,1.1,61.6,62.7,1.1,842.7,846.6,3.8,131.7,132.7,1.1,2804.2,2805.2] - [PKTLENS.....: 74,74,66,375,66,578,66,408,1198,431,807,454,1514,7992,66,66,66,66,377,571,66,407,571,66,625,429,66,423,587,66,66,66] + [PKTLENS.....: 60,60,52,361,52,564,52,394,1184,417,793,440,1500,7978,52,52,52,52,363,557,52,393,557,52,611,415,52,409,573,52,52,52] + [ENTROPIES...: 4.6,5.1,4.9,5.9,4.9,5.8,4.9,6.0,7.5,6.0,7.3,5.9,7.6,8.0,4.9,4.9,4.9,4.9,6.0,5.8,5.0,6.0,5.8,4.9,5.9,5.7,4.9,6.0,5.8,5.0,5.1,4.9] new: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] detected: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address @@ -29,14 +30,15 @@ new: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80] new: [....12] [ip4][..tcp] [.....172.16.0.1][52320] -> [..192.168.10.50][...80] analyse: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.856| 0.080| 0.207|42651.251| 0.000] - [PKTLEN......: 66.000| 4410.000| 627.000| 1050.300|1103191.500| 3.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.856| 0.080| 0.207| 42651.251| 2.700] + [PKTLEN......: 52.000| 4396.000| 613.000| 1050.300| 1103191.500| 3.700] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0] [IATS(ms)....: 0.2,0.9,0.0,0.9,1.5,2.1,20.7,25.9,42.5,6.0,44.4,1.3,0.2,1.3,0.1,0.1,1.2,0.3,0.4,68.6,70.5,37.8,60.4,98.3,1.1,851.7,856.3,4.6,109.7,139.3,29.5] - [PKTLENS.....: 74,74,66,375,66,578,66,408,1200,66,431,807,66,454,4410,4410,752,66,66,66,377,571,66,407,571,66,625,429,66,449,1870,66] + [PKTLENS.....: 60,60,52,361,52,564,52,394,1186,52,417,793,52,440,4396,4396,738,52,52,52,363,557,52,393,557,52,611,415,52,435,1856,52] + [ENTROPIES...: 4.6,5.1,4.9,5.9,4.8,5.7,4.9,5.9,7.4,4.9,5.9,7.2,4.9,5.9,7.9,7.9,7.7,4.9,4.9,4.8,5.9,5.8,4.8,5.9,5.8,4.8,5.9,5.7,4.9,5.9,7.8,5.0] detected: [....10] [ip4][..tcp] [.....172.16.0.1][52300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address detected: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -78,14 +80,15 @@ new: [....45] [ip4][..tcp] [.....172.16.0.1][52978] -> [..192.168.10.50][...80] new: [....46] [ip4][..tcp] [.....172.16.0.1][53004] -> [..192.168.10.50][...80] analyse: [....41] [ip4][..tcp] [.....172.16.0.1][52910] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.809| 0.610| 0.941|885441.823| 0.000] - [PKTLEN......: 66.000| 1935.000| 730.800| 755.700|571022.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.809| 0.610| 0.941| 885441.823| 3.700] + [PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.8,3808.1,3808.9,3.1,3.9,1010.4,1014.2,3.8,247.0,250.6,3.6,1037.9,1041.6,3.8,265.4,269.2,3.7,1020.1,1024.5,4.4,240.9,244.6,3.7,1033.1,1036.8,3.7,252.8,256.5,3.7,1006.2] - [PKTLENS.....: 74,74,66,651,66,1933,66,449,1836,66,651,1934,66,449,1836,66,651,1935,66,449,1836,66,651,1934,66,449,1836,66,651,1932,66,449] + [PKTLENS.....: 60,60,52,637,52,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435] + [ENTROPIES...: 4.5,5.0,4.8,6.0,4.9,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.7,6.0,7.8,4.7,5.9,7.7,4.8,6.0,7.8,4.9,5.9] new: [....47] [ip4][..tcp] [.....172.16.0.1][53018] -> [..192.168.10.50][...80] new: [....48] [ip4][..tcp] [.....172.16.0.1][53032] -> [..192.168.10.50][...80] new: [....49] [ip4][..tcp] [.....172.16.0.1][53058] -> [..192.168.10.50][...80] @@ -143,14 +146,15 @@ new: [....83] [ip4][..tcp] [.....172.16.0.1][53678] -> [..192.168.10.50][...80] new: [....84] [ip4][..tcp] [.....172.16.0.1][53692] -> [..192.168.10.50][...80] analyse: [....78] [ip4][..tcp] [.....172.16.0.1][53584] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.899| 0.653| 1.186|1406566.662| 0.000] - [PKTLEN......: 66.000| 1934.000| 727.700| 750.900|563862.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.899| 0.653| 1.186| 1406566.662| 3.500] + [PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.7,4897.8,4898.5,8.6,9.4,243.2,246.7,3.6,1041.2,1044.8,3.8,241.2,245.3,4.0,1005.5,1009.5,4.0,241.0,244.6,3.6,1008.9,1012.5,3.7,268.3,273.7,5.3,1005.6,1009.6,4.1,266.0] - [PKTLENS.....: 74,74,66,449,66,1837,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651,1932,66,449,1836,66,651,1933,66,449,1836,66,651] + [PKTLENS.....: 60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637] + [ENTROPIES...: 4.6,5.1,4.9,5.9,4.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0] end: [....10] [ip4][..tcp] [.....172.16.0.1][52300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address end: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -267,14 +271,15 @@ end: [....48] [ip4][..tcp] [.....172.16.0.1][53032] -> [..192.168.10.50][...80] new: [...119] [ip4][..tcp] [.....172.16.0.1][54362] -> [..192.168.10.50][...80] analyse: [...114] [ip4][..tcp] [.....172.16.0.1][54268] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.827| 0.609| 0.943|889903.972| 0.000] - [PKTLEN......: 66.000| 1935.000| 730.800| 755.600|570947.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.827| 0.609| 0.943| 889903.972| 3.700] + [PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570947.800| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.9,3826.3,3827.2,3.1,3.9,1023.0,1026.9,3.9,268.2,273.7,5.4,1005.2,1009.2,4.0,256.2,259.9,3.6,1006.9,1010.6,3.7,250.1,253.8,3.8,1011.3,1016.1,4.8,241.0,244.7,3.6,1020.5] - [PKTLENS.....: 74,74,66,651,66,1935,66,449,1836,66,651,1934,66,449,1836,66,651,1934,66,449,1836,66,651,1933,66,449,1836,66,651,1931,66,449] + [PKTLENS.....: 60,60,52,637,52,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1917,52,435] + [ENTROPIES...: 4.6,5.0,4.9,6.0,4.9,7.8,5.0,5.9,7.7,4.9,6.1,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,5.0,6.1,7.8,5.0,5.9,7.7,4.9,6.1,7.8,4.9,5.9] new: [...120] [ip4][..tcp] [.....172.16.0.1][54376] -> [..192.168.10.50][...80] new: [...121] [ip4][..tcp] [.....172.16.0.1][54390] -> [..192.168.10.50][...80] new: [...122] [ip4][..tcp] [.....172.16.0.1][54416] -> [..192.168.10.50][...80] @@ -386,14 +391,15 @@ new: [...156] [ip4][..tcp] [.....172.16.0.1][55024] -> [..192.168.10.50][...80] new: [...157] [ip4][..tcp] [.....172.16.0.1][55038] -> [..192.168.10.50][...80] analyse: [...152] [ip4][..tcp] [.....172.16.0.1][54956] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.643| 0.568| 0.904|816455.025| 0.000] - [PKTLEN......: 66.000| 1935.000| 727.700| 750.800|563712.500| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.643| 0.568| 0.904| 816455.025| 3.600] + [PKTLEN......: 52.000| 1921.000| 713.700| 750.800| 563712.500| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.7,3641.9,3642.6,3.1,4.1,234.1,238.5,4.2,1006.1,1011.0,4.9,233.1,236.8,3.8,1005.6,1010.7,5.0,236.2,239.8,3.6,1006.8,1010.5,3.7,232.6,236.3,3.6,1034.9,1038.9,4.1,256.3] - [PKTLENS.....: 74,74,66,449,66,1837,66,651,1933,66,449,1836,66,651,1929,66,449,1836,66,651,1935,66,449,1836,66,651,1933,66,449,1836,66,651] + [PKTLENS.....: 60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1915,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52,637] + [ENTROPIES...: 4.6,5.1,4.9,5.9,4.9,7.7,4.8,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,5.0,6.0,7.8,4.9,5.9,7.7,4.9,6.1] new: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] new: [...159] [ip4][..tcp] [.....172.16.0.1][55078] -> [..192.168.10.50][...80] new: [...160] [ip4][..tcp] [.....172.16.0.1][55092] -> [..192.168.10.50][...80] @@ -501,14 +507,15 @@ new: [...194] [ip4][..tcp] [.....172.16.0.1][55700] -> [..192.168.10.50][...80] new: [...195] [ip4][..tcp] [.....172.16.0.1][55726] -> [..192.168.10.50][...80] analyse: [...190] [ip4][..tcp] [.....172.16.0.1][55632] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.785| 0.602| 0.936|875951.489| 0.000] - [PKTLEN......: 66.000| 1935.000| 730.900| 755.900|571323.500| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.785| 0.602| 0.936| 875951.489| 3.700] + [PKTLEN......: 52.000| 1921.000| 716.900| 755.900| 571323.500| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.9,3784.1,3784.9,3.1,3.8,1004.0,1007.6,3.7,223.7,227.4,3.7,1007.8,1011.6,3.8,255.8,259.5,3.6,1007.9,1012.0,4.2,230.4,234.8,4.3,1037.5,1041.9,4.5,238.3,242.0,3.7,1009.9] - [PKTLENS.....: 74,74,66,651,66,1935,66,449,1836,66,651,1934,66,449,1836,66,651,1935,66,449,1836,66,651,1934,66,449,1836,66,651,1934,66,449] + [PKTLENS.....: 60,60,52,637,52,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435] + [ENTROPIES...: 4.6,5.0,4.9,6.0,4.9,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,5.0,6.1,7.8,5.0,5.9,7.7,4.8,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9] new: [...196] [ip4][..tcp] [.....172.16.0.1][55740] -> [..192.168.10.50][...80] guessed: [...117] [ip4][..tcp] [.....172.16.0.1][54322] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] end: [...117] [ip4][..tcp] [.....172.16.0.1][54322] -> [..192.168.10.50][...80] @@ -633,14 +640,15 @@ guessed: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] end: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] analyse: [...227] [ip4][..tcp] [.....172.16.0.1][56306] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.805| 0.635| 1.170|1368332.173| 0.000] - [PKTLEN......: 66.000| 1934.000| 709.600| 708.000|501313.900| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.805| 0.635| 1.170| 1368332.173| 3.400] + [PKTLEN......: 52.000| 1920.000| 695.600| 708.000| 501313.900| 4.200] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,7] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,0,1] [IATS(ms)....: 0.1,0.7,4804.7,4805.4,3.1,3.8,248.6,252.2,3.7,1022.4,1026.2,3.8,225.2,229.2,0.0,4.0,1026.8,1030.9,4.2,232.5,236.2,0.1,3.6,1006.0,1010.7,4.8,233.2,236.8,3.6,1008.0,1011.7] - [PKTLENS.....: 74,74,66,449,66,1837,66,651,1934,66,449,1836,66,651,1514,486,66,449,1836,66,651,1514,486,66,449,1836,66,651,1934,66,449,1836] + [PKTLENS.....: 60,60,52,435,52,1823,52,637,1920,52,435,1822,52,637,1500,472,52,435,1822,52,637,1500,472,52,435,1822,52,637,1920,52,435,1822] + [ENTROPIES...: 4.6,5.1,5.0,5.9,4.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.7,7.5,4.8,5.9,7.7,5.0,6.0,7.7,7.6,5.0,5.9,7.7,5.0,6.0,7.7,4.9,5.9,7.7] new: [...233] [ip4][..tcp] [.....172.16.0.1][56414] -> [..192.168.10.50][...80] new: [...234] [ip4][..tcp] [.....172.16.0.1][56428] -> [..192.168.10.50][...80] new: [...235] [ip4][..tcp] [.....172.16.0.1][56454] -> [..192.168.10.50][...80] @@ -755,14 +763,15 @@ new: [...270] [ip4][..tcp] [.....172.16.0.1][57076] -> [..192.168.10.50][...80] new: [...271] [ip4][..tcp] [.....172.16.0.1][57090] -> [..192.168.10.50][...80] analyse: [...265] [ip4][..tcp] [.....172.16.0.1][56994] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.819| 0.606| 0.944|891595.915| 0.000] - [PKTLEN......: 66.000| 1934.000| 730.700| 755.500|570797.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.819| 0.606| 0.944| 891595.915| 3.700] + [PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.9,3818.1,3819.0,2.9,3.6,1026.8,1031.2,4.4,231.9,235.6,3.8,1007.0,1010.7,3.8,236.2,239.9,3.6,1008.9,1012.8,4.2,228.6,232.8,4.0,1040.9,1048.3,7.4,251.6,255.2,3.6,1017.7] - [PKTLENS.....: 74,74,66,651,66,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651,1932,66,449] + [PKTLENS.....: 60,60,52,637,52,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435] + [ENTROPIES...: 4.6,5.0,4.9,6.0,4.9,7.8,5.0,5.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,5.0,6.0,7.8,4.9,5.9] new: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] new: [...273] [ip4][..tcp] [.....172.16.0.1][57130] -> [..192.168.10.50][...80] new: [...274] [ip4][..tcp] [.....172.16.0.1][57144] -> [..192.168.10.50][...80] @@ -876,14 +885,15 @@ new: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80] new: [...309] [ip4][..tcp] [.....172.16.0.1][57778] -> [..192.168.10.50][...80] analyse: [...304] [ip4][..tcp] [.....172.16.0.1][57684] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.536| 0.567| 0.877|769788.412| 0.000] - [PKTLEN......: 66.000| 1934.000| 727.700| 750.900|563862.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.536| 0.567| 0.877| 769788.412| 3.700] + [PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.9,3535.3,3536.2,3.0,3.9,353.5,357.6,4.1,1009.5,1013.5,4.1,235.9,239.6,3.7,1007.5,1011.2,3.7,236.1,239.8,3.7,1007.6,1011.4,3.8,240.9,244.7,3.7,1011.7,1015.5,3.8,232.1] - [PKTLENS.....: 74,74,66,449,66,1837,66,651,1932,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651] + [PKTLENS.....: 60,60,52,435,52,1823,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637] + [ENTROPIES...: 4.6,5.0,4.8,5.9,4.8,7.7,4.6,6.0,7.8,4.8,5.9,7.7,4.8,6.0,7.8,4.9,5.9,7.7,4.8,6.0,7.8,4.8,5.9,7.7,4.8,6.0,7.8,4.8,5.9,7.7,4.8,6.0] new: [...310] [ip4][..tcp] [.....172.16.0.1][57792] -> [..192.168.10.50][...80] new: [...311] [ip4][..tcp] [.....172.16.0.1][57806] -> [..192.168.10.50][...80] guessed: [...231] [ip4][..tcp] [.....172.16.0.1][56374] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -1011,14 +1021,15 @@ guessed: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] end: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] analyse: [...342] [ip4][..tcp] [.....172.16.0.1][58360] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.810| 0.603| 0.941|884966.883| 0.000] - [PKTLEN......: 66.000| 1935.000| 730.800| 755.700|571097.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.810| 0.603| 0.941| 884966.883| 3.700] + [PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571097.900| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.7,3808.9,3809.5,3.4,4.1,1007.1,1011.3,4.3,225.9,229.5,3.8,1021.8,1025.8,4.1,234.0,238.5,4.5,1006.3,1010.7,4.3,238.5,243.2,4.5,1006.7,1011.2,4.5,253.5,257.1,3.6,1008.0] - [PKTLENS.....: 74,74,66,651,66,1934,66,449,1836,66,651,1934,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1935,66,449] + [PKTLENS.....: 60,60,52,637,52,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1921,52,435] + [ENTROPIES...: 4.6,5.1,5.0,6.0,5.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,5.0,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.8,5.9] new: [...348] [ip4][..tcp] [.....172.16.0.1][58468] -> [..192.168.10.50][...80] new: [...349] [ip4][..tcp] [.....172.16.0.1][58482] -> [..192.168.10.50][...80] new: [...350] [ip4][..tcp] [.....172.16.0.1][58496] -> [..192.168.10.50][...80] @@ -1132,14 +1143,15 @@ end: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80] new: [...385] [ip4][..tcp] [.....172.16.0.1][59124] -> [..192.168.10.50][...80] analyse: [...380] [ip4][..tcp] [.....172.16.0.1][59042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.823| 0.637| 1.173|1374936.236| 0.000] - [PKTLEN......: 66.000| 1935.000| 709.600| 759.800|577334.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.823| 0.637| 1.173| 1374936.236| 3.400] + [PKTLEN......: 52.000| 1921.000| 695.600| 759.800| 577334.100| 4.100] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0] [IATS(ms)....: 0.1,1.1,4821.8,4822.9,2.9,6.0,222.0,227.9,5.0,1.0,1005.0,1011.2,4.1,265.5,269.3,3.6,1019.9,1023.5,4.0,238.2,242.3,4.8,1006.0,1010.7,4.0,237.9,242.4,5.0,1011.0,1016.0,5.0] - [PKTLENS.....: 74,74,66,449,66,1837,66,651,1935,66,66,449,1836,66,651,1933,66,449,1836,66,651,1935,66,449,1836,66,651,1933,66,449,1836,66] + [PKTLENS.....: 60,60,52,435,52,1823,52,637,1921,52,52,435,1822,52,637,1919,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52] + [ENTROPIES...: 4.6,5.1,4.9,5.9,4.8,7.7,4.9,6.0,7.8,4.9,4.9,5.8,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.8,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.7,5.0,5.9,7.7,5.0] new: [...386] [ip4][..tcp] [.....172.16.0.1][59150] -> [..192.168.10.50][...80] new: [...387] [ip4][..tcp] [.....172.16.0.1][59164] -> [..192.168.10.50][...80] new: [...388] [ip4][..tcp] [.....172.16.0.1][59178] -> [..192.168.10.50][...80] @@ -1256,14 +1268,15 @@ new: [...423] [ip4][..tcp] [.....172.16.0.1][59812] -> [..192.168.10.50][...80] new: [...424] [ip4][..tcp] [.....172.16.0.1][59826] -> [..192.168.10.50][...80] analyse: [...419] [ip4][..tcp] [.....172.16.0.1][59732] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.767| 0.604| 0.933|871184.138| 0.000] - [PKTLEN......: 66.000| 1935.000| 730.800| 755.700|571022.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.767| 0.604| 0.933| 871184.138| 3.700] + [PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.7,3766.4,3767.0,3.5,4.2,1039.9,1045.4,5.5,227.3,230.9,3.6,1037.1,1040.9,3.8,252.9,256.6,3.8,1024.0,1027.8,3.7,237.3,241.0,3.6,1007.8,1011.5,3.7,235.0,238.7,3.7,1007.2] - [PKTLENS.....: 74,74,66,651,66,1934,66,449,1836,66,651,1932,66,449,1836,66,651,1935,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,449] + [PKTLENS.....: 60,60,52,637,52,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435] + [ENTROPIES...: 4.6,5.1,4.9,6.0,4.9,7.8,4.9,5.9,7.7,5.0,6.0,7.8,4.8,5.9,7.7,4.9,6.0,7.8,4.8,5.9,7.7,4.9,6.0,7.8,4.8,5.9,7.7,4.9,6.0,7.8,4.9,5.9] new: [...425] [ip4][..tcp] [.....172.16.0.1][59852] -> [..192.168.10.50][...80] new: [...426] [ip4][..tcp] [.....172.16.0.1][59866] -> [..192.168.10.50][...80] guessed: [...346] [ip4][..tcp] [.....172.16.0.1][58440] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -1394,14 +1407,15 @@ end: [...389] [ip4][..tcp] [.....172.16.0.1][59192] -> [..192.168.10.50][...80] new: [...463] [ip4][..tcp] [.....172.16.0.1][60558] -> [..192.168.10.50][...80] analyse: [...458] [ip4][..tcp] [.....172.16.0.1][60464] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.582| 0.571| 0.887|786468.045| 0.000] - [PKTLEN......: 66.000| 1934.000| 727.700| 750.900|563862.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.582| 0.571| 0.887| 786468.045| 3.700] + [PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.600| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.9,3581.2,3582.1,3.3,4.1,271.0,275.6,4.6,1007.5,1011.3,3.8,268.9,273.0,4.1,1007.5,1011.6,4.2,263.6,267.5,3.9,1019.8,1023.7,4.0,253.2,261.2,7.9,1002.9,1011.8,8.9,255.9] - [PKTLENS.....: 74,74,66,449,66,1837,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651,1931,66,449,1836,66,651,1934,66,449,1836,66,651] + [PKTLENS.....: 60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1917,52,435,1822,52,637,1920,52,435,1822,52,637] + [ENTROPIES...: 4.6,5.1,4.9,5.9,4.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,5.0,5.8,7.7,4.9,6.0] new: [...464] [ip4][..tcp] [.....172.16.0.1][60572] -> [..192.168.10.50][...80] new: [...465] [ip4][..tcp] [.....172.16.0.1][60598] -> [..192.168.10.50][...80] new: [...466] [ip4][..tcp] [.....172.16.0.1][60612] -> [..192.168.10.50][...80] @@ -1513,14 +1527,15 @@ new: [...500] [ip4][..tcp] [.....172.16.0.1][32988] -> [..192.168.10.50][...80] new: [...501] [ip4][..tcp] [.....172.16.0.1][33002] -> [..192.168.10.50][...80] analyse: [...495] [ip4][..tcp] [.....172.16.0.1][32906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.862| 0.614| 0.953|908128.223| 0.000] - [PKTLEN......: 66.000| 1935.000| 730.800| 755.600|570948.000| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.862| 0.614| 0.953| 908128.223| 3.700] + [PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570948.000| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.2,0.9,3861.2,3862.0,3.2,4.0,1007.4,1011.0,3.7,256.9,260.5,3.6,1018.3,1022.0,3.6,243.4,247.0,3.6,1033.5,1037.2,3.7,244.2,248.3,4.1,1037.5,1041.7,4.2,261.5,265.1,3.6,1039.0] - [PKTLENS.....: 74,74,66,651,66,1934,66,449,1836,66,651,1934,66,449,1836,66,651,1934,66,449,1836,66,651,1930,66,449,1836,66,651,1935,66,449] + [PKTLENS.....: 60,60,52,637,52,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1916,52,435,1822,52,637,1921,52,435] + [ENTROPIES...: 4.5,5.1,4.9,6.0,4.9,7.8,4.9,5.9,7.7,4.8,6.0,7.8,4.9,5.9,7.7,4.8,6.0,7.8,4.9,5.9,7.7,4.9,6.1,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9] new: [...502] [ip4][..tcp] [.....172.16.0.1][33028] -> [..192.168.10.50][...80] new: [...503] [ip4][..tcp] [.....172.16.0.1][33042] -> [..192.168.10.50][...80] new: [...504] [ip4][..tcp] [.....172.16.0.1][33068] -> [..192.168.10.50][...80] @@ -1636,14 +1651,15 @@ new: [...536] [ip4][..tcp] [.....172.16.0.1][33648] -> [..192.168.10.50][...80] new: [...537] [ip4][..tcp] [.....172.16.0.1][33674] -> [..192.168.10.50][...80] analyse: [...532] [ip4][..tcp] [.....172.16.0.1][33580] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.841| 0.651| 1.171|1372280.717| 0.000] - [PKTLEN......: 66.000| 1935.000| 727.800| 751.000|564013.300| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.841| 0.651| 1.171| 1372280.717| 3.500] + [PKTLEN......: 52.000| 1921.000| 713.800| 751.000| 564013.300| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.9,4839.8,4840.6,3.7,4.5,263.2,266.8,3.7,1005.3,1009.1,3.8,260.6,264.4,3.8,1025.0,1028.7,3.7,266.1,269.7,3.7,1007.6,1011.9,4.3,260.9,265.1,4.2,1006.7,1010.8,4.2,244.8] - [PKTLENS.....: 74,74,66,449,66,1837,66,651,1933,66,449,1836,66,651,1935,66,449,1836,66,651,1932,66,449,1836,66,651,1934,66,449,1836,66,651] + [PKTLENS.....: 60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1921,52,435,1822,52,637,1918,52,435,1822,52,637,1920,52,435,1822,52,637] + [ENTROPIES...: 4.6,5.1,4.9,5.9,4.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,5.0,6.0] new: [...538] [ip4][..tcp] [.....172.16.0.1][33688] -> [..192.168.10.50][...80] new: [...539] [ip4][..tcp] [.....172.16.0.1][33702] -> [..192.168.10.50][...80] guessed: [...463] [ip4][..tcp] [.....172.16.0.1][60558] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -1753,14 +1769,15 @@ new: [...572] [ip4][..tcp] [.....172.16.0.1][34332] -> [..192.168.10.50][...80] new: [...573] [ip4][..tcp] [.....172.16.0.1][34346] -> [..192.168.10.50][...80] analyse: [...569] [ip4][..tcp] [.....172.16.0.1][34278] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.588| 0.498| 0.689|474371.129| 0.000] - [PKTLEN......: 66.000| 1934.000| 718.700| 762.800|581830.000| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.588| 0.498| 0.689| 474371.129| 3.700] + [PKTLEN......: 52.000| 1920.000| 704.700| 762.800| 581830.000| 4.100] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,1,0] [IATS(ms)....: 0.2,0.7,2587.7,2588.4,3.7,4.5,1020.5,1024.9,4.4,244.7,248.4,3.7,1042.3,1047.0,4.6,242.3,246.0,3.7,1031.2,1034.9,3.7,241.4,245.1,3.6,0.5,1025.2,1029.3,3.8,251.3,255.5,4.2] - [PKTLENS.....: 74,74,66,651,66,1932,66,449,1836,66,651,1932,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,66,449,1836,66,651,1932,66] + [PKTLENS.....: 60,60,52,637,52,1918,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,52,435,1822,52,637,1918,52] + [ENTROPIES...: 4.6,5.0,5.0,6.0,4.9,7.8,4.9,5.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,4.9,5.9,7.7,4.8,6.0,7.7,4.9] guessed: [...498] [ip4][..tcp] [.....172.16.0.1][32960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] end: [...498] [ip4][..tcp] [.....172.16.0.1][32960] -> [..192.168.10.50][...80] guessed: [...499] [ip4][..tcp] [.....172.16.0.1][32974] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -1887,14 +1904,15 @@ new: [...611] [ip4][..tcp] [.....172.16.0.1][35034] -> [..192.168.10.50][...80] new: [...612] [ip4][..tcp] [.....172.16.0.1][35048] -> [..192.168.10.50][...80] analyse: [...606] [ip4][..tcp] [.....172.16.0.1][34940] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.897| 0.655| 1.187|1408178.323| 0.000] - [PKTLEN......: 66.000| 1934.000| 727.800| 751.000|564013.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.897| 0.655| 1.187| 1408178.323| 3.500] + [PKTLEN......: 52.000| 1920.000| 713.800| 751.000| 564013.200| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.2,0.9,4896.4,4897.2,3.1,3.9,250.4,254.5,4.1,1006.9,1011.0,4.1,267.3,271.2,3.9,1008.0,1012.0,4.0,246.8,250.4,3.6,1038.7,1042.4,3.7,241.6,245.2,3.6,1046.3,1049.9,3.8,242.0] - [PKTLENS.....: 74,74,66,449,66,1837,66,651,1934,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1934,66,449,1836,66,651] + [PKTLENS.....: 60,60,52,435,52,1823,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637] + [ENTROPIES...: 4.6,5.1,5.0,5.9,4.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,5.0,6.0,7.8,5.0,5.9,7.7,5.0,6.0,7.8,5.0,5.9,7.7,5.0,6.0,7.8,4.9,5.9,7.7,5.0,6.0] new: [...613] [ip4][..tcp] [.....172.16.0.1][35074] -> [..192.168.10.50][...80] new: [...614] [ip4][..tcp] [.....172.16.0.1][35088] -> [..192.168.10.50][...80] new: [...615] [ip4][..tcp] [.....172.16.0.1][35114] -> [..192.168.10.50][...80] @@ -2003,14 +2021,15 @@ new: [...648] [ip4][..tcp] [.....172.16.0.1][35696] -> [..192.168.10.50][...80] new: [...649] [ip4][..tcp] [.....172.16.0.1][35722] -> [..192.168.10.50][...80] analyse: [...643] [ip4][..tcp] [.....172.16.0.1][35626] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.954| 0.620| 0.972|945707.024| 0.000] - [PKTLEN......: 66.000| 1934.000| 730.700| 755.500|570797.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.954| 0.620| 0.972| 945707.024| 3.700] + [PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.1,0.7,3953.2,3953.8,3.0,3.8,1020.6,1024.3,3.7,248.2,252.3,4.2,1041.7,1046.0,4.3,255.1,258.8,3.6,1007.1,1010.8,3.7,252.7,256.2,3.6,1010.5,1014.2,3.8,262.9,266.7,3.8,1039.9] - [PKTLENS.....: 74,74,66,651,66,1934,66,449,1836,66,651,1932,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449,1836,66,651,1933,66,449] + [PKTLENS.....: 60,60,52,637,52,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435] + [ENTROPIES...: 4.6,5.1,5.0,6.0,4.9,7.8,5.0,5.9,7.7,5.0,6.0,7.8,5.0,5.9,7.7,5.0,6.0,7.8,5.0,5.9,7.7,5.0,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9] new: [...650] [ip4][..tcp] [.....172.16.0.1][35736] -> [..192.168.10.50][...80] new: [...651] [ip4][..tcp] [.....172.16.0.1][35762] -> [..192.168.10.50][...80] guessed: [...574] [ip4][..tcp] [.....172.16.0.1][34372] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] diff --git a/test/results/flow-info/aimini-http.pcap.out b/test/results/flow-info/aimini-http.pcap.out index 663e4f32b..f5db44c4c 100644 --- a/test/results/flow-info/aimini-http.pcap.out +++ b/test/results/flow-info/aimini-http.pcap.out @@ -6,14 +6,15 @@ new: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] detected: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] analyse: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.129| 0.000] - [PKTLEN......: 60.000| 1514.000| 838.400| 690.000|476082.300| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.129| 3.400] + [PKTLEN......: 46.000| 1500.000| 824.400| 690.000| 476082.300| 4.400] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,0,0,0,0] [IATS(ms)....: 0.5,1.1,0.4,1.0,0.0,0.7,0.1,0.9,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.2,0.0,0.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.2,0.0,0.1,1.1,0.0] - [PKTLENS.....: 62,62,62,62,60,649,60,649,1514,1514,1514,1514,1514,1514,1514,290,1514,1514,60,1514,1514,60,1514,1514,60,1514,290,60,60,60,1514,1514] + [PKTLENS.....: 48,48,48,48,46,635,46,635,1500,1500,1500,1500,1500,1500,1500,276,1500,1500,46,1500,1500,46,1500,1500,46,1500,276,46,46,46,1500,1500] + [ENTROPIES...: 3.9,4.1,4.3,4.5,3.8,6.0,4.0,6.0,7.7,7.9,7.7,7.9,7.8,7.8,7.9,7.0,7.7,7.9,3.8,7.7,7.9,3.8,7.8,7.8,3.8,7.9,7.0,4.0,4.0,4.0,5.8,4.5] new: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] detected: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] new: [.....4] [ip4][..tcp] [.....10.101.0.2][28504] -> [.....10.102.0.2][...80] diff --git a/test/results/flow-info/alexa-app.pcapng.out b/test/results/flow-info/alexa-app.pcapng.out index f8b26e5b5..07c93a4c3 100644 --- a/test/results/flow-info/alexa-app.pcapng.out +++ b/test/results/flow-info/alexa-app.pcapng.out @@ -122,14 +122,15 @@ detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] analyse: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.091| 0.022| 0.031| 964.249| 0.000] - [PKTLEN......: 66.000| 1514.000| 594.300| 637.000|405792.100| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.091| 0.022| 0.031| 964.249| 3.600] + [PKTLEN......: 52.000| 1500.000| 580.300| 637.000| 405792.100| 4.100] [BINS(c->s)..: 11,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,1,1,1,1,1,0,0,0] [IATS(ms)....: 47.0,53.0,0.3,73.2,0.1,18.9,0.4,0.3,0.4,88.2,0.3,0.7,0.2,8.1,32.8,75.3,63.7,49.4,70.9,0.8,90.5,2.0,0.4,0.5,0.4,0.5,0.7,0.0,5.3,0.3,1.1] - [PKTLENS.....: 74,74,66,268,66,66,1514,1514,1514,833,66,66,66,66,192,1096,308,66,66,1514,1514,66,1514,1514,1514,464,1514,1126,100,66,66,66] + [PKTLENS.....: 60,60,52,254,52,52,1500,1500,1500,819,52,52,52,52,178,1082,294,52,52,1500,1500,52,1500,1500,1500,450,1500,1112,86,52,52,52] + [ENTROPIES...: 4.6,5.3,5.1,5.6,5.0,5.0,6.9,7.2,7.5,7.6,5.0,5.0,5.0,5.0,6.3,7.8,7.0,5.1,5.0,7.9,7.9,5.0,7.9,7.9,7.9,7.5,7.9,7.8,5.8,5.0,5.0,4.9] detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] @@ -137,14 +138,15 @@ detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] ERROR-EVENT: Unknown packet type analyse: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.016| 0.161| 0.286|81844.249| 0.000] - [PKTLEN......: 54.000| 1514.000| 380.200| 485.100|235358.500| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.016| 0.161| 0.286| 81844.249| 3.400] + [PKTLEN......: 40.000| 1500.000| 366.200| 485.100| 235358.500| 3.900] [BINS(c->s)..: 12,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0] [IATS(ms)....: 55.7,59.3,1.4,66.6,0.4,0.1,64.1,4.8,0.3,2.7,66.9,3.1,100.8,8.3,108.4,5.9,66.9,500.8,354.1,941.1,3.0,88.7,111.8,176.5,0.2,64.7,9.2,104.2,1015.9,966.5,45.6] - [PKTLENS.....: 74,62,54,261,1514,1514,399,54,54,54,380,60,113,54,1136,60,955,54,1120,1120,60,507,54,1168,60,891,54,54,60,54,60,54] + [PKTLENS.....: 60,48,40,247,1500,1500,385,40,40,40,366,46,99,40,1122,46,941,40,1106,1106,46,493,40,1154,46,877,40,40,46,40,46,40] + [ENTROPIES...: 4.6,5.1,4.8,5.5,6.8,7.3,7.4,4.8,4.8,4.7,7.3,4.7,6.0,4.9,7.8,4.5,7.8,4.8,7.8,7.8,4.6,7.6,4.8,7.8,4.6,7.7,4.9,4.9,4.5,4.8,4.5,4.8] detection-update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] new: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] new: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] @@ -181,14 +183,15 @@ detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] analyse: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.836| 0.167| 0.244|59552.047| 0.000] - [PKTLEN......: 54.000| 1514.000| 401.000| 534.600|285800.000| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.836| 0.167| 0.244| 59552.047| 3.700] + [PKTLEN......: 40.000| 1500.000| 387.000| 534.600| 285800.000| 3.900] [BINS(c->s)..: 10,0,0,1,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,0,0,1,1,0,0,1,0] [IATS(ms)....: 54.2,55.4,0.5,50.3,258.9,520.1,785.3,3.8,0.2,0.1,0.0,60.8,0.3,0.1,0.1,52.1,11.0,287.0,223.9,2.7,139.2,0.2,171.9,179.9,0.1,402.7,22.4,216.5,783.8,835.9,50.5] - [PKTLENS.....: 74,62,54,259,60,259,259,60,1514,1514,1514,688,54,54,54,54,180,1514,105,482,60,60,480,54,1514,1210,60,357,54,54,60,54] + [PKTLENS.....: 60,48,40,245,46,245,245,46,1500,1500,1500,674,40,40,40,40,166,1500,91,468,46,46,466,40,1500,1196,46,343,40,40,46,40] + [ENTROPIES...: 4.6,5.1,4.9,5.6,4.5,5.6,5.6,4.6,7.1,7.3,7.4,7.6,4.8,4.9,4.8,4.8,6.3,7.9,5.9,7.5,4.6,4.6,7.5,4.8,7.9,7.8,4.6,7.4,4.9,4.9,4.6,4.9] detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] new: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] detected: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] @@ -211,14 +214,15 @@ detection-update: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] analyse: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.352| 0.044| 0.079| 6215.196| 0.000] - [PKTLEN......: 54.000| 1514.000| 657.200| 676.900|458225.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.352| 0.044| 0.079| 6215.196| 3.500] + [PKTLEN......: 40.000| 1500.000| 643.200| 676.900| 458225.800| 4.100] [BINS(c->s)..: 4,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,11,0,0] [BINS(s->c)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,0] [IATS(ms)....: 57.0,58.6,1.8,56.8,4.8,0.1,59.3,0.3,22.9,80.0,5.9,71.8,0.3,0.1,0.6,0.3,0.2,1.4,0.3,0.1,67.8,34.8,23.9,352.1,295.3,0.1,57.7,0.7,60.6,0.1,59.8] - [PKTLENS.....: 74,62,54,313,60,60,210,54,105,820,60,564,1514,1439,1514,1514,1514,1514,1514,1514,83,60,60,60,1514,60,60,1514,1514,60,60,1514] + [PKTLENS.....: 60,48,40,299,46,46,196,40,91,806,46,550,1500,1425,1500,1500,1500,1500,1500,1500,69,46,46,46,1500,46,46,1500,1500,46,46,1500] + [ENTROPIES...: 4.7,5.1,4.8,6.0,4.6,4.5,6.4,4.8,5.3,7.7,4.6,7.6,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,5.7,4.5,4.5,4.5,7.9,4.6,4.6,7.9,7.9,4.6,4.6,7.9] new: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] detected: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] @@ -260,23 +264,25 @@ detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.897| 0.237| 0.560|313730.662| 0.000] - [PKTLEN......: 66.000| 1514.000| 617.100| 665.400|442821.700| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.897| 0.237| 0.560| 313730.662| 2.800] + [PKTLEN......: 52.000| 1500.000| 603.100| 665.400| 442821.700| 4.100] [BINS(c->s)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0] [BINS(s->c)..: 7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,5,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1] [IATS(ms)....: 52.9,67.2,1.0,63.2,9.6,59.8,0.3,20.9,0.5,0.2,0.2,1.1,0.2,97.5,0.1,7.3,15.9,484.6,0.2,0.2,116.0,306.3,538.3,1116.6,2896.8,0.3,0.2,0.1,0.1,583.2,913.8] - [PKTLENS.....: 74,74,66,583,66,222,66,117,1514,1514,139,1514,1514,1495,66,66,66,66,1514,1514,1223,1223,1514,1514,1514,66,78,78,78,78,66,66] + [PKTLENS.....: 60,60,52,569,52,208,52,103,1500,1500,125,1500,1500,1481,52,52,52,52,1500,1500,1209,1209,1500,1500,1500,52,64,64,64,64,52,52] + [ENTROPIES...: 4.7,5.3,5.0,6.1,5.0,6.6,5.1,5.6,7.9,7.9,6.4,7.9,7.9,7.9,5.0,5.0,5.0,4.9,7.9,7.9,7.8,7.8,7.9,7.9,7.9,4.9,5.0,5.1,5.1,5.1,5.1,5.0] analyse: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.486| 0.102| 0.138|19130.661| 0.000] - [PKTLEN......: 54.000| 1514.000| 700.300| 682.000|465082.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.486| 0.102| 0.138| 19130.661| 3.700] + [PKTLEN......: 40.000| 1500.000| 686.300| 682.000| 465082.800| 4.200] [BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 6,1,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 92.4,95.4,2.4,97.4,1.9,14.1,0.3,0.1,113.4,0.3,0.2,49.6,132.6,83.3,183.9,0.3,326.1,293.1,272.4,0.1,443.7,0.4,0.5,0.0,276.5,199.2,0.5,0.0,0.7,486.1,0.4] - [PKTLENS.....: 74,62,54,275,60,60,1514,1514,464,54,54,54,180,105,54,1514,547,60,1514,60,60,1514,1514,1514,225,1514,1514,1514,225,1514,1514,1514] + [PKTLENS.....: 60,48,40,261,46,46,1500,1500,450,40,40,40,166,91,40,1500,533,46,1500,46,46,1500,1500,1500,211,1500,1500,1500,211,1500,1500,1500] + [ENTROPIES...: 4.7,5.1,4.7,5.4,4.6,4.6,7.2,7.3,7.4,4.8,4.8,4.8,6.6,5.8,4.7,7.9,7.6,4.7,7.9,4.5,4.5,7.8,7.9,7.9,7.0,7.8,7.9,7.9,7.0,7.8,7.8,7.9] detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..tcp] [..172.16.42.216][49606] -> [..52.94.232.134][...80] @@ -376,14 +382,15 @@ detected: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] detected: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] analyse: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.570| 0.289| 0.417|173871.694| 0.000] - [PKTLEN......: 54.000| 1514.000| 385.100| 516.000|266233.000| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.570| 0.289| 0.417| 173871.694| 3.700] + [PKTLEN......: 40.000| 1500.000| 371.100| 516.000| 266233.000| 3.900] [BINS(c->s)..: 8,1,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0] [IATS(ms)....: 325.4,332.9,0.3,247.7,0.2,241.3,0.3,0.3,23.8,0.3,429.9,0.1,1569.5,1485.9,353.0,706.9,73.8,0.3,358.8,0.4,256.6,3.7,0.2,956.2,948.6,95.3,235.6,1.1,0.1,275.4,23.7] - [PKTLENS.....: 74,62,54,293,139,107,54,54,113,1514,188,60,60,188,60,731,54,1514,252,60,539,54,1514,220,539,54,1514,60,571,60,54,1514] + [PKTLENS.....: 60,48,40,279,125,93,40,40,99,1500,174,46,46,174,46,717,40,1500,238,46,525,40,1500,206,525,40,1500,46,557,46,40,1500] + [ENTROPIES...: 4.7,5.2,4.8,5.8,6.1,6.1,4.8,4.8,5.9,7.9,6.9,4.6,4.5,6.9,4.6,7.7,4.8,7.9,7.1,4.7,7.6,4.8,7.9,7.0,7.6,4.8,7.9,4.7,7.6,4.7,4.7,7.9] detection-update: [....92] [ip4][..tcp] [..172.16.42.216][45715] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] RISK: Weak TLS Cipher detection-update: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] @@ -400,25 +407,27 @@ new: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443] detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] analyse: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.192| 0.160| 0.282|79548.359| 0.000] - [PKTLEN......: 54.000| 1514.000| 357.000| 486.700|236894.100| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.192| 0.160| 0.282| 79548.359| 3.500] + [PKTLEN......: 40.000| 1500.000| 343.000| 486.700| 236894.100| 3.900] [BINS(c->s)..: 4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [BINS(s->c)..: 10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1] [IATS(ms)....: 214.4,219.1,3.7,1161.8,1191.6,0.1,0.0,75.9,170.4,0.4,119.0,9.7,7.9,105.5,90.0,79.1,135.4,22.4,255.4,0.3,202.3,1.2,199.7,0.1,0.1,204.8,0.0,11.4,221.9,0.1,253.2] - [PKTLENS.....: 74,62,54,293,293,60,139,107,54,60,192,54,113,1514,60,220,60,60,1147,1514,268,60,555,1514,284,176,60,60,539,1514,204,60] + [PKTLENS.....: 60,48,40,279,279,46,125,93,40,46,178,40,99,1500,46,206,46,46,1133,1500,254,46,541,1500,270,162,46,46,525,1500,190,46] + [ENTROPIES...: 4.7,5.1,4.8,5.9,5.9,4.6,6.1,6.0,4.7,4.6,6.5,4.7,5.9,7.9,4.6,6.9,4.6,4.6,7.8,7.9,7.1,4.6,7.5,7.9,7.2,6.6,4.5,4.6,7.6,7.9,6.8,4.6] detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] analyse: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.080| 0.209| 0.303|92031.574| 0.000] - [PKTLEN......: 54.000| 1514.000| 374.500| 516.500|266795.300| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.080| 0.209| 0.303| 92031.574| 3.700] + [PKTLEN......: 40.000| 1500.000| 360.500| 516.500| 266795.300| 3.800] [BINS(c->s)..: 7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1] [IATS(ms)....: 1005.7,1080.3,210.2,18.7,169.7,18.0,105.0,0.1,107.2,0.3,11.7,34.8,0.1,215.2,0.3,0.1,21.7,195.6,0.3,202.8,0.7,212.9,0.3,205.8,11.0,236.3,754.7,0.3,888.9,405.4,377.3] - [PKTLENS.....: 74,74,62,54,293,62,54,139,107,54,54,113,1514,268,60,60,60,555,1514,220,60,715,1514,252,60,571,54,1514,220,60,1514,60] + [PKTLENS.....: 60,60,48,40,279,48,40,125,93,40,40,99,1500,254,46,46,46,541,1500,206,46,701,1500,238,46,557,40,1500,206,46,1500,46] + [ENTROPIES...: 4.7,4.6,5.1,4.8,5.9,5.1,4.9,6.0,6.1,4.8,4.9,5.8,7.9,7.2,4.7,4.6,4.6,7.6,7.9,7.0,4.7,7.7,7.9,7.1,4.6,7.6,4.9,7.9,6.9,4.5,7.9,4.5] new: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] detected: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] detection-update: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] @@ -464,41 +473,45 @@ detection-update: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] RISK: Weak TLS Cipher analyse: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.326| 0.037| 0.075| 5555.152| 0.000] - [PKTLEN......: 54.000| 1514.000| 559.400| 489.800|239933.900| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.326| 0.037| 0.075| 5555.152| 3.000] + [PKTLEN......: 40.000| 1500.000| 545.400| 489.800| 239933.900| 4.400] [BINS(c->s)..: 7,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,1] [IATS(ms)....: 55.9,57.4,1.4,113.3,0.4,112.3,0.1,3.2,65.7,1.4,70.0,0.2,85.3,246.6,0.1,0.0,0.1,325.6,0.3,3.8,0.8,0.2,0.3,0.1,0.3,0.3,0.6,0.4,1.1,6.7,1.2] - [PKTLENS.....: 74,62,54,265,1514,1289,54,54,380,60,113,1514,284,60,1035,603,603,603,54,54,1514,1514,755,1115,603,603,603,603,603,603,54,603] + [PKTLENS.....: 60,48,40,251,1500,1275,40,40,366,46,99,1500,270,46,1021,589,589,589,40,40,1500,1500,741,1101,589,589,589,589,589,589,40,589] + [ENTROPIES...: 4.6,5.2,4.8,5.6,7.3,7.3,4.9,4.9,7.3,4.6,6.1,7.9,7.2,4.6,7.8,7.7,7.6,7.6,4.9,4.8,7.9,7.9,7.7,7.8,7.6,7.6,7.7,7.6,7.6,7.6,4.9,7.7] analyse: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.933| 0.089| 0.198|39194.591| 0.000] - [PKTLEN......: 54.000| 1514.000| 464.100| 541.500|293230.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.933| 0.089| 0.198| 39194.591| 3.000] + [PKTLEN......: 40.000| 1500.000| 450.100| 541.500| 293230.800| 4.000] [BINS(c->s)..: 11,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [BINS(s->c)..: 4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0] [IATS(ms)....: 109.9,111.6,1.6,102.0,0.2,101.6,0.3,1.9,56.2,0.1,87.5,19.1,7.6,147.9,304.1,639.4,932.7,32.7,0.1,0.0,0.7,0.1,0.0,0.3,0.6,110.7,0.2,1.8,0.2,0.1,0.1] - [PKTLENS.....: 74,62,54,265,1514,1289,54,54,380,60,113,54,1514,268,60,1514,1514,60,1035,603,603,603,603,603,1483,91,54,54,54,54,54,54] + [PKTLENS.....: 60,48,40,251,1500,1275,40,40,366,46,99,40,1500,254,46,1500,1500,46,1021,589,589,589,589,589,1469,77,40,40,40,40,40,40] + [ENTROPIES...: 4.7,5.2,4.8,5.6,7.2,7.3,4.8,4.8,7.3,4.7,6.1,4.9,7.9,7.2,4.5,7.9,7.9,4.7,7.8,7.6,7.7,7.7,7.6,7.6,7.9,5.7,4.8,4.8,4.9,4.8,4.9,4.9] analyse: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 9.247| 1.357| 2.197|4827473.510| 0.000] - [PKTLEN......: 54.000| 1514.000| 439.800| 556.200|309356.400| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 9.247| 1.357| 2.197| 4827473.510| 3.500] + [PKTLEN......: 40.000| 1500.000| 425.800| 556.200| 309356.400| 3.900] [BINS(c->s)..: 9,1,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1] [IATS(ms)....: 992.4,1100.5,1.1,243.6,0.8,17.2,3008.6,6019.8,9247.0,0.1,67.2,0.3,0.3,66.7,669.5,0.3,275.2,528.0,1079.9,2835.2,350.0,114.6,72.1,219.3,5051.1,0.3,5193.9,65.0,174.2,2275.4,2411.2] - [PKTLENS.....: 74,74,62,62,54,54,293,293,293,139,107,54,54,113,60,1514,1132,1514,1514,1514,60,1132,60,955,54,1514,236,60,859,54,54,60] + [PKTLENS.....: 60,60,48,48,40,40,279,279,279,125,93,40,40,99,46,1500,1118,1500,1500,1500,46,1118,46,941,40,1500,222,46,845,40,40,46] + [ENTROPIES...: 4.7,4.7,5.2,5.1,4.9,4.9,5.8,5.8,5.8,6.0,5.9,4.7,4.8,6.0,4.6,7.9,7.8,7.9,7.9,7.9,4.6,7.8,4.6,7.8,4.7,7.9,6.9,4.7,7.7,4.9,4.9,4.5] analyse: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 19.096| 0.770| 3.358|11273140.961| 0.000] - [PKTLEN......: 54.000| 1514.000| 281.500| 412.900|170449.200| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 19.096| 0.770| 3.358| 11273140.961| 1.400] + [PKTLEN......: 40.000| 1500.000| 267.500| 412.900| 170449.200| 3.900] [BINS(c->s)..: 7,0,1,1,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 8,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,0,0] [IATS(ms)....: 123.6,128.0,5.4,470.5,0.6,0.6,0.0,1232.5,1.5,5.0,0.7,0.7,10.0,973.2,0.5,0.1,0.0,190.9,73.2,0.3,171.9,0.1,117.0,408.2,413.7,66.7,140.9,83.3,0.1,166.3,19096.2] - [PKTLENS.....: 74,62,54,246,60,1514,1514,536,246,246,54,54,54,180,60,60,60,99,54,1514,290,60,212,118,292,247,246,60,60,272,54,356] + [PKTLENS.....: 60,48,40,232,46,1500,1500,522,232,232,40,40,40,166,46,46,46,85,40,1500,276,46,198,104,278,233,232,46,46,258,40,342] + [ENTROPIES...: 4.7,5.1,4.8,5.5,4.6,7.2,7.3,7.6,5.5,5.5,4.8,4.9,4.7,6.3,4.5,4.5,4.8,5.6,4.8,7.9,7.2,4.5,6.8,6.0,7.1,7.0,6.9,4.5,4.6,7.0,4.8,7.3] detection-update: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS new: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] @@ -561,27 +574,29 @@ detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] analyse: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.295| 0.052| 0.098| 9533.209| 0.000] - [PKTLEN......: 66.000| 1514.000| 611.000| 635.800|404189.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.295| 0.052| 0.098| 9533.209| 3.000] + [PKTLEN......: 52.000| 1500.000| 597.000| 635.800| 404189.900| 4.100] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0] [IATS(ms)....: 58.0,60.3,1.6,154.7,0.4,0.4,0.4,0.5,0.5,0.2,0.4,156.7,0.3,4.1,0.1,3.4,0.2,0.1,0.2,0.1,0.1,0.1,7.0,268.3,295.2,18.3,286.3,0.5,0.4,286.6,4.3] - [PKTLENS.....: 74,74,66,613,66,1514,1514,1514,1514,1514,1514,1514,66,66,1514,441,66,66,66,66,66,66,66,613,613,441,78,606,1514,1514,66,66] + [PKTLENS.....: 60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,52,52,1500,427,52,52,52,52,52,52,52,599,599,427,64,592,1500,1500,52,52] + [ENTROPIES...: 4.7,5.2,5.0,6.0,5.1,7.1,7.8,7.8,7.9,7.8,7.8,7.8,5.0,5.0,7.8,6.5,5.0,5.0,5.0,5.0,5.0,5.0,5.0,6.0,6.0,6.5,5.0,5.9,7.5,7.8,5.0,5.0] new: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] detected: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] detection-update: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] RISK: Weak TLS Cipher analyse: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.107| 0.141| 0.257|65864.266| 0.000] - [PKTLEN......: 54.000| 1514.000| 444.000| 555.400|308431.600| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.107| 0.141| 0.257| 65864.266| 3.200] + [PKTLEN......: 40.000| 1500.000| 430.000| 555.400| 308431.600| 4.000] [BINS(c->s)..: 7,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [BINS(s->c)..: 6,2,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1] [IATS(ms)....: 111.1,112.4,0.8,179.9,0.1,0.0,179.9,2.9,0.3,3.3,0.5,135.1,0.2,170.2,502.2,1107.1,16.8,0.2,0.2,0.0,0.0,0.0,706.6,0.4,9.7,355.9,0.3,629.2,147.8,0.1,0.1] - [PKTLENS.....: 74,62,54,297,60,139,107,54,54,113,1514,300,60,60,1514,1514,60,1514,135,1514,167,443,91,54,54,54,1514,332,60,1035,603,603] + [PKTLENS.....: 60,48,40,283,46,125,93,40,40,99,1500,286,46,46,1500,1500,46,1500,121,1500,153,429,77,40,40,40,1500,318,46,1021,589,589] + [ENTROPIES...: 4.7,5.1,4.8,5.9,4.5,6.2,6.0,4.8,4.9,6.0,7.9,7.1,4.5,4.6,7.9,7.9,4.6,7.9,6.4,7.9,6.6,7.5,5.8,4.8,4.8,4.7,7.9,7.3,4.6,7.8,7.6,7.7] new: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] new: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] new: [...128] [ip4][..tcp] [..172.16.42.216][51994] -> [....52.84.63.56][...80] @@ -595,14 +610,15 @@ detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] analyse: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.179| 0.023| 0.044| 1924.322| 0.000] - [PKTLEN......: 66.000| 1514.000| 757.400| 681.300|464196.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.179| 0.023| 0.044| 1924.322| 3.100] + [PKTLEN......: 52.000| 1500.000| 743.400| 681.300| 464196.800| 4.300] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0] [IATS(ms)....: 31.3,34.1,0.6,113.4,46.4,0.0,0.0,0.1,0.0,0.0,11.2,1.6,7.2,179.1,0.1,0.1,0.1,0.1,0.1,3.4,0.3,0.4,4.5,99.2,0.3,120.8,46.9,0.2,0.3,0.8,17.5] - [PKTLENS.....: 74,74,66,613,66,1514,1514,1514,1514,1514,1514,1514,1237,1237,66,66,66,66,66,66,66,66,78,613,1514,1514,66,1514,1350,1514,1514,66] + [PKTLENS.....: 60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,1223,1223,52,52,52,52,52,52,52,52,64,599,1500,1500,52,1500,1336,1500,1500,52] + [ENTROPIES...: 4.7,5.3,4.8,6.0,5.0,7.1,7.7,7.6,7.6,7.7,7.7,7.7,7.5,7.5,5.1,5.0,5.1,5.1,5.1,5.1,5.1,5.1,5.2,6.0,7.1,7.8,5.1,7.8,7.8,7.8,7.8,5.0] update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] update: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Network][Acceptable] update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] @@ -620,14 +636,15 @@ update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] analyse: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.511| 0.042| 0.110|12114.281| 0.000] - [PKTLEN......: 66.000| 1514.000| 693.600| 671.900|451493.000| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.511| 0.042| 0.110| 12114.281| 2.500] + [PKTLEN......: 52.000| 1500.000| 679.600| 671.900| 451493.000| 4.200] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1] [IATS(ms)....: 25.0,26.3,0.4,110.2,0.1,0.2,0.3,0.4,0.4,1.1,0.5,0.4,0.4,114.9,0.2,0.1,0.1,3.5,0.1,26.3,0.3,0.1,0.1,0.1,0.2,4.7,62.5,45.1,368.8,510.9,0.4] - [PKTLENS.....: 74,74,66,613,66,66,1514,1514,1514,1514,1514,1514,1514,1514,66,66,66,66,1514,1309,66,66,66,66,66,66,613,1309,78,613,1514,1514] + [PKTLENS.....: 60,60,52,599,52,52,1500,1500,1500,1500,1500,1500,1500,1500,52,52,52,52,1500,1295,52,52,52,52,52,52,599,1295,64,599,1500,1500] + [ENTROPIES...: 4.7,5.2,5.1,6.0,5.0,5.0,7.1,7.8,7.8,7.8,7.8,7.8,7.8,7.8,5.0,5.0,4.9,5.0,7.8,7.6,5.0,5.0,5.0,5.0,5.0,5.0,6.0,7.6,5.2,6.0,7.1,7.8] new: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] detected: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] detection-update: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] @@ -639,14 +656,15 @@ idle: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] idle: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2] [ICMPV6][Network][Acceptable] analyse: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 120.003| 3.968| 21.185|448816230.695| 0.000] - [PKTLEN......: 66.000| 1514.000| 450.500| 570.000|324877.800| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 120.003| 3.968| 21.185| 448816230.695| 0.300] + [PKTLEN......: 52.000| 1500.000| 436.500| 570.000| 324877.800| 3.900] [BINS(c->s)..: 9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0] [BINS(s->c)..: 7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1] [IATS(ms)....: 77.1,79.5,13.2,60.9,0.4,0.6,0.1,48.6,1.8,3.6,177.8,227.4,44.5,20.0,267.2,445.6,122.6,0.1,0.0,0.0,282.5,8.7,270.5,1.6,407.0,0.1,164.1,0.1,290.0,120002.8,0.1] - [PKTLENS.....: 74,74,66,287,66,1514,1514,640,66,66,66,192,308,66,1430,1430,66,1514,314,110,100,66,66,1514,1017,66,66,1329,100,66,97,66] + [PKTLENS.....: 60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52] + [ENTROPIES...: 4.7,5.3,5.0,5.4,5.1,7.0,7.2,7.6,5.0,5.1,5.0,6.6,7.2,5.0,7.9,7.9,5.1,7.9,7.3,6.1,5.8,5.1,5.1,7.9,7.8,5.1,5.1,7.9,5.9,5.1,5.6,5.1] detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS new: [...134] [ip4][..tcp] [..172.16.42.216][45751] -> [..52.94.232.134][..443] @@ -759,14 +777,15 @@ detection-update: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] new: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] analyse: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 8.001| 0.664| 1.905|3629965.115| 0.000] - [PKTLEN......: 54.000| 1514.000| 438.700| 584.700|341856.600| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 8.001| 0.664| 1.905| 3629965.115| 2.500] + [PKTLEN......: 40.000| 1500.000| 424.700| 584.700| 341856.600| 3.800] [BINS(c->s)..: 9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0] [IATS(ms)....: 133.8,140.4,3.2,141.6,1.3,0.1,137.2,0.3,0.1,2.7,82.2,0.2,95.7,0.4,359.1,405.4,633.6,688.6,100.8,373.1,50.8,202.6,7767.1,1.6,8001.1,353.8,410.1,314.8,108.3,0.2,84.0] - [PKTLENS.....: 74,62,54,261,1514,1514,399,54,54,54,380,60,113,1514,204,60,1514,113,54,1514,60,683,54,1514,300,60,54,60,1514,60,60,54] + [PKTLENS.....: 60,48,40,247,1500,1500,385,40,40,40,366,46,99,1500,190,46,1500,99,40,1500,46,669,40,1500,286,46,40,46,1500,46,46,40] + [ENTROPIES...: 4.7,5.2,4.8,5.6,6.8,7.3,7.4,4.7,4.8,4.9,7.4,4.6,6.0,7.9,6.9,4.6,7.9,6.0,4.8,7.9,4.7,7.7,4.8,7.9,7.3,4.5,4.8,4.5,7.9,4.6,4.6,4.9] detection-update: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] RISK: Weak TLS Cipher detected: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS.AmazonAWS][Cloud][Acceptable] @@ -791,14 +810,15 @@ detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][SoftwareUpdate][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.106| 0.022| 0.031| 964.869| 0.000] - [PKTLEN......: 66.000| 1514.000| 539.800| 600.400|360465.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.106| 0.022| 0.031| 964.869| 3.600] + [PKTLEN......: 52.000| 1500.000| 525.800| 600.400| 360465.600| 4.100] [BINS(c->s)..: 9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0] [IATS(ms)....: 42.7,43.7,0.7,45.0,4.0,0.5,0.6,0.3,50.6,0.8,0.3,1.1,7.3,12.7,0.3,65.6,42.6,4.2,48.9,0.4,25.2,76.4,106.0,0.2,0.6,0.6,0.3,0.0,102.0,2.9,1.9] - [PKTLENS.....: 74,74,66,268,66,1514,1514,1514,833,66,66,66,66,192,1514,781,78,192,1514,78,320,66,66,1514,1514,1514,697,608,143,66,163,66] + [PKTLENS.....: 60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52] + [ENTROPIES...: 4.7,5.2,5.0,5.6,5.0,6.9,7.2,7.5,7.6,5.1,4.9,5.0,4.9,6.3,7.9,7.7,5.2,6.3,7.9,5.1,7.1,5.0,5.0,7.9,7.9,7.9,7.7,7.6,6.3,5.0,6.5,4.8] detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] new: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] detected: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] @@ -853,49 +873,53 @@ detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.262| 0.033| 0.059| 3460.134| 0.000] - [PKTLEN......: 66.000| 1514.000| 631.000| 624.900|390532.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.262| 0.033| 0.059| 3460.134| 3.500] + [PKTLEN......: 52.000| 1500.000| 617.000| 624.900| 390532.600| 4.200] [BINS(c->s)..: 10,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,0,0,0,0,1,1,0,0,1,0,1,1] [IATS(ms)....: 16.7,17.9,1.6,27.3,5.3,0.5,0.5,0.3,32.5,0.3,12.9,0.3,0.1,39.0,52.8,61.9,0.5,0.3,0.1,35.1,0.7,5.1,216.8,261.8,0.2,39.4,7.5,74.2,66.6,42.1,0.4] - [PKTLENS.....: 74,74,66,285,66,1514,1514,1514,764,66,66,66,66,192,324,1343,1514,1514,770,100,66,66,1308,1308,862,100,66,1319,100,78,1514,1514] + [PKTLENS.....: 60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1329,1500,1500,756,86,52,52,1294,1294,848,86,52,1305,86,64,1500,1500] + [ENTROPIES...: 4.7,5.2,5.0,5.7,5.0,7.1,7.3,7.5,7.6,5.1,5.1,5.1,5.0,6.3,7.2,7.8,7.9,7.9,7.7,5.8,4.9,4.9,7.8,7.8,7.7,5.8,4.9,7.8,5.8,4.9,7.9,7.9] detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] analyse: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.241| 0.031| 0.057| 3274.655| 0.000] - [PKTLEN......: 66.000| 1514.000| 634.400| 578.400|334504.200| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.241| 0.031| 0.057| 3274.655| 3.400] + [PKTLEN......: 52.000| 1500.000| 620.400| 578.400| 334504.200| 4.300] [BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 34.0,35.1,2.2,37.9,5.1,0.5,0.2,42.9,0.3,0.1,30.8,68.8,38.4,227.1,241.4,50.1,58.4,55.5,3.8,2.0,4.4,1.6,0.7,7.8,0.1,0.1,9.0,0.3,3.1,0.8,10.2] - [PKTLENS.....: 74,74,66,260,66,1514,1514,632,66,66,66,192,117,732,732,117,78,66,1110,441,270,829,919,455,1514,191,571,1514,1514,1514,1514,1514] + [PKTLENS.....: 60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500] + [ENTROPIES...: 4.7,5.2,5.1,5.4,5.2,7.0,7.3,7.7,5.0,5.1,5.1,6.6,6.1,7.7,7.7,6.1,5.1,5.2,7.8,7.4,7.1,7.7,7.8,7.5,7.9,6.8,7.6,7.9,7.9,7.9,7.9,7.9] new: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] analyse: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.264| 0.057| 0.086| 7393.244| 0.000] - [PKTLEN......: 66.000| 1514.000| 546.200| 595.200|354289.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.264| 0.057| 0.086| 7393.244| 3.600] + [PKTLEN......: 52.000| 1500.000| 532.200| 595.200| 354289.100| 4.100] [BINS(c->s)..: 12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0] [BINS(s->c)..: 2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0] [IATS(ms)....: 22.8,24.0,0.9,22.8,6.6,0.6,0.6,0.3,39.7,0.1,0.1,0.2,6.8,37.6,46.2,226.7,213.1,3.9,222.3,264.1,0.1,55.3,103.4,0.1,10.4,183.9,242.5,1.0,0.1,38.6,0.1] - [PKTLENS.....: 74,74,66,285,66,1514,1514,1514,764,66,66,66,66,192,324,1351,324,78,1351,1351,944,100,100,66,66,78,1336,1514,1514,522,66,66] + [PKTLENS.....: 60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52] + [ENTROPIES...: 4.7,5.3,5.1,5.7,5.1,7.1,7.3,7.5,7.6,5.1,5.0,5.1,5.0,6.4,7.2,7.9,7.2,5.0,7.9,7.9,7.8,5.8,5.8,5.1,5.1,5.1,7.8,7.9,7.9,7.5,5.1,5.1] detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] detection-update: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] new: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] detected: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] new: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] analyse: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 7.471| 0.614| 1.478|2183643.136| 0.000] - [PKTLEN......: 54.000| 1514.000| 540.200| 637.500|406420.100| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 7.471| 0.614| 1.478| 2183643.136| 2.800] + [PKTLEN......: 40.000| 1500.000| 526.200| 637.500| 406420.100| 3.900] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1] [IATS(ms)....: 168.5,171.2,1.5,108.9,4.4,1.7,0.7,112.7,0.3,4.1,0.2,6.2,0.1,10.4,13.1,1.1,0.3,290.4,0.0,0.0,0.1,299.4,0.7,529.3,1065.9,2114.2,3665.4,7470.6,595.2,595.1,1817.1] - [PKTLENS.....: 74,62,54,281,60,60,1514,1514,54,54,1514,669,54,54,180,1514,1438,374,60,60,105,60,54,1438,1438,1438,1438,54,60,1438,60,60] + [PKTLENS.....: 60,48,40,267,46,46,1500,1500,40,40,1500,655,40,40,166,1500,1424,360,46,46,91,46,40,1424,1424,1424,1424,40,46,1424,46,46] + [ENTROPIES...: 4.6,5.1,4.8,5.7,4.6,4.5,7.1,7.3,4.8,4.8,7.4,7.6,4.9,4.8,6.3,7.9,7.9,7.3,4.4,4.3,5.9,4.4,4.7,7.9,7.9,7.9,7.9,4.8,4.3,7.9,4.5,4.5] detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable] detected: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] detection-update: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] diff --git a/test/results/flow-info/amqp.pcap.out b/test/results/flow-info/amqp.pcap.out index edb1a7ec5..eda7b5bb7 100644 --- a/test/results/flow-info/amqp.pcap.out +++ b/test/results/flow-info/amqp.pcap.out @@ -8,14 +8,15 @@ detected: [.....3] [ip4][..tcp] [......127.0.0.1][44206] -> [......127.0.1.1][.5672] [AMQP][RPC][Acceptable] detected: [.....2] [ip4][..tcp] [......127.0.1.1][.5672] -> [......127.0.0.1][44204] [AMQP][RPC][Acceptable] analyse: [.....1] [ip4][..tcp] [......127.0.0.1][44205] -> [......127.0.1.1][.5672] [AMQP][RPC][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.002| 0.224| 0.537|287986.745| 0.000] - [PKTLEN......: 66.000| 395.000| 132.000| 99.500| 9895.700| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.002| 0.224| 0.537| 287986.745| 2.400] + [PKTLEN......: 52.000| 381.000| 118.000| 99.500| 9895.700| 4.600] [BINS(c->s)..: 0,6,0,5,0,0,1,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 0.0,0.2,0.2,0.1,0.1,2001.7,2001.7,0.2,0.2,0.1,0.1,1032.6,1032.6,0.1,0.1,0.1,0.1,11.0,11.0,0.1,0.1,0.1,0.1,17.7,17.7,0.1,0.1,0.1,0.1,412.7,412.7] - [PKTLENS.....: 107,66,162,66,369,66,107,66,162,66,369,66,104,66,162,66,395,66,103,66,162,66,271,66,105,66,162,66,325,66,104,66] + [PKTLENS.....: 93,52,148,52,355,52,93,52,148,52,355,52,90,52,148,52,381,52,89,52,148,52,257,52,91,52,148,52,311,52,90,52] + [ENTROPIES...: 4.9,4.6,5.1,4.6,5.4,4.6,4.9,4.6,5.2,4.6,5.4,4.6,4.9,4.6,5.1,4.5,5.4,4.6,4.9,4.6,5.1,4.6,5.5,4.5,4.8,4.5,5.1,4.6,5.5,4.6,4.9,4.6] idle: [.....2] [ip4][..tcp] [......127.0.1.1][.5672] -> [......127.0.0.1][44204] [AMQP][RPC][Acceptable] idle: [.....1] [ip4][..tcp] [......127.0.0.1][44205] -> [......127.0.1.1][.5672] [AMQP][RPC][Acceptable] idle: [.....3] [ip4][..tcp] [......127.0.0.1][44206] -> [......127.0.1.1][.5672] [AMQP][RPC][Acceptable] diff --git a/test/results/flow-info/android.pcap.out b/test/results/flow-info/android.pcap.out index c7dda0700..f6be9c78d 100644 --- a/test/results/flow-info/android.pcap.out +++ b/test/results/flow-info/android.pcap.out @@ -168,14 +168,15 @@ detected: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] detected: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun] analyse: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.405| 0.048| 0.104|10866.215| 0.000] - [PKTLEN......: 66.000| 1484.000| 430.500| 552.700|305506.200| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.405| 0.048| 0.104| 10866.215| 3.000] + [PKTLEN......: 52.000| 1470.000| 416.500| 552.700| 305506.200| 3.900] [BINS(c->s)..: 13,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,5,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,0] [IATS(ms)....: 13.7,15.0,32.7,47.5,16.6,0.0,34.5,0.3,386.5,404.6,19.7,197.6,221.1,19.2,15.0,27.7,41.8,1.7,0.0,0.0,1.0,1.6,0.1,0.0,0.0,1.2,0.0,1.2,2.7,0.0,0.0] - [PKTLENS.....: 74,74,66,246,66,1484,1202,66,66,159,358,66,578,66,100,66,655,66,1484,1484,1421,1484,66,1484,396,102,66,66,66,66,66,66] + [PKTLENS.....: 60,60,52,232,52,1470,1188,52,52,145,344,52,564,52,86,52,641,52,1470,1470,1407,1470,52,1470,382,88,52,52,52,52,52,52] + [ENTROPIES...: 4.7,5.3,5.1,5.5,5.1,7.2,7.4,5.1,5.1,6.1,7.1,5.0,7.5,4.9,5.4,5.0,7.6,5.0,7.9,7.8,7.9,7.8,5.1,7.8,7.4,5.6,5.1,5.1,5.1,5.1,5.0,5.0] detection-update: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] detection-update: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun] detection-update: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] diff --git a/test/results/flow-info/anyconnect-vpn.pcap.out b/test/results/flow-info/anyconnect-vpn.pcap.out index 308495666..ac9c398c1 100644 --- a/test/results/flow-info/anyconnect-vpn.pcap.out +++ b/test/results/flow-info/anyconnect-vpn.pcap.out @@ -44,14 +44,15 @@ detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn analyse: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.072| 0.022| 0.022| 465.545| 0.000] - [PKTLEN......: 66.000| 1514.000| 504.700| 597.200|356597.600| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.072| 0.022| 0.022| 465.545| 4.000] + [PKTLEN......: 52.000| 1500.000| 490.700| 597.200| 356597.600| 4.000] [BINS(c->s)..: 11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,2,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,0,0,0] [IATS(ms)....: 39.5,39.5,0.4,43.7,1.2,44.5,40.9,0.0,40.9,0.0,38.2,0.0,38.3,0.0,33.2,0.0,71.5,0.0,38.3,6.1,35.1,41.2,0.2,42.3,2.9,0.0,0.0,44.9,0.1] - [PKTLENS.....: 78,70,66,233,66,1514,66,1514,1514,66,66,1514,1181,66,66,1514,1514,1333,66,66,677,66,141,66,1175,66,359,711,119,66,66,66] + [PKTLENS.....: 64,56,52,219,52,1500,52,1500,1500,52,52,1500,1167,52,52,1500,1500,1319,52,52,663,52,127,52,1161,52,345,697,105,52,52,52] + [ENTROPIES...: 4.3,5.1,4.8,5.5,4.8,7.3,4.8,7.1,7.2,4.9,4.8,7.4,5.9,4.8,4.8,6.8,7.2,7.5,4.7,4.8,7.6,4.7,6.2,4.8,7.8,4.9,7.3,7.7,5.8,4.9,4.8,4.8] detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn new: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] @@ -110,14 +111,15 @@ detection-update: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] analyse: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.385| 0.079| 0.122|14784.686| 0.000] - [PKTLEN......: 66.000| 1434.000| 299.000| 416.200|173206.900| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.385| 0.079| 0.122| 14784.686| 3.700] + [PKTLEN......: 52.000| 1420.000| 285.000| 416.200| 173206.900| 3.900] [BINS(c->s)..: 9,2,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1] [IATS(ms)....: 28.5,28.6,0.3,35.2,11.6,46.5,4.2,33.1,3.0,31.9,1.5,30.5,1.7,30.8,254.9,281.1,5.1,31.3,315.0,342.2,26.3,53.5,25.8,25.8,4.8,30.5,2.7,28.4,358.2,384.8,2.1] - [PKTLENS.....: 78,78,66,214,66,1374,66,1261,66,117,66,510,66,477,66,377,66,181,66,791,66,1434,66,1174,66,128,66,136,66,124,66,124] + [PKTLENS.....: 64,64,52,200,52,1360,52,1247,52,103,52,496,52,463,52,363,52,167,52,777,52,1420,52,1160,52,114,52,122,52,110,52,110] + [ENTROPIES...: 4.3,5.0,4.8,5.4,5.1,7.4,4.9,7.6,4.9,5.9,4.8,7.5,5.0,7.5,4.9,7.3,5.0,6.5,5.0,7.7,5.0,7.9,4.9,7.8,4.9,6.1,5.0,6.2,4.9,6.0,5.1,6.1] new: [....37] [ip4][..tcp] [.....10.0.0.227][56881] -> [.162.222.43.153][..443] [MIDSTREAM] new: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] detected: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] @@ -127,14 +129,15 @@ detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.138| 0.027| 0.033| 1098.419| 0.000] - [PKTLEN......: 66.000| 1514.000| 531.300| 619.300|383541.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.138| 0.027| 0.033| 1098.419| 3.600] + [PKTLEN......: 52.000| 1500.000| 517.300| 619.300| 383541.000| 4.000] [BINS(c->s)..: 12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0] [IATS(ms)....: 42.4,42.4,2.0,46.9,1.2,46.1,40.3,0.0,40.3,0.0,37.2,0.0,37.2,0.0,97.2,138.0,40.9,1.2,43.3,9.0,0.0,0.0,0.0,0.0,0.0,0.0,51.2] - [PKTLENS.....: 78,70,66,218,66,1514,66,1514,1514,66,66,1514,1181,66,66,420,141,66,1031,66,1514,223,1514,223,1514,223,1514,223,66,66,66,66] + [PKTLENS.....: 64,56,52,204,52,1500,52,1500,1500,52,52,1500,1167,52,52,406,127,52,1017,52,1500,209,1500,209,1500,209,1500,209,52,52,52,52] + [ENTROPIES...: 4.2,5.0,4.7,5.5,4.7,7.3,4.7,7.1,7.2,4.8,4.8,7.4,5.9,4.8,4.8,7.4,6.2,4.8,7.8,4.9,7.9,6.9,7.9,6.9,7.9,6.7,7.8,6.8,4.8,4.8,4.8,4.8] detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [....39] [ip4][..tcp] [.....10.0.0.227][56865] -> [.....10.0.0.149][.8008] [MIDSTREAM] @@ -191,14 +194,15 @@ detection-update: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) analyse: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.047| 0.016| 0.019| 352.973| 0.000] - [PKTLEN......: 90.000| 407.000| 213.100| 70.700| 5001.800| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.047| 0.016| 0.019| 352.973| 3.900] + [PKTLEN......: 76.000| 393.000| 199.100| 70.700| 5001.800| 4.900] [BINS(c->s)..: 0,0,1,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,0,0,2,5,1,2,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,0,0,1,1,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0,1,0,0,0,1] [IATS(ms)....: 43.5,43.9,46.6,47.0,13.8,22.4,0.1,45.4,0.0,0.0,0.2,0.0,8.9,0.2,3.2,0.0,34.6,0.0,41.1,0.5,5.7,3.7,11.8,10.0,4.2,4.6,47.0,47.1,0.2,0.4,3.8] - [PKTLENS.....: 141,90,161,230,135,167,167,167,263,215,215,215,199,151,167,359,311,183,231,167,167,311,167,279,199,407,199,279,167,183,183,343] + [PKTLENS.....: 127,76,147,216,121,153,153,153,249,201,201,201,185,137,153,345,297,169,217,153,153,297,153,265,185,393,185,265,153,169,169,329] + [ENTROPIES...: 5.5,4.4,5.9,6.0,5.5,6.4,6.3,6.4,7.0,6.7,6.7,6.7,6.5,6.2,6.4,7.3,7.1,6.5,6.8,6.4,6.3,7.1,6.4,7.1,6.6,7.3,6.7,7.1,6.5,6.6,6.5,7.3] new: [....60] [ip4][..udp] [.....10.0.0.227][52595] -> [.......10.0.0.1][..192] new: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] detected: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] diff --git a/test/results/flow-info/anydesk.pcapng.out b/test/results/flow-info/anydesk.pcapng.out index a58329ffe..f20038436 100644 --- a/test/results/flow-info/anydesk.pcapng.out +++ b/test/results/flow-info/anydesk.pcapng.out @@ -12,14 +12,15 @@ detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing analyse: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.603| 0.177| 0.394|155451.113| 0.000] - [PKTLEN......: 54.000| 1514.000| 406.700| 555.200|308238.000| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.603| 0.177| 0.394| 155451.113| 2.800] + [PKTLEN......: 40.000| 1500.000| 392.700| 555.200| 308238.000| 3.800] [BINS(c->s)..: 8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1] [IATS(ms)....: 164.8,164.9,0.6,1.1,165.0,165.4,0.5,0.5,0.3,0.3,1.8,2.0,164.9,165.2,0.2,0.2,0.2,0.3,218.6,218.7,0.6,0.9,1215.5,1216.3,0.0,0.1,0.9,0.0,0.0,1602.9,0.1] - [PKTLENS.....: 74,60,54,317,60,1354,54,1354,54,60,54,1148,60,105,54,94,54,200,60,200,54,125,60,133,1514,1514,1256,60,60,60,1514,1194] + [PKTLENS.....: 60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180] + [ENTROPIES...: 4.8,4.9,4.8,5.4,4.4,7.5,4.8,7.8,4.8,4.6,4.7,7.6,4.4,5.8,4.8,5.8,4.8,6.7,4.4,6.8,4.8,6.3,4.4,6.4,7.9,7.9,7.8,4.4,4.4,4.4,7.9,7.8] detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing DAEMON-EVENT: [Processed: 6963 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -45,14 +46,15 @@ detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing analyse: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.022| 0.471| 0.869|754614.927| 0.000] - [PKTLEN......: 54.000| 3980.000| 320.300| 747.400|558552.100| 3.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.022| 0.471| 0.869| 754614.927| 2.900] + [PKTLEN......: 40.000| 3966.000| 306.300| 747.400| 558552.100| 3.100] [BINS(c->s)..: 6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1] [BINS(s->c)..: 11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0] [IATS(ms)....: 0.5,0.5,0.3,0.4,0.3,10.5,10.9,39.6,40.3,8.7,9.5,516.9,517.5,1.6,27.8,26.2,2.4,56.3,902.9,957.3,1754.2,1753.7,16.4,71.2,2966.8,3021.8,4.0] - [PKTLENS.....: 66,66,54,299,60,60,1514,197,54,1340,60,968,94,54,101,60,89,88,60,88,54,3980,60,60,60,93,60,155,54,113,60,130] + [PKTLENS.....: 52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116] + [ENTROPIES...: 4.5,4.7,4.7,5.4,4.2,4.3,7.7,6.2,4.7,7.7,4.3,7.8,5.6,4.6,5.7,4.2,5.5,5.6,4.3,5.6,4.7,8.0,4.2,4.3,4.2,5.7,4.3,6.5,4.6,6.0,4.3,6.2] DAEMON-EVENT: [Processed: 9484 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] @@ -63,14 +65,15 @@ detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Missing SNI TLS Extn, Desktop/File Sharing analyse: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][RemoteAccess][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 8.445| 0.583| 2.064|4258557.067| 0.000] - [PKTLEN......: 66.000| 1514.000| 342.900| 495.500|245485.500| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 8.445| 0.583| 2.064| 4258557.067| 1.500] + [PKTLEN......: 52.000| 1500.000| 328.900| 495.500| 245485.500| 3.800] [BINS(c->s)..: 8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1] [IATS(ms)....: 17.7,17.8,0.9,17.8,3.4,20.3,0.1,0.0,3.8,21.9,18.1,0.1,0.0,0.9,64.2,13.4,76.8,1.5,18.4,206.6,224.8,0.0,0.0,18.7,0.0,62.8,0.0,80.2,8427.9,8444.6,314.0] - [PKTLENS.....: 74,74,66,355,66,1514,66,1146,66,1160,117,66,106,66,213,66,212,66,151,66,159,1514,1514,1287,66,66,106,104,66,151,66,159] + [PKTLENS.....: 60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145] + [ENTROPIES...: 4.8,5.3,5.1,5.6,5.1,7.5,5.1,7.7,5.1,7.7,6.0,5.1,6.1,5.1,6.9,5.2,6.9,5.2,6.6,5.2,6.6,7.9,7.9,7.8,5.2,5.2,6.1,5.9,5.1,6.5,5.2,6.6] end: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] idle: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing diff --git a/test/results/flow-info/bad-dns-traffic.pcap.out b/test/results/flow-info/bad-dns-traffic.pcap.out index 22c646290..f17ace4dc 100644 --- a/test/results/flow-info/bad-dns-traffic.pcap.out +++ b/test/results/flow-info/bad-dns-traffic.pcap.out @@ -22,14 +22,15 @@ detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name analyse: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.063| 4.102| 1.074| 0.689|474850.951| 0.000] - [PKTLEN......: 95.000| 323.000| 129.200| 50.600| 2560.600| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.063| 4.102| 1.074| 0.689| 474850.951| 4.700] + [PKTLEN......: 81.000| 309.000| 115.200| 50.600| 2560.600| 4.900] [BINS(c->s)..: 0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1] [IATS(ms)....: 1006.5,1005.8,1008.1,1008.5,4101.9,73.2,63.1,1023.9,1006.7,2080.9,1018.8,962.5,1014.1,1012.6,1013.6,1040.3,1038.2,1060.2,1011.7,991.1,1041.5,1066.6,1017.8,982.3,1029.5,1026.2,1027.8,1007.4,2080.4,166.4,305.9] - [PKTLENS.....: 133,133,133,133,133,164,95,130,95,95,126,95,128,95,130,95,128,95,128,95,126,95,128,95,130,95,128,95,95,174,290,323] + [PKTLENS.....: 119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309] + [ENTROPIES...: 4.9,5.0,5.0,5.0,5.0,4.9,5.0,5.0,5.0,5.1,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,4.9,5.0,4.9,5.0,5.0,5.0,5.0,5.0,4.9,4.2,4.3] update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] diff --git a/test/results/flow-info/bitcoin.pcap.out b/test/results/flow-info/bitcoin.pcap.out index bf92f591d..152e13e76 100644 --- a/test/results/flow-info/bitcoin.pcap.out +++ b/test/results/flow-info/bitcoin.pcap.out @@ -8,52 +8,56 @@ detected: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 141.657| 9.231| 28.185|794377756.606| 0.000] - [PKTLEN......: 86.000| 1514.000| 1196.700| 570.200|325114.200| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 141.657| 9.231| 28.185| 794377756.606| 1.900] + [PKTLEN......: 72.000| 1500.000| 1182.700| 570.200| 325114.200| 4.800] [BINS(c->s)..: 0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0] [DIRECTIONS..: 0,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 52.7,59.2,36072.7,6972.6,71059.7,141657.3,28238.3,0.1,33.0,0.0,0.0,1933.1,0.0,0.0,0.0,0.0,4.5,16.8,0.3,4.1,0.5,12.1,1.1,0.3,10.6,15.7,2.7,0.0,3.1,4.1,7.9] - [PKTLENS.....: 171,171,86,127,121,127,110,1514,1514,1514,1514,1045,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] + [PKTLENS.....: 157,157,72,113,107,113,96,1500,1500,1500,1500,1031,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] + [ENTROPIES...: 4.3,4.4,4.9,5.2,4.7,5.6,4.9,7.4,7.5,7.5,7.5,7.4,3.6,3.4,3.5,3.5,3.5,3.4,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5] new: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 100.111| 6.495| 19.445|378100231.700| 0.000] - [PKTLEN......: 86.000| 1514.000| 1169.300| 597.200|356626.800| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 100.111| 6.495| 19.445| 378100231.700| 2.000] + [PKTLEN......: 72.000| 1500.000| 1155.300| 597.200| 356626.800| 4.700] [BINS(c->s)..: 0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0] [DIRECTIONS..: 0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 59.2,103.2,9823.2,39766.1,21773.2,100110.7,311.6,29237.0,0.0,63.5,0.0,0.1,1.8,36.3,0.1,10.1,0.0,2.2,0.0,22.5,0.0,0.0,5.4,1.9,16.7,0.1,3.3,3.2,0.1,2.6,1.0] - [PKTLENS.....: 171,171,86,182,121,121,110,121,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] + [PKTLENS.....: 157,157,72,168,107,107,96,107,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] + [ENTROPIES...: 4.5,4.5,5.1,5.3,4.9,4.9,5.1,4.8,3.6,3.5,3.6,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5] new: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [Mining][Mining][Unsafe] RISK: Unsafe Protocol DAEMON-EVENT: [Processed: 214 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] analyse: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 134.322| 8.966| 25.482|649325705.167| 0.000] - [PKTLEN......: 86.000| 1514.000| 1089.600| 630.500|397582.100| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 134.322| 8.966| 25.482| 649325705.167| 2.200] + [PKTLEN......: 72.000| 1500.000| 1075.600| 630.500| 397582.100| 4.700] [BINS(c->s)..: 0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [BINS(s->c)..: 1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 62.3,90.5,14042.4,39643.2,11452.0,9238.6,22700.4,134322.5,190.5,216.5,0.1,56.8,0.0,0.0,0.0,45582.9,5.5,2.9,79.7,2.4,56.4,14.9,38.3,1.1,29.4,10.2,41.4,0.0,29.6,11.8,15.8] - [PKTLENS.....: 171,171,86,127,127,127,182,127,110,1514,1514,1514,1514,1514,1514,331,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] + [PKTLENS.....: 157,157,72,113,113,113,168,113,96,1500,1500,1500,1500,1500,1500,317,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] + [ENTROPIES...: 4.3,4.5,5.2,5.6,5.6,5.4,5.2,5.5,5.0,6.6,6.6,6.6,6.6,6.7,6.7,6.2,3.5,3.4,3.5,3.5,3.5,3.5,3.5,3.5,3.4,3.4,3.5,3.5,3.5,3.5,3.5,3.5] new: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [MIDSTREAM] detected: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 41.186| 2.780| 7.976|63609669.419| 0.000] - [PKTLEN......: 86.000| 1514.000| 1120.500| 621.500|386298.000| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 41.186| 2.780| 7.976| 63609669.419| 2.200] + [PKTLEN......: 72.000| 1500.000| 1106.500| 621.500| 386298.000| 4.700] [BINS(c->s)..: 0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0] [BINS(s->c)..: 1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 128.2,113.3,17195.1,11450.8,3438.7,6.8,2755.3,41186.4,319.9,321.8,0.0,347.4,8283.5,31.9,35.0,52.7,19.0,36.6,49.3,41.1,63.9,2.3,29.1,27.7,37.4,32.7,49.2,24.6,33.7,41.1,34.1] - [PKTLENS.....: 171,171,86,121,121,121,121,127,110,1514,1514,1514,1399,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] + [PKTLENS.....: 157,157,72,107,107,107,107,113,96,1500,1500,1500,1385,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] + [ENTROPIES...: 4.4,4.4,5.0,4.7,4.7,4.8,4.8,5.6,5.0,6.6,6.6,6.6,6.6,3.4,3.4,3.3,3.3,3.4,3.4,3.3,3.3,3.3,3.3,3.3,3.3,3.3,3.3,3.3,3.3,3.4,3.4,3.3] DAEMON-EVENT: [Processed: 494 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 5 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....6] [ip4][..tcp] [..192.168.1.142][55487] -> [.184.58.165.119][.8333] [MIDSTREAM] diff --git a/test/results/flow-info/bittorrent.pcap.out b/test/results/flow-info/bittorrent.pcap.out index de6e221d6..fb97d0f29 100644 --- a/test/results/flow-info/bittorrent.pcap.out +++ b/test/results/flow-info/bittorrent.pcap.out @@ -64,14 +64,15 @@ detected: [....21] [ip4][..tcp] [....192.168.1.3][52922] -> [..95.237.193.34][11321] [BitTorrent][Download][Acceptable] RISK: Known Proto on Non Std Port analyse: [....17] [ip4][..tcp] [....192.168.1.3][52915] -> [..198.100.146.9][60163] [BitTorrent][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.012| 0.920| 0.247| 0.229|52345.696| 0.000] - [PKTLEN......: 80.000| 1506.000| 736.400| 635.200|403438.900| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.012| 0.920| 0.247| 0.229| 52345.696| 4.400] + [PKTLEN......: 66.000| 1492.000| 722.400| 635.200| 403438.900| 4.400] [BINS(c->s)..: 5,1,1,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,0,0] [DIRECTIONS..: 0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,0,1,1,1,1,0,1,1] [IATS(ms)....: 176.8,184.0,361.0,337.3,477.6,920.0,779.8,619.5,619.4,156.9,158.1,151.0,161.2,12.0,185.6,163.5,148.9,165.8,153.5,19.2,148.7,12.8,146.1,495.9,130.3,32.1,133.8,27.3,421.5,129.5,27.4] - [PKTLENS.....: 134,146,625,242,80,190,104,100,1506,83,1180,83,623,95,83,403,83,202,623,1506,1506,1506,1506,1506,202,1506,1506,1506,1506,211,1506,1506] + [PKTLENS.....: 120,132,611,228,66,176,90,86,1492,69,1166,69,609,81,69,389,69,188,609,1492,1492,1492,1492,1492,188,1492,1492,1492,1492,197,1492,1492] + [ENTROPIES...: 6.0,6.1,4.9,5.5,4.8,3.9,5.4,4.3,7.8,4.5,7.7,4.6,7.6,4.7,4.6,7.4,4.6,2.9,7.6,4.9,7.7,7.7,7.8,7.8,3.1,7.7,7.8,7.8,7.8,3.1,7.8,7.9] new: [....22] [ip4][..tcp] [....192.168.1.3][52927] -> [.83.216.184.241][51413] [MIDSTREAM] detected: [....22] [ip4][..tcp] [....192.168.1.3][52927] -> [.83.216.184.241][51413] [BitTorrent][Download][Acceptable] new: [....23] [ip4][..tcp] [....192.168.1.3][52926] -> [..93.65.249.100][31336] [MIDSTREAM] diff --git a/test/results/flow-info/bittorrent_utp.pcap.out b/test/results/flow-info/bittorrent_utp.pcap.out index 918c55c72..e94e66ec3 100644 --- a/test/results/flow-info/bittorrent_utp.pcap.out +++ b/test/results/flow-info/bittorrent_utp.pcap.out @@ -5,14 +5,15 @@ detected: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Download][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 5.430| 0.412| 1.202|1445669.503| 0.000] - [PKTLEN......: 62.000| 1514.000| 511.200| 600.800|360942.700| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 5.430| 0.412| 1.202| 1445669.503| 2.400] + [PKTLEN......: 48.000| 1500.000| 497.200| 600.800| 360942.700| 4.000] [BINS(c->s)..: 3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0] [BINS(s->c)..: 11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0] [IATS(ms)....: 4392.2,1037.9,5430.3,116.8,116.9,100.5,240.4,139.9,4.5,110.6,115.0,1.0,58.6,60.6,88.2,88.1,37.5,37.7,24.5,24.4,43.7,55.5,11.6,11.8,11.9,53.7,52.8,104.1,173.3,8.3,17.5] - [PKTLENS.....: 146,146,62,72,252,519,62,62,117,271,62,62,146,1514,68,1514,68,1514,68,1514,68,96,1514,68,1514,68,1514,62,62,1051,1051,1051] + [PKTLENS.....: 132,132,48,58,238,505,48,48,103,257,48,48,132,1500,54,1500,54,1500,54,1500,54,82,1500,54,1500,54,1500,48,48,1037,1037,1037] + [ENTROPIES...: 5.8,5.9,4.5,4.2,4.4,5.3,4.7,5.3,3.9,5.4,5.3,4.8,5.8,7.8,4.5,7.8,4.6,7.8,4.6,7.8,4.6,4.1,7.8,4.7,7.6,4.7,7.8,4.9,4.8,7.8,7.8,7.7] idle: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Download][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/bot.pcap.out b/test/results/flow-info/bot.pcap.out index 60bbf1353..c450bcc22 100644 --- a/test/results/flow-info/bot.pcap.out +++ b/test/results/flow-info/bot.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] detected: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP.Azure][Cloud][Acceptable] analyse: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP.Azure][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.114| 0.014| 0.036| 1309.010| 0.000] - [PKTLEN......: 64.000| 1498.000| 1104.500| 631.200|398369.000| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.114| 0.014| 0.036| 1309.010| 2.200] + [PKTLEN......: 46.000| 1480.000| 1086.500| 631.200| 398369.000| 4.600] [BINS(c->s)..: 6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1] [IATS(ms)....: 0.4,106.5,0.0,106.7,7.6,0.1,0.1,0.1,0.0,0.0,0.8,0.0,0.0,0.0,114.2,0.3,105.4,0.1,0.0,0.0,0.1,0.0,0.0,0.0,0.2,0.0,0.1,0.0,0.8,0.1,0.5] - [PKTLENS.....: 66,66,64,374,64,1498,1498,1498,1498,1498,1498,1498,1498,1498,1498,64,64,1498,1498,1498,1498,1498,1498,1498,1498,1498,1498,1498,1498,64,64,1498] + [PKTLENS.....: 48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480] + [ENTROPIES...: 4.7,4.8,4.7,5.6,4.7,6.4,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.1,4.7,4.6,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.4,5.9,7.9,5.5,4.9,4.7,4.7,5.1] end: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP.Azure][Cloud][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/capwap.pcap.out b/test/results/flow-info/capwap.pcap.out index 75c06e6cd..2f61aca04 100644 --- a/test/results/flow-info/capwap.pcap.out +++ b/test/results/flow-info/capwap.pcap.out @@ -17,27 +17,29 @@ detected: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Network][Acceptable] update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Network][Acceptable] analyse: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 10.093| 0.751| 2.532|6409154.986| 0.000] - [PKTLEN......: 106.000| 1499.000| 512.200| 485.400|235625.000| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.093| 0.751| 2.532| 6409154.986| 1.600] + [PKTLEN......: 92.000| 1485.000| 498.200| 485.400| 235625.000| 4.400] [BINS(c->s)..: 0,0,5,3,0,0,0,0,0,1,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0] [BINS(s->c)..: 0,0,1,6,1,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0] [DIRECTIONS..: 0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,1,0] [IATS(ms)....: 0.8,9998.4,10093.4,96.4,2.6,0.0,0.1,182.4,0.0,0.1,314.1,135.3,2.7,0.2,111.8,0.0,157.3,0.0,325.7,280.1,0.0,39.5,0.0,39.5,0.3,2.1,1.0,0.5,0.5] - [PKTLENS.....: 156,156,115,106,147,590,590,360,590,590,179,329,420,137,1499,1499,1499,1451,1035,1451,475,155,123,139,155,139,123,891,155,123,139,875] + [PKTLENS.....: 142,142,101,92,133,576,576,346,576,576,165,315,406,123,1485,1485,1485,1437,1021,1437,461,141,109,125,141,125,109,877,141,109,125,861] + [ENTROPIES...: 3.9,3.9,4.8,4.6,5.4,6.6,6.9,6.4,6.9,6.8,6.4,7.1,7.1,5.5,7.9,7.9,7.9,7.9,7.8,7.8,7.5,6.3,5.8,6.0,6.3,6.0,5.8,7.8,6.3,5.8,6.1,7.7] new: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] detected: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Network][Acceptable] update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] ERROR-EVENT: Unknown packet type analyse: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.500| 4.000| 1.016| 0.875|765810.835| 0.000] - [PKTLEN......: 122.000| 325.000| 195.400| 58.400| 3415.700| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.500| 4.000| 1.016| 0.875| 765810.835| 4.600] + [PKTLEN......: 108.000| 311.000| 181.400| 58.400| 3415.700| 4.900] [BINS(c->s)..: 0,0,6,7,2,9,2,5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 500.0,500.0,499.9,3000.0,500.0,500.0,500.0,500.0,499.9,500.0,500.0,500.0,500.0,1000.0,1000.0,500.0,2999.8,1000.0,1000.0,500.0,1999.8,500.0,500.0,1000.0,500.0,1500.0,499.9,2000.0,1000.0,1000.0,3999.8] - [PKTLENS.....: 122,209,296,151,238,151,122,209,325,151,122,122,151,296,151,209,209,296,151,209,122,267,180,209,209,209,267,151,122,209,238,180] + [PKTLENS.....: 108,195,282,137,224,137,108,195,311,137,108,108,137,282,137,195,195,282,137,195,108,253,166,195,195,195,253,137,108,195,224,166] + [ENTROPIES...: 4.3,4.8,5.2,4.7,4.9,4.8,4.4,5.0,5.1,4.6,4.4,4.4,4.8,5.0,4.6,4.9,4.9,5.0,4.6,4.9,4.4,4.9,4.8,5.1,4.9,4.8,5.0,4.7,4.3,4.9,4.9,4.7] update: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Network][Acceptable] update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Network][Acceptable] update: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Network][Acceptable] diff --git a/test/results/flow-info/cassandra.pcap.out b/test/results/flow-info/cassandra.pcap.out index c151b6cc6..e109eb7e9 100644 --- a/test/results/flow-info/cassandra.pcap.out +++ b/test/results/flow-info/cassandra.pcap.out @@ -6,23 +6,25 @@ new: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] detected: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] analyse: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 26.002| 1.755| 6.369|40566842.720| 0.000] - [PKTLEN......: 66.000|25214.000| 1951.600| 5902.900|34844344.000| 2.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 26.002| 1.755| 6.369| 40566842.720| 1.300] + [PKTLEN......: 52.000|25200.000| 1937.600| 5902.900| 34844348.000| 2.000] [BINS(c->s)..: 9,2,3,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,2,2,1,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,0] [IATS(ms)....: 0.0,0.0,0.2,0.3,5.7,5.7,0.2,0.6,1.5,1.6,1.6,2.3,1.1,3.5,3.5,2.8,4.8,1.9,1.8,0.7,2.5,2.0,1.4,3.4,25963.2,26002.2,1164.0,1204.4,1.3,2.3,5.7] - [PKTLENS.....: 74,74,66,75,66,127,66,97,75,124,75,167,182,193,11145,66,119,557,387,380,257,66,21816,25214,66,124,66,140,147,139,144,157] + [PKTLENS.....: 60,60,52,61,52,113,52,83,61,110,61,153,168,179,11131,52,105,543,373,366,243,52,21802,25200,52,110,52,126,133,125,130,143] + [ENTROPIES...: 4.4,4.8,4.6,4.4,4.6,5.2,4.6,4.9,4.5,5.2,4.5,5.4,4.9,5.4,3.8,4.6,5.3,5.0,5.2,4.8,4.9,4.7,5.2,4.6,4.7,5.4,4.7,5.4,4.9,5.5,5.1,5.3] analyse: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 25.937| 2.293| 6.507|42345709.961| 0.000] - [PKTLEN......: 66.000|11512.000| 466.300| 1984.700|3939065.000| 1.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 25.937| 2.293| 6.507| 42345709.961| 2.000] + [PKTLEN......: 52.000|11498.000| 452.300| 1984.700| 3939065.000| 1.700] [BINS(c->s)..: 10,2,4,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.0,0.0,0.7,0.7,5.3,5.3,0.3,0.7,1.7,4.5,3.4,25897.1,25937.1,6.0,46.6,0.7,0.0,0.0,1.2,1.1,2.3,1.2,3.3,41.7,7689.9,7730.3,0.8,0.2,0.6,40.1,3670.2] - [PKTLENS.....: 74,74,66,75,66,127,66,97,75,140,11512,66,201,66,113,140,66,139,66,147,144,66,157,289,66,113,94,66,101,94,66,291] + [PKTLENS.....: 60,60,52,61,52,113,52,83,61,126,11498,52,187,52,99,126,52,125,52,133,130,52,143,275,52,99,80,52,87,80,52,277] + [ENTROPIES...: 4.4,4.8,4.7,4.5,4.7,5.2,4.7,4.9,4.6,5.3,3.9,4.8,5.7,4.7,5.2,5.4,4.7,5.5,4.7,4.9,5.1,4.8,5.3,5.1,4.7,5.2,4.9,4.6,5.0,4.8,4.6,5.7] end: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] end: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Database][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/check_mk_new.pcap.out b/test/results/flow-info/check_mk_new.pcap.out index 0e8139d09..88493f8b8 100644 --- a/test/results/flow-info/check_mk_new.pcap.out +++ b/test/results/flow-info/check_mk_new.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] detected: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][DataTransfer][Acceptable] analyse: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][DataTransfer][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.002| 0.001| 0.001| 0.660| 0.000] - [PKTLEN......: 66.000| 568.000| 109.500| 116.800|13650.400| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.002| 0.001| 0.001| 0.660| 4.300] + [PKTLEN......: 52.000| 554.000| 95.500| 116.800| 13650.400| 4.400] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 0.0,0.2,2.1,2.1,0.1,0.1,0.1,0.1,1.9,1.8,0.1,0.1,1.3,1.2,0.1,0.2,0.1,0.1,1.2,1.2,0.2,0.2,2.0,2.0,1.8,1.8,1.9,1.9,0.7,0.7,0.1] - [PKTLENS.....: 74,74,66,81,66,331,66,76,66,67,66,75,66,568,66,75,66,84,66,477,66,82,66,82,66,83,66,79,66,131,66,75] + [PKTLENS.....: 60,60,52,67,52,317,52,62,52,53,52,61,52,554,52,61,52,70,52,463,52,68,52,68,52,69,52,65,52,117,52,61] + [ENTROPIES...: 4.8,5.3,5.1,5.4,5.0,5.4,5.1,5.4,5.0,5.1,5.0,5.2,5.0,3.8,5.1,5.2,5.0,5.4,5.1,4.4,5.1,5.4,5.1,5.4,5.1,5.5,5.1,5.3,5.0,5.4,5.1,5.2] end: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][DataTransfer][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/chrome.pcap.out b/test/results/flow-info/chrome.pcap.out index 3da7f70df..b56fdf619 100644 --- a/test/results/flow-info/chrome.pcap.out +++ b/test/results/flow-info/chrome.pcap.out @@ -7,14 +7,15 @@ new: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] detected: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.629| 0.057| 0.154|23802.585| 0.000] - [PKTLEN......: 66.000| 1506.000| 619.400| 632.900|400560.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.629| 0.057| 0.154| 23802.585| 2.400] + [PKTLEN......: 52.000| 1492.000| 605.400| 632.900| 400560.700| 4.200] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,1,1] [IATS(ms)....: 28.8,28.9,0.3,29.8,7.0,0.2,36.6,0.5,0.5,13.6,0.3,42.3,0.0,0.2,0.0,28.6,0.0,627.9,1.2,629.0,0.1,0.2,0.3,0.1,0.3,0.3,1.1,131.1,160.1,5.6,0.1] - [PKTLENS.....: 78,74,66,583,66,1506,1506,66,772,66,146,816,66,66,369,369,66,66,1506,1506,66,1506,1506,66,1506,1485,66,66,717,66,1506,1506] + [PKTLENS.....: 64,60,52,569,52,1492,1492,52,758,52,132,802,52,52,355,355,52,52,1492,1492,52,1492,1492,52,1492,1471,52,52,703,52,1492,1492] + [ENTROPIES...: 4.4,5.2,4.9,4.4,5.0,7.8,7.9,5.0,7.7,5.1,6.2,7.7,5.1,5.1,7.4,7.4,5.0,5.1,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,5.0,7.7,5.1,7.9,7.9] detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] new: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] new: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] @@ -25,58 +26,63 @@ detected: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe] detected: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.469| 0.038| 0.110|12173.627| 0.000] - [PKTLEN......: 66.000| 1506.000| 631.100| 638.000|407026.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.469| 0.038| 0.110| 12173.627| 2.300] + [PKTLEN......: 52.000| 1492.000| 617.100| 638.000| 407026.800| 4.200] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,0,1,0,0] [IATS(ms)....: 28.5,28.6,0.6,28.4,2.8,30.5,2.0,28.4,0.1,26.4,441.8,468.8,1.7,1.4,30.2,0.1,0.1,0.2,0.1,0.1,0.2,0.1,0.1,0.3,0.2,0.3,0.5,0.8,26.0,25.3,1.8] - [PKTLENS.....: 78,74,66,701,66,326,66,146,66,369,66,783,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,66,1029,66,770] + [PKTLENS.....: 64,60,52,687,52,312,52,132,52,355,52,769,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,52,1015,52,756] + [ENTROPIES...: 4.4,5.3,4.9,7.1,5.1,6.9,5.0,6.3,5.2,7.4,5.1,7.7,5.1,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,4.9,7.9,7.9,5.0,7.9,7.9,5.0,4.9,7.8,5.0,7.7] detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.035| 0.006| 0.011| 126.441| 0.000] - [PKTLEN......: 66.000| 1506.000| 542.700| 598.400|358096.100| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.035| 0.006| 0.011| 126.441| 3.100] + [PKTLEN......: 52.000| 1492.000| 528.700| 598.400| 358096.100| 4.100] [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,1,0,0,0,0] [IATS(ms)....: 26.8,26.8,1.3,28.2,6.8,1.3,0.0,35.0,0.0,0.4,0.3,27.6,0.0,26.9,1.4,1.4,1.1,0.0,1.1,0.1,0.2,0.2,0.4,0.1,0.1,0.0,0.3,0.0,0.7,1.7] - [PKTLENS.....: 78,74,66,583,66,1506,1506,772,66,66,146,772,66,369,66,66,369,66,1506,1506,66,66,1506,1506,66,1506,1506,412,66,66,66,820] + [PKTLENS.....: 64,60,52,569,52,1492,1492,758,52,52,132,758,52,355,52,52,355,52,1492,1492,52,52,1492,1492,52,1492,1492,398,52,52,52,806] + [ENTROPIES...: 4.4,5.3,5.0,4.4,5.1,7.9,7.9,7.7,5.0,5.0,6.2,7.7,5.0,7.4,5.1,5.0,7.3,5.0,7.9,7.9,5.0,4.9,7.9,7.9,5.0,7.9,7.9,7.5,4.9,5.0,4.9,7.8] detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.031| 0.008| 0.012| 146.160| 0.000] - [PKTLEN......: 66.000| 1506.000| 713.600| 675.500|456346.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.031| 0.008| 0.012| 146.160| 3.400] + [PKTLEN......: 52.000| 1492.000| 699.600| 675.500| 456346.800| 4.200] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1] [IATS(ms)....: 29.3,29.3,0.9,29.0,2.5,30.7,0.6,0.3,26.2,1.1,2.3,28.7,1.8,0.2,2.0,0.4,0.5,0.9,0.1,0.1,0.2,0.1,0.1,0.3,0.1,0.9,26.9,0.1,26.2,1.5,0.1] - [PKTLENS.....: 78,74,66,701,66,326,66,146,772,66,66,369,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,66,1506,1506,66,1506,1506] + [PKTLENS.....: 64,60,52,687,52,312,52,132,758,52,52,355,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,52,1492,1492,52,1492,1492] + [ENTROPIES...: 4.5,5.3,5.1,7.1,5.1,7.0,5.0,6.3,7.7,5.1,5.1,7.4,5.1,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,5.1,7.9,4.9,7.9,7.9,5.0,7.9,7.9] detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.038| 0.007| 0.012| 150.077| 0.000] - [PKTLEN......: 66.000| 1506.000| 643.300| 651.900|424923.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.038| 0.007| 0.012| 150.077| 3.200] + [PKTLEN......: 52.000| 1492.000| 629.300| 651.900| 424923.800| 4.200] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1,0,1] [IATS(ms)....: 28.7,28.7,1.3,29.9,9.6,0.1,0.0,38.3,0.0,0.5,0.2,28.0,0.1,0.1,0.0,27.5,0.0,1.2,1.3,2.5,0.1,0.1,0.2,0.1,0.1,0.2,0.2,0.2,0.4,0.4,25.3] - [PKTLENS.....: 78,74,66,583,66,1506,1506,772,66,66,146,772,66,66,369,369,66,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,66,1506,66,1506] + [PKTLENS.....: 64,60,52,569,52,1492,1492,758,52,52,132,758,52,52,355,355,52,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,52,1492,52,1492] + [ENTROPIES...: 4.5,5.2,5.1,4.4,5.1,7.8,7.9,7.7,5.0,5.0,6.2,7.7,5.0,5.1,7.4,7.4,5.0,5.0,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,5.1,7.9,4.9,7.9,5.1,7.9] detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.032| 0.008| 0.013| 163.814| 0.000] - [PKTLEN......: 66.000| 1506.000| 623.700| 634.700|402848.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.032| 0.008| 0.013| 163.814| 3.300] + [PKTLEN......: 52.000| 1492.000| 609.700| 634.700| 402848.700| 4.200] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0] [IATS(ms)....: 29.8,29.8,1.1,30.0,2.5,31.5,0.4,0.2,32.0,0.0,0.0,31.5,1.0,0.1,1.1,0.1,0.2,0.1,0.1,0.1,0.1,0.2,0.5,0.1,0.6,0.1,1.5,27.3,0.1,26.1,4.6] - [PKTLENS.....: 78,74,66,701,66,326,66,146,772,66,369,66,66,1506,1506,66,1506,66,1506,66,1506,1506,66,1506,1506,66,1506,66,1506,799,66,775] + [PKTLENS.....: 64,60,52,687,52,312,52,132,758,52,355,52,52,1492,1492,52,1492,52,1492,52,1492,1492,52,1492,1492,52,1492,52,1492,785,52,761] + [ENTROPIES...: 4.4,5.3,5.0,7.1,5.1,6.9,5.0,6.2,7.7,5.0,7.4,5.1,4.9,7.9,7.9,5.0,7.8,4.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,4.9,7.9,7.7,5.0,7.7] detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe] end: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe] end: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/citrix.pcap.out b/test/results/flow-info/citrix.pcap.out index fec2906b5..22befc11e 100644 --- a/test/results/flow-info/citrix.pcap.out +++ b/test/results/flow-info/citrix.pcap.out @@ -2,13 +2,14 @@ new: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] detected: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Network][Acceptable] analyse: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.056| 0.005| 0.012| 154.959| 0.000] - [PKTLEN......: 64.000| 401.000| 114.300| 63.600| 4041.600| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.056| 0.005| 0.012| 154.959| 2.600] + [PKTLEN......: 50.000| 387.000| 100.300| 63.600| 4041.600| 4.800] [BINS(c->s)..: 5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0] [IATS(ms)....: 2.1,2.1,6.1,6.1,4.1,7.1,1.0,0.0,0.0,0.0,0.0,1.0,1.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,2.0,0.0,0.0,0.0,0.0,1.0,0.0,56.3,46.1,4.1,4.1] - [PKTLENS.....: 64,64,64,64,64,76,212,121,101,102,105,401,97,225,109,147,117,111,109,117,112,97,97,97,114,117,111,109,142,64,64,64] + [PKTLENS.....: 50,50,50,50,50,62,198,107,87,88,91,387,83,211,95,133,103,97,95,103,98,83,83,83,100,103,97,95,128,50,50,50] + [ENTROPIES...: 4.1,4.5,4.0,4.6,4.5,4.2,5.2,4.6,4.8,4.8,4.3,4.8,4.5,3.3,4.1,4.2,4.1,4.4,4.1,4.2,4.3,4.5,4.4,4.4,4.2,4.1,4.2,4.3,4.0,4.2,4.3,4.3] idle: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/coap_mqtt.pcap.out b/test/results/flow-info/coap_mqtt.pcap.out index 9e991ac3c..420bc9b38 100644 --- a/test/results/flow-info/coap_mqtt.pcap.out +++ b/test/results/flow-info/coap_mqtt.pcap.out @@ -46,83 +46,91 @@ detected: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][RPC][Acceptable] RISK: Known Proto on Non Std Port analyse: [....11] [ip4][..tcp] [...192.168.56.1][53528] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.439| 0.304| 1.061|1125807.423| 0.000] - [PKTLEN......: 54.000| 140.000| 76.300| 30.100| 907.000| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.439| 0.304| 1.061| 1125807.423| 1.600] + [PKTLEN......: 40.000| 126.000| 62.300| 30.100| 907.000| 4.900] [BINS(c->s)..: 11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1] [IATS(ms)....: 0.1,0.2,4.6,4.9,1.0,9.3,9.1,2.8,3.5,0.5,2.4,21.8,23.4,198.7,4438.9,4242.4,38.5,37.9,0.5,2.3,62.5,65.0,1.2,38.7,37.8,0.5,2.8,66.7,69.7,1.1,39.4] - [PKTLENS.....: 66,66,60,73,54,58,114,58,69,59,138,60,114,58,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54] + [PKTLENS.....: 52,52,46,59,40,44,100,44,55,45,124,46,100,44,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40] + [ENTROPIES...: 4.5,4.8,4.4,5.1,4.6,4.5,5.5,4.6,5.0,4.7,5.7,4.4,5.5,4.6,4.3,5.6,4.5,4.6,5.5,4.7,4.7,5.6,4.4,4.6,4.6,5.5,4.6,4.6,5.6,4.3,4.6,4.7] analyse: [.....9] [ip4][..tcp] [...192.168.56.1][53522] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 27.506| 1.802| 6.725|45219399.598| 0.000] - [PKTLEN......: 54.000| 140.000| 77.400| 32.800| 1072.600| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 27.506| 1.802| 6.725| 45219399.598| 1.200] + [PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800] [BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0] [IATS(ms)....: 0.7,199.1,27505.9,27310.4,42.7,40.0,0.1,0.5,60.4,61.2,1.6,38.9,37.7,0.6,2.9,66.3,69.5,1.2,39.6,39.1,1.0,2.4,62.7,65.3,1.8,40.5,38.7,0.2,6.2,66.7,73.1] - [PKTLENS.....: 60,56,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60] + [PKTLENS.....: 46,42,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46] + [ENTROPIES...: 4.5,4.6,4.3,5.6,4.7,4.6,5.5,4.6,4.7,5.6,4.4,4.7,4.5,5.6,4.6,4.8,5.6,4.4,4.7,4.6,5.5,4.6,4.7,5.6,4.4,4.7,4.6,5.5,4.7,4.8,5.6,4.4] analyse: [....10] [ip4][..tcp] [...192.168.56.1][53523] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 13.151| 0.876| 3.198|10225378.656| 0.000] - [PKTLEN......: 54.000| 140.000| 77.400| 32.800| 1072.600| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 13.151| 0.876| 3.198| 10225378.656| 1.400] + [PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800] [BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0] [IATS(ms)....: 0.4,199.9,13150.8,12952.3,38.6,38.0,0.5,2.1,62.6,65.0,1.0,38.8,38.1,0.5,2.6,66.8,69.6,1.2,39.5,39.1,1.0,2.4,62.9,65.5,0.8,40.2,39.5,0.2,5.6,67.5,73.2] - [PKTLENS.....: 60,56,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60] + [PKTLENS.....: 46,42,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46] + [ENTROPIES...: 4.4,4.7,4.3,5.6,4.7,4.6,5.5,4.6,4.7,5.6,4.4,4.7,4.6,5.5,4.7,4.8,5.6,4.4,4.7,4.7,5.5,4.7,4.7,5.6,4.4,4.7,4.7,5.5,4.7,4.8,5.6,4.4] analyse: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][RPC][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.074| 0.031| 0.027| 714.536| 0.000] - [PKTLEN......: 54.000| 140.000| 79.000| 33.200| 1105.200| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.074| 0.031| 0.027| 714.536| 4.300] + [PKTLEN......: 40.000| 126.000| 65.000| 33.200| 1105.200| 4.800] [BINS(c->s)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1] [IATS(ms)....: 2.0,38.6,37.1,0.5,2.4,62.3,64.9,0.8,38.7,38.1,0.5,2.3,67.3,69.7,0.7,39.4,39.5,0.9,2.3,63.2,65.6,1.6,40.3,38.7,0.2,6.1,67.2,73.5,2.5,42.4,39.9] - [PKTLENS.....: 140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114] + [PKTLENS.....: 126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100] + [ENTROPIES...: 5.6,4.6,4.6,5.5,4.6,4.7,5.6,4.3,4.6,4.6,5.5,4.5,4.6,5.6,4.3,4.6,4.7,5.5,4.6,4.6,5.6,4.4,4.7,4.6,5.5,4.7,4.8,5.6,4.4,4.6,4.7,5.5] new: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] detected: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 0.000] - [PKTLEN......: 59.000| 143.000| 99.600| 38.600| 1486.700| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900] + [PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800] [BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 1.8,103.9,104.0,109.0,108.5,105.4,105.9,113.8,113.7,106.8,107.1,109.4,109.0,108.9,116.0,117.8,112.3,110.6,110.8,109.9,107.9,108.0,108.0,113.1,114.0,110.8,110.4,107.4,111.2,109.5,105.1] - [PKTLENS.....: 138,61,137,60,136,59,143,66,139,62,136,59,138,61,138,61,140,63,137,60,138,61,137,60,137,60,137,60,143,66,136,59] + [PKTLENS.....: 124,47,123,46,122,45,129,52,125,48,122,45,124,47,124,47,126,49,123,46,124,47,123,46,123,46,123,46,129,52,122,45] + [ENTROPIES...: 5.5,5.0,5.5,5.1,5.5,5.0,5.7,5.2,5.6,5.1,5.5,5.0,5.6,5.0,5.5,5.0,5.6,5.1,5.5,5.0,5.5,5.0,5.5,5.0,5.5,5.1,5.5,5.1,5.7,5.3,5.6,5.0] new: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] detected: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 0.000] - [PKTLEN......: 60.000| 142.000| 100.500| 38.500| 1485.600| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900] + [PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900] [BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 2.4,112.9,114.3,107.8,108.1,108.0,108.0,109.5,111.4,119.1,118.3,117.0,117.0,127.7,125.1,114.0,113.0,120.2,120.9,111.5,111.3,105.6,107.8,113.8,112.0,122.6,125.5,113.0,110.0,123.5,125.7] - [PKTLENS.....: 137,60,141,64,140,63,142,65,137,60,139,62,140,63,139,62,137,60,138,61,142,65,140,63,137,60,137,60,137,60,141,64] + [PKTLENS.....: 123,46,127,50,126,49,128,51,123,46,125,48,126,49,125,48,123,46,124,47,128,51,126,49,123,46,123,46,123,46,127,50] + [ENTROPIES...: 5.5,5.0,5.6,5.1,5.6,5.0,5.7,5.2,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.1,5.5,5.1,5.6,5.1,5.6,5.1,5.5,4.9,5.5,5.1,5.5,5.0,5.5,5.1,5.7,5.2] new: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] detected: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 0.000] - [PKTLEN......: 60.000| 143.000| 101.200| 38.500| 1485.300| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900] + [PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900] [BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 1.3,105.0,107.1,122.6,124.6,114.9,120.4,119.7,111.5,123.9,123.0,105.4,109.4,122.9,120.1,118.0,119.4,130.1,131.4,131.3,129.0,120.1,121.3,112.3,114.8,128.9,125.5,128.0,127.0,125.1,128.5] - [PKTLENS.....: 139,62,143,66,139,62,140,63,140,63,137,60,137,60,137,60,142,65,140,63,141,64,139,62,139,62,142,65,141,64,140,63] + [PKTLENS.....: 125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49] + [ENTROPIES...: 5.5,5.1,5.6,5.2,5.6,5.0,5.6,5.1,5.7,5.1,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.2,5.6,5.0,5.7,5.2,5.6,5.1,5.6,5.1,5.6,5.2,5.6,5.1,5.6,5.0] analyse: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 0.000] - [PKTLEN......: 59.000| 143.000| 101.100| 38.600| 1487.100| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900] + [PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900] [BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 5.1,140.5,139.4,127.3,129.3,138.0,134.5,137.7,141.2,137.9,138.6,132.6,133.3,132.1,136.8,172.3,164.6,137.8,136.7,122.3,121.6,117.1,118.7,128.8,133.2,115.5,110.1,123.6,124.5,106.7,105.6] - [PKTLENS.....: 141,64,142,65,137,60,137,60,140,63,137,60,136,59,141,64,139,62,143,66,140,63,138,61,139,62,143,66,138,61,142,65] + [PKTLENS.....: 127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51] + [ENTROPIES...: 5.6,5.1,5.6,5.1,5.5,5.1,5.5,5.1,5.6,5.1,5.5,5.1,5.5,5.0,5.6,5.2,5.6,5.1,5.7,5.3,5.6,5.1,5.6,5.1,5.5,5.1,5.6,5.2,5.5,5.0,5.6,5.2] idle: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] idle: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] idle: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] diff --git a/test/results/flow-info/collectd.pcap.out b/test/results/flow-info/collectd.pcap.out index 87a17d965..1deed6e9f 100644 --- a/test/results/flow-info/collectd.pcap.out +++ b/test/results/flow-info/collectd.pcap.out @@ -34,14 +34,15 @@ update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] analyse: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 10.000| 8.710| 3.352|11236716.577| 0.000] - [PKTLEN......: 1353.000| 1388.000| 1371.600| 10.800| 116.600| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.000| 8.710| 3.352| 11236716.577| 4.800] + [PKTLEN......: 1339.000| 1374.000| 1357.600| 10.800| 116.600| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,26,4,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 9999.0,10000.5,9999.5,9999.9,9999.9,0.5,10000.0,10000.1,9999.7,10000.0,9999.9,10000.0,0.4,9999.8,9999.9,10000.1,9999.9,9999.8,10000.1,0.8,9999.6,9999.6,10000.2,10000.1,9999.9,9999.7,0.6,10000.1,9999.2,10000.4,9999.9] - [PKTLENS.....: 1385,1365,1371,1361,1365,1355,1369,1388,1379,1385,1386,1380,1386,1368,1375,1376,1353,1371,1368,1353,1365,1364,1367,1370,1384,1361,1381,1383,1388,1355,1359,1376] + [PKTLENS.....: 1371,1351,1357,1347,1351,1341,1355,1374,1365,1371,1372,1366,1372,1354,1361,1362,1339,1357,1354,1339,1351,1350,1353,1356,1370,1347,1367,1369,1374,1341,1345,1362] + [ENTROPIES...: 4.5,4.6,4.6,4.7,4.5,4.5,4.4,4.6,4.6,4.6,4.6,4.5,4.5,4.5,4.6,4.6,4.6,4.6,4.5,4.5,4.4,4.6,4.5,4.6,4.6,4.6,4.6,4.5,4.6,4.6,4.6,4.6] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] new: [.....8] [ip4][..udp] [......127.0.0.1][36832] -> [......127.0.0.1][25826] diff --git a/test/results/flow-info/dnp3.pcap.out b/test/results/flow-info/dnp3.pcap.out index 0f717b2f7..4b99ebe46 100644 --- a/test/results/flow-info/dnp3.pcap.out +++ b/test/results/flow-info/dnp3.pcap.out @@ -4,68 +4,73 @@ new: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] detected: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 120.146| 12.647| 35.851|1285324797.903| 0.000] - [PKTLEN......: 60.000| 79.000| 66.200| 6.800| 46.800| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 120.146| 12.647| 35.851| 1285324797.903| 0.400] + [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0] [IATS(ms)....: 0.2,0.4,1.6,151.6,2891.9,0.8,3043.1,21.2,212.0,120145.7] - [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,69,69,69,79,79,79,60,60,60,71,71,71,60,60,60,78,78] + [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64] + [ENTROPIES...: 4.3,4.3,4.3,4.7,4.7,4.7,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.8,4.8,4.8,5.1,5.1,5.1,4.1,4.1,4.1,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9] DAEMON-EVENT: [Processed: 39 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] detected: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 17.487| 5.095| 6.400|40966232.736| 0.000] - [PKTLEN......: 60.000| 78.000| 64.800| 7.100| 50.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 17.487| 5.095| 6.400| 40966232.736| 2.200] + [PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1] [IATS(ms)....: 0.2,0.4,1.5,181.2,17203.3,17487.3,4814.1,4907.0,3276.8,3079.9] - [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,78,78,78,60,60,60,78,78,78,60,60,60,60,60,60,60,60] + [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46] + [ENTROPIES...: 4.3,4.3,4.3,4.6,4.6,4.6,4.0,4.0,4.0,4.6,4.6,4.6,4.1,4.1,4.1,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1] DAEMON-EVENT: [Processed: 78 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] detected: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] end: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 82.989| 8.549| 24.817|615875493.233| 0.000] - [PKTLEN......: 60.000| 79.000| 66.200| 6.800| 46.800| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 82.989| 8.549| 24.817| 615875493.233| 0.200] + [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0] [IATS(ms)....: 0.2,0.4,1.5,145.0,996.9,0.8,1141.4,10.3,204.1,82989.4] - [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,69,69,69,79,79,79,60,60,60,71,71,71,60,60,60,78,78] + [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64] + [ENTROPIES...: 4.2,4.2,4.2,4.7,4.7,4.7,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.8,4.8,4.8,5.1,5.1,5.1,4.2,4.2,4.2,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9] DAEMON-EVENT: [Processed: 216 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] idle: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] detected: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 75.076| 22.122| 29.810|888614640.681| 0.000] - [PKTLEN......: 60.000| 77.000| 66.700| 5.900| 34.500| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 75.076| 22.122| 29.810| 888614640.681| 1.900] + [PKTLEN......: 46.000| 63.000| 52.700| 5.900| 34.500| 5.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1] [IATS(ms)....: 0.2,0.4,75028.6,75076.4,0.5,48.2,0.6,153.0,35338.8,35569.8] - [PKTLENS.....: 62,62,62,62,62,62,60,60,60,69,69,69,71,71,71,71,71,71,60,60,60,77,77,77,60,60,60,72,72,72,71,71] + [PKTLENS.....: 48,48,48,48,48,48,46,46,46,55,55,55,57,57,57,57,57,57,46,46,46,63,63,63,46,46,46,58,58,58,57,57] + [ENTROPIES...: 4.2,4.2,4.2,4.7,4.7,4.7,4.2,4.2,4.2,4.9,4.9,4.9,4.7,4.7,4.7,4.8,4.8,4.8,4.2,4.2,4.2,4.9,4.9,4.9,4.2,4.2,4.2,4.9,4.9,4.9,4.7,4.7] DAEMON-EVENT: [Processed: 351 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] detected: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.639| 0.563| 1.000|999705.674| 0.000] - [PKTLEN......: 60.000| 79.000| 66.200| 6.800| 46.100| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.639| 0.563| 1.000| 999705.674| 1.500] + [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.100| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0] [IATS(ms)....: 0.1,0.3,1.3,168.6,2471.1,0.8,2639.4,99.8,232.2,15.3] - [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,69,69,69,78,78,78,60,60,60,71,71,71,60,60,60,79,79] + [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,64,64,64,46,46,46,57,57,57,46,46,46,65,65] + [ENTROPIES...: 4.2,4.2,4.2,4.7,4.7,4.7,4.1,4.1,4.1,4.9,4.9,4.9,4.2,4.2,4.2,4.8,4.8,4.8,4.9,4.9,4.9,4.1,4.1,4.1,4.8,4.8,4.8,4.2,4.2,4.2,5.1,5.1] idle: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] DAEMON-EVENT: [Processed: 444 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -79,27 +84,29 @@ detected: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] idle: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 9.488| 2.471| 3.592|12904304.738| 0.000] - [PKTLEN......: 60.000| 78.000| 66.800| 7.000| 48.700| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 9.488| 2.471| 3.592| 12904304.738| 1.900] + [PKTLEN......: 46.000| 64.000| 52.800| 7.000| 48.700| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0] [IATS(ms)....: 0.2,0.4,1.4,192.8,9227.0,9487.8,187.1,2636.4,2814.1,167.8] - [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,78,78,78,71,71,71,60,60,60,78,78,78,71,71,71,60,60] + [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,57,57,57,46,46,46,64,64,64,57,57,57,46,46] + [ENTROPIES...: 4.2,4.2,4.2,4.6,4.6,4.6,4.0,4.0,4.0,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9,4.9,4.9,4.9,4.9,4.1,4.1,4.1,4.9,4.9,4.9,4.9,4.9,4.9,4.1,4.1] DAEMON-EVENT: [Processed: 504 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] new: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] detected: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] analyse: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.963| 1.541| 1.422|2023320.715| 0.000] - [PKTLEN......: 60.000| 78.000| 64.800| 7.100| 50.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.963| 1.541| 1.422| 2023320.715| 2.500] + [PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1] [IATS(ms)....: 0.2,0.4,1.5,125.3,3672.1,3963.2,1744.3,1702.4,2163.8,2038.6] - [PKTLENS.....: 62,62,62,62,62,62,60,60,60,71,71,71,60,60,60,78,78,78,60,60,60,78,78,78,60,60,60,60,60,60,60,60] + [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46] + [ENTROPIES...: 4.2,4.2,4.2,4.6,4.6,4.6,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.9,4.9,4.9,4.2,4.2,4.2,5.0,5.0,5.0,4.1,4.1,4.1,4.1,4.1,4.1,4.2,4.2] end: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] idle: [.....6] [ip4][..tcp] [.......10.0.0.8][.1159] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] idle: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][IoT-Scada][Acceptable] diff --git a/test/results/flow-info/dns-tunnel-iodine.pcap.out b/test/results/flow-info/dns-tunnel-iodine.pcap.out index 618d7b867..96f2b3993 100644 --- a/test/results/flow-info/dns-tunnel-iodine.pcap.out +++ b/test/results/flow-info/dns-tunnel-iodine.pcap.out @@ -6,14 +6,15 @@ detection-update: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable] RISK: Suspicious DNS Traffic analyse: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.003| 0.162| 0.368|135658.824| 0.000] - [PKTLEN......: 82.000| 1476.000| 246.600| 286.600|82112.700| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.003| 0.162| 0.368| 135658.824| 2.400] + [PKTLEN......: 68.000| 1462.000| 232.600| 286.600| 82112.700| 4.400] [BINS(c->s)..: 0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0] [IATS(ms)....: 0.1,0.9,1.1,5.8,5.7,0.4,0.3,0.2,0.2,0.2,0.2,0.2,0.2,0.2,0.2,0.2,0.2,0.3,0.6,0.4,0.2,0.3,0.5,0.4,0.2,0.2,1001.7,1002.3,1001.5,1003.0,1002.5] - [PKTLENS.....: 82,103,103,144,88,137,123,166,132,184,138,196,118,156,134,188,88,96,88,95,88,93,323,1092,323,1476,323,323,323,323,323,323] + [PKTLENS.....: 68,89,89,130,74,123,109,152,118,170,124,182,104,142,120,174,74,82,74,81,74,79,309,1078,309,1462,309,309,309,309,309,309] + [ENTROPIES...: 4.2,4.5,4.8,4.9,4.0,5.1,4.6,4.8,4.7,4.8,5.5,5.9,5.1,5.4,5.6,5.9,4.1,4.4,4.1,4.3,4.0,4.3,4.1,7.5,3.3,7.6,4.1,4.1,4.1,4.1,4.1,4.1] idle: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable] RISK: Suspicious DNS Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_doh.pcap.out b/test/results/flow-info/dns_doh.pcap.out index 293c91776..1de92abe0 100644 --- a/test/results/flow-info/dns_doh.pcap.out +++ b/test/results/flow-info/dns_doh.pcap.out @@ -5,13 +5,14 @@ detected: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] detection-update: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] analyse: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.535| 0.064| 0.132|17379.013| 0.000] - [PKTLEN......: 54.000| 1354.000| 230.900| 327.300|107137.200| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.535| 0.064| 0.132| 17379.013| 3.000] + [PKTLEN......: 40.000| 1340.000| 216.900| 327.300| 107137.200| 3.900] [BINS(c->s)..: 9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1] [IATS(ms)....: 87.1,87.2,1.8,92.2,0.0,0.0,90.4,0.5,1.5,0.9,26.1,0.9,0.1,0.1,102.7,7.8,0.0,0.0,83.4,0.0,17.9,147.6,535.3,0.7,88.8,0.1,525.4,0.0,10.7,0.0] - [PKTLENS.....: 78,66,54,571,54,1354,1354,54,54,503,54,118,224,297,133,54,591,404,85,54,54,54,85,54,116,147,116,157,54,54,258,85] + [PKTLENS.....: 64,52,40,557,40,1340,1340,40,40,489,40,104,210,283,119,40,577,390,71,40,40,40,71,40,102,133,102,143,40,40,244,71] + [ENTROPIES...: 4.4,4.8,4.5,5.4,4.7,7.8,7.9,4.6,4.5,7.5,4.6,5.7,6.9,7.2,6.3,4.7,7.6,7.4,5.7,4.7,4.7,4.7,5.7,4.8,6.1,6.4,6.0,6.4,4.8,4.7,7.1,5.6] idle: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_exfiltration.pcap.out b/test/results/flow-info/dns_exfiltration.pcap.out index b0b49f6f9..8332eb8b6 100644 --- a/test/results/flow-info/dns_exfiltration.pcap.out +++ b/test/results/flow-info/dns_exfiltration.pcap.out @@ -7,14 +7,15 @@ detection-update: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name analyse: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.004| 1.036| 0.914| 0.282|79410.348| 0.000] - [PKTLEN......: 101.000| 386.000| 146.400| 59.100| 3497.900| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.004| 1.036| 0.914| 0.282| 79410.348| 4.800] + [PKTLEN......: 87.000| 372.000| 132.400| 59.100| 3497.900| 4.900] [BINS(c->s)..: 0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 170.6,1035.5,866.5,1015.3,1015.6,4.6,4.0,1010.0,1010.4,1009.2,1009.1,1008.5,1008.4,1009.5,1009.4,1008.0,1008.1,1008.7,1008.6,1009.8,1009.8,1010.0,1010.1,1009.0,1008.9,1008.5,1008.4,1007.7,1007.8,1008.8,1008.7] - [PKTLENS.....: 215,386,166,286,136,193,101,148,101,148,101,156,101,148,101,158,101,158,101,156,101,148,101,158,101,158,101,158,101,148,101,148] + [PKTLENS.....: 201,372,152,272,122,179,87,134,87,134,87,142,87,134,87,144,87,144,87,142,87,134,87,144,87,144,87,144,87,134,87,134] + [ENTROPIES...: 4.7,4.7,4.8,4.8,4.7,4.9,4.7,4.9,4.6,4.8,4.6,4.9,4.6,4.8,4.6,4.9,4.6,4.8,4.6,4.8,4.6,4.8,4.7,4.9,4.6,4.9,4.6,4.9,4.7,4.8,4.5,4.9] update: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name idle: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] diff --git a/test/results/flow-info/doq_adguard.pcapng.out b/test/results/flow-info/doq_adguard.pcapng.out index cc2b34a0c..1bbbdf5d1 100644 --- a/test/results/flow-info/doq_adguard.pcapng.out +++ b/test/results/flow-info/doq_adguard.pcapng.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] detected: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Network][Fun] analyse: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Network][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.885| 0.161| 0.453|205274.628| 0.000] - [PKTLEN......: 73.000| 1294.000| 456.800| 522.900|273444.500| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.885| 0.161| 0.453| 205274.628| 2.400] + [PKTLEN......: 59.000| 1280.000| 442.800| 522.900| 273444.500| 4.100] [BINS(c->s)..: 4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1] [IATS(ms)....: 36.5,41.7,43.2,0.1,0.0,41.9,6.7,38.4,6.6,58.7,0.0,206.5,0.0,419.1,0.1,0.7,29.2,153.2,0.1,8.2,0.1,10.5,39.6,0.1,37.0,45.0,51.5,1830.4,0.1,0.0,1885.3] - [PKTLENS.....: 1274,182,1274,1294,1294,1284,97,98,198,95,1284,1284,1284,1284,269,73,97,98,83,306,154,100,73,83,437,73,84,73,101,103,103,83] + [PKTLENS.....: 1260,168,1260,1280,1280,1270,83,84,184,81,1270,1270,1270,1270,255,59,83,84,69,292,140,86,59,69,423,59,70,59,87,89,89,69] + [ENTROPIES...: 7.8,6.7,7.9,7.8,7.8,7.8,5.8,5.7,6.8,5.8,7.8,7.8,7.8,7.8,7.2,5.6,5.8,5.8,5.7,7.2,6.7,6.0,5.6,5.7,7.4,5.5,5.7,5.4,6.0,6.1,6.1,5.6] idle: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Network][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dos_win98_smb_netbeui.pcap.out b/test/results/flow-info/dos_win98_smb_netbeui.pcap.out index 47c71d3da..470c9cb9a 100644 --- a/test/results/flow-info/dos_win98_smb_netbeui.pcap.out +++ b/test/results/flow-info/dos_win98_smb_netbeui.pcap.out @@ -179,14 +179,15 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type analyse: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 96.434| 4.235| 17.262|297969697.948| 0.000] - [PKTLEN......: 110.000| 110.000| 110.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 96.434| 4.235| 17.262| 297969697.948| 1.500] + [PKTLEN......: 96.000| 96.000| 96.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 0.5,0.1,39.0,710.2,0.1,0.0,39.5,709.8,0.1,0.0,40.3,710.1,0.1,0.1,40.0,760.7,749.9,749.1,750.1,96434.4,763.9,760.0,756.0,755.2,752.2,756.6,760.0,22000.9,749.9,749.9,755.0] - [PKTLENS.....: 110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110,110] + [PKTLENS.....: 96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96] + [ENTROPIES...: 4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.3,4.3,4.3,4.3,4.3,4.3,4.3,4.2,4.4,4.4,4.4,4.4,4.3,4.3,4.3,4.3] idle: [.....2] [ip4][.icmp] [192.168.239.129] -> [......224.0.0.2] [ICMP][Network][Acceptable] idle: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable] idle: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137] [NetBIOS][System][Acceptable] diff --git a/test/results/flow-info/drda_db2.pcap.out b/test/results/flow-info/drda_db2.pcap.out index 5dd8b4b7c..25f6eef0d 100644 --- a/test/results/flow-info/drda_db2.pcap.out +++ b/test/results/flow-info/drda_db2.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] detected: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Database][Acceptable] analyse: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Database][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 17.986| 1.315| 4.366|19063346.561| 0.000] - [PKTLEN......: 54.000| 717.000| 197.000| 190.600|36335.200| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 17.986| 1.315| 4.366| 19063346.561| 1.800] + [PKTLEN......: 40.000| 703.000| 183.000| 190.600| 36335.200| 4.300] [BINS(c->s)..: 10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0] [IATS(ms)....: 0.5,0.5,117.3,117.7,0.7,9.1,43.4,966.1,1129.7,349.3,477.6,7.5,71.6,64.4,182.7,413.2,622.4,30.3,5.5,2.6,0.5,1.6,2.0,1.6,1.1,154.3,17828.3,17986.1,9.9,7.0,168.4] - [PKTLENS.....: 62,62,54,229,54,161,318,54,295,54,717,54,524,64,108,54,296,684,144,65,64,108,322,455,64,108,54,383,466,64,108,54] + [PKTLENS.....: 48,48,40,215,40,147,304,40,281,40,703,40,510,50,94,40,282,670,130,51,50,94,308,441,50,94,40,369,452,50,94,40] + [ENTROPIES...: 4.4,4.7,4.7,5.6,4.7,5.5,5.5,4.6,5.4,4.7,5.5,4.7,4.4,4.8,5.0,4.8,5.6,5.1,4.7,4.9,4.8,5.0,5.4,4.3,4.8,5.0,4.7,5.0,4.3,4.8,5.1,4.6] end: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Database][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dropbox.pcap.out b/test/results/flow-info/dropbox.pcap.out index 33bb4d167..ebfc6bf20 100644 --- a/test/results/flow-info/dropbox.pcap.out +++ b/test/results/flow-info/dropbox.pcap.out @@ -6,45 +6,49 @@ new: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] detected: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 0.000] - [PKTLEN......: 59.000| 143.000| 99.600| 38.600| 1486.700| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900] + [PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800] [BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 1.8,103.9,104.0,109.0,108.5,105.4,105.9,113.8,113.7,106.8,107.1,109.4,109.0,108.9,116.0,117.8,112.3,110.6,110.8,109.9,107.9,108.0,108.0,113.1,114.0,110.8,110.4,107.4,111.2,109.5,105.1] - [PKTLENS.....: 138,61,137,60,136,59,143,66,139,62,136,59,138,61,138,61,140,63,137,60,138,61,137,60,137,60,137,60,143,66,136,59] + [PKTLENS.....: 124,47,123,46,122,45,129,52,125,48,122,45,124,47,124,47,126,49,123,46,124,47,123,46,123,46,123,46,129,52,122,45] + [ENTROPIES...: 5.5,5.0,5.5,5.1,5.5,5.0,5.7,5.2,5.6,5.1,5.5,5.0,5.6,5.0,5.5,5.0,5.6,5.1,5.5,5.0,5.5,5.0,5.5,5.0,5.5,5.1,5.5,5.1,5.7,5.3,5.6,5.0] new: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] detected: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 0.000] - [PKTLEN......: 60.000| 142.000| 100.500| 38.500| 1485.600| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900] + [PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900] [BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 2.4,112.9,114.3,107.8,108.1,108.0,108.0,109.5,111.4,119.1,118.3,117.0,117.0,127.7,125.1,114.0,113.0,120.2,120.9,111.5,111.3,105.6,107.8,113.8,112.0,122.6,125.5,113.0,110.0,123.5,125.7] - [PKTLENS.....: 137,60,141,64,140,63,142,65,137,60,139,62,140,63,139,62,137,60,138,61,142,65,140,63,137,60,137,60,137,60,141,64] + [PKTLENS.....: 123,46,127,50,126,49,128,51,123,46,125,48,126,49,125,48,123,46,124,47,128,51,126,49,123,46,123,46,123,46,127,50] + [ENTROPIES...: 5.5,5.0,5.6,5.1,5.6,5.0,5.7,5.2,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.1,5.5,5.1,5.6,5.1,5.6,5.1,5.5,4.9,5.5,5.1,5.5,5.0,5.5,5.1,5.7,5.2] new: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] detected: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] analyse: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 0.000] - [PKTLEN......: 60.000| 143.000| 101.200| 38.500| 1485.300| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900] + [PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900] [BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 1.3,105.0,107.1,122.6,124.6,114.9,120.4,119.7,111.5,123.9,123.0,105.4,109.4,122.9,120.1,118.0,119.4,130.1,131.4,131.3,129.0,120.1,121.3,112.3,114.8,128.9,125.5,128.0,127.0,125.1,128.5] - [PKTLENS.....: 139,62,143,66,139,62,140,63,140,63,137,60,137,60,137,60,142,65,140,63,141,64,139,62,139,62,142,65,141,64,140,63] + [PKTLENS.....: 125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49] + [ENTROPIES...: 5.5,5.1,5.6,5.2,5.6,5.0,5.6,5.1,5.7,5.1,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.2,5.6,5.0,5.7,5.2,5.6,5.1,5.6,5.1,5.6,5.2,5.6,5.1,5.6,5.0] analyse: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 0.000] - [PKTLEN......: 59.000| 143.000| 101.100| 38.600| 1487.100| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900] + [PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900] [BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 5.1,140.5,139.4,127.3,129.3,138.0,134.5,137.7,141.2,137.9,138.6,132.6,133.3,132.1,136.8,172.3,164.6,137.8,136.7,122.3,121.6,117.1,118.7,128.8,133.2,115.5,110.1,123.6,124.5,106.7,105.6] - [PKTLENS.....: 141,64,142,65,137,60,137,60,140,63,137,60,136,59,141,64,139,62,143,66,140,63,138,61,139,62,143,66,138,61,142,65] + [PKTLENS.....: 127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51] + [ENTROPIES...: 5.6,5.1,5.6,5.1,5.5,5.1,5.5,5.1,5.6,5.1,5.5,5.1,5.5,5.0,5.6,5.2,5.6,5.1,5.7,5.3,5.6,5.1,5.6,5.1,5.5,5.1,5.6,5.2,5.5,5.0,5.6,5.2] DAEMON-EVENT: [Processed: 800 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] diff --git a/test/results/flow-info/emotet.pcap.out b/test/results/flow-info/emotet.pcap.out index 251633348..0af7f09a8 100644 --- a/test/results/flow-info/emotet.pcap.out +++ b/test/results/flow-info/emotet.pcap.out @@ -4,27 +4,29 @@ new: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] detected: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Email][Acceptable] analyse: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Email][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.056| 0.539| 0.774|599161.176| 0.000] - [PKTLEN......: 54.000| 752.000| 94.800| 121.900|14849.500| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.056| 0.539| 0.774| 599161.176| 3.700] + [PKTLEN......: 40.000| 738.000| 80.800| 121.900| 14849.500| 4.300] [BINS(c->s)..: 8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0] [IATS(ms)....: 749.5,749.7,1106.3,1106.8,0.8,369.8,370.6,0.9,325.6,326.2,0.5,0.3,0.7,841.2,842.4,0.9,0.4,0.4,3054.7,3056.4,1.6,247.2,247.8,0.5,1205.1,1205.6,0.4,443.0,443.6,0.7,0.3] - [PKTLENS.....: 66,58,54,108,75,54,214,66,54,72,86,54,56,54,72,70,54,56,54,94,91,54,100,87,54,101,60,54,62,93,54,752] + [PKTLENS.....: 52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738] + [ENTROPIES...: 4.6,5.0,5.0,5.5,5.4,4.8,5.7,5.4,4.8,5.5,5.7,4.8,5.0,4.7,5.3,5.4,4.8,4.9,4.8,5.3,5.6,4.8,5.4,5.6,4.8,5.5,5.1,4.8,5.1,5.3,4.8,5.6] DAEMON-EVENT: [Processed: 626 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Web][Acceptable] analyse: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.204| 0.029| 0.060| 3581.477| 0.000] - [PKTLEN......: 54.000| 1415.000| 834.000| 663.100|439751.800| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.204| 0.029| 0.060| 3581.477| 2.700] + [PKTLEN......: 40.000| 1401.000| 820.000| 663.100| 439751.800| 4.400] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] [IATS(ms)....: 115.8,115.9,0.3,0.5,204.2,0.1,204.4,0.4,0.2,0.6,0.2,0.2,0.4,0.2,0.5,0.7,0.2,0.2,0.5,115.0,0.2,115.3,0.3,0.3,0.6,9.2,0.2,9.5,0.5,0.2,0.7] - [PKTLENS.....: 66,58,54,500,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54,1415,1415,54] + [PKTLENS.....: 52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40] + [ENTROPIES...: 4.7,4.9,4.7,5.8,4.6,7.4,7.7,4.7,7.8,7.8,4.7,7.8,7.9,4.7,7.8,7.9,4.8,7.8,7.9,4.7,7.9,7.8,4.8,7.9,7.9,4.8,7.9,7.8,4.7,7.8,7.8,4.8] end: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Email][Acceptable] DAEMON-EVENT: [Processed: 834 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -33,14 +35,15 @@ detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] RISK: Binary App Transfer analyse: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.261| 0.031| 0.066| 4320.020| 0.000] - [PKTLEN......: 60.000| 1442.000| 671.700| 680.400|462891.900| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.261| 0.031| 0.066| 4320.020| 3.000] + [PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100] [BINS(c->s)..: 16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 97.3,97.5,0.4,260.9,260.4,3.2,3.2,9.5,9.5,6.2,0.1,6.3,0.1,0.1,0.1,0.2,0.1,0.1,0.2,0.2,0.0,2.6,2.7,60.6,60.7,9.9,9.8,15.1,15.1,12.9,12.9] - [PKTLENS.....: 66,62,60,279,1442,60,1442,60,1442,60,1442,1442,60,1442,60,1442,60,1442,60,1442,60,60,1442,60,1442,60,1442,60,1442,60,1442,60] + [PKTLENS.....: 52,48,46,265,1428,46,1428,46,1428,46,1428,1428,46,1428,46,1428,46,1428,46,1428,46,46,1428,46,1428,46,1428,46,1428,46,1428,46] + [ENTROPIES...: 4.6,5.0,4.3,5.7,4.8,4.4,5.5,4.3,6.0,4.3,6.0,6.2,4.3,5.9,4.4,4.4,4.4,4.5,4.3,4.5,4.4,4.4,4.6,4.4,4.5,4.4,4.5,4.3,4.6,4.3,4.6,4.4] end: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Web][Acceptable] DAEMON-EVENT: [Processed: 1663 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] @@ -50,14 +53,15 @@ detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer, HTTP Suspicious User-Agent analyse: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.292| 0.042| 0.080| 6342.811| 0.000] - [PKTLEN......: 60.000| 1442.000| 892.900| 652.600|425943.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.292| 0.042| 0.080| 6342.811| 2.900] + [PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500] [BINS(c->s)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,18,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0] [IATS(ms)....: 184.2,184.5,0.2,171.8,120.6,0.1,0.1,292.2,2.7,0.1,0.1,0.1,2.9,2.7,0.1,0.1,3.0,164.7,0.1,0.1,164.8,2.8,0.1,0.1,3.0,2.9,0.1,0.1,0.2,3.2,0.1] - [PKTLENS.....: 66,66,60,206,60,626,1442,1442,60,1442,1442,1442,1114,60,1442,1442,1442,60,1442,1442,1442,60,1442,1442,1442,60,1442,1442,1442,1442,60,60] + [PKTLENS.....: 52,52,46,192,46,612,1428,1428,46,1428,1428,1428,1100,46,1428,1428,1428,46,1428,1428,1428,46,1428,1428,1428,46,1428,1428,1428,1428,46,46] + [ENTROPIES...: 4.7,4.8,4.5,5.7,4.4,5.6,4.0,5.1,4.5,5.1,5.0,5.3,5.5,4.5,5.1,5.2,5.5,4.5,5.2,5.1,5.3,4.5,5.4,5.1,5.1,4.4,5.2,5.4,5.4,4.9,4.5,4.4] end: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] RISK: Binary App Transfer new: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] @@ -66,14 +70,15 @@ detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.263| 0.117| 0.292|85184.340| 0.000] - [PKTLEN......: 60.000| 1442.000| 696.000| 663.200|439900.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.263| 0.117| 0.292| 85184.340| 2.700] + [PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200] [BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0,1,1] [IATS(ms)....: 109.4,109.6,14.1,123.8,13.2,122.9,52.7,132.9,80.3,6.5,151.9,1117.1,0.1,0.2,1262.5,0.1,2.9,0.1,3.1,96.9,0.1,96.9,3.1,0.1,0.2,0.1,3.3,0.1,2.9,0.1] - [PKTLENS.....: 66,66,60,203,60,1432,60,147,296,60,534,60,1442,1442,1442,60,60,1442,1442,66,1442,1442,74,1442,1442,1442,1442,74,74,74,1442,1442] + [PKTLENS.....: 52,52,46,189,46,1418,46,133,282,46,520,46,1428,1428,1428,46,46,1428,1428,52,1428,1428,60,1428,1428,1428,1428,60,60,60,1428,1428] + [ENTROPIES...: 4.7,4.9,4.5,5.4,4.6,7.5,4.6,5.9,7.1,4.5,7.5,4.5,7.9,7.9,7.9,4.5,4.5,7.9,7.9,5.0,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,5.1,5.1,7.8,7.9] detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] diff --git a/test/results/flow-info/ethereum.pcap.out b/test/results/flow-info/ethereum.pcap.out index 6fd239ca7..6db558b01 100644 --- a/test/results/flow-info/ethereum.pcap.out +++ b/test/results/flow-info/ethereum.pcap.out @@ -56,26 +56,28 @@ detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.063| 0.008| 0.018| 335.828| 0.000] - [PKTLEN......: 60.000| 561.000| 105.200| 114.100|13011.400| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.063| 0.008| 0.018| 335.828| 2.400] + [PKTLEN......: 46.000| 547.000| 91.200| 114.100| 13011.400| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 42.9,43.0,2.2,63.5,0.8,0.0,62.1,0.0,0.4,0.3,0.4,0.4,0.1,0.0,0.1,0.0,0.1,0.2,0.3,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,27.6,0.0] - [PKTLENS.....: 78,74,66,561,66,514,98,66,66,67,66,68,66,79,82,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] + [PKTLENS.....: 64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] + [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.1,5.3,5.1,5.3,5.1,5.5,5.7,5.1,5.1,5.2,5.1,5.8,5.2,6.7,5.2,5.5,5.9,5.2,5.2,5.5,5.5,5.1,3.7,3.7] new: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] detected: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.063| 0.009| 0.019| 355.411| 0.000] - [PKTLEN......: 66.000| 612.000| 121.800| 122.800|15078.800| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.063| 0.009| 0.019| 355.411| 2.700] + [PKTLEN......: 52.000| 598.000| 107.800| 122.800| 15078.800| 4.400] [BINS(c->s)..: 14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1] [IATS(ms)....: 42.9,43.0,1.9,62.9,2.0,0.0,0.0,0.0,0.0,63.0,0.0,0.0,0.0,0.1,0.1,0.0,1.3,0.0,0.1,0.0,0.1,0.4,0.0,0.0,0.0,0.1,32.2,0.0,0.0,30.2,0.8] - [PKTLENS.....: 78,74,66,612,66,470,98,67,222,69,66,66,66,66,82,66,66,98,67,190,69,82,98,67,114,81,82,78,78,78,338,78] + [PKTLENS.....: 64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64] + [ENTROPIES...: 4.4,5.4,5.1,7.7,5.2,7.5,6.0,5.2,6.9,5.3,5.1,5.0,5.0,5.0,5.5,5.0,5.0,5.9,5.0,6.8,5.2,5.4,5.9,5.0,6.0,5.4,5.4,5.2,5.2,5.2,7.3,5.2] detected: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol detected: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [Mining][Mining][Unsafe] @@ -88,14 +90,15 @@ detected: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.070| 0.011| 0.024| 583.849| 0.000] - [PKTLEN......: 60.000| 578.000| 104.300| 111.300|12394.700| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.070| 0.011| 0.024| 583.849| 2.400] + [PKTLEN......: 46.000| 564.000| 90.300| 111.300| 12394.700| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 70.0,70.2,1.4,62.1,2.1,0.0,0.0,0.0,0.0,0.0,62.7,0.0,0.0,0.0,0.0,0.0,0.1,0.1,0.6,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.1,0.0,63.7,0.0] - [PKTLENS.....: 78,74,66,578,66,468,98,67,68,79,82,66,66,66,66,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] + [PKTLENS.....: 64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] + [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.9,5.3,5.3,5.5,5.6,5.1,5.0,5.0,5.0,5.1,5.1,5.3,5.1,6.0,5.2,6.7,5.2,5.5,5.8,5.1,5.2,5.5,5.6,5.1,3.6,3.6] new: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] detected: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -107,14 +110,15 @@ detected: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.073| 0.008| 0.018| 321.083| 0.000] - [PKTLEN......: 60.000| 487.000| 99.000| 93.300| 8701.200| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.073| 0.008| 0.018| 321.083| 2.400] + [PKTLEN......: 46.000| 473.000| 85.000| 93.300| 8701.200| 4.500] [BINS(c->s)..: 15,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1] [IATS(ms)....: 36.4,36.5,1.5,44.0,0.5,0.0,0.1,0.0,0.0,43.1,0.0,0.0,0.0,0.0,0.7,0.0,0.1,0.0,0.0,0.1,0.1,0.1,0.0,0.0,0.0,72.9,0.0,0.0,0.7,0.0,0.0] - [PKTLENS.....: 78,74,66,487,66,406,98,67,68,95,66,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60,60,60,60,60] + [PKTLENS.....: 64,60,52,473,52,392,84,53,54,81,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46] + [ENTROPIES...: 4.4,5.4,5.1,7.5,5.3,7.4,6.0,5.2,5.3,5.9,5.1,5.1,5.1,5.0,5.1,5.9,5.1,6.7,5.2,5.6,5.9,5.2,5.2,5.5,5.6,5.1,5.3,4.0,3.9,4.0,4.0,4.0] detected: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol detected: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [Mining][Mining][Unsafe] @@ -134,23 +138,25 @@ detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.079| 0.012| 0.027| 705.641| 0.000] - [PKTLEN......: 60.000| 545.000| 104.400| 111.100|12335.600| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.079| 0.012| 0.027| 705.641| 2.400] + [PKTLEN......: 46.000| 531.000| 90.400| 111.100| 12335.600| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 68.5,68.6,1.4,78.1,1.9,0.1,78.6,0.0,0.2,0.0,0.0,0.2,0.0,0.0,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,67.2,0.0] - [PKTLENS.....: 78,74,66,545,66,505,98,66,66,67,68,79,66,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] + [PKTLENS.....: 64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] + [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,6.0,5.2,5.1,5.3,5.3,5.6,5.1,5.1,5.1,5.6,5.3,5.1,5.1,5.9,5.2,6.8,5.3,5.6,5.9,5.1,5.2,5.5,5.6,5.1,3.9,3.9] analyse: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.077| 0.012| 0.026| 688.970| 0.000] - [PKTLEN......: 60.000| 508.000| 101.100| 105.300|11090.000| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.077| 0.012| 0.026| 688.970| 2.400] + [PKTLEN......: 46.000| 494.000| 87.100| 105.300| 11090.000| 4.400] [BINS(c->s)..: 13,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 74.2,74.3,1.2,77.3,76.1,0.7,0.0,0.6,0.0,0.2,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,52.0,0.0,0.2,0.0,0.0,0.0,0.1,0.0,0.0,0.0,0.1] - [PKTLENS.....: 78,74,66,508,488,66,98,98,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60,60,60,60,60,60,60,60] + [PKTLENS.....: 64,60,52,494,474,52,84,84,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46,46] + [ENTROPIES...: 4.4,5.4,5.1,7.6,7.5,5.1,5.9,6.0,5.1,5.1,6.0,5.2,6.8,5.3,5.6,5.7,5.0,5.2,5.5,5.6,5.1,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7] new: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] new: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] new: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] @@ -160,14 +166,15 @@ detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.164| 0.023| 0.053| 2778.035| 0.000] - [PKTLEN......: 60.000| 536.000| 103.000| 105.000|11031.500| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.164| 0.023| 0.053| 2778.035| 2.400] + [PKTLEN......: 46.000| 522.000| 89.000| 105.000| 11031.500| 4.500] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 134.4,134.5,2.0,164.5,0.7,163.1,0.2,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.2,0.2,0.4,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,112.9,0.0] - [PKTLENS.....: 78,74,66,461,66,536,66,98,67,66,66,68,79,82,66,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60] + [PKTLENS.....: 64,60,52,447,52,522,52,84,53,52,52,54,65,68,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] + [ENTROPIES...: 4.4,5.3,5.0,7.5,5.1,7.6,4.9,6.0,5.2,5.0,5.0,5.3,5.6,5.6,5.0,5.0,4.9,5.1,5.0,5.9,5.1,6.8,5.2,5.5,5.9,5.1,5.1,5.5,5.5,5.0,5.1,3.7] detected: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol detected: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [Mining][Mining][Unsafe] @@ -176,26 +183,28 @@ new: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] new: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] analyse: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.043| 0.007| 0.014| 203.606| 0.000] - [PKTLEN......: 66.000| 560.000| 120.000| 112.400|12624.200| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.043| 0.007| 0.014| 203.606| 2.800] + [PKTLEN......: 52.000| 546.000| 106.000| 112.400| 12624.200| 4.500] [BINS(c->s)..: 13,3,0,2,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1] [IATS(ms)....: 32.6,32.7,1.1,41.2,3.0,43.1,1.1,0.0,0.1,0.0,0.0,2.2,0.0,0.0,1.1,0.0,0.0,0.1,0.1,0.4,0.0,0.0,0.0,0.1,33.8,0.0,0.0,0.0,33.3,0.0,0.1] - [PKTLENS.....: 78,74,66,481,66,560,66,98,67,190,69,82,98,67,209,66,66,66,82,66,98,67,114,81,82,78,78,78,78,226,178,66] + [PKTLENS.....: 64,60,52,467,52,546,52,84,53,176,55,68,84,53,195,52,52,52,68,52,84,53,100,67,68,64,64,64,64,212,164,52] + [ENTROPIES...: 4.5,5.4,5.1,7.6,5.2,7.6,5.0,5.9,5.0,6.7,5.2,5.5,6.1,5.2,6.8,5.0,5.1,5.1,5.6,5.1,5.9,5.2,6.1,5.6,5.5,5.1,5.1,5.2,5.1,6.9,6.7,5.2] new: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] detected: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.158| 0.021| 0.049| 2374.200| 0.000] - [PKTLEN......: 60.000| 497.000| 101.300| 103.800|10779.300| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.158| 0.021| 0.049| 2374.200| 2.400] + [PKTLEN......: 46.000| 483.000| 87.300| 103.800| 10779.300| 4.400] [BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] [IATS(ms)....: 158.1,158.1,1.9,112.7,1.0,0.0,111.8,0.0,0.1,0.0,0.1,0.0,0.9,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,111.1,0.0,0.8,0.0,0.0,0.0,0.0,0.0] - [PKTLENS.....: 78,74,66,497,66,489,98,66,66,82,82,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60,60,60,60,60] + [PKTLENS.....: 64,60,52,483,52,475,84,52,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46] + [ENTROPIES...: 4.5,5.3,5.1,7.6,5.2,7.5,5.9,5.1,5.2,5.7,5.6,5.1,5.2,5.8,5.1,6.7,5.1,5.4,5.8,5.1,5.1,5.4,5.5,5.0,3.6,3.6,3.6,3.6,3.6,3.6,3.6,3.6] new: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] detected: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -208,36 +217,39 @@ RISK: Unsafe Protocol new: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] analyse: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.202| 0.031| 0.071| 5088.628| 0.000] - [PKTLEN......: 60.000| 556.000| 105.800| 115.500|13350.200| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.202| 0.031| 0.071| 5088.628| 2.400] + [PKTLEN......: 46.000| 542.000| 91.800| 115.500| 13350.200| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 195.0,195.1,1.2,202.3,0.3,0.0,201.3,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.1,0.1,0.6,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,175.4,0.4] - [PKTLENS.....: 78,74,66,556,66,533,98,66,66,67,66,68,79,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60] + [PKTLENS.....: 64,60,52,542,52,519,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] + [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.2,5.3,5.2,5.3,5.5,5.2,5.2,5.6,5.2,5.2,5.2,5.7,5.1,6.7,5.1,5.5,5.8,5.0,5.1,5.5,5.4,5.1,5.2,3.7] detected: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.109| 0.018| 0.040| 1575.808| 0.000] - [PKTLEN......: 60.000| 637.000| 109.600| 130.900|17130.100| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.109| 0.018| 0.040| 1575.808| 2.400] + [PKTLEN......: 46.000| 623.000| 95.600| 130.900| 17130.100| 4.300] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1] [IATS(ms)....: 107.6,107.7,1.5,109.0,1.8,109.4,0.7,0.0,0.1,0.0,0.1,1.0,0.2,0.1,0.1,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.0,0.0,0.1,0.0,0.0,0.0,107.1,0.0] - [PKTLENS.....: 78,74,66,637,66,579,66,98,67,190,69,82,98,66,67,66,68,66,79,82,66,66,98,66,67,66,68,79,82,66,60,60] + [PKTLENS.....: 64,60,52,623,52,565,52,84,53,176,55,68,84,52,53,52,54,52,65,68,52,52,84,52,53,52,54,65,68,52,46,46] + [ENTROPIES...: 4.5,5.4,5.1,7.7,5.2,7.7,5.2,5.9,5.2,6.9,5.2,5.6,5.9,5.1,5.2,5.1,5.3,5.1,5.6,5.7,5.1,5.1,5.8,5.2,5.2,5.1,5.1,5.3,5.6,5.1,4.0,4.0] new: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] new: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.049| 0.009| 0.018| 316.609| 0.000] - [PKTLEN......: 66.000| 535.000| 106.900| 97.800| 9570.500| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.049| 0.009| 0.018| 316.609| 2.700] + [PKTLEN......: 52.000| 521.000| 92.900| 97.800| 9570.500| 4.500] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1] [IATS(ms)....: 44.4,44.5,1.1,47.4,2.6,0.0,48.9,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.6,0.0,0.1,0.0,0.1,0.4,0.0,0.0,0.0,0.1,43.3,0.5,42.7,0.2,0.0] - [PKTLENS.....: 78,74,66,535,66,384,98,66,66,67,66,191,68,66,66,82,66,98,67,190,69,82,98,67,114,81,82,66,98,66,67,70] + [PKTLENS.....: 64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56] + [ENTROPIES...: 4.5,5.4,5.1,7.6,5.1,7.5,5.9,5.0,5.0,5.2,5.1,6.7,5.3,5.0,5.0,5.7,5.1,5.9,5.2,6.7,5.2,5.5,5.8,5.1,6.1,5.5,5.6,5.1,5.9,5.0,5.2,5.4] new: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] detected: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -246,117 +258,128 @@ detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.052| 0.010| 0.019| 354.234| 0.000] - [PKTLEN......: 66.000| 476.000| 107.900| 97.700| 9536.300| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.052| 0.010| 0.019| 354.234| 2.800] + [PKTLEN......: 52.000| 462.000| 93.900| 97.700| 9536.300| 4.500] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1] [IATS(ms)....: 47.2,47.4,1.6,49.5,3.7,51.6,0.8,0.0,1.0,0.1,0.0,0.0,0.0,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.4,0.0,0.0,0.0,0.1,45.6,1.1,0.0,46.3,0.1] - [PKTLENS.....: 78,74,66,476,66,448,66,98,67,98,190,66,69,82,67,66,222,66,69,66,82,66,98,67,114,81,82,66,66,98,66,67] + [PKTLENS.....: 64,60,52,462,52,434,52,84,53,84,176,52,55,68,53,52,208,52,55,52,68,52,84,53,100,67,68,52,52,84,52,53] + [ENTROPIES...: 4.5,5.3,5.1,7.5,5.2,7.4,5.0,5.8,5.1,5.9,6.7,5.1,5.2,5.4,5.2,5.1,6.9,5.1,5.3,5.1,5.4,5.1,5.6,5.1,6.0,5.4,5.5,5.2,5.2,5.8,5.1,5.2] new: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] detected: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol detected: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.262| 0.038| 0.087| 7588.779| 0.000] - [PKTLEN......: 60.000| 519.000| 104.200| 109.100|11904.300| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.262| 0.038| 0.087| 7588.779| 2.300] + [PKTLEN......: 46.000| 505.000| 90.200| 109.100| 11904.300| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 261.7,261.8,1.5,222.8,0.1,0.0,0.0,221.3,0.0,0.0,0.2,0.0,0.2,0.0,0.1,0.0,0.1,0.0,0.6,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,211.4,0.0] - [PKTLENS.....: 78,74,66,516,66,519,98,67,66,66,66,68,79,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60] + [PKTLENS.....: 64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] + [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.6,5.8,5.2,5.1,5.1,5.1,5.3,5.6,5.1,5.1,5.7,5.2,5.1,5.1,5.7,5.1,6.9,5.1,5.5,5.8,5.1,5.2,5.5,5.5,5.0,5.2,3.8] analyse: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.263| 0.038| 0.087| 7624.721| 0.000] - [PKTLEN......: 60.000| 578.000| 106.100| 117.400|13788.700| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.263| 0.038| 0.087| 7624.721| 2.300] + [PKTLEN......: 46.000| 564.000| 92.100| 117.400| 13788.700| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 263.1,263.2,1.3,221.8,0.2,0.0,0.0,220.8,0.0,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.7,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,212.6,0.2] - [PKTLENS.....: 78,74,66,578,66,525,98,67,66,66,66,68,79,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] + [PKTLENS.....: 64,60,52,564,52,511,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] + [ENTROPIES...: 4.4,5.3,4.9,7.6,5.2,7.5,6.0,5.2,5.1,5.1,5.1,5.2,5.6,5.1,5.1,5.6,5.2,5.1,5.1,5.9,5.0,6.7,5.1,5.4,5.8,5.0,5.0,5.4,5.5,5.0,3.7,3.7] detected: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol new: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] new: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] analyse: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.037| 0.006| 0.012| 148.778| 0.000] - [PKTLEN......: 60.000| 483.000| 98.100| 91.500| 8376.200| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.006| 0.012| 148.778| 2.600] + [PKTLEN......: 46.000| 469.000| 84.100| 91.500| 8376.200| 4.500] [BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] [IATS(ms)....: 32.6,32.6,1.2,33.9,3.9,36.5,0.4,0.4,0.1,0.1,0.1,0.1,0.4,0.0,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,31.1,0.1,0.0,0.1,0.0,0.6,0.1,0.0] - [PKTLENS.....: 78,74,66,483,66,393,66,98,66,82,66,82,66,98,67,190,69,82,98,67,68,79,82,66,66,60,60,60,60,60,60,60] + [PKTLENS.....: 64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46] + [ENTROPIES...: 4.5,5.4,5.1,7.6,5.3,7.4,5.1,6.0,5.1,5.7,5.2,5.7,5.1,6.0,5.2,6.8,5.3,5.6,5.9,5.2,5.3,5.6,5.6,5.2,5.3,3.7,3.7,3.7,3.7,3.7,3.7,3.7] analyse: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.116| 0.012| 0.026| 687.065| 0.000] - [PKTLEN......: 66.000| 540.000| 116.300| 108.500|11769.500| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.116| 0.012| 0.026| 687.065| 2.900] + [PKTLEN......: 52.000| 526.000| 102.300| 108.500| 11769.500| 4.500] [BINS(c->s)..: 14,4,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,1,1,1,1,1,0,0,1,0,0,0] [IATS(ms)....: 25.5,25.6,1.2,25.9,91.4,116.0,0.8,0.0,0.1,0.0,0.0,24.5,23.6,0.4,0.0,0.0,0.0,0.7,0.1,0.7,0.0,0.0,0.0,23.3,0.0,24.1,0.2,0.3,0.0,0.0,0.0] - [PKTLENS.....: 78,74,66,540,66,398,66,98,67,190,69,82,306,66,98,67,114,81,66,82,66,66,66,66,274,66,66,98,66,67,69,78] + [PKTLENS.....: 64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64] + [ENTROPIES...: 4.4,5.3,5.0,7.6,5.1,7.4,5.1,5.9,5.1,6.8,5.1,5.5,7.2,5.1,5.8,5.1,5.9,5.5,5.2,5.5,5.2,5.2,5.2,5.2,7.1,5.2,5.0,5.7,5.2,5.1,5.2,5.3] analyse: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.035| 0.006| 0.012| 149.558| 0.000] - [PKTLEN......: 60.000| 597.000| 104.600| 116.900|13676.100| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.035| 0.006| 0.012| 149.558| 2.500] + [PKTLEN......: 46.000| 583.000| 90.600| 116.900| 13676.100| 4.400] [BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] [IATS(ms)....: 32.8,32.8,1.3,33.9,2.4,35.0,0.3,0.2,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,32.6,0.0,0.1,0.1,0.1,0.0,0.0,0.1] - [PKTLENS.....: 78,74,66,597,66,494,66,98,66,82,82,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60,60,60,60,60] + [PKTLENS.....: 64,60,52,583,52,480,52,84,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46] + [ENTROPIES...: 4.5,5.4,5.1,7.6,5.3,7.5,5.1,5.9,5.1,5.7,5.7,5.1,5.1,5.9,5.2,6.8,5.2,5.7,5.9,5.2,5.2,5.5,5.6,5.2,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7] new: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] new: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] new: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] new: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] analyse: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.159| 0.026| 0.057| 3248.179| 0.000] - [PKTLEN......: 60.000| 479.000| 101.500| 99.100| 9815.100| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.159| 0.026| 0.057| 3248.179| 2.500] + [PKTLEN......: 46.000| 465.000| 87.500| 99.100| 9815.100| 4.500] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1] [IATS(ms)....: 157.7,157.8,1.6,152.9,8.1,159.4,1.2,0.0,0.1,0.0,0.1,1.9,0.0,0.5,0.0,0.1,0.0,0.1,0.0,0.1,0.1,0.2,0.0,0.1,0.0,0.0,0.0,0.7,0.4,149.7,0.6] - [PKTLENS.....: 78,74,66,479,66,471,66,98,67,190,69,82,98,67,66,66,68,79,66,66,82,66,98,67,68,79,82,66,66,66,66,60] + [PKTLENS.....: 64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46] + [ENTROPIES...: 4.4,5.3,5.1,7.5,5.2,7.5,5.0,5.9,5.2,6.9,5.2,5.5,5.9,5.2,5.0,5.1,5.3,5.6,5.1,5.0,5.6,5.0,5.7,5.1,5.1,5.3,5.5,5.1,5.2,5.1,5.2,3.8] analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.131| 0.020| 0.046| 2133.935| 0.000] - [PKTLEN......: 60.000| 587.000| 107.000| 122.200|14931.500| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.131| 0.020| 0.046| 2133.935| 2.400] + [PKTLEN......: 46.000| 573.000| 93.000| 122.200| 14931.500| 4.300] [BINS(c->s)..: 16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1] [IATS(ms)....: 130.8,130.9,1.3,122.8,1.3,122.7,0.2,0.0,0.1,0.0,0.1,0.1,0.1,0.1,0.1,0.1,0.3,0.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,121.1,0.0,0.0,0.0] - [PKTLENS.....: 78,74,66,587,66,556,66,98,67,66,66,81,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60] + [PKTLENS.....: 64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46] + [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.5,5.1,5.9,5.2,5.0,5.0,5.5,5.1,5.6,5.1,5.2,5.0,5.9,5.1,6.8,5.1,5.6,5.7,5.1,5.1,5.4,5.6,5.1,3.9,4.0,4.0,4.0] analyse: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.057| 0.011| 0.022| 493.706| 0.000] - [PKTLEN......: 66.000| 528.000| 114.400| 109.700|12030.800| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.057| 0.011| 0.022| 493.706| 2.800] + [PKTLEN......: 52.000| 514.000| 100.400| 109.700| 12030.800| 4.500] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1] [IATS(ms)....: 56.8,56.9,1.6,56.4,2.3,57.1,0.5,0.5,0.1,0.0,0.1,0.0,0.2,0.0,0.1,0.0,0.0,1.1,0.9,0.4,0.0,0.0,0.0,0.1,56.5,0.0,0.0,55.9,0.0,1.8,0.0] - [PKTLENS.....: 78,74,66,528,66,508,66,98,66,209,67,66,66,98,67,190,69,82,82,66,98,67,114,81,82,66,98,148,66,66,96,66] + [PKTLENS.....: 64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52] + [ENTROPIES...: 4.5,5.2,5.1,7.5,5.2,7.5,5.2,5.8,5.1,6.8,5.2,5.0,5.0,5.9,5.1,6.7,5.2,5.5,5.7,5.1,5.9,5.2,6.0,5.5,5.5,5.2,5.9,6.6,5.1,5.1,5.8,5.3] analyse: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.300| 0.044| 0.100|10075.352| 0.000] - [PKTLEN......: 60.000| 597.000| 102.300| 106.200|11275.500| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.300| 0.044| 0.100| 10075.352| 2.300] + [PKTLEN......: 46.000| 583.000| 88.300| 106.200| 11275.500| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 300.4,300.4,1.7,253.4,0.7,0.0,252.4,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,252.8,0.0] - [PKTLENS.....: 78,74,66,597,66,384,98,66,66,67,66,68,79,66,66,82,66,66,66,98,67,190,69,82,98,67,68,79,82,66,60,60] + [PKTLENS.....: 64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] + [ENTROPIES...: 4.4,5.3,5.0,7.7,5.1,7.4,5.9,5.0,5.0,5.2,5.0,5.3,5.5,5.0,5.0,5.6,5.2,5.0,5.0,5.8,5.0,6.7,5.2,5.4,5.8,5.0,5.2,5.3,5.4,5.0,3.7,3.7] analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.308| 0.045| 0.103|10532.101| 0.000] - [PKTLEN......: 60.000| 537.000| 103.800| 108.100|11684.800| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.308| 0.045| 0.103| 10532.101| 2.400] + [PKTLEN......: 46.000| 523.000| 89.800| 108.100| 11684.800| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1] [IATS(ms)....: 308.0,308.1,2.1,260.3,1.6,259.8,0.5,0.5,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,2.3,1.9,254.5,0.0] - [PKTLENS.....: 78,74,66,537,66,488,66,98,66,67,68,66,66,79,82,66,66,98,67,190,69,82,98,67,68,79,82,66,66,66,66,60] + [PKTLENS.....: 64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46] + [ENTROPIES...: 4.5,5.4,5.1,7.6,5.2,7.5,5.1,5.9,5.0,5.2,5.2,5.0,5.0,5.6,5.6,5.0,5.0,5.8,5.0,6.7,5.2,5.4,5.9,5.1,5.1,5.5,5.5,5.0,5.2,5.1,5.2,3.8] new: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] detected: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -365,14 +388,15 @@ detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.339| 0.050| 0.114|12910.542| 0.000] - [PKTLEN......: 60.000| 640.000| 106.100| 119.200|14212.100| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.339| 0.050| 0.114| 12910.542| 2.400] + [PKTLEN......: 46.000| 626.000| 92.100| 119.200| 14212.100| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1] [IATS(ms)....: 339.2,339.3,1.3,287.2,2.5,288.4,1.0,0.0,1.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.0,0.1,0.6,0.3,285.6,0.0] - [PKTLENS.....: 78,74,66,640,66,462,66,98,67,66,66,98,67,68,79,190,66,69,66,82,82,66,98,67,68,79,82,66,66,66,60,60] + [PKTLENS.....: 64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46] + [ENTROPIES...: 4.5,5.4,5.0,7.6,5.0,7.5,5.1,5.8,5.1,5.0,5.0,5.8,5.0,5.1,5.5,6.7,5.0,5.2,5.0,5.4,5.5,5.0,5.9,5.0,5.1,5.4,5.6,5.1,5.2,5.1,3.7,3.7] detected: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol new: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] @@ -383,14 +407,15 @@ detected: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.355| 0.054| 0.122|14890.530| 0.000] - [PKTLEN......: 60.000| 591.000| 106.400| 118.100|13953.700| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.355| 0.054| 0.122| 14890.530| 2.400] + [PKTLEN......: 46.000| 577.000| 92.400| 118.100| 13953.700| 4.400] [BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 354.5,354.6,1.5,316.9,1.3,316.7,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.3,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,313.9,0.3] - [PKTLENS.....: 78,74,66,591,66,517,66,98,66,67,66,68,66,79,82,66,66,66,66,98,67,190,69,82,98,67,68,79,82,66,66,60] + [PKTLENS.....: 64,60,52,577,52,503,52,84,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] + [ENTROPIES...: 4.5,5.4,5.1,7.6,5.2,7.6,5.1,5.9,5.1,5.3,5.1,5.3,5.1,5.5,5.7,5.0,5.1,5.1,5.0,5.7,5.0,6.9,5.1,5.4,5.8,5.0,5.0,5.4,5.4,5.0,5.1,3.7] new: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] detected: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -407,25 +432,27 @@ detected: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.147| 0.028| 0.054| 2939.853| 0.000] - [PKTLEN......: 66.000| 639.000| 114.200| 122.100|14898.100| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.147| 0.028| 0.054| 2939.853| 2.800] + [PKTLEN......: 52.000| 625.000| 100.200| 122.100| 14898.100| 4.400] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1] [IATS(ms)....: 139.3,139.4,1.7,141.7,7.2,147.3,0.8,0.0,0.1,0.0,0.1,6.7,5.8,0.3,0.2,0.7,0.0,0.0,0.8,0.0,0.0,0.4,0.0,0.0,0.0,0.0,130.0,0.2,0.8,130.5,0.3] - [PKTLENS.....: 78,74,66,639,66,487,66,98,67,190,69,82,98,66,67,66,216,75,82,66,66,66,98,67,114,81,82,66,66,98,66,67] + [PKTLENS.....: 64,60,52,625,52,473,52,84,53,176,55,68,84,52,53,52,202,61,68,52,52,52,84,53,100,67,68,52,52,84,52,53] + [ENTROPIES...: 4.5,5.3,5.0,7.7,5.1,7.6,5.1,5.8,5.1,6.7,5.2,5.6,5.9,5.1,5.3,5.1,6.9,5.5,5.7,5.1,5.1,5.0,5.8,5.0,6.1,5.5,5.5,5.1,5.1,6.0,5.0,5.2] new: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] new: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] analyse: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.039| 0.010| 0.016| 256.751| 0.000] - [PKTLEN......: 66.000| 606.000| 121.000| 118.700|14100.300| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.039| 0.010| 0.016| 256.751| 3.100] + [PKTLEN......: 52.000| 592.000| 107.000| 118.700| 14100.300| 4.400] [BINS(c->s)..: 17,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0] [IATS(ms)....: 39.1,39.2,1.5,38.4,0.4,37.3,0.8,0.0,0.0,0.0,0.1,39.2,38.3,0.3,0.3,0.6,0.0,0.0,0.0,0.1,30.7,30.6,0.3,0.2,0.0,0.0,0.0,0.0,0.1,0.0,0.1] - [PKTLENS.....: 78,74,66,606,66,430,66,98,67,190,69,82,306,66,66,66,98,67,114,81,82,274,66,66,98,67,69,78,82,98,67,70] + [PKTLENS.....: 64,60,52,592,52,416,52,84,53,176,55,68,292,52,52,52,84,53,100,67,68,260,52,52,84,53,55,64,68,84,53,56] + [ENTROPIES...: 4.5,5.3,5.1,7.7,5.2,7.5,5.1,5.8,5.1,6.7,5.2,5.6,7.3,5.0,5.1,5.2,5.8,5.1,6.1,5.5,5.6,7.1,5.0,5.2,5.7,5.2,5.2,5.4,5.6,5.9,5.2,5.3] new: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] detected: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -435,36 +462,39 @@ detected: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.184| 0.035| 0.071| 5044.452| 0.000] - [PKTLEN......: 66.000| 649.000| 114.100| 121.000|14650.900| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.184| 0.035| 0.071| 5044.452| 2.600] + [PKTLEN......: 52.000| 635.000| 100.100| 121.000| 14650.900| 4.400] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0] [IATS(ms)....: 179.3,179.4,1.8,184.4,0.2,182.8,0.1,0.1,0.1,0.1,0.4,0.0,0.4,0.0,0.1,0.1,0.2,0.0,0.1,0.0,0.0,0.3,0.0,0.0,0.0,0.2,176.5,0.9,1.0,0.0,177.6] - [PKTLENS.....: 78,74,66,649,66,457,66,98,66,67,66,227,80,66,66,82,66,98,67,190,69,82,98,67,125,70,82,66,66,98,67,66] + [PKTLENS.....: 64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52] + [ENTROPIES...: 4.5,5.3,5.0,7.7,5.2,7.4,5.1,5.9,5.1,5.3,5.1,7.0,5.6,5.1,5.1,5.6,5.0,5.8,5.1,6.8,5.1,5.4,5.8,5.1,6.2,5.1,5.4,5.1,5.2,5.9,5.3,5.0] detected: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol new: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] analyse: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.042| 0.007| 0.015| 228.263| 0.000] - [PKTLEN......: 60.000| 452.000| 98.000| 90.700| 8221.200| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.042| 0.007| 0.015| 228.263| 2.600] + [PKTLEN......: 46.000| 438.000| 84.000| 90.700| 8221.200| 4.500] [BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] [IATS(ms)....: 41.4,41.5,1.3,42.4,1.0,42.1,0.2,0.2,0.4,0.4,0.4,0.4,0.2,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,39.1,1.4,0.0,0.1,0.1,0.0,0.1,0.1] - [PKTLENS.....: 78,74,66,452,66,422,66,98,66,82,66,82,66,98,67,190,69,82,98,67,68,79,82,66,66,60,60,60,60,60,60,60] + [PKTLENS.....: 64,60,52,438,52,408,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46] + [ENTROPIES...: 4.5,5.4,5.1,7.5,5.1,7.5,5.0,5.9,5.0,5.7,5.0,5.6,5.0,5.7,5.1,6.8,5.2,5.4,5.8,5.1,5.1,5.4,5.5,5.1,5.2,3.7,3.7,3.7,3.7,3.7,3.7,3.7] new: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.194| 0.037| 0.074| 5538.541| 0.000] - [PKTLEN......: 66.000| 538.000| 114.200| 109.000|11872.900| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.194| 0.037| 0.074| 5538.541| 2.700] + [PKTLEN......: 52.000| 524.000| 100.200| 109.000| 11872.900| 4.500] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0] [IATS(ms)....: 179.2,179.3,1.5,193.5,0.4,0.0,192.3,0.0,0.2,0.2,0.7,0.0,0.1,0.0,0.1,2.8,2.1,0.4,0.0,0.0,0.0,0.1,193.8,0.2,0.8,194.1,0.1,0.1,1.1,0.0,1.2] - [PKTLENS.....: 78,74,66,538,66,494,98,66,66,198,66,98,67,190,69,82,94,66,98,67,114,81,82,66,66,98,66,147,66,97,66,66] + [PKTLENS.....: 64,60,52,524,52,480,84,52,52,184,52,84,53,176,55,68,80,52,84,53,100,67,68,52,52,84,52,133,52,83,52,52] + [ENTROPIES...: 4.5,5.3,5.0,7.6,4.9,7.5,5.8,4.9,4.9,6.8,4.9,5.8,5.1,6.7,5.1,5.3,5.8,4.9,5.8,5.1,6.2,5.3,5.4,5.0,5.0,5.9,5.0,6.5,5.0,5.9,5.2,5.0] new: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] new: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] detected: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [Mining][Mining][Unsafe] @@ -475,24 +505,26 @@ detected: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.075| 0.014| 0.028| 803.714| 0.000] - [PKTLEN......: 66.000| 613.000| 119.000| 126.800|16079.300| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.075| 0.014| 0.028| 803.714| 2.700] + [PKTLEN......: 52.000| 599.000| 105.000| 126.800| 16079.300| 4.400] [BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1] [IATS(ms)....: 71.3,71.4,1.3,75.1,1.0,0.0,74.8,0.0,0.1,0.1,0.5,0.5,0.2,0.0,0.1,0.0,0.1,0.3,0.0,0.0,0.0,0.1,69.6,0.8,0.0,69.7,0.7,0.0,0.7,0.0,0.1] - [PKTLENS.....: 78,74,66,613,66,570,98,66,66,209,66,83,66,98,67,190,69,82,98,67,114,81,82,66,66,98,66,148,96,66,66,66] + [PKTLENS.....: 64,60,52,599,52,556,84,52,52,195,52,69,52,84,53,176,55,68,84,53,100,67,68,52,52,84,52,134,82,52,52,52] + [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.8,5.0,5.0,6.9,5.0,5.5,5.0,5.7,5.1,6.8,5.1,5.5,5.9,5.2,6.1,5.6,5.5,5.2,5.2,5.8,5.0,6.4,5.9,5.0,5.0,5.1] new: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] analyse: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.263| 0.042| 0.096| 9182.918| 0.000] - [PKTLEN......: 60.000| 605.000| 105.400| 121.500|14755.200| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.263| 0.042| 0.096| 9182.918| 2.400] + [PKTLEN......: 46.000| 591.000| 91.400| 121.500| 14755.200| 4.300] [BINS(c->s)..: 13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 259.7,259.8,1.3,261.4,3.0,263.1,0.5,0.4,0.3,0.2,0.2,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,260.1,0.0,0.0,0.1,0.1,0.0,0.7,0.0,0.0,0.0] - [PKTLENS.....: 78,74,66,605,66,525,66,98,66,98,66,98,67,190,69,82,98,67,68,79,82,66,60,60,60,60,60,60,60,60,60,60] + [PKTLENS.....: 64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46] + [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.5,4.9,5.8,4.9,5.8,4.9,5.8,5.1,6.7,5.1,5.5,5.8,5.0,5.1,5.5,5.4,5.0,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7] new: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] detected: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -506,14 +538,15 @@ detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.286| 0.027| 0.065| 4262.303| 0.000] - [PKTLEN......: 66.000| 633.000| 123.600| 120.400|14503.600| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.286| 0.027| 0.065| 4262.303| 2.600] + [PKTLEN......: 52.000| 619.000| 109.600| 120.400| 14503.600| 4.500] [BINS(c->s)..: 16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0] [IATS(ms)....: 40.4,40.4,1.5,40.9,246.5,285.9,40.6,40.6,0.7,0.0,0.1,0.0,0.0,0.4,0.0,0.0,0.0,0.1,39.4,0.2,0.9,0.7,39.7,0.2,0.0,0.0,0.0,0.1,1.1,0.8,0.2] - [PKTLENS.....: 78,74,66,633,66,306,78,413,66,98,67,190,69,82,98,67,114,81,82,66,66,66,130,66,98,67,69,78,82,274,66,98] + [PKTLENS.....: 64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84] + [ENTROPIES...: 4.5,5.3,5.1,7.7,5.2,7.2,5.2,7.4,5.1,5.9,5.2,6.8,5.2,5.6,5.9,5.2,6.2,5.5,5.6,5.3,5.3,5.3,6.4,5.1,5.9,5.2,5.3,5.5,5.6,7.1,5.1,5.9] end: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Mining][Unsafe] RISK: Unsafe Protocol idle: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [Mining][Mining][Unsafe] diff --git a/test/results/flow-info/exe_download.pcap.out b/test/results/flow-info/exe_download.pcap.out index eca925875..414130a36 100644 --- a/test/results/flow-info/exe_download.pcap.out +++ b/test/results/flow-info/exe_download.pcap.out @@ -7,14 +7,15 @@ detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer, HTTP Suspicious User-Agent, HTTP Numeric IP Address analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.320| 0.062| 0.115|13236.602| 0.000] - [PKTLEN......: 54.000| 1514.000| 868.500| 668.400|446708.300| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.320| 0.062| 0.115| 13236.602| 3.000] + [PKTLEN......: 40.000| 1500.000| 854.500| 668.400| 446708.300| 4.400] [BINS(c->s)..: 10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,2,0,0,8,0,0,7,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,1,1,0] [IATS(ms)....: 319.3,319.5,0.7,1.1,298.1,0.0,298.6,1.6,0.1,1.8,2.4,2.7,0.0,5.0,0.2,28.6,0.1,28.9,100.7,305.8,0.0,0.0,0.1,205.2,0.2,0.2,0.7,0.0,0.0,0.0,0.7] - [PKTLENS.....: 66,58,54,207,54,1514,1322,54,1418,1418,54,1418,1514,1302,54,1418,1418,1418,54,54,1514,1514,1226,1418,54,1418,54,1514,1514,1514,1130,54] + [PKTLENS.....: 52,44,40,193,40,1500,1308,40,1404,1404,40,1404,1500,1288,40,1404,1404,1404,40,40,1500,1500,1212,1404,40,1404,40,1500,1500,1500,1116,40] + [ENTROPIES...: 4.4,4.9,4.6,5.8,4.7,3.7,0.3,4.6,0.3,4.4,4.6,5.7,5.5,5.4,4.5,5.9,5.8,5.7,4.6,4.6,5.4,5.4,5.4,5.7,4.6,5.6,4.5,5.7,5.8,5.6,5.7,4.6] end: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer, HTTP Suspicious User-Agent, HTTP Numeric IP Address DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/exe_download_as_png.pcap.out b/test/results/flow-info/exe_download_as_png.pcap.out index 6a58cb2a7..8f1e980e2 100644 --- a/test/results/flow-info/exe_download_as_png.pcap.out +++ b/test/results/flow-info/exe_download_as_png.pcap.out @@ -7,14 +7,15 @@ detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable] RISK: Binary App Transfer, HTTP Numeric IP Address analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.613| 0.094| 0.193|37090.865| 0.000] - [PKTLEN......: 54.000| 1514.000| 869.000| 664.600|441668.300| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.613| 0.094| 0.193| 37090.865| 2.700] + [PKTLEN......: 40.000| 1500.000| 855.000| 664.600| 441668.300| 4.400] [BINS(c->s)..: 10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1] [IATS(ms)....: 400.2,400.5,0.2,0.7,612.7,0.0,613.0,0.4,0.5,0.8,0.4,0.5,0.9,1.1,0.4,1.6,0.4,0.7,1.1,417.7,1.4,0.1,419.5,0.7,0.4,0.9,2.6,0.2,2.8,26.6,0.3] - [PKTLENS.....: 66,58,54,203,54,1514,1322,54,1418,1418,54,1418,1418,54,1418,1418,54,1418,1418,54,1418,1418,1418,54,1418,1418,54,1418,1418,54,1418,1418] + [PKTLENS.....: 52,44,40,189,40,1500,1308,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404] + [ENTROPIES...: 4.6,4.9,4.7,5.5,4.6,3.4,0.3,4.8,0.3,4.6,4.8,4.5,3.4,4.7,3.3,3.5,4.7,4.1,5.3,4.7,5.5,4.6,5.0,4.7,4.4,2.7,4.7,6.3,4.4,4.7,4.0,2.8] end: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable] RISK: Binary App Transfer, HTTP Numeric IP Address DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/facebook.pcap.out b/test/results/flow-info/facebook.pcap.out index 17db51e79..7497132a1 100644 --- a/test/results/flow-info/facebook.pcap.out +++ b/test/results/flow-info/facebook.pcap.out @@ -9,14 +9,15 @@ detected: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] detection-update: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] analyse: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.155| 0.037| 0.058| 3352.274| 0.000] - [PKTLEN......: 66.000| 1454.000| 569.100| 613.300|376153.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.155| 0.037| 0.058| 3352.274| 3.300] + [PKTLEN......: 52.000| 1440.000| 555.100| 613.300| 376153.100| 4.100] [BINS(c->s)..: 10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] [IATS(ms)....: 132.1,132.1,0.2,154.7,0.5,155.0,0.2,3.3,129.4,125.9,0.4,0.4,0.8,119.2,4.5,123.7,0.6,0.6,1.2,4.9,0.6,5.6,8.9,7.8,16.7,0.9,0.5,1.4,0.8,0.7,1.4] - [PKTLENS.....: 74,74,66,583,66,212,66,117,452,147,104,104,108,66,1454,445,66,1454,590,66,1454,1454,66,1454,1454,66,1454,1454,66,1454,1454,66] + [PKTLENS.....: 60,60,52,569,52,198,52,103,438,133,90,90,94,52,1440,431,52,1440,576,52,1440,1440,52,1440,1440,52,1440,1440,52,1440,1440,52] + [ENTROPIES...: 4.8,5.2,5.1,6.2,5.1,6.5,5.1,5.5,7.5,6.5,5.6,5.9,6.0,5.0,7.8,7.6,5.0,7.9,7.6,5.0,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,5.0,7.8,7.9,5.0] idle: [.....1] [ip4][..tcp] [..192.168.43.18][52066] -> [..66.220.156.68][..443] idle: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/fastcgi.pcap.out b/test/results/flow-info/fastcgi.pcap.out index 729151ced..6f0c6320c 100644 --- a/test/results/flow-info/fastcgi.pcap.out +++ b/test/results/flow-info/fastcgi.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] detected: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Network][Safe] analyse: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.020| 0.130| 0.496|246254.469| 0.000] - [PKTLEN......: 66.000| 1514.000| 553.200| 672.800|452637.900| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.020| 0.130| 0.496| 246254.469| 1.000] + [PKTLEN......: 52.000| 1500.000| 539.200| 672.800| 452637.900| 3.900] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 0.2,0.2,0.0,0.1,0.0,0.2,0.1,0.0,0.1,0.0,0.0,0.0,2019.9,2020.1,0.2,0.1,0.1,0.1,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.1,0.0,0.0,0.0] - [PKTLENS.....: 74,74,66,82,1121,74,66,74,74,66,66,66,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514,66,1514] + [PKTLENS.....: 60,60,52,68,1107,60,52,60,60,52,52,52,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500] + [ENTROPIES...: 4.4,4.9,4.7,4.2,6.0,4.6,4.7,4.6,4.6,4.7,4.6,4.7,4.7,7.6,4.9,7.8,4.9,7.8,4.8,7.8,4.9,7.8,4.8,7.8,4.8,7.8,4.8,7.9,4.9,7.8,4.8,7.8] end: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/firefox.pcap.out b/test/results/flow-info/firefox.pcap.out index dc107dfe1..9d247d46f 100644 --- a/test/results/flow-info/firefox.pcap.out +++ b/test/results/flow-info/firefox.pcap.out @@ -6,14 +6,15 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] new: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] analyse: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.577| 0.067| 0.148|21926.652| 0.000] - [PKTLEN......: 66.000| 1506.000| 599.100| 633.000|400627.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.577| 0.067| 0.148| 21926.652| 2.800] + [PKTLEN......: 52.000| 1492.000| 585.100| 633.000| 400627.700| 4.100] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,1,1] [IATS(ms)....: 26.7,26.8,1.3,27.3,5.8,0.0,31.8,0.5,0.5,211.0,0.3,236.0,0.0,1.3,0.0,26.1,0.0,575.4,1.2,576.6,0.3,0.1,0.3,0.1,0.1,0.2,1.4,145.8,171.4,2.9,1.4] - [PKTLENS.....: 78,74,66,583,66,1506,1506,66,772,66,146,452,66,66,369,369,66,66,1506,1506,66,1506,1506,66,1506,1485,66,66,431,66,1506,1506] + [PKTLENS.....: 64,60,52,569,52,1492,1492,52,758,52,132,438,52,52,355,355,52,52,1492,1492,52,1492,1492,52,1492,1471,52,52,417,52,1492,1492] + [ENTROPIES...: 4.4,5.3,5.0,5.2,5.2,7.8,7.9,5.0,7.7,5.1,6.3,7.4,5.1,5.0,7.3,7.4,5.0,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,5.0,7.4,5.1,7.8,7.9] new: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] detected: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe] detected: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe] @@ -23,59 +24,64 @@ new: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] new: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] analyse: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.231| 0.023| 0.053| 2771.897| 0.000] - [PKTLEN......: 66.000| 1506.000| 656.300| 649.700|422101.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.231| 0.023| 0.053| 2771.897| 3.000] + [PKTLEN......: 52.000| 1492.000| 642.300| 649.700| 422101.600| 4.200] [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,0,1,1,1,1,0] [IATS(ms)....: 34.4,34.5,3.3,32.3,1.5,30.5,4.2,18.6,31.6,0.0,8.9,18.5,3.0,0.1,21.6,203.5,231.0,1.0,0.2,0.0,28.7,0.2,0.2,0.9,0.1,1.0,0.1,0.4,0.0,0.0,0.5] - [PKTLENS.....: 78,74,66,746,66,326,66,146,416,66,369,66,66,1506,1042,66,447,66,1506,1506,1506,66,1506,66,1506,1506,66,1506,1506,1506,1506,66] + [PKTLENS.....: 64,60,52,732,52,312,52,132,402,52,355,52,52,1492,1028,52,433,52,1492,1492,1492,52,1492,52,1492,1492,52,1492,1492,1492,1492,52] + [ENTROPIES...: 4.5,5.2,5.0,7.2,5.1,7.0,5.0,6.3,7.3,5.0,7.4,5.0,5.1,7.9,7.8,5.0,7.5,5.0,7.9,7.9,7.9,5.0,7.9,5.0,7.9,7.9,5.0,7.9,7.9,7.9,7.9,5.0] detected: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe] detected: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe] detected: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.221| 0.023| 0.050| 2549.799| 0.000] - [PKTLEN......: 66.000| 1506.000| 622.900| 649.700|422127.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.221| 0.023| 0.050| 2549.799| 3.100] + [PKTLEN......: 52.000| 1492.000| 608.900| 649.700| 422127.900| 4.100] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] [IATS(ms)....: 27.4,27.4,16.2,42.1,1.2,27.2,10.1,34.7,0.0,24.7,195.8,221.4,1.8,27.4,3.4,28.7,1.1,0.2,26.6,1.0,0.1,1.1,0.1,0.1,0.2,0.1,0.1,0.3,0.3,0.2,0.5] - [PKTLENS.....: 78,74,66,746,66,326,66,146,66,369,66,433,66,1406,66,436,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66] + [PKTLENS.....: 64,60,52,732,52,312,52,132,52,355,52,419,52,1392,52,422,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52] + [ENTROPIES...: 4.5,5.1,5.0,7.2,5.0,6.9,5.0,6.3,5.0,7.4,5.0,7.4,5.0,7.9,4.9,7.4,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0] detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.030| 0.007| 0.010| 104.605| 0.000] - [PKTLEN......: 66.000| 1506.000| 614.500| 660.200|435829.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.030| 0.007| 0.010| 104.605| 3.700] + [PKTLEN......: 52.000| 1492.000| 600.500| 660.200| 435829.600| 4.100] [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,0,1] [IATS(ms)....: 26.8,26.8,3.3,29.2,2.4,28.4,2.9,12.8,29.6,0.0,13.9,11.4,1.7,0.1,13.2,0.1,0.3,1.0,0.8,0.1,0.2,0.1,0.1,0.2,0.1,0.3,0.1,0.3,12.0,12.2,0.1] - [PKTLENS.....: 78,74,66,746,66,326,66,146,436,66,369,66,66,1506,1506,66,1506,66,1506,66,1506,66,1506,66,1506,1506,66,66,1506,1506,66,1506] + [PKTLENS.....: 64,60,52,732,52,312,52,132,422,52,355,52,52,1492,1492,52,1492,52,1492,52,1492,52,1492,52,1492,1492,52,52,1492,1492,52,1492] + [ENTROPIES...: 4.4,5.2,5.0,7.2,5.0,7.0,5.0,6.3,7.4,5.1,7.3,5.0,5.0,7.9,7.9,5.0,7.9,4.9,7.9,5.1,7.8,4.9,7.9,5.0,7.9,7.9,5.0,4.9,7.9,7.9,5.0,7.9] detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.046| 0.009| 0.012| 154.305| 0.000] - [PKTLEN......: 66.000| 1506.000| 592.400| 641.500|411570.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.046| 0.009| 0.012| 154.305| 3.600] + [PKTLEN......: 52.000| 1492.000| 578.400| 641.500| 411570.000| 4.100] [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0] [IATS(ms)....: 28.1,28.2,5.5,31.7,1.1,27.2,20.3,4.0,45.6,1.3,22.6,2.8,3.1,0.1,6.1,0.1,0.2,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.2,0.4,0.3,1.5,18.6,0.0,17.4] - [PKTLENS.....: 78,74,66,746,66,326,66,146,436,66,369,66,66,1506,1506,66,1506,66,1506,66,1506,66,1506,66,1506,1506,66,1506,66,1506,799,66] + [PKTLENS.....: 64,60,52,732,52,312,52,132,422,52,355,52,52,1492,1492,52,1492,52,1492,52,1492,52,1492,52,1492,1492,52,1492,52,1492,785,52] + [ENTROPIES...: 4.4,5.2,5.0,7.2,5.1,7.0,5.0,6.2,7.5,5.0,7.4,5.0,5.1,7.8,7.9,5.0,7.9,4.9,7.9,5.1,7.8,4.9,7.9,5.1,7.9,7.9,5.0,7.9,4.9,7.9,7.7,5.0] detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe] analyse: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.037| 0.010| 0.013| 180.101| 0.000] - [PKTLEN......: 66.000| 1506.000| 547.200| 619.500|383804.700| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.010| 0.013| 180.101| 3.600] + [PKTLEN......: 52.000| 1492.000| 533.200| 619.500| 383804.700| 4.000] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0,0,1] [IATS(ms)....: 28.6,28.7,7.7,37.4,1.5,31.1,2.2,13.0,31.0,0.1,15.9,15.4,0.5,0.1,16.0,0.3,0.4,0.6,0.1,0.2,0.0,0.4,0.0,0.2,0.5,36.5,0.1,0.1,36.1,0.2,0.4] - [PKTLENS.....: 78,74,66,746,66,326,66,146,436,66,369,66,66,1506,1506,66,1506,1506,66,1506,1506,412,66,66,66,445,66,1506,1506,66,66,1506] + [PKTLENS.....: 64,60,52,732,52,312,52,132,422,52,355,52,52,1492,1492,52,1492,1492,52,1492,1492,398,52,52,52,431,52,1492,1492,52,52,1492] + [ENTROPIES...: 4.5,5.2,5.0,7.2,5.1,7.0,5.0,6.2,7.6,5.1,7.4,5.0,5.1,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,7.4,5.0,4.9,4.9,7.4,5.0,7.9,7.9,5.0,4.9,7.9] detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe] idle: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] idle: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/fix.pcap.out b/test/results/flow-info/fix.pcap.out index 3eeb4311b..4144f8821 100644 --- a/test/results/flow-info/fix.pcap.out +++ b/test/results/flow-info/fix.pcap.out @@ -14,38 +14,41 @@ new: [.....6] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47962] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47962] [FIX][RPC][Safe] analyse: [.....3] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45578] [FIX][RPC][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.315| 0.065| 0.068| 4636.039| 0.000] - [PKTLEN......: 54.000| 511.000| 107.100| 87.500| 7658.200| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.315| 0.065| 0.068| 4636.039| 4.400] + [PKTLEN......: 40.000| 497.000| 93.100| 87.500| 7658.200| 4.600] [BINS(c->s)..: 4,6,1,1,1,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 0.2,0.2,52.4,3.6,94.0,87.6,49.4,50.7,50.7,52.8,52.9,49.7,49.6,49.7,49.7,49.5,49.4,49.8,49.8,50.0,50.0,49.9,49.9,49.6,49.6,49.8,49.8,50.2,50.2,314.9,315.0] - [PKTLENS.....: 93,60,140,169,54,60,511,60,230,60,233,60,143,60,110,60,185,60,112,60,81,60,106,60,81,60,89,60,108,60,81,60] + [PKTLENS.....: 79,46,126,155,40,46,497,46,216,46,219,46,129,46,96,46,171,46,98,46,67,46,92,46,67,46,75,46,94,46,67,46] + [ENTROPIES...: 5.2,4.4,6.4,5.1,4.8,4.5,5.2,4.4,5.0,4.5,5.2,4.4,5.1,4.5,5.1,4.5,5.1,4.4,5.1,4.3,5.1,4.5,5.0,4.4,5.1,4.4,5.2,4.5,4.9,4.5,5.1,4.4] new: [.....7] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38652] [MIDSTREAM] detected: [.....7] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38652] [FIX][RPC][Safe] new: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [MIDSTREAM] detected: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [FIX][RPC][Safe] analyse: [.....2] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47968] [FIX][RPC][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.300| 0.091| 0.084| 7079.807| 0.000] - [PKTLEN......: 66.000| 153.000| 86.000| 23.600| 558.300| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.300| 0.091| 0.084| 7079.807| 4.200] + [PKTLEN......: 52.000| 139.000| 72.000| 23.600| 558.300| 4.900] [BINS(c->s)..: 6,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 0.1,100.1,0.1,100.2,0.1,100.0,0.1,100.1,0.0,99.9,100.0,100.2,100.2,100.8,100.8,300.2,0.0,300.2,0.0,0.2,17.9,82.4,142.0,200.5,158.5,100.0,99.9,0.4,0.4,200.2,200.3] - [PKTLENS.....: 96,66,101,92,66,66,101,100,66,66,92,66,135,66,91,66,105,135,66,66,153,66,105,66,101,66,101,66,90,66,98,66] + [PKTLENS.....: 82,52,87,78,52,52,87,86,52,52,78,52,121,52,77,52,91,121,52,52,139,52,91,52,87,52,87,52,76,52,84,52] + [ENTROPIES...: 5.4,5.2,5.4,5.4,5.1,5.2,5.4,5.4,5.1,5.2,5.3,5.1,5.6,5.2,5.5,5.2,5.4,5.2,5.1,5.1,6.5,5.1,5.5,5.2,5.5,5.2,5.2,5.2,5.2,5.2,5.4,5.1] new: [.....9] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38646] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38646] [FIX][RPC][Safe] analyse: [.....1] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][43594] [FIX][RPC][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.291| 0.178| 0.113|12753.578| 0.000] - [PKTLEN......: 66.000| 254.000| 109.700| 52.000| 2700.500| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.291| 0.178| 0.113| 12753.578| 4.500] + [PKTLEN......: 52.000| 240.000| 95.700| 52.000| 2700.500| 4.800] [BINS(c->s)..: 2,4,3,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1] [IATS(ms)....: 0.2,0.3,0.3,250.6,0.1,250.6,0.0,0.2,18.2,232.1,291.3,250.1,209.0,250.7,250.7,250.6,250.6,250.7,250.7,250.7,250.7,250.6,0.0,250.7,0.0,251.5,251.5,249.7,249.8,250.3,250.3] - [PKTLENS.....: 152,66,91,66,105,152,66,66,151,66,169,66,169,66,186,66,169,66,169,66,118,66,254,113,66,66,135,66,203,66,118,66] + [PKTLENS.....: 138,52,77,52,91,138,52,52,137,52,155,52,155,52,172,52,155,52,155,52,104,52,240,99,52,52,121,52,189,52,104,52] + [ENTROPIES...: 5.5,5.2,5.3,5.1,5.4,5.4,5.2,5.1,6.4,5.1,5.4,5.2,5.5,5.2,5.6,5.2,5.4,5.2,5.5,5.2,5.4,5.2,5.6,5.6,5.2,5.2,5.5,5.2,5.4,5.2,5.5,5.2] new: [....10] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][39094] [MIDSTREAM] detected: [....10] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][39094] [FIX][RPC][Safe] new: [....11] [ip4][..tcp] [..217.192.86.32][.4000] -> [...192.168.0.20][53330] [MIDSTREAM] @@ -53,23 +56,25 @@ new: [....12] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40928] [MIDSTREAM] detected: [....12] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40928] [FIX][RPC][Safe] analyse: [.....5] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45584] [FIX][RPC][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 5.507| 0.699| 1.281|1640706.605| 0.000] - [PKTLEN......: 54.000| 141.000| 77.600| 21.900| 481.200| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 5.507| 0.699| 1.281| 1640706.605| 3.700] + [PKTLEN......: 40.000| 127.000| 63.600| 21.900| 481.200| 4.900] [BINS(c->s)..: 2,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1] [IATS(ms)....: 0.2,500.7,500.7,200.4,200.5,0.2,89.7,210.7,340.3,500.7,460.5,5507.3,5507.3,601.0,601.0,400.4,400.5,701.0,701.0,400.4,400.4,600.6,600.6,400.8,400.8,600.8,600.8,0.2,54.3,45.7,140.3] - [PKTLENS.....: 89,60,89,60,93,60,141,54,89,60,89,60,89,60,89,60,89,60,89,60,89,60,89,60,89,60,93,60,140,54,89,60] + [PKTLENS.....: 75,46,75,46,79,46,127,40,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,79,46,126,40,75,46] + [ENTROPIES...: 4.9,4.4,5.2,4.4,5.2,4.5,6.5,4.7,5.0,4.5,5.2,4.5,5.2,4.5,5.0,4.5,5.1,4.5,5.2,4.5,5.2,4.5,5.2,4.5,5.0,4.5,5.2,4.5,6.4,4.7,5.0,4.5] analyse: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [FIX][RPC][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.175| 1.332| 1.132|1282462.056| 0.000] - [PKTLEN......: 66.000| 151.000| 91.700| 28.500| 811.200| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.175| 1.332| 1.132| 1282462.056| 4.400] + [PKTLEN......: 52.000| 137.000| 77.700| 28.500| 811.200| 4.900] [BINS(c->s)..: 2,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1] [IATS(ms)....: 0.1,1093.3,1093.4,599.0,599.0,1546.1,1546.1,0.2,22.8,2072.7,2137.8,913.3,870.7,442.0,442.0,3366.1,3366.1,1195.4,1195.4,437.7,437.7,1550.2,1550.2,0.2,22.4,1711.4,1774.3,1498.2,1457.5,4175.1,4175.0] - [PKTLENS.....: 105,66,126,66,105,66,105,66,151,66,105,66,105,66,126,66,105,66,126,66,105,66,105,66,151,66,105,66,147,66,105,66] + [PKTLENS.....: 91,52,112,52,91,52,91,52,137,52,91,52,91,52,112,52,91,52,112,52,91,52,91,52,137,52,91,52,133,52,91,52] + [ENTROPIES...: 5.6,5.1,5.5,5.1,5.5,5.1,5.4,5.1,6.3,5.1,5.4,5.2,5.5,5.2,5.4,5.2,5.4,5.1,5.6,5.2,5.4,5.2,5.4,5.1,6.5,5.2,5.5,5.1,5.5,5.2,5.5,5.2] idle: [.....3] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45578] [FIX][RPC][Safe] idle: [.....5] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45584] [FIX][RPC][Safe] idle: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [FIX][RPC][Safe] diff --git a/test/results/flow-info/fix2.pcap.out b/test/results/flow-info/fix2.pcap.out index c3a494883..d26daac5e 100644 --- a/test/results/flow-info/fix2.pcap.out +++ b/test/results/flow-info/fix2.pcap.out @@ -6,23 +6,25 @@ detected: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][RPC][Safe] detected: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][RPC][Safe] analyse: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][RPC][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.026| 0.000] - [PKTLEN......: 60.000| 174.000| 106.600| 46.700| 2179.900| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.026| 3.100] + [PKTLEN......: 46.000| 160.000| 92.600| 46.700| 2179.900| 4.800] [BINS(c->s)..: 7,0,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,1,0,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1] [IATS(ms)....: 0.6,0.7,0.0,0.1,0.1,0.0,0.0,0.0,0.2,0.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] - [PKTLENS.....: 62,62,60,139,62,60,147,144,60,152,144,152,146,60,60,147,60,60,60,152,60,174,157,174,60,60,60,60,157,147,160,152] + [PKTLENS.....: 48,48,46,125,48,46,133,130,46,138,130,138,132,46,46,133,46,46,46,138,46,160,143,160,46,46,46,46,143,133,146,138] + [ENTROPIES...: 3.9,4.5,3.8,5.1,4.5,3.8,5.2,5.3,4.0,5.4,5.3,5.4,5.2,4.0,4.0,5.2,3.8,4.0,3.8,5.4,3.8,5.3,5.3,5.3,3.8,4.0,4.0,4.0,5.3,5.2,5.4,5.4] analyse: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][RPC][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.020| 0.000] - [PKTLEN......: 60.000| 174.000| 106.000| 46.100| 2122.500| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.020| 3.300] + [PKTLEN......: 46.000| 160.000| 92.000| 46.100| 2122.500| 4.800] [BINS(c->s)..: 6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0] [IATS(ms)....: 0.6,0.6,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] - [PKTLENS.....: 62,62,60,139,147,144,152,62,60,144,60,60,152,146,60,147,60,152,60,174,157,147,160,60,60,60,160,162,144,60,60,60] + [PKTLENS.....: 48,48,46,125,133,130,138,48,46,130,46,46,138,132,46,133,46,138,46,160,143,133,146,46,46,46,146,148,130,46,46,46] + [ENTROPIES...: 3.9,4.5,3.8,5.1,5.2,5.3,5.4,4.5,3.8,5.3,4.0,4.0,5.4,5.2,4.1,5.2,3.8,5.4,3.8,5.3,5.3,5.2,5.4,4.1,4.1,4.1,5.4,5.5,5.3,4.1,4.1,3.8] end: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][RPC][Safe] end: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][RPC][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/forticlient.pcap.out b/test/results/flow-info/forticlient.pcap.out index 6fedb2121..d0dce6def 100644 --- a/test/results/flow-info/forticlient.pcap.out +++ b/test/results/flow-info/forticlient.pcap.out @@ -37,14 +37,15 @@ detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS analyse: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.495| 0.071| 0.112|12454.003| 0.000] - [PKTLEN......: 66.000| 1506.000| 267.000| 343.000|117623.000| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.495| 0.071| 0.112| 12454.003| 3.700] + [PKTLEN......: 52.000| 1492.000| 253.000| 343.000| 117623.000| 4.100] [BINS(c->s)..: 9,4,1,0,1,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,0,0,0,1,0,0,1,1] [IATS(ms)....: 62.6,62.7,2.3,64.5,19.9,1.9,84.0,11.2,85.3,74.2,429.6,495.0,65.4,84.5,160.2,75.7,71.6,6.3,142.9,0.6,65.6,0.3,0.2,2.9,4.0,0.0,64.2,57.2,0.4,4.0,0.1] - [PKTLENS.....: 78,74,66,379,66,1506,1047,66,224,308,66,596,841,66,362,937,66,357,113,66,113,66,113,66,113,131,117,113,66,113,125,125] + [PKTLENS.....: 64,60,52,365,52,1492,1033,52,210,294,52,582,827,52,348,923,52,343,99,52,99,52,99,52,99,117,103,99,52,99,111,111] + [ENTROPIES...: 4.4,5.3,5.0,6.1,5.2,7.1,7.7,5.1,6.7,7.2,5.0,7.6,7.7,5.1,7.4,7.8,5.1,7.4,6.0,5.2,6.1,5.2,6.1,5.1,6.0,6.2,6.0,6.2,5.1,6.1,6.2,6.3] end: [.....1] [ip4][..tcp] [..192.168.1.178][61805] -> [....82.81.46.13][10443] end: [.....2] [ip4][..tcp] [..192.168.1.178][61806] -> [....82.81.46.13][10443] end: [.....3] [ip4][..tcp] [..192.168.1.178][61811] -> [....82.81.46.13][10443] diff --git a/test/results/flow-info/ftp-start-tls.pcap.out b/test/results/flow-info/ftp-start-tls.pcap.out index 6af809aac..449d4a530 100644 --- a/test/results/flow-info/ftp-start-tls.pcap.out +++ b/test/results/flow-info/ftp-start-tls.pcap.out @@ -11,14 +11,15 @@ detection-update: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Download][Unsafe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Unsafe Protocol, Missing SNI TLS Extn analyse: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.040| 0.005| 0.010| 91.331| 0.000] - [PKTLEN......: 60.000| 566.000| 174.900| 164.200|26956.400| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.040| 0.005| 0.010| 91.331| 3.200] + [PKTLEN......: 46.000| 552.000| 160.900| 164.200| 26956.400| 4.400] [BINS(c->s)..: 4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1] [IATS(ms)....: 0.4,0.1,1.3,15.0,0.1,17.8,3.9,0.1,0.8,0.0,4.3,3.3,0.1,1.0,0.0,0.0,0.0,0.1,0.0,2.6,8.5,40.4,0.1,34.7,4.5,0.7,2.2,1.8,0.3,2.7,2.2] - [PKTLENS.....: 60,60,60,60,127,127,64,60,60,85,85,204,60,60,566,566,269,566,566,269,60,384,105,105,91,136,136,91,136,136,99,144] + [PKTLENS.....: 46,46,46,46,113,113,50,46,46,71,71,190,46,46,552,552,255,552,552,255,46,370,91,91,77,122,122,77,122,122,85,130] + [ENTROPIES...: 4.2,4.8,4.8,4.4,5.4,5.4,5.0,4.3,4.3,5.3,5.3,5.2,4.4,4.4,6.8,7.2,7.0,6.8,7.2,7.0,4.5,7.2,5.9,5.9,5.7,6.2,6.2,5.8,6.3,6.3,6.0,6.3] detection-update: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Download][Unsafe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Unsafe Protocol, Missing SNI TLS Extn idle: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Download][Unsafe] diff --git a/test/results/flow-info/ftp.pcap.out b/test/results/flow-info/ftp.pcap.out index fdd9717dc..b9d7b0b48 100644 --- a/test/results/flow-info/ftp.pcap.out +++ b/test/results/flow-info/ftp.pcap.out @@ -5,27 +5,29 @@ detected: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Download][Unsafe] RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Download][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.090| 0.019| 0.021| 426.190| 0.000] - [PKTLEN......: 66.000| 307.000| 85.900| 42.700| 1824.000| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.090| 0.019| 0.021| 426.190| 4.100] + [PKTLEN......: 52.000| 293.000| 71.900| 42.700| 1824.000| 4.800] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1] [IATS(ms)....: 27.4,27.5,29.0,29.0,0.5,27.7,0.3,27.4,0.2,69.1,21.2,90.0,0.3,27.1,0.0,26.8,0.1,27.0,0.1,26.9,0.0,0.3,27.5,27.3,0.1,0.0,0.7,27.1,26.5,0.1,26.8] - [PKTLENS.....: 78,74,66,86,66,82,66,100,66,79,66,89,66,71,66,100,66,72,81,131,66,66,77,110,66,307,66,96,88,66,71,100] + [PKTLENS.....: 64,60,52,72,52,68,52,86,52,65,52,75,52,57,52,86,52,58,67,117,52,52,63,96,52,293,52,82,74,52,57,86] + [ENTROPIES...: 4.2,5.3,4.9,5.6,4.9,5.4,5.2,5.7,4.9,5.2,5.1,5.7,4.9,5.0,5.0,5.6,4.8,5.0,5.5,5.3,4.9,4.9,5.2,5.7,4.9,5.0,4.9,5.6,5.6,4.9,5.1,5.7] new: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] detected: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] [FTP_DATA][Download][Acceptable] RISK: Known Proto on Non Std Port new: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] analyse: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.030| 0.006| 0.011| 123.407| 0.000] - [PKTLEN......: 66.000| 1506.000| 832.000| 717.500|514855.000| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.030| 0.006| 0.011| 123.407| 3.100] + [PKTLEN......: 52.000| 1492.000| 818.000| 717.500| 514855.000| 4.300] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,1,1,0,1,0,1,1] [IATS(ms)....: 28.8,28.8,29.6,29.6,0.3,0.3,0.6,0.6,0.3,0.5,0.8,0.4,0.4,0.1,0.3,0.0,0.4,0.0,0.3,27.5,27.8,0.2,0.2,1.7,0.1,0.0,1.8,1.9,1.9,0.2,1.8] - [PKTLENS.....: 78,74,66,1506,78,1506,66,1506,66,1506,1506,66,1506,66,1506,1506,1506,66,66,1506,1506,66,1506,66,1506,1506,66,66,1506,66,1506,1506] + [PKTLENS.....: 64,60,52,1492,64,1492,52,1492,52,1492,1492,52,1492,52,1492,1492,1492,52,52,1492,1492,52,1492,52,1492,1492,52,52,1492,52,1492,1492] + [ENTROPIES...: 4.3,5.3,4.9,0.4,5.0,0.4,5.0,0.4,4.8,0.4,0.4,4.9,0.4,4.8,0.4,0.4,0.4,4.9,4.8,0.4,0.4,4.9,0.4,4.8,0.4,0.4,5.2,5.0,0.4,4.8,0.4,0.4] not-detected: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] [Unknown][Unrated] end: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] [Unknown][Unrated] end: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Download][Unsafe] diff --git a/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out index 94591c2d0..75820a1b4 100644 --- a/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out @@ -519,14 +519,15 @@ detection-update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] RISK: Malformed Packet analyse: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.742| 47.495| 20.018| 22.628|512023754.441| 0.000] - [PKTLEN......: 92.000| 92.000| 92.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.742| 47.495| 20.018| 22.628| 512023754.441| 3.900] + [PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 746.3,47494.7,744.6,751.1,46512.3,745.7,46548.5,1500.6,45837.6,749.4,751.1,46756.5,741.8,751.1,45988.0,749.2,47479.8,47268.1,749.4,47258.0,751.1,46297.9,749.8,46628.0,750.2,751.1,45907.7,749.4,751.1,46347.7,750.0] - [PKTLENS.....: 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92] + [PKTLENS.....: 78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78] + [ENTROPIES...: 4.3,4.2,4.2,4.3,4.2,4.2,4.2,4.3,4.3,4.3,4.3,4.3,4.3,4.2,4.2,4.2,4.3,4.2,4.2,4.3,4.2,4.2,4.2,4.3,4.2,4.2,4.3,4.3,4.3,4.3,4.2,3.2] idle: [....76] [ip4][..udp] [..192.168.130.1][...53] -> [....192.168.1.2][.2741] [DNS][Network][Acceptable] idle: [....75] [ip4][..udp] [....192.168.1.2][.2741] -> [....192.168.1.1][...53] update: [....58] [ip4][..120] [....192.168.1.2] -> [..212.242.33.35] @@ -961,14 +962,15 @@ detected: [...165] [ip4][..udp] [....192.168.1.2][.2788] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] new: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2] analyse: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.026| 279.042| 51.474| 59.389|3527099352.613| 0.000] - [PKTLEN......: 47.000| 1118.000| 381.000| 296.200|87757.200| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.026| 279.042| 51.474| 59.389| 3527099352.613| 4.200] + [PKTLEN......: 33.000| 1104.000| 367.000| 296.200| 87757.200| 4.400] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,0,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1] [IATS(ms)....: 17474.8,107207.5,89874.9,17280.7,167478.6,167525.2,17335.8,73902.7,91241.1,17333.2,25.9,17725.0,29031.8,29092.7,68237.2,29272.4,29031.8,29031.6,29031.5,18604.5,279041.8,227.1,15287.5,17115.0,32679.4,257.3,76383.1,29031.1,58063.5,24495.5,17375.1] - [PKTLENS.....: 528,388,509,528,722,528,722,533,528,722,348,512,47,47,47,47,47,47,47,47,867,635,382,47,1118,487,377,47,47,47,480,715] + [PKTLENS.....: 514,374,495,514,708,514,708,519,514,708,334,498,33,33,33,33,33,33,33,33,853,621,368,33,1104,473,363,33,33,33,466,701] + [ENTROPIES...: 5.8,5.8,5.8,5.8,5.8,1.5,3.4,2.9,5.8,4.1,5.8,3.2,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1,5.8,5.8,5.7,4.1,1.5,5.8,4.6,4.1,4.0,4.1,3.3,2.3] ERROR-EVENT: Unknown packet type ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] diff --git a/test/results/flow-info/fuzz-2020-02-16-11740.pcap.out b/test/results/flow-info/fuzz-2020-02-16-11740.pcap.out index c71604825..f00b6bd2e 100644 --- a/test/results/flow-info/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/flow-info/fuzz-2020-02-16-11740.pcap.out @@ -69,14 +69,15 @@ ERROR-EVENT: nDPI IPv4/L4 payload detection failed idle: [.....5] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813] [Radius][Network][Acceptable] analyse: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.155| 612.411| 61.128| 140.850|19838793242.640| 0.000] - [PKTLEN......: 179.000| 745.000| 506.200| 248.200|61618.100| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.155| 612.411| 61.128| 140.850|19838793242.640| 2.700] + [PKTLEN......: 165.000| 731.000| 492.200| 248.200| 61618.100| 4.800] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,4,3,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,1,0,1,0,0] [IATS(ms)....: 155.2,452627.7,595.4,114837.3,612411.2,44261.5,205.2,4046.5,4037.8,201.9,4553.2,187.1,43562.4,202.6,48502.1,3244.5,3442.4,3335.8,3536.4,209.1,201.4,255983.2,256164.3,599.6,6263.0,492.5,7309.6,8000.5,8015.3,522.3,7260.9] - [PKTLENS.....: 697,257,239,318,239,745,179,697,179,697,206,745,697,745,697,206,179,697,745,179,697,206,745,239,725,745,725,318,745,239,725,745] + [PKTLENS.....: 683,243,225,304,225,731,165,683,165,683,192,731,683,731,683,192,165,683,731,165,683,192,731,225,711,731,711,304,731,225,711,731] + [ENTROPIES...: 6.0,2.8,6.3,6.9,6.4,5.6,6.0,6.1,6.0,0.9,6.1,6.0,6.1,2.9,4.1,6.1,6.0,6.0,6.1,6.0,5.0,6.1,6.1,6.4,6.0,6.1,5.5,6.8,6.1,6.5,5.8,4.2] ERROR-EVENT: Unknown L3 protocol new: [....13] [ip4][..udp] [..198.162.25.53][.1810] -> [....10.12.64.30][29200] ERROR-EVENT: Unknown packet type diff --git a/test/results/flow-info/git.pcap.out b/test/results/flow-info/git.pcap.out index 92368f3c6..fcfa3f212 100644 --- a/test/results/flow-info/git.pcap.out +++ b/test/results/flow-info/git.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] detected: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Collaborative][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Collaborative][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.100| 0.025| 0.029| 818.762| 0.000] - [PKTLEN......: 66.000| 2946.000| 704.900| 773.900|598945.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.100| 0.025| 0.029| 818.762| 3.800] + [PKTLEN......: 52.000| 2932.000| 690.900| 773.900| 598945.800| 4.100] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1] [IATS(ms)....: 57.9,58.0,0.1,56.1,43.8,99.9,54.7,54.7,0.5,49.5,48.9,45.5,0.0,17.8,63.4,1.8,0.2,2.0,0.9,0.2,1.1,0.2,0.2,0.7,0.4,1.1,50.6,0.2,50.8,0.5,0.7] - [PKTLENS.....: 74,74,66,135,66,267,66,962,66,593,66,75,66,74,1506,66,1506,1506,66,1506,1506,66,2946,66,1506,1506,66,1506,1506,66,1506,1506] + [PKTLENS.....: 60,60,52,121,52,253,52,948,52,579,52,61,52,60,1492,52,1492,1492,52,1492,1492,52,2932,52,1492,1492,52,1492,1492,52,1492,1492] + [ENTROPIES...: 4.7,5.3,5.1,5.6,5.2,5.7,5.1,5.0,5.2,5.0,5.2,5.3,5.2,5.4,4.9,5.2,6.3,7.8,5.2,7.9,7.9,5.2,7.9,5.0,7.9,7.9,5.2,7.9,7.8,5.1,7.8,7.8] end: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Collaborative][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/gnutella.pcap.out b/test/results/flow-info/gnutella.pcap.out index 46a647992..b3f592cc9 100644 --- a/test/results/flow-info/gnutella.pcap.out +++ b/test/results/flow-info/gnutella.pcap.out @@ -575,32 +575,35 @@ detected: [...327] [ip4][..udp] [......10.0.2.15][28681] -> [...84.28.53.225][44859] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol analyse: [...239] [ip4][..tcp] [......10.0.2.15][50285] -> [..75.133.101.93][52367] [Gnutella][Download][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 8.796| 0.767| 2.113|4465727.373| 0.000] - [PKTLEN......: 54.000| 1514.000| 423.200| 491.700|241767.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 8.796| 0.767| 2.113| 4465727.373| 2.600] + [PKTLEN......: 40.000| 1500.000| 409.200| 491.700| 241767.600| 4.100] [BINS(c->s)..: 9,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1] [IATS(ms)....: 111.8,112.0,0.2,0.6,122.2,123.8,1.7,510.2,510.3,125.4,7.0,133.1,508.5,509.1,643.4,701.9,8737.9,8796.5,643.9,0.1,644.7,118.6,3.0,121.6,121.6,0.1,121.5,120.9,0.1,121.0,117.5] - [PKTLENS.....: 66,58,54,653,54,666,104,54,367,54,196,437,54,82,54,463,54,100,54,1514,1066,54,654,1502,54,1514,642,54,1514,642,54,654] + [PKTLENS.....: 52,44,40,639,40,652,90,40,353,40,182,423,40,68,40,449,40,86,40,1500,1052,40,640,1488,40,1500,628,40,1500,628,40,640] + [ENTROPIES...: 4.6,4.8,4.7,5.8,4.6,5.7,5.6,4.7,7.1,4.6,6.7,7.4,4.7,5.3,4.6,7.4,4.8,5.6,4.6,7.8,7.8,4.7,7.6,7.9,4.7,7.9,7.6,4.7,7.9,7.6,4.7,7.7] analyse: [...238] [ip4][..tcp] [......10.0.2.15][50284] -> [.104.156.226.72][53258] [Gnutella][Download][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 8.218| 0.797| 1.971|3884024.594| 0.000] - [PKTLEN......: 54.000| 1078.000| 296.600| 381.800|145784.600| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 8.218| 0.797| 1.971| 3884024.594| 2.900] + [PKTLEN......: 40.000| 1064.000| 282.600| 381.800| 145784.600| 3.900] [BINS(c->s)..: 12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1] [IATS(ms)....: 128.3,128.7,0.4,0.9,178.6,178.8,0.0,501.2,501.5,98.4,140.7,469.4,511.6,1191.0,1233.5,8175.8,8218.5,772.3,828.1,95.7,89.5,96.9,110.1,405.4,409.6,95.4,89.1,2.8,63.4,0.6,0.6] - [PKTLENS.....: 66,58,54,654,54,682,104,54,367,54,588,54,82,54,456,54,100,54,1078,54,1078,54,1078,54,1078,54,1078,54,69,54,64,54] + [PKTLENS.....: 52,44,40,640,40,668,90,40,353,40,574,40,68,40,442,40,86,40,1064,40,1064,40,1064,40,1064,40,1064,40,55,40,50,40] + [ENTROPIES...: 4.7,4.7,4.6,5.8,4.5,5.7,5.6,4.6,7.2,4.6,7.5,4.7,5.4,4.6,7.3,4.7,5.7,4.6,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.7,4.9,4.6,4.9,4.6] analyse: [...288] [ip4][..tcp] [......10.0.2.15][50312] -> [104.238.172.250][23548] [Gnutella][Download][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 8.692| 0.666| 2.111|4456211.546| 0.000] - [PKTLEN......: 54.000| 682.000| 135.800| 170.000|28912.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 8.692| 0.666| 2.111| 4456211.546| 1.900] + [PKTLEN......: 40.000| 668.000| 121.800| 170.000| 28912.700| 4.100] [BINS(c->s)..: 12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 30.9,31.2,0.4,0.8,29.2,31.6,2.5,501.7,502.0,17.1,17.4,35.1,479.7,480.4,544.2,592.6,8643.7,8692.0,0.6,0.6,0.6,0.6,0.4,0.4,0.5,0.4,0.3,0.4,0.4,0.4,0.4] - [PKTLENS.....: 66,58,54,655,54,682,104,54,367,54,196,384,54,81,54,441,54,108,54,64,54,64,54,64,54,64,54,64,54,64,54,64] + [PKTLENS.....: 52,44,40,641,40,668,90,40,353,40,182,370,40,67,40,427,40,94,40,50,40,50,40,50,40,50,40,50,40,50,40,50] + [ENTROPIES...: 4.5,4.7,4.5,5.8,4.5,5.8,5.6,4.6,7.1,4.4,6.7,7.3,4.7,5.3,4.6,7.4,4.6,5.8,4.5,4.7,4.5,4.7,4.5,4.7,4.5,4.7,4.4,4.7,4.5,4.7,4.5,4.6] new: [...328] [ip4][..udp] [......10.0.2.15][28681] -> [.203.220.105.27][19260] detected: [...328] [ip4][..udp] [......10.0.2.15][28681] -> [.203.220.105.27][19260] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -643,23 +646,25 @@ detected: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol analyse: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Media][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.139| 0.307| 0.464|214847.930| 0.000] - [PKTLEN......: 54.000| 1514.000| 862.800| 665.400|442787.600| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.139| 0.307| 0.464| 214847.930| 3.300] + [PKTLEN......: 40.000| 1500.000| 848.800| 665.400| 442787.600| 4.400] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0,1,1,1,0,1,0,1,1,1,1,0,1,1,1] [IATS(ms)....: 109.0,109.5,0.8,1.6,1123.2,14.9,1138.7,0.5,4.1,0.0,4.4,993.4,0.2,0.0,0.3,993.8,0.1,988.9,0.2,0.0,989.1,4.8,4.8,1004.1,0.1,0.0,0.1,1004.3,1027.6,5.2,0.1] - [PKTLENS.....: 66,58,54,587,54,848,1514,54,1514,1514,118,54,1514,1514,1514,912,54,54,1514,1514,1514,54,912,54,1514,1514,1514,912,54,1514,1514,1514] + [PKTLENS.....: 52,44,40,573,40,834,1500,40,1500,1500,104,40,1500,1500,1500,898,40,40,1500,1500,1500,40,898,40,1500,1500,1500,898,40,1500,1500,1500] + [ENTROPIES...: 4.6,4.6,4.6,5.9,4.5,6.0,0.6,4.8,0.3,0.3,2.4,4.7,0.6,0.5,0.6,5.6,4.7,4.8,7.8,7.8,7.7,4.6,7.7,4.7,7.7,7.8,7.8,7.7,4.8,7.8,7.7,7.8] analyse: [...276] [ip4][..tcp] [......10.0.2.15][50300] -> [..188.61.52.183][11852] [Gnutella][Download][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 13.802| 1.828| 3.934|15478358.540| 0.000] - [PKTLEN......: 54.000| 1514.000| 212.900| 294.000|86413.100| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 13.802| 1.828| 3.934| 15478358.540| 2.800] + [PKTLEN......: 40.000| 1500.000| 198.900| 294.000| 86413.100| 4.000] [BINS(c->s)..: 8,1,2,1,1,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,1,0,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0] [IATS(ms)....: 17.2,17.4,3.5,3.9,14.2,15.0,0.7,2.8,2.9,25.8,0.0,26.1,9.0,9.3,15.9,71.8,495.6,483.5,221.2,265.2,15.6,77.3,487.6,467.7,9469.0,9510.7,13761.0,13801.6,1593.6,1634.0,4141.0] - [PKTLENS.....: 66,58,54,653,54,713,125,54,318,54,1514,194,54,180,54,105,54,233,54,418,54,401,54,521,54,129,54,125,54,190,54,115] + [PKTLENS.....: 52,44,40,639,40,699,111,40,304,40,1500,180,40,166,40,91,40,219,40,404,40,387,40,507,40,115,40,111,40,176,40,101] + [ENTROPIES...: 4.6,4.8,4.8,5.8,4.6,5.7,5.6,4.7,5.3,4.7,7.7,6.7,4.7,6.3,4.6,5.2,4.8,6.9,4.8,7.5,4.7,7.4,4.7,7.5,4.8,6.0,4.6,5.8,4.8,6.7,4.6,5.9] update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] @@ -746,14 +751,15 @@ detected: [...344] [ip4][..udp] [......10.0.2.15][28681] -> [.207.38.163.228][.6778] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol analyse: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Media][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.215| 0.581| 0.506|255907.955| 0.000] - [PKTLEN......: 54.000| 1514.000| 789.100| 623.900|389219.000| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.215| 0.581| 0.506| 255907.955| 4.200] + [PKTLEN......: 40.000| 1500.000| 775.100| 623.900| 389219.000| 4.400] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1] [IATS(ms)....: 193.6,195.3,1.8,3.7,1208.8,5.6,0.1,1214.8,993.3,0.1,993.5,1040.3,0.1,1040.5,1001.3,0.1,1001.5,998.2,0.1,998.2,1008.3,0.2,1008.5,1046.8,0.1,1046.9,1000.2,0.1,1000.3,1013.4,0.0] - [PKTLENS.....: 66,58,54,592,54,860,1514,340,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146,54,1514,1146] + [PKTLENS.....: 52,44,40,578,40,846,1500,326,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132] + [ENTROPIES...: 4.6,4.8,4.7,5.9,4.6,5.9,7.8,7.3,4.7,7.8,7.8,4.8,7.8,7.8,4.8,7.9,7.8,4.7,7.9,7.8,4.8,7.8,7.8,4.7,7.9,7.8,4.8,7.9,7.8,4.8,7.8,7.8] new: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] detected: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] [HTTP.Gnutella][Download][Potentially Dangerous] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, Unsafe Protocol @@ -843,14 +849,15 @@ new: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] new: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] analyse: [....93] [ip4][..tcp] [......10.0.2.15][50248] -> [109.214.154.216][.6346] [Gnutella][Download][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 22.685| 3.465| 6.256|39132462.055| 0.000] - [PKTLEN......: 54.000| 1078.000| 152.200| 217.400|47264.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 22.685| 3.465| 6.256| 39132462.055| 3.300] + [PKTLEN......: 40.000| 1064.000| 138.200| 217.400| 47264.800| 4.000] [BINS(c->s)..: 9,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,2,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,1,1,0,0,1,0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1] [IATS(ms)....: 399.9,400.2,2.6,3.1,879.2,880.3,1.1,343.3,15.8,359.6,3.0,2.2,5.1,145.1,145.6,10048.7,10048.7,469.5,2.7,472.7,3557.8,3604.1,6175.3,6222.2,413.8,464.5,22633.8,22684.6,605.3,605.0,15818.9] - [PKTLENS.....: 66,58,54,358,54,337,157,54,132,776,54,67,72,54,163,54,118,54,1078,59,54,136,54,84,54,227,54,66,54,137,54,76] + [PKTLENS.....: 52,44,40,344,40,323,143,40,118,762,40,53,58,40,149,40,104,40,1064,45,40,122,40,70,40,213,40,52,40,123,40,62] + [ENTROPIES...: 4.6,4.8,4.6,5.8,4.5,5.6,5.6,4.6,5.6,7.7,4.7,4.7,4.9,4.6,6.3,4.5,5.9,4.5,7.8,4.3,4.8,6.2,4.8,5.5,4.6,6.6,4.7,4.8,4.6,6.2,4.6,4.9] new: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] new: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] new: [...355] [ip4][..udp] [......10.0.2.15][28681] -> [.181.118.53.212][29998] @@ -1171,14 +1178,15 @@ update: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] analyse: [....94] [ip4][..tcp] [......10.0.2.15][50249] -> [.86.208.180.181][45883] [Gnutella][Download][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 55.455| 7.491| 14.262|203411798.622| 0.000] - [PKTLEN......: 54.000| 1119.000| 170.900| 244.600|59812.500| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 55.455| 7.491| 14.262| 203411798.622| 3.200] + [PKTLEN......: 40.000| 1105.000| 156.900| 244.600| 59812.500| 4.000] [BINS(c->s)..: 11,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,0,0,1,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,0,0] [IATS(ms)....: 107.0,107.3,0.3,0.8,178.4,179.8,1.4,41.0,98.0,375.7,432.9,10046.8,10046.8,42.3,94.5,6595.0,6594.8,3591.9,3643.9,39.2,93.5,24009.1,24063.3,605.1,604.8,14641.1,23.8,14665.3,55396.9,55455.4,453.2] - [PKTLENS.....: 66,58,54,357,54,337,157,54,926,54,163,54,118,54,1119,54,214,54,84,54,203,54,66,54,137,54,78,503,54,64,54,63] + [PKTLENS.....: 52,44,40,343,40,323,143,40,912,40,149,40,104,40,1105,40,200,40,70,40,189,40,52,40,123,40,64,489,40,50,40,49] + [ENTROPIES...: 4.6,4.6,4.7,5.8,4.6,5.6,5.7,4.6,7.7,4.8,6.3,4.5,6.0,4.6,7.8,4.8,6.7,4.7,5.5,4.6,6.6,4.8,4.9,4.7,6.3,4.7,5.1,7.5,4.8,4.6,4.8,4.6] end: [....35] [ip4][..tcp] [......10.0.2.15][50196] -> [...218.250.6.59][12556] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol end: [....46] [ip4][..tcp] [......10.0.2.15][50206] -> [175.181.156.244][.8255] [Gnutella][Download][Potentially Dangerous] diff --git a/test/results/flow-info/googledns_android10.pcap.out b/test/results/flow-info/googledns_android10.pcap.out index 0900038ef..d8fdd5105 100644 --- a/test/results/flow-info/googledns_android10.pcap.out +++ b/test/results/flow-info/googledns_android10.pcap.out @@ -24,14 +24,15 @@ detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.447| 0.072| 0.122|14825.912| 0.000] - [PKTLEN......: 66.000| 1484.000| 282.200| 356.700|127227.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.447| 0.072| 0.122| 14825.912| 3.500] + [PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100] [BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0] [IATS(ms)....: 12.8,14.6,0.3,14.8,16.2,1.1,0.1,31.1,1.0,0.5,12.5,28.6,36.9,41.2,19.2,12.5,6.2,5.0,24.3,307.1,326.2,13.8,74.3,386.7,447.4,5.0,23.8,155.7,173.7,5.0,23.2] - [PKTLENS.....: 74,74,66,220,66,1484,1484,305,66,66,66,159,358,225,66,225,565,66,565,66,225,66,565,66,225,66,565,66,225,66,565,66] + [PKTLENS.....: 60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,211,551,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52] + [ENTROPIES...: 4.3,5.0,5.0,5.4,5.0,7.1,7.5,7.1,5.1,5.0,5.1,6.1,7.1,6.7,5.0,6.8,7.6,4.9,7.6,5.1,6.8,5.1,7.5,5.1,6.8,5.0,7.6,5.1,6.8,5.0,7.6,5.1] new: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] detected: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Network][Acceptable] new: [.....6] [ip4][..tcp] [........8.8.4.4][..853] -> [..192.168.1.159][47968] [MIDSTREAM] @@ -42,14 +43,15 @@ detection-update: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.254| 0.185| 0.342|116761.002| 0.000] - [PKTLEN......: 66.000| 583.000| 212.200| 197.900|39161.300| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.254| 0.185| 0.342| 116761.002| 3.200] + [PKTLEN......: 52.000| 569.000| 198.200| 197.900| 39161.300| 4.400] [BINS(c->s)..: 8,1,0,0,6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,1] [IATS(ms)....: 12.7,14.1,0.9,14.9,0.1,14.2,1.1,19.6,19.1,13.8,1.3,58.4,651.3,715.0,3.8,23.3,1234.1,1253.7,12.5,32.7,484.0,503.7,3.8,30.8,265.4,292.4,20.3,12.6,11.8,7.4,12.6] - [PKTLENS.....: 74,74,66,583,66,213,66,117,66,225,66,565,66,225,66,565,66,225,66,565,66,225,66,565,66,225,66,225,565,66,66,565] + [PKTLENS.....: 60,60,52,569,52,199,52,103,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,211,551,52,52,551] + [ENTROPIES...: 4.2,4.9,4.8,6.2,4.7,6.1,4.8,5.5,4.8,6.8,4.7,7.5,4.8,6.8,4.8,7.5,4.8,6.7,4.9,7.6,4.9,6.7,4.8,7.6,4.9,6.8,4.9,6.8,7.6,4.9,4.9,7.6] update: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Network][Acceptable] idle: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Network][Acceptable] guessed: [.....1] [ip4][..tcp] [........8.8.8.8][..853] -> [..192.168.1.159][55856] [DoH_DoT.Google][Web][Acceptable] @@ -68,14 +70,15 @@ detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 5.704| 0.390| 1.388|1925240.193| 0.000] - [PKTLEN......: 66.000| 1484.000| 282.200| 356.700|127227.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 5.704| 0.390| 1.388| 1925240.193| 1.500] + [PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100] [BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1] [IATS(ms)....: 14.4,41.9,9.2,49.9,17.6,0.1,0.1,32.5,0.5,0.1,15.4,30.8,15.7,19.9,22.6,85.5,5640.7,5703.8,20.5,7.6,6.2,13.7,17.6,31.1,85.4,103.7,33.2,18.8,6.3,16.2,17.6] - [PKTLENS.....: 74,74,66,220,66,1484,1484,305,66,66,66,159,358,225,66,565,66,225,66,225,565,66,66,565,66,225,66,225,565,66,66,565] + [PKTLENS.....: 60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,551,52,211,52,211,551,52,52,551,52,211,52,211,551,52,52,551] + [ENTROPIES...: 4.3,5.0,4.9,5.4,4.8,7.0,7.5,7.1,4.9,5.0,4.9,5.9,7.0,6.8,4.9,7.5,5.0,6.8,4.9,6.7,7.6,5.0,4.8,7.6,4.8,6.8,4.6,6.8,7.5,5.0,4.9,7.5] end: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] RISK: TLS (probably) Not Carrying HTTPS idle: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] diff --git a/test/results/flow-info/http-manipulated.pcap.out b/test/results/flow-info/http-manipulated.pcap.out index 354830f60..30520a457 100644 --- a/test/results/flow-info/http-manipulated.pcap.out +++ b/test/results/flow-info/http-manipulated.pcap.out @@ -10,14 +10,15 @@ detected: [.....2] [ip4][..tcp] [...192.168.0.20][33684] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..tcp] [...192.168.0.20][33684] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.073| 0.005| 0.018| 320.351| 0.000] - [PKTLEN......: 54.000| 5894.000| 1464.400| 1938.500|3757919.200| 3.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.073| 0.005| 0.018| 320.351| 1.200] + [PKTLEN......: 40.000| 5880.000| 1450.400| 1938.500| 3757919.500| 3.700] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,10] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 0.2,0.2,0.1,0.3,0.2,0.4,72.8,73.1,0.2,0.4,0.1,0.1,0.0,0.0,0.0,0.0,0.1,0.1,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] - [PKTLENS.....: 66,66,54,440,60,631,54,389,60,2974,54,4434,54,2974,54,4434,54,1514,54,4434,54,2974,54,4434,54,1514,54,5894,54,5894,54,2974] + [PKTLENS.....: 52,52,40,426,46,617,40,375,46,2960,40,4420,40,2960,40,4420,40,1500,40,4420,40,2960,40,4420,40,1500,40,5880,40,5880,40,2960] + [ENTROPIES...: 4.6,4.8,4.7,5.7,4.3,5.7,4.7,5.6,4.3,7.8,4.7,7.9,4.7,7.8,4.6,7.9,4.7,7.7,4.7,7.9,4.7,7.8,4.7,7.8,4.6,7.7,4.6,7.9,4.7,7.9,4.7,7.9] end: [.....1] [ip4][..tcp] [...192.168.0.20][33632] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port end: [.....2] [ip4][..tcp] [...192.168.0.20][33684] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] diff --git a/test/results/flow-info/http_auth.pcap.out b/test/results/flow-info/http_auth.pcap.out index b9b0d844b..f5497f955 100644 --- a/test/results/flow-info/http_auth.pcap.out +++ b/test/results/flow-info/http_auth.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] detected: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Web][Acceptable] analyse: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.862| 0.405| 1.194|1424465.723| 0.000] - [PKTLEN......: 66.000| 1514.000| 640.900| 665.600|443042.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.862| 0.405| 1.194| 1424465.723| 2.200] + [PKTLEN......: 52.000| 1500.000| 626.900| 665.600| 443042.200| 4.100] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0] [IATS(ms)....: 180.0,180.1,0.1,194.0,206.4,1.3,401.5,0.6,0.6,0.7,0.7,4.0,4.6,8.7,4.6,3.0,7.6,3.3,5.3,8.6,159.0,4.0,163.0,3.6,4.2,7.9,2.6,2.6,4861.8,4861.8,1269.0] - [PKTLENS.....: 78,74,66,805,66,1514,551,66,145,66,288,66,1514,1514,66,1514,1514,66,1514,1514,66,1514,1514,66,1514,1514,66,989,66,66,66,66] + [PKTLENS.....: 64,60,52,791,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,975,52,52,52,52] + [ENTROPIES...: 4.4,5.1,5.1,5.9,5.0,5.4,5.6,5.1,5.4,5.0,5.6,5.1,5.4,5.1,5.0,5.0,5.1,5.1,5.1,5.1,5.1,5.1,5.2,5.1,5.4,5.4,5.0,5.7,5.0,5.0,5.1,5.1] end: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/http_connect.pcap.out b/test/results/flow-info/http_connect.pcap.out index c69fcad18..391408a9d 100644 --- a/test/results/flow-info/http_connect.pcap.out +++ b/test/results/flow-info/http_connect.pcap.out @@ -10,23 +10,25 @@ detected: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] detection-update: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] analyse: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.016| 0.003| 0.005| 23.691| 0.000] - [PKTLEN......: 66.000| 1450.000| 563.000| 627.700|394029.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.016| 0.003| 0.005| 23.691| 3.400] + [PKTLEN......: 52.000| 1436.000| 549.000| 627.700| 394029.600| 4.000] [BINS(c->s)..: 13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 8.8,8.9,2.8,11.3,7.5,16.0,0.1,0.1,0.0,0.0,0.0,0.0,7.3,0.5,15.0,0.0,4.0,11.3,0.7,0.7,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.1,0.0,0.0,0.1] - [PKTLENS.....: 74,74,66,583,66,1450,66,1450,66,1450,66,985,66,130,555,66,66,125,66,1450,66,1450,66,1450,66,1450,66,1450,66,1450,66,1450] + [PKTLENS.....: 60,60,52,569,52,1436,52,1436,52,1436,52,971,52,116,541,52,52,111,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436] + [ENTROPIES...: 4.7,5.1,5.1,5.3,5.1,7.8,5.1,7.9,5.1,7.9,5.1,7.8,5.1,6.1,7.6,5.0,5.0,6.1,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.0,7.9,5.1,7.9] analyse: [.....1] [ip4][..tcp] [..192.168.1.103][.1714] -> [..192.168.1.146][.8080] [HTTP_Connect][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.053| 0.007| 0.013| 164.772| 0.000] - [PKTLEN......: 54.000| 5590.000| 813.000| 1594.600|2542806.200| 3.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.053| 0.007| 0.013| 164.772| 3.400] + [PKTLEN......: 40.000| 5576.000| 799.000| 1594.600| 2542806.000| 3.200] [BINS(c->s)..: 7,0,2,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,4] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1] [IATS(ms)....: 0.0,2.7,0.4,3.1,9.6,12.4,2.7,16.2,17.3,6.1,7.2,0.5,0.5,0.0,0.0,11.4,0.7,0.1,0.2,12.6,0.0,0.2,0.0,0.1,0.1,0.7,4.0,50.2,53.4,1.2,1.2] - [PKTLENS.....: 66,66,60,257,54,130,571,54,5125,60,118,54,224,54,373,54,113,5590,2822,1438,85,60,54,60,5590,1438,963,60,187,54,129,54] + [PKTLENS.....: 52,52,46,243,40,116,557,40,5111,46,104,40,210,40,359,40,99,5576,2808,1424,71,46,40,46,5576,1424,949,46,173,40,115,40] + [ENTROPIES...: 4.4,4.8,4.5,5.7,4.6,5.7,5.2,4.6,8.0,4.5,6.1,4.7,7.0,4.7,7.4,4.6,6.0,8.0,7.9,7.9,5.6,4.4,4.6,4.5,8.0,7.9,7.8,4.5,6.7,4.7,6.3,4.7] idle: [.....2] [ip4][..udp] [..192.168.1.146][47767] -> [....192.168.1.2][...53] [DNS][Network][Acceptable] idle: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] idle: [.....1] [ip4][..tcp] [..192.168.1.103][.1714] -> [..192.168.1.146][.8080] [HTTP_Connect][Web][Acceptable] diff --git a/test/results/flow-info/http_ipv6.pcap.out b/test/results/flow-info/http_ipv6.pcap.out index c4685a89c..6f9e25ff3 100644 --- a/test/results/flow-info/http_ipv6.pcap.out +++ b/test/results/flow-info/http_ipv6.pcap.out @@ -9,14 +9,15 @@ new: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [MIDSTREAM] new: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] analyse: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.002| 6.009| 0.604| 1.486|2208638.173| 0.000] - [PKTLEN......: 91.000| 1412.000| 340.600| 376.200|141514.900| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.002| 6.009| 0.604| 1.486| 2208638.173| 2.800] + [PKTLEN......: 77.000| 1398.000| 326.600| 376.200| 141514.900| 4.300] [BINS(c->s)..: 0,9,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0] [BINS(s->c)..: 2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0] [IATS(ms)....: 25.4,26.2,172.4,219.5,15.7,87.2,38.8,110.2,47.0,1.5,26.7,45.8,1752.5,1778.7,6.8,78.3,246.6,318.1,6008.8,6008.7,4.8,76.9,102.6,174.5,2.4,73.9,70.9,142.5,2.9,74.3,992.4] - [PKTLENS.....: 1412,1412,99,1216,94,674,102,252,94,102,581,102,91,257,94,637,105,102,94,262,91,589,105,263,94,586,102,264,94,561,102,265] + [PKTLENS.....: 1398,1398,85,1202,80,660,88,238,80,88,567,88,77,243,80,623,91,88,80,248,77,575,91,249,80,572,88,250,80,547,88,251] + [ENTROPIES...: 4.7,7.9,5.3,7.8,5.2,7.6,5.4,6.9,5.2,5.4,7.5,5.4,4.9,6.9,5.2,7.7,5.6,5.5,5.2,7.0,4.9,7.6,5.5,6.9,5.3,7.6,5.5,6.9,5.2,7.6,5.4,7.0] new: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] new: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] detected: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] diff --git a/test/results/flow-info/iax.pcap.out b/test/results/flow-info/iax.pcap.out index c37a7d6e1..3fc35effc 100644 --- a/test/results/flow-info/iax.pcap.out +++ b/test/results/flow-info/iax.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] detected: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][VoIP][Acceptable] analyse: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 0.051| 0.019| 0.011| 120.322| 0.000] - [PKTLEN......: 54.000| 214.000| 175.500| 59.500| 3538.200| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 0.051| 0.019| 0.011| 120.322| 4.700] + [PKTLEN......: 40.000| 200.000| 161.500| 59.500| 3538.200| 4.900] [BINS(c->s)..: 3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 2.2,5.1,7.7,24.4,24.4,24.7,16.9,51.4,9.6,12.3,14.1,6.9,22.8,16.8,31.3,17.9,20.0,11.5,43.2,21.3,13.9,17.1,22.6,0.9,20.5,34.1,6.9,21.0,19.9,18.0,29.1] - [PKTLENS.....: 108,54,54,60,54,60,206,214,214,60,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206,206] + [PKTLENS.....: 94,40,40,46,40,46,192,200,200,46,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192] + [ENTROPIES...: 4.7,4.3,4.4,4.4,4.4,4.4,1.3,1.5,1.3,4.3,1.1,1.3,1.9,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3,1.3] idle: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][VoIP][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/icmp-tunnel.pcap.out b/test/results/flow-info/icmp-tunnel.pcap.out index 0a7b37bd5..83a7a18a3 100644 --- a/test/results/flow-info/icmp-tunnel.pcap.out +++ b/test/results/flow-info/icmp-tunnel.pcap.out @@ -5,14 +5,15 @@ detected: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Network][Acceptable] RISK: Malformed Packet analyse: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.999| 13.999| 1.420| 2.297|5274800.751| 0.000] - [PKTLEN......: 126.000| 126.000| 126.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.999| 13.999| 1.420| 2.297| 5274800.751| 4.200] + [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 998.8,1000.0,1000.1,1000.0,1000.1,1000.1,1000.0,1000.0,1000.0,1000.1,1000.0,1000.0,1000.0,999.9,13999.4,1001.2,1001.2,1001.0,1001.0,1001.1,1001.1,1001.0,1000.9,1000.9,1000.9,1001.1,1001.1,1001.0,1001.0,1001.0,1001.0] - [PKTLENS.....: 126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126,126] + [PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112] + [ENTROPIES...: 5.6,5.6,5.7,5.7,5.7,5.6,5.6,5.6,5.6,5.6,5.6,5.7,5.7,5.6,5.7,5.7,5.7,5.7,5.6,5.7,5.6,5.7,5.6,5.7,5.6,5.7,5.6,5.6,5.7,5.7,5.7,5.7] update: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Network][Acceptable] RISK: Malformed Packet update: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Network][Acceptable] diff --git a/test/results/flow-info/iec60780-5-104.pcap.out b/test/results/flow-info/iec60780-5-104.pcap.out index 24f21aa6e..1d1354188 100644 --- a/test/results/flow-info/iec60780-5-104.pcap.out +++ b/test/results/flow-info/iec60780-5-104.pcap.out @@ -21,13 +21,14 @@ end: [.....4] [ip4][..tcp] [.172.27.248.109][.1572] -> [..172.27.248.79][.2404] [IEC60870][IoT-Scada][Acceptable] end: [.....5] [ip4][..tcp] [.172.27.248.109][.1577] -> [..172.27.248.79][.2404] [IEC60870][IoT-Scada][Acceptable] analyse: [.....6] [ip4][..tcp] [.172.27.248.109][.1578] -> [..172.27.248.79][.2404] [IEC60870][IoT-Scada][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 32.516| 11.085| 10.877|118310385.484| 0.000] - [PKTLEN......: 54.000| 118.000| 65.600| 11.500| 132.400| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 32.516| 11.085| 10.877| 118310385.484| 4.100] + [PKTLEN......: 40.000| 104.000| 51.600| 11.500| 132.400| 5.000] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1] [IATS(ms)....: 0.1,0.3,1.2,4.3,153.9,32516.1,32485.0,17329.0,17462.6,171.2,19844.6,20033.2,171.5,19860.3,20118.3,25436.2,25352.0,204.3,19828.9,20215.2,5341.8,5765.2,10455.9,10671.3,13.9,15.2,139.9,131.3,218.7,19641.5,20056.0] - [PKTLENS.....: 62,62,60,60,60,60,70,60,70,118,60,60,70,60,60,54,70,76,60,60,54,70,60,70,76,70,76,60,77,60,60,54] + [PKTLENS.....: 48,48,46,46,46,46,56,46,56,104,46,46,56,46,46,40,56,62,46,46,40,56,46,56,62,56,62,46,63,46,46,40] + [ENTROPIES...: 4.6,4.9,4.4,4.7,4.7,4.5,4.6,4.5,4.8,4.8,4.5,4.9,4.9,4.5,4.9,4.8,5.1,5.0,4.5,4.9,4.8,4.8,4.5,5.1,5.0,5.0,5.0,4.5,5.0,4.5,4.9,4.8] end: [.....6] [ip4][..tcp] [.172.27.248.109][.1578] -> [..172.27.248.79][.2404] [IEC60870][IoT-Scada][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/imap-starttls.pcap.out b/test/results/flow-info/imap-starttls.pcap.out index 6e411e3ee..4d92af5e1 100644 --- a/test/results/flow-info/imap-starttls.pcap.out +++ b/test/results/flow-info/imap-starttls.pcap.out @@ -11,14 +11,15 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Email][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.678| 0.188| 0.378|143010.873| 0.000] - [PKTLEN......: 54.000| 1514.000| 249.200| 424.600|180326.200| 3.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.678| 0.188| 0.378| 143010.873| 3.300] + [PKTLEN......: 40.000| 1500.000| 235.200| 424.600| 180326.200| 3.600] [BINS(c->s)..: 15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1] [IATS(ms)....: 189.8,189.9,188.3,188.3,0.1,192.5,0.3,192.6,0.2,186.5,0.0,186.4,0.4,197.4,0.2,197.1,2.0,0.2,2.2,0.1,3.7,191.6,187.9,1487.0,1677.8,0.2,190.8,0.0,0.3,0.0,189.4] - [PKTLENS.....: 78,66,54,325,54,68,60,281,54,66,86,60,54,372,1514,1514,54,1514,636,54,54,180,105,54,93,133,85,54,54,85,54,60] + [PKTLENS.....: 64,52,40,311,40,54,46,267,40,52,72,46,40,358,1500,1500,40,1500,622,40,40,166,91,40,79,119,71,40,40,71,40,46] + [ENTROPIES...: 4.6,4.7,4.5,5.4,4.7,5.1,4.5,5.2,4.7,5.0,5.3,4.5,4.8,5.4,6.9,7.2,4.7,7.1,7.7,4.4,4.7,6.5,5.5,4.7,5.7,6.1,5.1,4.7,4.7,5.5,4.5,3.9] detection-update: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Email][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn end: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Email][Safe] diff --git a/test/results/flow-info/imap.pcap.out b/test/results/flow-info/imap.pcap.out index 1e029c299..ce031bfd9 100644 --- a/test/results/flow-info/imap.pcap.out +++ b/test/results/flow-info/imap.pcap.out @@ -5,14 +5,15 @@ detected: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Email][Unsafe] RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Email][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.331| 0.295| 1.060|1123749.069| 0.000] - [PKTLEN......: 66.000| 762.000| 115.900| 125.900|15857.500| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.331| 0.295| 1.060| 1123749.069| 1.400] + [PKTLEN......: 52.000| 748.000| 101.900| 125.900| 15857.500| 4.400] [BINS(c->s)..: 18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1] [IATS(ms)....: 0.1,0.1,12.9,12.9,0.2,0.4,36.9,36.8,0.1,4330.0,4331.4,1.4,16.8,17.3,39.9,39.5,0.1,0.2,0.6,39.7,39.4,0.1,0.9,1.3,39.0,38.7,0.1,0.1,10.8,47.8,37.2] - [PKTLENS.....: 74,74,66,108,66,85,131,66,98,66,92,93,66,86,87,66,123,66,86,87,66,123,66,87,78,66,325,66,139,178,66,762] + [PKTLENS.....: 60,60,52,94,52,71,117,52,84,52,78,79,52,72,73,52,109,52,72,73,52,109,52,73,64,52,311,52,125,164,52,748] + [ENTROPIES...: 4.5,5.0,4.9,5.5,4.9,5.2,5.6,4.8,5.5,4.9,5.4,5.5,5.0,5.2,5.3,4.9,5.6,4.9,5.2,5.3,5.0,5.6,5.0,5.4,5.2,5.0,5.6,4.9,5.6,5.8,4.9,5.5] idle: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Email][Unsafe] RISK: Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/imo.pcap.out b/test/results/flow-info/imo.pcap.out index 44b07de58..b68fc79d1 100644 --- a/test/results/flow-info/imo.pcap.out +++ b/test/results/flow-info/imo.pcap.out @@ -6,23 +6,25 @@ new: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] detected: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][VoIP][Acceptable] analyse: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.464| 0.060| 0.120|14499.616| 0.000] - [PKTLEN......: 43.000| 149.000| 57.000| 23.000| 529.800| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.464| 0.060| 0.120| 14499.616| 3.200] + [PKTLEN......: 29.000| 135.000| 43.000| 23.000| 529.800| 4.900] [BINS(c->s)..: 15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0] [IATS(ms)....: 36.2,20.9,69.2,11.2,11.0,10.9,11.9,60.3,17.6,7.2,0.0,9.9,379.0,463.8,100.2,9.5,9.9,20.9,0.0,106.5,0.3,0.2,0.2,0.1,19.5,7.8,19.7,23.2,8.0,3.7,407.5] - [PKTLENS.....: 43,43,149,52,52,52,52,52,52,52,52,52,52,43,142,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52] + [PKTLENS.....: 29,29,135,38,38,38,38,38,38,38,38,38,38,29,128,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38] + [ENTROPIES...: 4.4,4.5,6.6,4.3,4.3,4.3,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.4,6.4,4.5,4.5,4.5,4.5,4.5,4.4,4.4,4.4,4.5,4.5,4.5,4.4,4.5,4.4,4.5,4.5,4.3] analyse: [.....1] [ip4][..udp] [.192.168.12.169][49207] -> [.185.155.137.30][36535] [IMO][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.003| 0.138| 0.306|93428.728| 0.000] - [PKTLEN......: 52.000| 1266.000| 433.400| 488.900|239046.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.003| 0.138| 0.306| 93428.728| 2.800] + [PKTLEN......: 38.000| 1252.000| 419.400| 488.900| 239046.100| 4.100] [BINS(c->s)..: 0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 0.4,41.3,0.0,43.4,10.8,2.2,0.3,10.5,8.1,9.4,10.0,55.7,0.1,0.0,9.7,18.5,13.5,0.3,9.8,9.7,9.6,13.5,0.0,69.3,127.2,99.8,16.6,835.4,861.7,1002.8,1002.6] - [PKTLENS.....: 242,371,53,160,1266,1266,224,242,1266,1266,1266,1266,122,266,53,1266,52,1266,242,52,52,52,52,53,226,139,361,138,242,53,242,53] + [PKTLENS.....: 228,357,39,146,1252,1252,210,228,1252,1252,1252,1252,108,252,39,1252,38,1252,228,38,38,38,38,39,212,125,347,124,228,39,228,39] + [ENTROPIES...: 7.0,7.4,4.2,6.6,7.8,7.9,7.0,6.9,7.8,7.8,7.9,7.8,6.2,7.1,4.1,7.8,4.3,7.9,6.9,4.4,4.4,4.4,4.4,4.2,6.9,6.3,7.5,6.4,6.9,4.2,6.9,4.2] idle: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][VoIP][Acceptable] idle: [.....1] [ip4][..udp] [.192.168.12.169][49207] -> [.185.155.137.30][36535] [IMO][VoIP][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/instagram.pcap.out b/test/results/flow-info/instagram.pcap.out index 45d5631f2..4a0f79e12 100644 --- a/test/results/flow-info/instagram.pcap.out +++ b/test/results/flow-info/instagram.pcap.out @@ -9,14 +9,15 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] [TLS.Instagram][SocialNetwork][Fun] RISK: Obsolete TLS (v1.1 or older) analyse: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.572| 0.136| 0.382|146017.665| 0.000] - [PKTLEN......: 66.000| 1464.000| 682.500| 663.900|440818.000| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.572| 0.136| 0.382| 146017.665| 2.200] + [PKTLEN......: 52.000| 1450.000| 668.500| 663.900| 440818.000| 4.200] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,11,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 88.9,75.9,165.0,1522.7,1572.5,340.3,390.0,2.2,2.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,29.9,30.0,0.7,0.7,0.7,0.7] - [PKTLENS.....: 1431,66,679,66,1063,66,1464,66,209,66,1464,66,1297,66,1464,66,1464,66,1464,66,1464,66,1464,66,1464,66,1464,66,1464,66,1464,66] + [PKTLENS.....: 1417,52,665,52,1049,52,1450,52,195,52,1450,52,1283,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52] + [ENTROPIES...: 7.9,5.1,7.7,5.0,7.8,5.0,7.9,5.1,6.7,5.1,7.9,5.1,7.8,5.1,7.9,5.0,7.8,5.1,7.9,5.1,7.8,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.1] detection-update: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] [TLS.Facebook][SocialNetwork][Fun] new: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][SocialNetwork][Fun] @@ -27,35 +28,38 @@ new: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][SocialNetwork][Fun] analyse: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.033| 0.003| 0.008| 64.366| 0.000] - [PKTLEN......: 66.000| 1484.000| 1226.200| 538.200|289645.800| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.033| 0.003| 0.008| 64.366| 2.900] + [PKTLEN......: 52.000| 1470.000| 1212.200| 538.200| 289645.800| 4.800] [BINS(c->s)..: 5,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0] [DIRECTIONS..: 0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,1,1,1,1,1,0,1] [IATS(ms)....: 32.7,33.1,0.8,0.7,1.8,2.1,0.1,0.0,0.3,0.4,0.7,0.6,0.6,0.6,0.6,0.6,0.6,0.6,11.0,1.9,2.0,0.4,0.3,0.8,1.1,0.5,0.5,0.4,0.8,4.1,0.5] - [PKTLENS.....: 326,1484,66,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,1484,66,1484,66,1484,66,1484,1484,1484,1484,1484,1484,66,1484] + [PKTLENS.....: 312,1470,52,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,52,1470,52,1470,52,1470,1470,1470,1470,1470,1470,52,1470] + [ENTROPIES...: 5.9,7.3,5.1,7.7,7.7,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.7,7.7,7.8,7.7,5.1,7.8,5.1,7.6,5.1,7.8,7.8,7.7,7.7,7.8,7.5,5.1,7.8] analyse: [.....4] [ip4][..tcp] [..192.168.0.103][57936] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.112| 0.011| 0.030| 883.414| 0.000] - [PKTLEN......: 66.000| 1484.000| 785.400| 697.700|486813.200| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.112| 0.011| 0.030| 883.414| 2.300] + [PKTLEN......: 52.000| 1470.000| 771.400| 697.700| 486813.200| 4.300] [BINS(c->s)..: 14,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,15,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,1,0,1,0,1] [IATS(ms)....: 56.8,57.1,1.2,1.0,0.6,0.6,0.4,0.4,0.5,0.5,0.7,0.7,1.3,1.3,1.2,1.2,0.5,0.5,0.4,0.5,111.5,0.0,112.0,0.3,1.3,0.1,0.0,1.0,0.9,0.8,0.5] - [PKTLENS.....: 319,1484,66,1445,66,1484,66,1484,66,1484,66,1484,66,186,66,1484,66,1484,66,1484,66,1484,1484,66,66,1484,1484,1484,66,1484,66,1484] + [PKTLENS.....: 305,1470,52,1431,52,1470,52,1470,52,1470,52,1470,52,172,52,1470,52,1470,52,1470,52,1470,1470,52,52,1470,1470,1470,52,1470,52,1470] + [ENTROPIES...: 5.8,6.9,5.0,7.6,5.0,7.8,5.0,7.8,5.0,7.8,5.1,7.8,5.0,6.5,5.0,6.9,5.0,7.5,5.0,7.8,5.0,7.8,7.8,5.1,5.1,7.8,7.8,7.8,5.1,7.8,5.1,7.8] detection-update: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][SocialNetwork][Fun] detection-update: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][SocialNetwork][Fun] new: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [MIDSTREAM] analyse: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.372| 0.037| 0.093| 8582.227| 0.000] - [PKTLEN......: 66.000| 1484.000| 840.400| 686.900|471900.100| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.372| 0.037| 0.093| 8582.227| 2.300] + [PKTLEN......: 52.000| 1470.000| 826.400| 686.900| 471900.100| 4.400] [BINS(c->s)..: 13,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1] [IATS(ms)....: 185.5,185.9,0.4,0.5,0.6,0.1,1.4,0.1,1.4,0.1,0.6,0.7,1.4,0.1,310.3,372.1,63.2,2.2,2.2,0.3,0.3,0.5,0.4,0.7,0.8,0.6,0.5,0.5,0.5,1.0,1.0] - [PKTLENS.....: 325,1484,94,1484,1484,94,94,1484,1484,94,94,1484,94,1484,1484,325,1484,66,1484,66,1474,66,1484,66,1484,66,1484,66,1484,66,1484,1484] + [PKTLENS.....: 311,1470,80,1470,1470,80,80,1470,1470,80,80,1470,80,1470,1470,311,1470,52,1470,52,1460,52,1470,52,1470,52,1470,52,1470,52,1470,1470] + [ENTROPIES...: 5.9,7.8,5.2,7.8,7.8,5.2,5.3,7.8,7.8,5.3,5.3,7.8,5.2,7.8,7.8,5.8,7.2,5.0,7.6,5.0,7.7,5.0,7.8,5.0,7.8,5.0,7.8,5.0,7.8,5.0,7.8,7.8] new: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] [MIDSTREAM] detected: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] [HTTP.Instagram][SocialNetwork][Fun] new: [.....9] [ip4][..udp] [..192.168.0.106][17500] -> [255.255.255.255][17500] @@ -73,14 +77,15 @@ detected: [....15] [ip4][..tcp] [..192.168.0.103][33763] -> [....31.13.93.52][..443] [TLS.Facebook][SocialNetwork][Fun] new: [....16] [ip4][..tcp] [..192.168.0.103][38817] -> [...46.33.70.160][...80] [MIDSTREAM] analyse: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 7.322| 0.237| 1.293|1672842.314| 0.000] - [PKTLEN......: 66.000| 1484.000| 903.300| 693.100|480370.200| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 7.322| 0.237| 1.293| 1672842.314| 0.100] + [PKTLEN......: 52.000| 1470.000| 889.300| 693.100| 480370.200| 4.400] [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,18,0,0,0] [DIRECTIONS..: 0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,0,0] [IATS(ms)....: 0.2,0.9,1.5,2.7,0.5,0.4,0.3,0.4,1.5,0.5,1.2,1.8,0.1,0.0,2.3,0.1,3.2,0.4,3.6,1.0,0.5,0.4,2.0,0.9,0.9,0.7,3.6,0.1,4.7,0.2,7321.5] - [PKTLENS.....: 66,66,1484,1484,66,1484,1484,1484,1484,66,66,1484,1484,1484,1484,66,66,1484,1484,66,1484,1484,1484,66,1484,66,1484,1484,1337,66,66,66] + [PKTLENS.....: 52,52,1470,1470,52,1470,1470,1470,1470,52,52,1470,1470,1470,1470,52,52,1470,1470,52,1470,1470,1470,52,1470,52,1470,1470,1323,52,52,52] + [ENTROPIES...: 5.0,5.0,7.8,7.8,5.0,7.8,7.8,7.8,7.8,5.0,5.1,7.8,7.8,7.8,7.8,5.1,5.0,7.8,7.8,5.0,7.8,7.8,7.8,5.1,7.8,5.0,7.8,7.8,7.8,5.1,5.1,5.1] guessed: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Web][Acceptable] detected: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Web][Acceptable] new: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] @@ -127,24 +132,26 @@ new: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [MIDSTREAM] detected: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] analyse: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.062| 0.005| 0.015| 225.668| 0.000] - [PKTLEN......: 66.000| 1484.000| 793.200| 693.800|481326.300| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.062| 0.005| 0.015| 225.668| 2.000] + [PKTLEN......: 52.000| 1470.000| 779.200| 693.800| 481326.300| 4.300] [BINS(c->s)..: 14,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0] [DIRECTIONS..: 0,1,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,0,0,1,0,0,1,0,1,0,1,1,1] [IATS(ms)....: 61.3,0.2,0.4,62.2,0.3,0.3,1.4,0.7,0.9,0.9,1.6,0.1,0.1,1.6,0.1,0.1,1.3,0.1,0.0,1.3,0.1,0.1,0.0,0.1,0.5,0.5,2.4,2.4,1.4,0.1,0.0] - [PKTLENS.....: 326,1484,1484,1475,66,66,66,1484,66,1484,66,1484,1484,1484,66,66,66,1484,1484,1484,66,66,1484,66,66,1484,66,1484,66,396,1484,1484] + [PKTLENS.....: 312,1470,1470,1461,52,52,52,1470,52,1470,52,1470,1470,1470,52,52,52,1470,1470,1470,52,52,1470,52,52,1470,52,1470,52,382,1470,1470] + [ENTROPIES...: 5.9,7.4,7.8,7.9,5.0,5.0,5.0,7.8,5.0,7.9,5.0,7.8,7.8,7.8,5.0,5.0,5.0,7.8,7.9,7.8,5.0,5.0,7.8,5.0,5.0,7.7,5.0,7.8,5.0,7.4,7.7,7.7] new: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [MIDSTREAM] analyse: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.002| 0.001| 0.001| 0.353| 0.000] - [PKTLEN......: 66.000| 1464.000| 983.400| 664.000|440886.100| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.002| 0.001| 0.001| 0.353| 4.600] + [PKTLEN......: 52.000| 1450.000| 969.400| 664.000| 440886.100| 4.500] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0] [BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0] [IATS(ms)....: 0.4,1.5,1.6,0.5,0.5,0.8,1.5,0.1,0.0,1.6,2.2,2.1,0.4,0.2,0.6,0.4,1.3,1.7,0.5,0.2,0.6,0.6,1.0,1.7,0.3,0.5,0.9,0.8,0.3,1.0,0.7] - [PKTLENS.....: 1464,66,1464,66,1464,1464,66,1464,1464,1464,66,1464,66,1464,1464,66,1464,1464,66,1464,1464,66,1464,1464,66,1464,1464,66,1464,1464,66,1464] + [PKTLENS.....: 1450,52,1450,52,1450,1450,52,1450,1450,1450,52,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450] + [ENTROPIES...: 7.8,5.0,7.5,5.0,7.9,7.9,5.0,7.8,7.4,7.5,5.0,7.9,5.0,7.8,7.9,5.0,7.8,7.8,5.0,7.2,7.8,5.0,7.8,7.9,5.0,7.8,7.8,5.0,7.4,7.9,5.0,7.9] guessed: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP.Facebook][SocialNetwork][Fun] detected: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP.Facebook][SocialNetwork][Fun] update: [....14] [ip4][.icmp] [..192.168.0.103] -> [..192.168.0.103] [ICMP][Network][Acceptable] @@ -157,14 +164,15 @@ new: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] detected: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] analyse: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.004| 0.001| 0.001| 1.362| 0.000] - [PKTLEN......: 66.000| 1484.000| 819.300| 707.600|500717.400| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.004| 0.001| 0.001| 1.362| 4.300] + [PKTLEN......: 52.000| 1470.000| 805.300| 707.600| 500717.400| 4.300] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0] [BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0] [IATS(ms)....: 0.1,2.1,0.4,3.4,0.0,3.2,2.3,0.4,0.9,1.9,0.2,2.6,1.8,3.8,0.1,3.8,0.2,1.3,1.3,0.4,0.2,0.2,0.3,0.5,0.5,0.9,0.9,2.1,2.1,2.0,0.1] - [PKTLENS.....: 1484,66,1484,1484,66,66,1484,66,1484,1484,66,66,1484,66,1484,1484,66,66,1484,66,1484,66,1484,66,1484,66,1484,66,1484,66,1484,1484] + [PKTLENS.....: 1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,1470] + [ENTROPIES...: 7.8,5.1,7.8,7.8,5.1,5.1,7.8,5.1,7.8,7.7,5.0,5.1,7.7,5.1,7.7,7.8,5.2,5.1,7.7,5.2,7.8,5.2,7.8,5.2,7.8,5.1,7.8,5.1,7.8,5.1,7.8,7.8] guessed: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Web][Acceptable] detected: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Web][Acceptable] new: [....32] [ip4][..tcp] [...46.33.70.150][...80] -> [..192.168.0.103][40855] @@ -174,14 +182,15 @@ detected: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] detection-update: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] analyse: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.017| 0.003| 0.006| 31.659| 0.000] - [PKTLEN......: 66.000| 1454.000| 647.500| 640.400|410152.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.017| 0.003| 0.006| 31.659| 3.300] + [PKTLEN......: 52.000| 1440.000| 633.500| 640.400| 410152.900| 4.200] [BINS(c->s)..: 11,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,0,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0] [IATS(ms)....: 12.4,14.6,0.1,14.6,1.7,0.0,0.0,16.8,0.1,2.0,0.5,16.5,0.7,0.2,12.5,0.6,0.5,0.9,0.3,0.3,0.2,0.2,0.1,0.2,0.3,0.2,2.4,0.1,1.6,0.1,0.1] - [PKTLENS.....: 78,74,66,288,66,1454,1454,369,66,66,130,564,259,696,89,66,1454,1454,66,1454,1454,1454,1454,1454,1454,1454,1454,66,66,66,66,66] + [PKTLENS.....: 64,60,52,274,52,1440,1440,355,52,52,116,550,245,682,75,52,1440,1440,52,1440,1440,1440,1440,1440,1440,1440,1440,52,52,52,52,52] + [ENTROPIES...: 4.3,5.1,4.8,6.4,5.0,7.9,7.9,7.4,4.9,4.9,5.9,7.6,7.1,7.7,5.5,5.0,7.9,7.9,5.0,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,5.0,4.9,5.0,4.9,4.9] new: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] new: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] new: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] @@ -192,23 +201,25 @@ detection-update: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] detection-update: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] analyse: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.159| 0.012| 0.037| 1346.646| 0.000] - [PKTLEN......: 66.000| 1454.000| 536.800| 570.200|325102.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.159| 0.012| 0.037| 1346.646| 2.300] + [PKTLEN......: 52.000| 1440.000| 522.800| 570.200| 325102.600| 4.100] [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,1,1,1,1,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,1,0,0,1,1] [IATS(ms)....: 12.0,14.1,0.6,0.2,14.9,0.1,0.3,0.6,0.4,0.3,0.1,14.0,0.4,0.1,0.1,0.2,0.2,1.4,0.1,1.2,0.1,0.1,0.0,0.5,10.6,8.9,1.6,2.2,142.8,158.9,0.4] - [PKTLENS.....: 78,74,66,485,579,66,66,288,699,1454,1454,1454,66,1454,1454,1454,720,1454,150,66,66,66,66,66,66,100,66,244,66,637,699,1454] + [PKTLENS.....: 64,60,52,471,565,52,52,274,685,1440,1440,1440,52,1440,1440,1440,706,1440,136,52,52,52,52,52,52,86,52,230,52,623,685,1440] + [ENTROPIES...: 4.3,5.0,4.9,7.0,7.6,5.0,5.0,6.8,7.7,7.9,7.9,7.9,4.8,7.9,7.9,7.9,7.7,7.9,6.3,5.0,4.9,4.9,4.8,5.0,4.8,5.9,5.0,7.0,5.0,7.6,7.7,7.9] analyse: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.157| 0.021| 0.045| 2047.640| 0.000] - [PKTLEN......: 66.000| 1454.000| 532.200| 557.600|310915.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.157| 0.021| 0.045| 2047.640| 2.900] + [PKTLEN......: 52.000| 1440.000| 518.200| 557.600| 310915.100| 4.200] [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1] [IATS(ms)....: 11.1,12.2,3.4,0.1,16.0,0.2,0.5,13.0,0.5,11.8,12.0,155.6,0.5,0.1,0.3,0.1,0.1,0.3,0.0,156.5,0.1,0.1,0.1,0.3,2.7,48.7,55.9,8.2,149.2,0.5,0.0] - [PKTLENS.....: 78,74,66,485,595,66,66,288,66,150,244,66,840,1454,1454,1454,1454,1057,1454,100,66,66,66,66,66,654,654,66,66,841,1454,1454] + [PKTLENS.....: 64,60,52,471,581,52,52,274,52,136,230,52,826,1440,1440,1440,1440,1043,1440,86,52,52,52,52,52,640,640,52,52,827,1440,1440] + [ENTROPIES...: 4.3,5.1,5.0,7.0,7.6,5.0,5.0,6.7,4.9,6.3,7.0,4.9,7.7,7.9,7.9,7.9,7.9,7.8,7.8,5.8,5.0,5.0,5.0,5.0,5.0,7.6,7.6,5.0,5.0,7.7,7.8,7.9] idle: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] idle: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] idle: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443] @@ -254,32 +265,35 @@ detection-update: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] detection-update: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] analyse: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.016| 0.003| 0.005| 22.312| 0.000] - [PKTLEN......: 66.000| 1454.000| 733.000| 652.700|426025.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.016| 0.003| 0.005| 22.312| 3.200] + [PKTLEN......: 52.000| 1440.000| 719.000| 652.700| 426025.800| 4.300] [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,1,0,1,0,1,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1] [IATS(ms)....: 11.8,12.9,2.8,0.1,16.4,0.0,0.4,1.1,14.1,0.3,0.6,0.6,0.2,0.3,0.4,0.1,1.1,0.3,0.1,1.7,0.1,0.2,0.0,0.1,10.0,0.1,1.4,0.1,1.4,0.1,0.2] - [PKTLENS.....: 78,74,66,470,592,66,66,288,699,66,89,150,1454,1454,1454,1454,1454,66,1454,1454,66,66,66,66,66,1454,1454,1454,1454,1454,1454,1454] + [PKTLENS.....: 64,60,52,456,578,52,52,274,685,52,75,136,1440,1440,1440,1440,1440,52,1440,1440,52,52,52,52,52,1440,1440,1440,1440,1440,1440,1440] + [ENTROPIES...: 4.3,5.1,4.8,6.9,7.6,5.0,5.0,6.8,7.7,4.9,5.7,6.4,7.9,7.9,7.9,7.9,7.9,5.0,7.9,7.9,5.0,4.8,5.0,5.0,4.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9] analyse: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 10.470| 0.692| 2.561|6557671.096| 0.000] - [PKTLEN......: 66.000| 1454.000| 474.700| 528.600|279392.300| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.470| 0.692| 2.561| 6557671.096| 1.200] + [PKTLEN......: 52.000| 1440.000| 460.700| 528.600| 279392.300| 4.100] [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1] [IATS(ms)....: 11.1,12.4,1.2,0.5,13.3,0.6,0.1,14.2,0.6,14.4,12.5,169.6,0.3,0.2,0.1,0.3,0.1,0.2,0.2,0.0,169.7,0.1,1.8,0.2,0.1,0.5,10413.4,52.2,10469.8,9.8,75.9] - [PKTLENS.....: 78,74,66,485,663,66,66,288,66,150,244,66,839,1454,1454,1454,1454,1454,642,1454,100,66,66,66,66,66,66,601,601,66,66,842] + [PKTLENS.....: 64,60,52,471,649,52,52,274,52,136,230,52,825,1440,1440,1440,1440,1440,628,1440,86,52,52,52,52,52,52,587,587,52,52,828] + [ENTROPIES...: 4.2,5.1,4.9,7.1,7.6,5.0,5.0,6.8,4.9,6.4,7.0,4.8,7.7,7.9,7.9,7.8,7.9,7.9,7.7,7.9,5.8,5.0,5.0,4.9,4.9,4.9,5.0,7.6,7.6,5.1,5.1,7.8] analyse: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.132| 0.012| 0.032| 1010.732| 0.000] - [PKTLEN......: 66.000| 1454.000| 569.500| 619.500|383805.700| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.132| 0.012| 0.032| 1010.732| 2.400] + [PKTLEN......: 52.000| 1440.000| 555.500| 619.500| 383805.700| 4.100] [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0] [IATS(ms)....: 12.1,13.3,2.5,0.5,16.0,0.0,0.8,14.0,1.4,14.5,16.1,131.7,0.0,0.9,0.2,0.3,0.0,0.1,0.3,0.2,0.2,0.2,0.3,129.9,0.1,0.1,2.6,0.1,0.1,0.0,0.0] - [PKTLENS.....: 78,74,66,470,592,66,66,288,66,150,244,66,840,89,1454,1454,1454,1454,1454,1454,1454,1454,1454,1454,66,66,66,66,66,66,66,66] + [PKTLENS.....: 64,60,52,456,578,52,52,274,52,136,230,52,826,75,1440,1440,1440,1440,1440,1440,1440,1440,1440,1440,52,52,52,52,52,52,52,52] + [ENTROPIES...: 4.3,5.1,4.9,7.0,7.5,5.0,5.0,6.8,4.9,6.4,7.0,4.9,7.7,5.6,7.9,7.9,7.9,7.8,7.8,7.9,7.9,7.9,7.9,7.8,5.0,5.0,4.9,4.9,4.8,4.9,4.7,4.9] end: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] end: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] end: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] diff --git a/test/results/flow-info/iphone.pcap.out b/test/results/flow-info/iphone.pcap.out index 5bed52647..74d21bd44 100644 --- a/test/results/flow-info/iphone.pcap.out +++ b/test/results/flow-info/iphone.pcap.out @@ -134,44 +134,48 @@ detected: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] detection-update: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] analyse: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.686| 0.087| 0.170|29013.449| 0.000] - [PKTLEN......: 66.000| 1506.000| 324.700| 443.900|197074.700| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.686| 0.087| 0.170| 29013.449| 3.100] + [PKTLEN......: 52.000| 1492.000| 310.700| 443.900| 197074.700| 3.900] [BINS(c->s)..: 8,4,1,0,1,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,0] [IATS(ms)....: 34.0,135.8,0.2,135.5,2.1,0.2,8.7,0.0,162.5,0.9,167.4,319.4,0.0,34.7,0.1,651.1,0.6,0.0,0.1,0.1,0.0,0.1,0.2,686.2,0.0,1.2,0.0,33.7,32.5,122.6,156.5] - [PKTLENS.....: 78,74,66,583,66,1506,1506,1506,580,66,66,159,117,135,66,66,119,116,108,1090,438,104,200,438,66,104,66,66,66,66,637,66] + [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1076,424,90,186,424,52,90,52,52,52,52,623,52] + [ENTROPIES...: 4.4,5.0,5.0,4.5,4.9,6.7,7.5,7.5,7.3,4.9,4.9,6.0,5.5,6.0,5.0,4.9,5.7,5.6,5.5,7.8,7.4,5.3,6.6,7.4,4.9,5.4,5.0,5.0,4.9,5.1,7.7,5.0] new: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun] detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun] analyse: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.655| 0.067| 0.146|21410.738| 0.000] - [PKTLEN......: 54.000| 1506.000| 313.400| 449.800|202280.400| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.655| 0.067| 0.146| 21410.738| 2.900] + [PKTLEN......: 40.000| 1492.000| 299.400| 449.800| 202280.400| 3.800] [BINS(c->s)..: 9,5,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1] [IATS(ms)....: 34.1,36.1,0.1,34.7,1.6,0.1,2.3,0.1,140.2,0.4,7.3,143.3,0.0,33.9,0.1,1.5,0.0,0.0,0.3,0.4,0.0,0.1,34.9,0.0,1.2,0.0,128.2,155.2,168.0,510.7,654.8] - [PKTLENS.....: 78,74,66,583,66,1506,1506,1506,580,66,66,159,117,135,66,66,119,116,108,1084,104,450,104,66,104,66,66,66,750,66,54,66] + [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52] + [ENTROPIES...: 4.4,5.2,5.1,4.5,5.1,6.7,7.5,7.5,7.3,4.9,5.0,6.0,5.7,6.0,5.0,5.0,5.7,5.8,5.5,7.8,5.5,7.4,5.5,4.9,5.5,5.0,5.0,4.9,7.7,5.0,4.5,5.1] analyse: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.147| 0.026| 0.045| 1989.449| 0.000] - [PKTLEN......: 66.000| 1506.000| 336.100| 461.100|212650.100| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.147| 0.026| 0.045| 1989.449| 3.200] + [PKTLEN......: 52.000| 1492.000| 322.100| 461.100| 212650.100| 3.900] [BINS(c->s)..: 10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1] [IATS(ms)....: 33.3,146.1,0.1,147.3,1.4,0.2,0.1,0.0,38.6,0.0,0.1,10.9,46.9,12.5,120.2,0.0,0.0,0.2,1.1,0.1,1.5,0.5,107.4,0.0,1.2,31.0,0.5,3.7,0.0,4.5,82.6] - [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,456,66,66,66,146,353,353,112,109,101,1506,566,832,66,66,66,136,66,66,97,66,101,66,66] + [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52] + [ENTROPIES...: 4.5,5.3,5.1,4.5,5.2,7.8,7.9,7.8,7.5,5.1,5.2,5.1,6.2,7.4,7.3,6.1,6.0,5.9,7.9,7.6,7.7,5.2,5.2,5.1,6.2,5.1,5.1,5.8,5.1,5.9,5.1,5.1] analyse: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.804| 0.109| 0.185|34306.707| 0.000] - [PKTLEN......: 66.000| 1506.000| 735.000| 667.300|445284.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.804| 0.109| 0.185| 34306.707| 3.400] + [PKTLEN......: 52.000| 1492.000| 721.000| 667.300| 445284.800| 4.300] [BINS(c->s)..: 8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0] [BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0] [IATS(ms)....: 146.0,171.0,0.4,171.3,2.7,0.1,11.1,1.3,11.2,179.7,0.0,0.1,0.1,15.6,168.2,146.4,161.4,0.7,308.7,51.5,198.2,655.7,0.2,0.2,0.3,803.5,1.3,180.3,0.3,0.3,0.2] - [PKTLENS.....: 78,74,66,583,66,1506,1506,1506,1506,1488,66,66,66,66,159,117,66,1183,358,66,1010,66,1178,1506,1506,1506,66,66,1506,1506,1506,1506] + [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492] + [ENTROPIES...: 4.4,5.0,4.9,4.7,5.0,6.2,4.6,7.1,7.5,7.5,4.9,4.9,4.9,4.8,6.0,5.6,5.0,7.8,7.2,5.1,7.8,4.9,7.8,7.9,7.9,7.9,5.0,5.0,7.9,7.9,7.9,7.8] detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable] new: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] detected: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] diff --git a/test/results/flow-info/ipp.pcap.out b/test/results/flow-info/ipp.pcap.out index 29f69fb88..a486de0e7 100644 --- a/test/results/flow-info/ipp.pcap.out +++ b/test/results/flow-info/ipp.pcap.out @@ -8,14 +8,15 @@ detected: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address analyse: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.009| 0.004| 0.004| 12.440| 0.000] - [PKTLEN......: 66.000| 2962.000| 897.700| 882.800|779357.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.009| 0.004| 0.004| 12.440| 4.200] + [PKTLEN......: 52.000| 2948.000| 883.700| 882.800| 779357.900| 4.200] [BINS(c->s)..: 3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,1,1,1,0,1,0,9] [BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1] [IATS(ms)....: 0.7,0.7,0.1,0.0,3.6,1.6,5.1,0.1,0.0,5.8,5.7,0.0,3.7,3.6,0.0,7.3,7.3,0.0,8.8,8.8,0.0,9.1,9.1,0.0,7.2,7.2,0.0,7.6,7.6,0.0,7.2] - [PKTLENS.....: 74,74,66,210,214,66,91,66,2962,1514,66,2962,1586,66,1442,1610,66,1418,1634,66,1394,1658,66,1370,1682,66,1346,1706,66,1322,1730,66] + [PKTLENS.....: 60,60,52,196,200,52,77,52,2948,1500,52,2948,1572,52,1428,1596,52,1404,1620,52,1380,1644,52,1356,1668,52,1332,1692,52,1308,1716,52] + [ENTROPIES...: 4.4,4.7,4.6,5.5,5.4,4.7,5.2,4.6,4.1,4.0,4.7,3.7,3.5,4.7,3.5,3.5,4.6,4.1,4.5,4.7,4.3,4.2,4.7,4.2,4.7,4.7,4.7,4.3,4.7,4.2,4.1,4.6] new: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631] detected: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address diff --git a/test/results/flow-info/ipsec_isakmp_esp.pcap.out b/test/results/flow-info/ipsec_isakmp_esp.pcap.out index 7567bc653..e2d473b45 100644 --- a/test/results/flow-info/ipsec_isakmp_esp.pcap.out +++ b/test/results/flow-info/ipsec_isakmp_esp.pcap.out @@ -12,14 +12,15 @@ update: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][VPN][Safe] update: [.....2] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.193][..500] [IPSec][VPN][Safe] analyse: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][VPN][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 662.067| 87.057| 203.164|41275511887.888| 0.000] - [PKTLEN......: 122.000| 1374.000| 542.100| 468.700|219671.500| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 662.067| 87.057| 203.164|41275511887.888| 2.000] + [PKTLEN......: 108.000| 1360.000| 528.100| 468.700| 219671.500| 4.500] [BINS(c->s)..: 0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0] [BINS(s->c)..: 0,0,3,0,7,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1] [IATS(ms)....: 122.0,677.0,771.0,222.0,34.0,2372.0,1.0,23.0,2387.0,22.0,24.0,661960.0,662067.0,681.0,743.0,195.0,34.0,407.0,421.0,4.0,138.0,188.0,12771.0,421390.0,408766.0] - [PKTLENS.....: 858,250,154,122,138,458,1374,1374,942,1374,174,174,174,942,174,858,250,154,122,138,458,1374,1374,942,174,174,174,1070,174,122,858,250] + [PKTLENS.....: 844,236,140,108,124,444,1360,1360,928,1360,160,160,160,928,160,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236] + [ENTROPIES...: 7.7,7.0,6.1,5.8,6.1,7.4,7.9,7.9,7.8,7.9,6.6,6.7,6.6,7.8,6.6,7.8,6.9,6.2,5.8,6.0,7.4,7.9,7.9,7.8,6.6,6.5,6.8,7.8,6.7,5.7,7.8,6.8] update: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][VPN][Safe] update: [.....2] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.193][..500] [IPSec][VPN][Safe] DAEMON-EVENT: [Processed: 61 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -118,23 +119,25 @@ new: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] detected: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] [IPSec][VPN][Safe] analyse: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] [IPSec][VPN][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] - [PKTLEN......: 122.000| 1374.000| 507.000| 453.900|206039.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] + [PKTLEN......: 108.000| 1360.000| 493.000| 453.900| 206039.000| 4.400] [BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0] [BINS(s->c)..: 0,0,4,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1] [IATS(ms)....: ] - [PKTLENS.....: 858,250,154,122,138,458,1374,1374,942,174,174,174,1070,174,122,858,250,154,122,138,458,1374,1374,942,174,174,174,1070,174,122,858,250] + [PKTLENS.....: 844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236] + [ENTROPIES...: 7.7,6.9,6.3,5.9,6.1,7.4,7.9,7.9,7.8,6.7,6.6,6.5,7.8,6.7,5.8,7.7,6.9,6.3,5.7,6.1,7.5,7.9,7.9,7.8,6.6,6.6,6.6,7.8,6.5,5.7,7.7,6.8] analyse: [....23] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.227][..500] [IPSec][VPN][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] - [PKTLEN......: 94.000| 842.000| 521.000| 320.200|102515.000| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] + [PKTLEN......: 80.000| 828.000| 507.000| 320.200| 102515.000| 4.700] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: ] - [PKTLENS.....: 818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330,818,94,842,330] + [PKTLENS.....: 804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316] + [ENTROPIES...: 4.9,4.6,5.0,6.6,5.0,4.6,5.0,6.6,4.9,4.6,5.0,6.4,4.9,4.6,5.0,6.6,4.9,4.6,5.0,6.5,4.9,4.6,5.0,6.6,4.9,4.7,5.0,6.6,4.9,4.6,5.0,6.5] new: [....25] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.226][..500] detected: [....25] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.226][..500] [IPSec][VPN][Safe] new: [....26] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.226][.4500] @@ -144,14 +147,15 @@ new: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] detected: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][VPN][Safe] analyse: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][VPN][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] - [PKTLEN......: 122.000| 1374.000| 665.200| 511.600|261688.400| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] + [PKTLEN......: 108.000| 1360.000| 651.200| 511.600| 261688.400| 4.500] [BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0] [BINS(s->c)..: 0,0,2,0,4,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,4,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1] [IATS(ms)....: ] - [PKTLENS.....: 858,250,154,122,138,458,1374,1070,174,174,1070,174,1374,1374,1326,858,250,154,122,138,458,1374,1070,174,174,1070,174,1374,1374,1326,858,250] + [PKTLENS.....: 844,236,140,108,124,444,1360,1056,160,160,1056,160,1360,1360,1312,844,236,140,108,124,444,1360,1056,160,160,1056,160,1360,1360,1312,844,236] + [ENTROPIES...: 7.7,6.8,6.3,5.8,6.0,7.4,7.9,7.8,6.6,6.6,7.8,6.6,7.8,7.9,7.9,7.8,6.8,6.3,5.9,6.1,7.4,7.9,7.8,6.6,6.7,7.8,6.7,7.9,7.8,7.8,7.7,6.9] new: [....29] [ip4][..udp] [..192.168.2.100][42593] -> [109.237.187.193][.4500] detected: [....29] [ip4][..udp] [..192.168.2.100][42593] -> [109.237.187.193][.4500] [IPSec][VPN][Safe] new: [....30] [ip4][..udp] [..192.168.2.100][42593] -> [109.237.187.193][..500] @@ -169,23 +173,25 @@ new: [....36] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.195][..500] detected: [....36] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.195][..500] [IPSec][VPN][Safe] analyse: [....34] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.195][.4500] [IPSec][VPN][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] - [PKTLEN......: 122.000| 1374.000| 584.200| 486.800|236933.900| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] + [PKTLEN......: 108.000| 1360.000| 570.200| 486.800| 236933.900| 4.500] [BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0] [BINS(s->c)..: 0,0,2,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1] [IATS(ms)....: ] - [PKTLENS.....: 858,250,154,122,138,458,1374,1374,926,174,174,174,1070,174,1374,858,250,154,122,138,458,1374,1374,926,174,174,174,1070,174,1374,858,250] + [PKTLENS.....: 844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236] + [ENTROPIES...: 7.7,6.9,6.3,5.7,6.2,7.5,7.9,7.8,7.8,6.7,6.7,6.7,7.8,6.5,7.8,7.7,6.9,6.3,5.8,6.1,7.4,7.9,7.9,7.8,6.5,6.5,6.6,7.8,6.7,7.8,7.7,6.9] analyse: [....18] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.225][.4500] [IPSec][VPN][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] - [PKTLEN......: 122.000| 1374.000| 545.600| 472.200|222978.400| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] + [PKTLEN......: 108.000| 1360.000| 531.600| 472.200| 222978.400| 4.400] [BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0] [BINS(s->c)..: 0,0,3,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1] [IATS(ms)....: ] - [PKTLENS.....: 858,250,154,122,138,458,1374,1374,942,174,174,174,1070,174,122,858,250,154,122,138,458,1374,1374,926,174,174,174,1070,174,1374,858,250] + [PKTLENS.....: 844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236] + [ENTROPIES...: 7.7,6.9,6.3,5.8,6.2,7.5,7.8,7.8,7.8,6.7,6.6,6.6,7.8,6.6,5.7,7.8,7.0,6.2,5.9,6.2,7.5,7.9,7.9,7.8,6.7,6.6,6.6,7.8,6.6,7.8,7.7,6.9] idle: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][VPN][Safe] idle: [....20] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.131][.4500] [IPSec][VPN][Safe] idle: [....26] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.226][.4500] [IPSec][VPN][Safe] diff --git a/test/results/flow-info/jabber.pcap.out b/test/results/flow-info/jabber.pcap.out index d92f7fb7b..9990f0c23 100644 --- a/test/results/flow-info/jabber.pcap.out +++ b/test/results/flow-info/jabber.pcap.out @@ -4,25 +4,27 @@ new: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] detected: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] analyse: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.338| 0.039| 0.084| 7085.730| 0.000] - [PKTLEN......: 66.000| 445.000| 142.100| 104.500|10930.100| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.338| 0.039| 0.084| 7085.730| 3.000] + [PKTLEN......: 52.000| 431.000| 128.100| 104.500| 10930.100| 4.600] [BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0] [IATS(ms)....: 0.4,0.5,0.4,0.8,0.4,0.4,12.4,12.8,2.4,2.4,0.3,2.0,1.6,0.2,40.8,37.0,77.5,0.2,0.6,337.3,337.7,0.4,0.8,51.1,51.5,6.4,6.4,0.3,0.8,109.1,109.6] - [PKTLENS.....: 78,74,66,88,66,182,66,245,66,351,66,228,226,66,404,66,186,66,118,66,117,66,182,66,245,66,445,66,189,66,198,66] + [PKTLENS.....: 64,60,52,74,52,168,52,231,52,337,52,214,212,52,390,52,172,52,104,52,103,52,168,52,231,52,431,52,175,52,184,52] + [ENTROPIES...: 4.2,5.0,4.9,5.5,4.9,5.4,4.9,5.6,4.7,5.4,4.7,5.6,6.1,4.7,6.1,4.9,5.9,4.9,5.4,4.8,5.5,4.8,5.4,4.8,5.6,4.6,5.4,4.8,5.5,4.8,5.6,4.8] new: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] detected: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] analyse: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.337| 0.038| 0.085| 7210.629| 0.000] - [PKTLEN......: 66.000| 445.000| 142.000| 104.500|10917.300| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.337| 0.038| 0.085| 7210.629| 2.800] + [PKTLEN......: 52.000| 431.000| 128.000| 104.500| 10917.300| 4.600] [BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0] [IATS(ms)....: 0.7,0.7,0.1,0.5,0.4,0.3,0.2,0.5,0.1,0.1,0.2,1.4,1.3,0.2,39.8,41.0,80.7,0.2,0.6,336.4,336.8,0.3,0.8,51.2,51.7,0.1,0.1,0.3,0.8,115.1,115.6] - [PKTLENS.....: 78,74,66,88,66,182,66,243,66,351,66,228,226,66,404,66,186,66,118,66,117,66,182,66,245,66,445,66,189,66,198,66] + [PKTLENS.....: 64,60,52,74,52,168,52,229,52,337,52,214,212,52,390,52,172,52,104,52,103,52,168,52,231,52,431,52,175,52,184,52] + [ENTROPIES...: 4.3,5.1,4.8,5.4,4.9,5.4,4.8,5.6,4.7,5.4,4.8,5.6,6.1,4.8,6.1,4.9,6.0,4.7,5.4,4.8,5.4,4.6,5.4,4.9,5.6,4.8,5.4,4.7,5.4,4.8,5.5,4.7] new: [.....3] [ip4][..tcp] [....172.16.0.62][57126] -> [...172.16.1.138][.5222] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [....172.16.0.62][57126] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] new: [.....4] [ip4][..tcp] [....172.16.0.62][57129] -> [...172.16.1.138][.5222] [MIDSTREAM] @@ -38,14 +40,15 @@ DAEMON-EVENT: [Processed: 243 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] analyse: [.....6] [ip4][..tcp] [....172.16.0.62][57149] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 600.488| 42.007| 147.105|21639823353.709| 0.000] - [PKTLEN......: 66.000| 529.000| 164.800| 117.900|13893.800| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 600.488| 42.007| 147.105|21639823353.709| 1.400] + [PKTLEN......: 52.000| 515.000| 150.800| 117.900| 13893.800| 4.600] [BINS(c->s)..: 9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1] [IATS(ms)....: 5.0,0.0,5.1,0.0,217.0,218.0,1.0,3684.5,3688.3,3.9,600484.2,600487.8,0.0,3.6,0.0,1.1,1.1,7.8,47.5,39.7,0.4,63.0,63.4,0.3,0.5,0.2,0.1,0.0,0.1,46584.0,46624.0] - [PKTLENS.....: 305,474,186,66,66,248,529,66,248,193,66,216,270,172,120,66,286,66,114,66,114,66,288,66,114,167,66,66,171,66,201,66] + [PKTLENS.....: 291,460,172,52,52,234,515,52,234,179,52,202,256,158,106,52,272,52,100,52,100,52,274,52,100,153,52,52,157,52,187,52] + [ENTROPIES...: 5.6,5.5,5.5,4.9,4.9,5.5,5.3,4.9,5.5,5.5,4.9,5.5,5.6,5.5,5.5,4.7,5.6,4.8,5.5,4.9,5.4,4.9,5.6,4.6,5.4,5.5,4.7,4.8,5.7,4.6,5.4,4.9] DAEMON-EVENT: [Processed: 270 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [...192.168.58.1][53460] -> [.192.168.58.153][.5222] diff --git a/test/results/flow-info/kismet.pcap.out b/test/results/flow-info/kismet.pcap.out index 8bf5896fd..661a354b5 100644 --- a/test/results/flow-info/kismet.pcap.out +++ b/test/results/flow-info/kismet.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] detected: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Network][Acceptable] analyse: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.100| 0.836| 0.406|165002.641| 0.000] - [PKTLEN......: 54.000| 1099.000| 142.900| 184.200|33913.200| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.100| 0.836| 0.406| 165002.641| 4.700] + [PKTLEN......: 40.000| 1085.000| 128.900| 184.200| 33913.200| 4.200] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 0.0,0.0,0.2,0.2,399.9,399.9,615.2,615.3,399.6,399.6,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.9,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8,1099.8] - [PKTLENS.....: 66,66,54,253,54,72,54,1099,54,129,54,189,54,189,54,189,54,189,54,189,54,189,54,189,54,189,54,189,54,189,54,189] + [PKTLENS.....: 52,52,40,239,40,58,40,1085,40,115,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175] + [ENTROPIES...: 4.2,4.4,4.3,5.3,4.2,4.9,4.3,4.9,4.5,4.6,4.3,5.0,4.3,5.0,4.3,5.0,4.3,5.0,4.3,5.0,4.3,5.0,4.3,5.0,4.3,5.0,4.3,5.0,4.3,5.0,4.3,5.0] idle: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/kontiki.pcap.out b/test/results/flow-info/kontiki.pcap.out index 5ef4ef23e..e0950a89f 100644 --- a/test/results/flow-info/kontiki.pcap.out +++ b/test/results/flow-info/kontiki.pcap.out @@ -18,14 +18,15 @@ new: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59] detected: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59] [ICMP][Network][Acceptable] analyse: [.....3] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.86][.8888] [Kontiki][Media][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.608| 0.045| 0.118|13931.400| 0.000] - [PKTLEN......: 46.000| 1283.000| 818.400| 568.000|322604.600| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.608| 0.045| 0.118| 13931.400| 2.600] + [PKTLEN......: 32.000| 1269.000| 804.400| 568.000| 322604.600| 4.500] [BINS(c->s)..: 7,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,0,1,0,1,0,1,1,1,1,0,1,1,1,1,1,0,1,1,1,1,1,1,0,1,1,1,1] [IATS(ms)....: 198.6,212.4,193.8,607.7,3.1,5.8,31.2,30.0,8.8,9.1,0.1,0.2,0.0,19.4,18.3,0.1,0.1,0.1,0.1,15.3,14.9,0.0,0.2,0.1,0.0,0.1,15.9,15.4,0.0,0.1,0.1] - [PKTLENS.....: 46,46,46,62,70,259,513,246,218,132,1283,1283,1283,1283,58,1283,1283,1283,1283,1283,58,1283,1283,1283,1283,1283,1283,58,1283,1283,1283,1283] + [PKTLENS.....: 32,32,32,48,56,245,499,232,204,118,1269,1269,1269,1269,44,1269,1269,1269,1269,1269,44,1269,1269,1269,1269,1269,1269,44,1269,1269,1269,1269] + [ENTROPIES...: 4.3,4.4,4.4,4.8,5.1,6.3,7.3,7.0,6.9,6.2,7.9,7.8,7.8,7.8,4.9,7.8,7.8,7.8,7.8,7.8,4.9,7.9,7.8,7.8,7.8,7.9,7.8,4.9,7.8,7.8,7.9,7.9] idle: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59] [ICMP][Network][Acceptable] idle: [.....7] [ip4][.icmp] [216.168.241.157] -> [....10.25.32.59] [ICMP][Network][Acceptable] idle: [.....3] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.86][.8888] [Kontiki][Media][Potentially Dangerous] diff --git a/test/results/flow-info/log4j-webapp-exploit.pcap.out b/test/results/flow-info/log4j-webapp-exploit.pcap.out index 12fbce673..38c4abd61 100644 --- a/test/results/flow-info/log4j-webapp-exploit.pcap.out +++ b/test/results/flow-info/log4j-webapp-exploit.pcap.out @@ -18,14 +18,15 @@ ERROR-EVENT: Unknown L3 protocol ERROR-EVENT: Unknown L3 protocol analyse: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 7.289| 0.474| 1.790|3202664.366| 0.000] - [PKTLEN......: 68.000| 76.000| 69.500| 2.200| 4.600| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 7.289| 0.474| 1.790| 3202664.366| 1.100] + [PKTLEN......: 52.000| 60.000| 53.500| 2.200| 4.600| 5.000] [BINS(c->s)..: 17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 0.1,0.2,7288.6,7288.6,60.5,60.7,0.3,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.2,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.1] - [PKTLENS.....: 76,76,68,71,68,69,68,69,68,69,68,69,68,69,68,69,68,69,68,71,68,73,68,71,68,71,68,71,68,71,68,71] + [PKTLENS.....: 60,60,52,55,52,53,52,53,52,53,52,53,52,53,52,53,52,53,52,55,52,57,52,55,52,55,52,55,52,55,52,55] + [ENTROPIES...: 4.5,5.1,5.0,5.1,4.9,5.0,4.9,5.0,4.8,4.9,4.9,5.0,4.9,5.0,4.9,4.9,4.9,4.9,4.9,4.9,4.9,5.0,4.8,5.0,4.9,5.0,4.9,5.0,4.9,5.0,4.9,4.9] not-detected: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001] [Unknown][Unrated] new: [.....5] [ip4][..tcp] [..172.16.238.10][57742] -> [..172.16.238.11][.1389] detected: [.....5] [ip4][..tcp] [..172.16.238.10][57742] -> [..172.16.238.11][.1389] [LDAP][System][Acceptable] diff --git a/test/results/flow-info/long_tls_certificate.pcap.out b/test/results/flow-info/long_tls_certificate.pcap.out index d85fa9462..8fb63b533 100644 --- a/test/results/flow-info/long_tls_certificate.pcap.out +++ b/test/results/flow-info/long_tls_certificate.pcap.out @@ -6,14 +6,15 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.371| 0.087| 0.130|17024.252| 0.000] - [PKTLEN......: 54.000| 1506.000| 384.700| 546.600|298744.200| 3.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.371| 0.087| 0.130| 17024.252| 3.400] + [PKTLEN......: 40.000| 1492.000| 370.700| 546.600| 298744.200| 3.700] [BINS(c->s)..: 10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1] [IATS(ms)....: 370.8,370.9,9.4,360.9,2.8,0.1,0.1,354.4,0.1,0.1,0.1,0.1,8.1,8.1,5.8,200.3,194.6,174.3,0.0,174.3,0.0,2.3,0.1,0.1,0.1,0.1,94.1,91.5,274.6,0.0,0.0] - [PKTLENS.....: 78,78,54,571,60,1506,1506,1506,54,1506,54,1104,54,1104,66,180,1506,66,105,123,54,54,107,110,96,128,92,123,66,66,66,66] + [PKTLENS.....: 64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52] + [ENTROPIES...: 4.4,4.3,4.7,4.4,4.6,6.2,4.7,4.7,4.6,6.8,4.7,7.5,4.6,7.5,4.7,6.3,6.2,4.9,5.9,6.2,4.7,4.7,5.7,5.7,5.2,6.0,5.3,6.1,4.8,5.1,5.0,5.1] detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] end: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/modbus.pcap.out b/test/results/flow-info/modbus.pcap.out index 8b3b6ecd8..cf46f48db 100644 --- a/test/results/flow-info/modbus.pcap.out +++ b/test/results/flow-info/modbus.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][IoT-Scada][Acceptable] analyse: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][IoT-Scada][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 1.014| 0.452| 0.497|247304.159| 0.000] - [PKTLEN......: 65.000| 66.000| 65.500| 0.500| 0.200| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 1.014| 0.452| 0.497| 247304.159| 3.800] + [PKTLEN......: 51.000| 52.000| 51.500| 0.500| 0.200| 5.000] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 1.1,1.2,0.9,1013.6,1014.2,1.5,0.9,986.5,986.9,1.2,0.9,1000.2,1000.5,1.2,0.9,1000.2,1000.6,1.2,0.9,1000.2,1000.6,1.6,0.9,999.8,1000.4,1.2,0.8,1000.2,1000.6,1.2,0.9] - [PKTLENS.....: 66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65,66,65] + [PKTLENS.....: 52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51] + [ENTROPIES...: 4.5,4.7,4.4,4.9,4.4,4.6,4.4,4.9,4.6,4.7,4.6,4.8,4.6,4.7,4.6,4.9,4.6,4.8,4.6,4.9,4.6,4.7,4.6,4.9,4.6,4.8,4.6,4.9,4.6,4.8,4.6,4.9] idle: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][IoT-Scada][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monero.pcap.out b/test/results/flow-info/monero.pcap.out index e9a7e0fb3..2a7150d01 100644 --- a/test/results/flow-info/monero.pcap.out +++ b/test/results/flow-info/monero.pcap.out @@ -8,23 +8,25 @@ detected: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Mining][Unsafe] RISK: Known Proto on Non Std Port, Unsafe Protocol analyse: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 71.693| 7.500| 18.614|346464978.993| 0.000] - [PKTLEN......: 66.000| 1514.000| 372.800| 549.100|301531.900| 3.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 71.693| 7.500| 18.614| 346464978.993| 2.400] + [PKTLEN......: 52.000| 1500.000| 358.800| 549.100| 301531.900| 3.700] [BINS(c->s)..: 8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0] [BINS(s->c)..: 10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1] [IATS(ms)....: 80.3,80.3,0.1,83.2,0.0,83.1,0.1,81.0,0.0,80.9,0.3,118.0,882.3,1042.5,71569.6,0.2,71693.1,0.0,0.7,81.6,32242.2,0.2,32323.4,1.5,82.5,7433.0,7432.9,3511.8,0.2,3592.7,1.0] - [PKTLENS.....: 74,74,66,164,66,128,66,161,104,185,66,126,66,376,66,1514,1496,66,66,91,66,1514,1496,66,91,66,376,66,1514,1496,66,91] + [PKTLENS.....: 60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77] + [ENTROPIES...: 4.7,5.3,5.1,5.8,5.3,5.7,5.3,6.1,5.7,5.9,5.1,5.8,5.3,5.0,5.2,4.5,4.3,5.3,5.3,5.7,5.2,4.5,4.3,5.4,5.7,5.2,4.9,5.2,4.5,4.3,5.4,5.7] analyse: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 170.525| 32.857| 51.784|2681624034.542| 0.000] - [PKTLEN......: 54.000| 1498.000| 237.600| 347.600|120860.400| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 170.525| 32.857| 51.784| 2681624034.542| 3.400] + [PKTLEN......: 40.000| 1484.000| 223.600| 347.600| 120860.400| 3.900] [BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0] [BINS(s->c)..: 4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1] [IATS(ms)....: 308.1,308.2,0.2,308.1,0.0,308.0,0.7,308.7,0.0,308.0,0.1,346.7,653.9,1043.1,114411.2,114368.8,308.6,308.5,36863.2,36863.2,20419.9,20419.9,170525.4,170525.4,113243.5,113243.5,35871.3,35871.3,15564.6,0.2,15873.5] - [PKTLENS.....: 74,66,54,152,60,116,54,147,92,173,54,114,60,364,54,364,54,364,54,364,54,364,54,364,54,364,54,364,54,1498,1486,60] + [PKTLENS.....: 60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46] + [ENTROPIES...: 4.8,4.9,4.8,5.7,4.5,5.4,4.8,5.9,5.4,5.7,4.8,5.5,4.5,4.8,4.8,4.8,4.8,4.7,4.8,4.8,4.8,4.8,4.9,4.8,4.9,4.7,4.9,4.7,4.8,4.5,4.2,4.5] DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] idle: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Mining][Unsafe] diff --git a/test/results/flow-info/nest_log_sink.pcap.out b/test/results/flow-info/nest_log_sink.pcap.out index 7d31b64e2..36f399f10 100644 --- a/test/results/flow-info/nest_log_sink.pcap.out +++ b/test/results/flow-info/nest_log_sink.pcap.out @@ -5,14 +5,15 @@ DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] analyse: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.061| 60.122| 38.821| 28.558|815563555.209| 0.000] - [PKTLEN......: 54.000| 60.000| 57.000| 3.000| 9.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.061| 60.122| 38.821| 28.558| 815563555.209| 4.300] + [PKTLEN......: 40.000| 46.000| 43.000| 3.000| 9.000| 5.000] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1] [IATS(ms)....: 60.8,60066.5,60071.0,444.6,512.2,60052.4,60122.1,60064.1,60058.5,139.4,204.1,59876.0,59944.8,60065.8,60071.7,305.5,379.3,59710.1,59782.3,60066.2,60065.0,470.7,541.9,60021.2,60097.0,60072.0,60059.9,163.5,227.3,59834.0,59896.7] - [PKTLENS.....: 60,54,60,54,54,60,60,54,60,54,54,60,60,54,60,54,54,60,60,54,60,54,54,60,60,54,60,54,54,60,60,54] + [PKTLENS.....: 46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40] + [ENTROPIES...: 4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9,4.4,4.9,4.9,4.4,4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9] guessed: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink.AmazonAWS][Cloud][Acceptable] detected: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink.AmazonAWS][Cloud][Acceptable] DAEMON-EVENT: [Processed: 60 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -23,28 +24,30 @@ new: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] detected: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.491| 0.199| 0.354|125081.829| 0.000] - [PKTLEN......: 54.000| 733.000| 255.900| 219.800|48330.300| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.491| 0.199| 0.354| 125081.829| 3.700] + [PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48330.300| 4.400] [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0] [IATS(ms)....: 69.7,72.2,635.6,708.3,5.3,110.8,1347.4,1490.6,118.0,84.3,0.1,88.9,80.3,82.8,83.4,80.0,80.0,80.2,79.6,79.6,80.9,81.4,80.7,80.0,79.3,79.3,79.9,72.2,8.5,80.0,81.8] - [PKTLENS.....: 60,58,60,585,54,733,60,106,54,124,54,111,509,109,509,109,509,109,509,109,509,109,509,109,509,109,509,109,60,509,109,509] + [PKTLENS.....: 46,44,46,571,40,719,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495] + [ENTROPIES...: 4.3,4.9,4.4,6.9,4.8,7.1,4.5,5.4,5.0,5.9,5.0,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.8,7.5,5.6,7.5,5.7,7.6,5.6,7.6,5.8,4.4,7.5,5.7,7.5] new: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] detected: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] new: [.....5] [ip4][..tcp] [.192.168.242.15][63344] -> [.35.188.154.186][11095] detected: [.....5] [ip4][..tcp] [.192.168.242.15][63344] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] update: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] analyse: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.007| 60.078| 8.258| 19.898|395938807.939| 0.000] - [PKTLEN......: 54.000| 731.000| 181.000| 184.800|34140.600| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.007| 60.078| 8.258| 19.898| 395938807.939| 2.400] + [PKTLEN......: 40.000| 717.000| 167.000| 184.800| 34140.600| 4.300] [BINS(c->s)..: 9,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1] [IATS(ms)....: 64.1,66.7,638.8,711.0,16.5,201.4,1246.7,1463.2,104.9,69.4,22.0,94.7,71.2,78.1,7.1,87.2,75.8,84.5,84.3,76.4,307.3,280.7,43.3,5019.6,5092.3,178.8,59560.5,59727.7,60063.8,60077.6,375.9] - [PKTLENS.....: 60,58,60,585,54,731,60,106,54,458,54,114,176,683,60,234,220,234,204,234,215,60,215,60,346,116,60,60,54,60,54,54] + [PKTLENS.....: 46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,201,46,332,102,46,46,40,46,40,40] + [ENTROPIES...: 4.4,5.0,4.4,7.0,5.0,7.1,4.5,5.5,5.0,7.4,5.0,5.7,6.4,7.7,4.4,6.7,6.7,6.8,6.5,6.8,6.7,4.3,6.7,4.3,7.2,5.8,4.3,4.4,4.9,4.3,4.9,4.9] end: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink.AmazonAWS][Cloud][Acceptable] end: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] end: [.....5] [ip4][..tcp] [.192.168.242.15][63344] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] @@ -62,14 +65,15 @@ new: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] detected: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.478| 0.186| 0.338|114146.574| 0.000] - [PKTLEN......: 54.000| 732.000| 255.900| 219.700|48280.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.478| 0.186| 0.338| 114146.574| 3.600] + [PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400] [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0] [IATS(ms)....: 61.0,66.3,638.6,696.7,5.2,274.7,1166.9,1477.5,96.3,57.0,0.0,69.6,64.9,63.5,66.2,66.3,63.9,64.1,63.9,63.8,65.2,65.0,63.2,63.3,64.2,64.1,63.8,54.1,11.8,65.2,63.5] - [PKTLENS.....: 60,58,60,584,54,732,60,106,54,124,54,111,509,109,509,109,509,109,509,109,509,109,509,109,509,109,509,109,60,509,109,509] + [PKTLENS.....: 46,44,46,570,40,718,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495] + [ENTROPIES...: 4.4,5.0,4.4,6.9,4.8,7.1,4.3,5.4,4.7,5.8,4.7,5.6,7.5,5.7,7.5,5.7,7.5,5.7,7.6,5.7,7.5,5.6,7.5,5.6,7.5,5.7,7.5,5.7,4.4,7.5,5.7,7.6] new: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] detected: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] new: [.....9] [ip4][..tcp] [.192.168.242.15][63347] -> [.35.188.154.186][11095] @@ -80,14 +84,15 @@ end: [.....9] [ip4][..tcp] [.192.168.242.15][63347] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] update: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] analyse: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.007| 60.066| 10.038| 21.842|477077551.710| 0.000] - [PKTLEN......: 54.000| 731.000| 176.200| 185.800|34538.800| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.007| 60.066| 10.038| 21.842| 477077551.710| 2.600] + [PKTLEN......: 40.000| 717.000| 162.200| 185.800| 34538.800| 4.300] [BINS(c->s)..: 10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0] [IATS(ms)....: 66.2,68.9,635.0,702.4,15.4,246.0,1210.6,1481.6,108.8,76.2,16.8,97.4,71.0,72.8,6.7,85.9,79.2,75.8,75.0,77.2,97.4,2619.5,2881.1,371.8,59569.0,59778.5,60066.0,60063.7,377.5,447.3,59622.6] - [PKTLENS.....: 60,58,60,585,54,731,60,106,54,458,54,114,176,683,60,234,220,234,204,234,215,60,346,116,60,60,54,60,54,54,60,60] + [PKTLENS.....: 46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,40,46,46] + [ENTROPIES...: 4.4,5.0,4.4,7.0,4.9,7.1,4.5,5.4,4.9,7.5,4.8,5.7,6.5,7.7,4.4,6.7,6.8,6.8,6.7,6.8,6.7,4.5,7.3,5.9,4.4,4.5,5.0,4.5,5.0,5.0,4.5,4.5] idle: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] DAEMON-EVENT: [Processed: 424 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 9|skipped: 0|!detected: 0|guessed: 1|detection-updates: 2|updates: 4] @@ -99,14 +104,15 @@ new: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] detected: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.475| 0.185| 0.337|113653.596| 0.000] - [PKTLEN......: 54.000| 732.000| 255.900| 219.700|48280.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.475| 0.185| 0.337| 113653.596| 3.600] + [PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400] [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0] [IATS(ms)....: 56.8,63.4,631.1,692.5,5.0,275.3,1167.1,1475.0,94.9,57.0,0.0,68.3,63.6,63.6,63.3,63.5,64.3,71.1,70.3,64.3,64.5,64.0,64.3,64.3,63.7,63.2,62.9,53.1,10.8,65.0,64.0] - [PKTLENS.....: 60,58,60,584,54,732,60,106,54,124,54,111,509,109,509,109,509,109,509,109,509,109,509,109,509,109,509,109,60,509,109,509] + [PKTLENS.....: 46,44,46,570,40,718,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495] + [ENTROPIES...: 4.4,5.0,4.4,6.9,4.9,7.1,4.5,5.4,5.0,5.9,4.9,5.7,7.5,5.7,7.6,5.7,7.5,5.7,7.5,5.7,7.5,5.6,7.5,5.7,7.5,5.9,7.5,5.7,4.4,7.5,5.7,7.5] new: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] detected: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] update: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] @@ -115,14 +121,15 @@ update: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] idle: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] analyse: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.004| 60.116| 15.667| 26.142|683403720.524| 0.000] - [PKTLEN......: 54.000| 732.000| 159.100| 181.000|32752.900| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.004| 60.116| 15.667| 26.142| 683403720.524| 3.100] + [PKTLEN......: 40.000| 718.000| 145.100| 181.000| 32752.900| 4.200] [BINS(c->s)..: 10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1] [IATS(ms)....: 65.1,68.1,678.4,747.3,17.5,94.7,1396.4,1507.7,104.4,70.6,14.5,87.7,68.9,73.0,7.0,83.6,72.6,4.3,74.3,110.5,112.2,137.1,59606.1,59757.9,60076.8,60061.1,60093.4,60092.4,60108.1,60116.2,184.2] - [PKTLENS.....: 60,58,60,584,54,732,60,106,54,258,54,114,176,683,60,234,204,60,234,215,346,116,60,60,54,60,54,60,54,60,54,54] + [PKTLENS.....: 46,44,46,570,40,718,46,92,40,244,40,100,162,669,46,220,190,46,220,201,332,102,46,46,40,46,40,46,40,46,40,40] + [ENTROPIES...: 4.3,5.0,4.4,7.0,4.9,7.1,4.5,5.4,5.0,6.9,4.9,5.6,6.4,7.6,4.3,6.8,6.7,4.5,6.8,6.8,7.3,5.8,4.5,4.4,4.9,4.5,4.9,4.5,4.9,4.5,4.9,5.0] DAEMON-EVENT: [Processed: 562 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 12|skipped: 0|!detected: 0|guessed: 1|detection-updates: 3|updates: 6] new: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] @@ -134,24 +141,26 @@ new: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] detected: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.484| 0.189| 0.353|124509.217| 0.000] - [PKTLEN......: 54.000| 733.000| 255.900| 219.800|48309.800| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.484| 0.189| 0.353| 124509.217| 3.600] + [PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48309.800| 4.400] [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0] [IATS(ms)....: 55.5,58.1,637.6,698.6,8.3,132.5,1319.8,1484.0,100.9,62.4,0.0,73.7,66.3,66.1,64.4,70.8,72.5,66.2,63.7,65.4,67.1,65.6,63.5,64.0,64.9,67.0,66.2,76.4,5.2,82.4,64.4] - [PKTLENS.....: 60,58,60,584,54,733,60,106,54,124,54,111,509,109,509,109,509,109,509,109,509,109,509,109,509,109,509,109,60,509,109,509] + [PKTLENS.....: 46,44,46,570,40,719,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495] + [ENTROPIES...: 4.3,5.0,4.4,7.0,5.0,7.1,4.5,5.5,5.0,5.8,4.9,5.6,7.6,5.8,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.6,5.7,7.5,5.7,4.3,7.5,5.7,7.5] new: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] analyse: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 60.156| 9.910| 20.689|428051338.887| 0.000] - [PKTLEN......: 54.000| 731.000| 161.100| 180.100|32452.700| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 60.156| 9.910| 20.689| 428051338.887| 2.700] + [PKTLEN......: 40.000| 717.000| 147.100| 180.100| 32452.700| 4.200] [BINS(c->s)..: 10,2,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1] [IATS(ms)....: 68.6,72.2,634.4,701.9,15.9,150.9,1314.3,1491.3,109.2,71.0,18.0,93.5,70.2,72.1,7.2,80.0,74.1,77.1,76.5,41.6,115.5,208.5,59946.9,60155.8,60057.7,60124.3,30586.0,30652.9,66.9,1.3,68.3] - [PKTLENS.....: 60,58,60,585,54,731,60,106,54,258,54,114,176,683,60,234,204,234,215,60,346,116,60,60,54,54,60,116,54,60,60,54] + [PKTLENS.....: 46,44,46,571,40,717,46,92,40,244,40,100,162,669,46,220,190,220,201,46,332,102,46,46,40,40,46,102,40,46,46,40] + [ENTROPIES...: 4.3,4.9,4.4,6.9,4.9,7.1,4.5,5.3,5.0,6.9,5.0,5.8,6.5,7.7,4.4,6.8,6.5,6.9,6.8,4.5,7.2,5.9,4.5,4.5,5.0,5.0,4.5,5.6,5.0,4.5,4.6,5.0] detected: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] new: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] detected: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] @@ -161,14 +170,15 @@ end: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] update: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] analyse: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.005| 60.173| 10.045| 21.954|481957439.865| 0.000] - [PKTLEN......: 54.000| 730.000| 176.200| 185.800|34529.800| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.005| 60.173| 10.045| 21.954| 481957439.865| 2.600] + [PKTLEN......: 40.000| 716.000| 162.200| 185.800| 34529.800| 4.300] [BINS(c->s)..: 10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0] [IATS(ms)....: 65.3,67.8,637.5,709.8,18.7,293.4,1174.5,1482.0,109.1,72.2,18.0,90.8,70.3,73.2,8.7,96.5,87.7,75.9,79.0,77.4,126.7,2595.7,2731.0,150.4,59910.8,60056.8,60173.1,60107.0,4.7,60.6,60165.3] - [PKTLENS.....: 60,58,60,586,54,730,60,106,54,458,54,114,176,683,60,234,220,234,204,234,215,60,346,116,60,60,54,60,54,60,54,60] + [PKTLENS.....: 46,44,46,572,40,716,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,46,40,46] + [ENTROPIES...: 4.3,5.0,4.4,6.9,5.0,7.1,4.5,5.4,4.9,7.4,4.8,5.6,6.4,7.6,4.4,6.9,6.7,6.9,6.6,7.0,6.9,4.5,7.3,5.8,4.4,4.5,4.8,4.5,4.9,4.5,4.9,4.5] idle: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] DAEMON-EVENT: [Processed: 713 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 17|skipped: 0|!detected: 0|guessed: 1|detection-updates: 4|updates: 8] diff --git a/test/results/flow-info/netbios.pcap.out b/test/results/flow-info/netbios.pcap.out index a2837b091..d5322fa90 100644 --- a/test/results/flow-info/netbios.pcap.out +++ b/test/results/flow-info/netbios.pcap.out @@ -10,14 +10,15 @@ RISK: Unsafe Protocol new: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [MIDSTREAM] analyse: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.014| 0.750| 0.325| 0.215|46083.158| 0.000] - [PKTLEN......: 92.000| 92.000| 92.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.014| 0.750| 0.325| 0.215| 46083.158| 4.600] + [PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 471.3,14.0,264.7,470.8,80.2,113.8,555.8,80.0,113.3,146.8,489.8,113.3,146.4,750.0,33.7,749.5,308.6,441.4,307.6,628.9,121.0,628.9,471.0,279.0,470.7,458.5,291.5,334.2,123.8,93.1,532.9] - [PKTLENS.....: 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92] + [PKTLENS.....: 78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78] + [ENTROPIES...: 4.1,4.1,4.2,4.1,4.1,4.1,4.1,4.1,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.1,4.1,4.2,4.1,4.2,4.1,4.2,4.1,4.2,4.1,4.2,4.2,4.2,4.1,4.2,4.2,4.2] new: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] detected: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] new: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137] @@ -40,14 +41,15 @@ new: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] detected: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] analyse: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.749| 1.516| 0.995| 0.356|126784.610| 0.000] - [PKTLEN......: 92.000| 92.000| 92.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.749| 1.516| 0.995| 0.356| 126784.610| 4.900] + [PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 749.4,750.1,1510.9,749.4,750.1,1512.1,749.1,750.1,1513.7,749.6,750.2,1509.2,749.9,750.1,1511.1,749.1,750.1,1516.0,749.2,750.1,1508.0,749.3,750.1,1513.5,749.8,750.0,1513.1,749.2,750.1,1506.9,749.4] - [PKTLENS.....: 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92] + [PKTLENS.....: 78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78] + [ENTROPIES...: 3.9,3.9,3.9,3.9,3.8,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.8,3.9] new: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] detected: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] update: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] diff --git a/test/results/flow-info/netflix.pcap.out b/test/results/flow-info/netflix.pcap.out index c03fdc0b6..0953d09ec 100644 --- a/test/results/flow-info/netflix.pcap.out +++ b/test/results/flow-info/netflix.pcap.out @@ -34,23 +34,25 @@ detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.364| 0.040| 0.082| 6699.630| 0.000] - [PKTLEN......: 66.000| 1514.000| 279.200| 396.800|157454.800| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.364| 0.040| 0.082| 6699.630| 3.200] + [PKTLEN......: 52.000| 1500.000| 265.200| 396.800| 157454.800| 3.900] [BINS(c->s)..: 11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0] [IATS(ms)....: 46.0,48.6,0.6,54.0,1.6,1.0,54.9,11.1,13.5,9.4,0.3,0.4,58.7,4.6,50.8,1.9,0.2,59.5,0.6,62.1,8.5,4.7,310.9,0.6,363.7,5.8,0.1,0.1,58.1,0.2,0.1] - [PKTLENS.....: 78,74,66,274,66,1514,1514,66,229,66,141,72,111,66,117,66,422,376,66,1006,66,126,66,422,375,66,1006,121,100,66,66,66] + [PKTLENS.....: 64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52] + [ENTROPIES...: 4.6,5.3,5.1,5.7,5.2,7.3,7.3,5.1,6.9,5.2,6.4,5.1,6.1,5.2,5.9,5.2,7.5,7.4,5.2,7.8,5.1,6.1,5.1,7.4,7.4,5.2,7.8,6.1,5.8,5.2,5.2,5.1] analyse: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.200| 0.035| 0.048| 2263.883| 0.000] - [PKTLEN......: 66.000| 1514.000| 444.800| 557.400|310647.700| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.200| 0.035| 0.048| 2263.883| 3.800] + [PKTLEN......: 52.000| 1500.000| 430.800| 557.400| 310647.700| 4.000] [BINS(c->s)..: 10,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0] [BINS(s->c)..: 5,2,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,0,0,1] [IATS(ms)....: 45.5,51.8,0.3,66.4,0.5,13.8,75.5,25.6,26.5,15.6,0.3,0.2,61.0,0.4,44.1,5.1,0.2,57.7,67.8,0.2,2.7,131.0,13.8,8.4,10.0,8.1,2.4,2.3,141.1,1.2,199.9] - [PKTLENS.....: 78,74,66,298,66,1514,1514,66,259,66,141,72,111,66,117,66,1514,742,66,1514,429,1514,66,1130,66,275,66,115,66,1450,581,66] + [PKTLENS.....: 64,60,52,284,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,728,52,1500,415,1500,52,1116,52,261,52,101,52,1436,567,52] + [ENTROPIES...: 4.6,5.3,5.2,5.9,5.2,7.2,7.3,5.2,7.1,5.1,6.3,5.1,6.0,5.1,6.0,5.2,7.9,7.7,5.2,7.9,7.5,7.9,5.2,7.8,5.1,7.1,5.1,6.1,5.2,7.9,7.6,5.2] detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] new: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] detected: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] @@ -87,14 +89,15 @@ detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.350| 0.041| 0.077| 5966.970| 0.000] - [PKTLEN......: 66.000| 1514.000| 544.200| 630.500|397553.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.350| 0.041| 0.077| 5966.970| 3.500] + [PKTLEN......: 52.000| 1500.000| 530.200| 630.500| 397553.600| 4.000] [BINS(c->s)..: 11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0] [IATS(ms)....: 50.8,52.1,3.9,68.9,0.5,14.7,80.5,16.9,16.6,16.1,0.4,0.2,66.7,0.8,50.7,3.2,0.3,61.4,291.2,0.1,350.1,11.8,12.8,24.1,12.5,12.3,13.9,13.7,2.7,13.3,16.3] - [PKTLENS.....: 78,74,66,274,66,1514,1514,66,259,66,141,72,111,66,117,66,1514,686,66,1514,1514,66,1514,1416,66,1514,66,251,66,1514,1033,66] + [PKTLENS.....: 64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52] + [ENTROPIES...: 4.6,5.2,5.1,6.0,5.2,7.3,7.3,5.1,7.0,5.1,6.3,5.0,6.0,5.2,5.9,5.1,7.9,7.7,5.2,7.9,7.9,5.1,7.9,7.9,5.1,7.9,5.0,7.1,5.1,7.9,7.8,5.1] detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] @@ -105,23 +108,25 @@ detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] analyse: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.040| 0.008| 0.010| 109.761| 0.000] - [PKTLEN......: 66.000| 1514.000| 269.300| 414.200|171525.600| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.040| 0.008| 0.010| 109.761| 3.900] + [PKTLEN......: 52.000| 1500.000| 255.300| 414.200| 171525.600| 3.900] [BINS(c->s)..: 8,5,6,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,2,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0] [IATS(ms)....: 11.4,14.4,1.7,21.1,2.9,0.3,24.0,10.4,7.4,16.9,0.4,0.8,30.8,4.7,18.1,26.0,0.2,0.3,0.1,0.2,0.1,0.4,4.5,0.2,40.2,7.1,5.4,4.2,0.5,0.4,2.0] - [PKTLENS.....: 78,74,66,293,66,1514,1514,66,584,66,141,72,111,66,117,66,119,116,108,214,155,155,155,155,154,134,66,104,104,406,1514,66] + [PKTLENS.....: 64,60,52,279,52,1500,1500,52,570,52,127,58,97,52,103,52,105,102,94,200,141,141,141,141,140,120,52,90,90,392,1500,52] + [ENTROPIES...: 4.6,5.3,5.2,5.7,5.3,7.1,7.3,5.2,7.6,5.2,6.3,5.1,6.0,5.3,5.9,5.2,6.1,6.0,6.0,6.9,6.4,6.4,6.5,6.6,6.6,6.4,5.2,6.0,6.0,7.5,7.9,5.3] analyse: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 7.508| 0.502| 1.826|3335198.867| 0.000] - [PKTLEN......: 66.000| 1514.000| 372.800| 520.700|271128.800| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 7.508| 0.502| 1.826| 3335198.867| 1.400] + [PKTLEN......: 52.000| 1500.000| 358.800| 520.700| 271128.800| 3.800] [BINS(c->s)..: 10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1] [IATS(ms)....: 49.5,50.9,4.4,54.3,2.4,1.0,53.5,43.0,42.8,12.7,0.3,0.2,57.4,5.1,49.3,4.2,0.4,50.0,75.8,32.1,2.0,0.9,5.1,4.7,0.1,7402.2,0.1,7507.8,0.9,35.7,1.0] - [PKTLENS.....: 78,74,66,274,66,1514,1514,66,259,66,141,72,111,66,117,66,1514,675,66,66,198,110,100,66,66,66,1514,803,66,66,1514,488] + [PKTLENS.....: 64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474] + [ENTROPIES...: 4.6,5.3,5.1,6.0,5.2,7.3,7.3,5.1,7.1,5.1,6.4,5.1,6.0,5.2,6.0,5.2,7.9,7.7,5.2,5.2,6.8,6.1,5.9,5.2,5.2,5.2,7.9,7.7,5.2,5.2,7.9,7.5] detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS new: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] @@ -134,28 +139,30 @@ new: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] detected: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] analyse: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.007| 1.300| 0.097| 0.230|52797.755| 0.000] - [PKTLEN......: 66.000| 1514.000| 1115.900| 637.700|406609.600| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.007| 1.300| 0.097| 0.230| 52797.755| 3.400] + [PKTLEN......: 52.000| 1500.000| 1101.900| 637.700| 406609.600| 4.600] [BINS(c->s)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0] [IATS(ms)....: 22.7,29.1,36.8,70.3,13.3,32.4,26.0,101.8,6.9,28.0,25.2,45.0,56.4,27.1,27.2,53.8,54.3,26.1,52.1,80.7,53.8,398.5,54.3,39.9,109.6,40.5,26.1,51.5,108.1,13.3,1300.1] - [PKTLENS.....: 78,74,66,311,66,1514,1514,1514,66,66,1514,1514,66,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,94] + [PKTLENS.....: 64,60,52,297,52,1500,1500,1500,52,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,80] + [ENTROPIES...: 4.5,5.3,5.1,5.9,5.3,7.3,7.7,7.7,5.2,5.0,7.8,7.8,5.2,7.8,7.8,7.8,7.7,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.8,7.8,7.8,7.8,5.4] new: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] detected: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] detection-update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] new: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][Video][Fun] analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.187| 0.029| 0.042| 1791.215| 0.000] - [PKTLEN......: 66.000| 1514.000| 826.300| 674.900|455511.900| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.187| 0.029| 0.042| 1791.215| 4.000] + [PKTLEN......: 52.000| 1500.000| 812.300| 674.900| 455511.900| 4.400] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0] [DIRECTIONS..: 0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0] [IATS(ms)....: 44.1,45.6,3.9,10.7,0.2,60.0,5.7,1.0,135.1,0.3,187.2,5.7,5.7,13.9,14.0,13.3,14.4,27.8,13.3,13.1,9.2,13.3,22.5,13.4,39.3,13.3,13.3,13.9,13.3,13.3,124.5] - [PKTLENS.....: 78,74,66,379,1514,917,66,66,66,728,1514,66,1514,66,1514,66,1514,1514,66,1026,66,1514,1307,66,1514,1514,1514,1514,1514,1514,1514,78] + [PKTLENS.....: 64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64] + [ENTROPIES...: 4.5,5.3,5.2,5.7,6.0,6.1,5.3,5.3,5.3,6.0,5.7,5.1,6.1,5.2,5.9,5.0,5.8,5.8,5.2,5.8,5.2,5.8,5.8,5.2,5.8,5.8,5.8,5.8,5.8,5.8,5.8,5.2] new: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] detected: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][Video][Fun] detection-update: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][Video][Fun] @@ -164,14 +171,15 @@ new: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 6.031| 0.428| 1.232|1516791.529| 0.000] - [PKTLEN......: 66.000| 1514.000| 809.600| 706.600|499284.200| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 6.031| 0.428| 1.232| 1516791.529| 2.300] + [PKTLEN......: 52.000| 1500.000| 795.600| 706.600| 499284.200| 4.300] [BINS(c->s)..: 12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 22.4,28.9,26.8,57.7,0.6,13.2,40.1,31.8,42.8,26.5,25.5,50.2,53.2,30.9,25.5,54.9,53.8,27.2,52.7,79.5,53.8,544.7,1520.0,11.6,27.4,27.3,28.8,635.4,3643.8,6030.9,1.1] - [PKTLENS.....: 78,74,66,312,66,1514,1514,66,1514,66,1514,1514,66,1514,1514,1514,1514,1514,1514,1514,1514,1514,94,94,94,86,78,66,66,311,1514,1514] + [PKTLENS.....: 64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500] + [ENTROPIES...: 4.6,5.2,5.1,5.9,5.3,7.5,7.8,5.1,7.8,5.0,7.8,7.8,5.2,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.9,7.9,5.4,5.2,5.3,5.4,5.3,5.2,5.2,5.8,7.2,7.8] detection-update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] new: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] detection-update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] @@ -189,47 +197,51 @@ detected: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.004| 0.651| 0.082| 0.154|23582.077| 0.000] - [PKTLEN......: 66.000| 1514.000| 954.800| 683.500|467159.100| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.004| 0.651| 0.082| 0.154| 23582.077| 3.600] + [PKTLEN......: 52.000| 1500.000| 940.800| 683.500| 467159.100| 4.500] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1] [IATS(ms)....: 24.8,26.3,3.8,42.5,4.8,43.8,27.2,40.5,69.4,43.9,44.8,78.3,38.8,79.8,102.6,28.8,14.7,354.3,85.0,14.1,12.4,12.7,651.0,22.9,582.5,8.6,27.5,16.4,16.4,14.7,15.1] - [PKTLENS.....: 78,74,66,422,581,1514,66,1514,1514,66,1514,66,1514,1514,1514,1514,1514,1514,94,1514,1514,1514,1514,78,66,1514,1514,66,1514,66,1514,1514] + [PKTLENS.....: 64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500] + [ENTROPIES...: 4.6,5.3,5.1,6.4,5.9,3.6,5.2,2.5,2.5,5.1,2.5,5.1,2.5,2.6,2.6,3.8,3.8,3.8,5.3,3.9,3.5,3.5,3.5,5.1,5.2,3.5,3.5,5.2,3.5,5.0,3.6,3.6] new: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] detected: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 0.639| 0.088| 0.152|23073.200| 0.000] - [PKTLEN......: 66.000| 1514.000| 865.900| 697.400|486427.500| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 0.639| 0.088| 0.152| 23073.200| 3.700] + [PKTLEN......: 52.000| 1500.000| 851.900| 697.400| 486427.500| 4.400] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1] [IATS(ms)....: 18.8,21.4,5.1,35.7,1.0,5.4,35.5,13.2,14.0,20.3,20.4,13.2,116.2,170.2,28.1,56.6,51.6,31.7,27.6,12.8,327.6,131.4,638.9,580.0,19.9,15.0,30.0,13.6,42.3,118.7,118.0] - [PKTLENS.....: 78,74,66,422,582,1514,1514,66,1514,66,1514,66,1514,66,1514,1514,1514,1514,1514,1514,1514,94,1514,94,1514,86,1514,78,66,1514,66,1514] + [PKTLENS.....: 64,60,52,408,568,1500,1500,52,1500,52,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,80,1500,80,1500,72,1500,64,52,1500,52,1500] + [ENTROPIES...: 4.5,5.2,5.0,6.4,5.8,3.6,2.5,5.1,2.6,5.0,2.5,5.0,2.6,5.0,2.6,2.6,3.3,3.8,3.8,3.8,3.8,5.3,3.9,5.3,3.5,5.3,3.5,5.1,4.9,3.5,4.9,3.6] new: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] detected: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.002| 0.044| 0.018| 0.010| 100.655| 0.000] - [PKTLEN......: 66.000| 1514.000| 998.900| 672.700|452466.100| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.002| 0.044| 0.018| 0.010| 100.655| 4.700] + [PKTLEN......: 52.000| 1500.000| 984.900| 672.700| 452466.100| 4.500] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 30.8,32.5,5.5,44.3,2.2,41.1,2.9,12.8,15.6,14.9,15.0,12.8,12.7,26.4,12.8,11.9,13.3,17.2,31.0,13.3,13.6,25.6,14.3,13.9,26.7,13.8,13.3,27.2,13.3,13.3,27.2] - [PKTLENS.....: 78,74,66,420,585,1514,66,1514,1514,66,1514,66,1514,1514,66,1514,66,1514,1514,66,1514,66,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] + [PKTLENS.....: 64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] + [ENTROPIES...: 4.5,5.3,5.1,6.4,5.8,3.6,5.2,2.5,2.6,5.2,2.6,5.0,2.6,2.6,5.2,2.5,5.0,2.6,2.6,5.2,2.5,5.1,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.9,3.5] analyse: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.003| 4.094| 0.319| 0.812|659111.739| 0.000] - [PKTLEN......: 66.000| 1514.000| 625.100| 689.400|475329.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.003| 4.094| 0.319| 0.812| 659111.739| 2.800] + [PKTLEN......: 52.000| 1500.000| 611.100| 689.400| 475329.800| 4.000] [BINS(c->s)..: 17,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1] [IATS(ms)....: 24.9,27.7,3.0,28.5,27.9,27.8,80.3,56.8,57.0,49.3,90.4,82.5,40.9,66.5,53.9,192.1,80.5,134.7,711.3,23.0,31.3,47.8,1645.4,40.4,54.8,160.8,1864.4,25.7,40.5,28.5,4093.6] - [PKTLENS.....: 78,74,66,282,66,1514,1514,66,1514,66,1514,78,1514,1514,1514,1514,1514,1514,1514,94,94,94,94,94,94,94,94,86,78,78,66,1514] + [PKTLENS.....: 64,60,52,268,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,80,80,80,80,80,80,80,80,72,64,64,52,1500] + [ENTROPIES...: 4.6,5.3,5.1,5.9,5.3,5.3,5.0,5.3,6.9,5.1,7.9,5.2,7.7,7.8,7.9,7.8,7.8,7.8,7.9,5.3,5.3,5.3,5.3,5.4,5.4,5.4,5.4,5.2,5.2,5.2,5.2,7.8] new: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] new: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] new: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] @@ -264,113 +276,125 @@ detected: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.098| 0.201| 0.403|162731.114| 0.000] - [PKTLEN......: 66.000| 1514.000| 507.700| 638.100|407212.300| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.098| 0.201| 0.403| 162731.114| 3.600] + [PKTLEN......: 52.000| 1500.000| 493.700| 638.100| 407212.300| 3.900] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1] [IATS(ms)....: 61.8,72.3,0.5,134.9,0.4,125.9,1162.3,73.6,0.9,212.9,11.5,409.2,101.1,1.9,70.9,2097.5,79.5,52.1,129.8,120.6,42.9,59.9,67.1,69.4,174.4,284.0,29.4,65.0,252.7,150.5,125.9] - [PKTLENS.....: 78,74,66,426,584,1514,66,94,94,94,94,94,94,78,78,66,1514,66,1514,66,1514,1514,66,1514,66,1514,78,66,66,1514,66,1514] + [PKTLENS.....: 64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500] + [ENTROPIES...: 4.6,5.3,5.0,6.3,5.8,4.4,5.1,5.2,5.2,5.3,5.3,5.4,5.3,5.2,5.2,5.2,4.8,5.2,4.8,5.1,4.8,4.8,5.2,4.8,5.0,4.8,5.2,5.2,5.2,4.6,5.0,4.6] analyse: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.047| 0.281| 0.301|90549.584| 0.000] - [PKTLEN......: 66.000| 1514.000| 504.100| 638.900|408170.900| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.047| 0.281| 0.301| 90549.584| 4.200] + [PKTLEN......: 52.000| 1500.000| 490.100| 638.900| 408170.900| 3.900] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1] [IATS(ms)....: 43.7,45.8,23.6,124.8,4.9,111.6,635.9,176.1,0.2,0.1,41.6,37.4,940.2,0.9,45.4,434.5,483.8,1047.0,74.7,202.4,418.9,472.2,955.3,169.9,525.3,694.3,167.2,252.3,98.0,326.3,148.9] - [PKTLENS.....: 78,74,66,426,585,1514,66,86,86,78,78,78,66,102,1490,66,66,66,1514,1514,66,66,66,1514,66,66,1514,66,1514,1514,66,1514] + [PKTLENS.....: 64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500] + [ENTROPIES...: 4.5,5.3,5.0,6.4,5.8,4.4,5.1,5.3,5.2,5.1,5.2,5.1,5.1,4.9,4.3,5.2,5.2,5.1,4.9,4.9,5.0,5.1,5.1,4.9,5.0,5.0,4.8,5.0,4.6,4.7,5.1,4.8] analyse: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 1.636| 0.284| 0.363|131453.321| 0.000] - [PKTLEN......: 66.000| 1514.000| 550.600| 657.900|432827.800| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 1.636| 0.284| 0.363| 131453.321| 4.000] + [PKTLEN......: 52.000| 1500.000| 536.600| 657.900| 432827.800| 3.900] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1] [IATS(ms)....: 16.1,19.4,23.6,88.6,4.0,82.2,1105.3,26.9,21.8,19.6,0.6,13.1,381.6,1636.2,66.4,119.0,421.4,408.1,882.7,90.2,143.4,490.4,519.4,92.3,121.0,487.1,597.7,217.6,227.5,270.0,221.9] - [PKTLENS.....: 78,74,66,423,584,1514,66,86,86,86,78,78,78,78,1514,1514,66,78,66,1514,1514,66,66,1514,1514,66,66,1514,66,1514,78,1514] + [PKTLENS.....: 64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500] + [ENTROPIES...: 4.5,5.3,5.1,6.4,5.8,4.5,5.1,5.3,5.4,5.4,5.2,5.2,5.2,5.2,3.8,4.4,5.2,5.1,5.2,4.4,4.4,5.2,5.2,4.4,4.4,5.2,5.2,4.3,5.0,4.4,5.2,4.6] analyse: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.005| 1.397| 0.291| 0.314|98805.531| 0.000] - [PKTLEN......: 66.000| 1514.000| 730.200| 699.000|488561.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.005| 1.397| 0.291| 0.314| 98805.531| 4.200] + [PKTLEN......: 52.000| 1500.000| 716.200| 699.000| 488561.800| 4.200] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1] [IATS(ms)....: 23.9,25.1,18.2,72.5,4.9,71.3,152.2,249.5,985.6,26.7,1397.2,519.1,299.5,499.9,482.3,40.5,55.6,206.8,137.1,537.5,535.2,174.3,571.8,776.0,198.8,230.5,89.9,284.0,128.1,116.3,110.5] - [PKTLENS.....: 78,74,66,423,584,1514,66,1514,66,94,94,1514,86,1514,78,1514,1514,1514,66,1514,66,1514,66,66,1514,66,1514,1514,66,1514,66,1514] + [PKTLENS.....: 64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500] + [ENTROPIES...: 4.6,5.3,5.0,6.4,5.8,4.5,5.0,4.2,5.0,5.3,5.3,4.4,5.3,4.4,5.2,4.3,4.5,4.3,5.1,4.3,5.1,4.3,5.1,5.2,4.5,5.0,4.7,4.7,5.1,4.7,5.2,4.7] analyse: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.716| 0.300| 0.539|290723.889| 0.000] - [PKTLEN......: 66.000| 1514.000| 506.600| 638.800|408052.900| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.716| 0.300| 0.539| 290723.889| 3.600] + [PKTLEN......: 52.000| 1500.000| 492.600| 638.800| 408052.900| 3.900] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0] [IATS(ms)....: 61.7,63.1,19.4,172.7,0.3,153.9,1162.5,94.2,1.4,12.3,104.3,65.9,674.7,41.5,40.0,488.9,2716.4,44.9,75.7,28.7,32.8,29.5,133.6,256.1,743.0,71.3,1131.5,569.7,135.4,73.6,104.1] - [PKTLENS.....: 78,74,66,424,584,1514,66,94,86,86,86,86,86,86,78,66,66,1514,1514,66,1514,66,1514,66,1514,78,66,1514,66,1514,1514,66] + [PKTLENS.....: 64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52] + [ENTROPIES...: 4.6,5.4,5.1,6.4,5.8,4.4,5.2,5.3,5.4,5.3,5.4,5.3,5.3,5.3,5.3,5.2,5.0,4.6,4.5,5.1,4.6,5.0,4.5,5.0,4.6,5.2,5.1,4.3,5.0,4.4,4.5,5.1] analyse: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.094| 0.303| 0.556|309287.715| 0.000] - [PKTLEN......: 66.000| 1514.000| 461.800| 616.500|380048.700| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.094| 0.303| 0.556| 309287.715| 3.700] + [PKTLEN......: 52.000| 1500.000| 447.800| 616.500| 380048.700| 3.800] [BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0] [IATS(ms)....: 20.0,22.2,5.3,69.1,0.1,72.2,626.0,607.0,26.6,520.3,51.5,55.5,593.2,41.7,80.3,418.0,3094.3,65.6,425.7,470.0,40.8,85.0,52.1,54.3,117.7,383.1,387.3,709.4,53.7,73.8,158.6] - [PKTLENS.....: 78,74,66,424,584,1514,66,86,86,86,86,78,78,86,78,66,66,1514,78,78,1514,1514,66,1514,66,1514,66,78,1514,78,1514,66] + [PKTLENS.....: 64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52] + [ENTROPIES...: 4.5,5.3,5.1,6.4,5.8,4.4,5.1,5.3,5.4,5.4,5.2,5.3,5.2,5.3,5.3,5.3,5.1,4.7,5.2,5.2,4.7,4.7,5.1,4.7,5.1,4.6,5.2,5.3,4.4,5.3,4.5,5.2] analyse: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.609| 0.294| 0.529|280024.056| 0.000] - [PKTLEN......: 66.000| 1514.000| 463.200| 615.600|378913.200| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.609| 0.294| 0.529| 280024.056| 3.500] + [PKTLEN......: 52.000| 1500.000| 449.200| 615.600| 378913.200| 3.800] [BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0] [IATS(ms)....: 61.9,63.0,9.0,155.1,0.3,150.1,1152.4,92.1,0.5,591.4,113.7,141.7,52.3,0.5,39.9,381.1,2608.5,28.2,68.2,27.2,29.6,26.6,56.5,81.7,44.8,43.7,497.4,496.6,1208.9,807.4,91.6] - [PKTLENS.....: 78,74,66,425,583,1514,66,94,94,94,94,86,78,78,78,66,78,1514,1514,66,1514,66,1514,1514,66,1514,66,78,66,1514,86,86] + [PKTLENS.....: 64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72] + [ENTROPIES...: 4.6,5.3,5.1,6.4,5.8,4.4,5.1,5.4,5.3,5.3,5.3,5.3,5.2,5.2,5.2,5.2,5.2,5.0,5.0,5.2,5.0,5.0,5.0,5.0,5.2,5.0,5.0,5.1,5.0,4.7,5.2,5.3] analyse: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.064| 0.322| 0.577|332375.130| 0.000] - [PKTLEN......: 66.000| 1514.000| 509.000| 637.200|406023.800| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.064| 0.322| 0.577| 332375.130| 3.600] + [PKTLEN......: 52.000| 1500.000| 495.000| 637.200| 406023.800| 3.900] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1] [IATS(ms)....: 11.7,15.7,2.4,60.2,1.2,0.1,57.1,107.8,316.9,313.9,536.7,811.2,71.2,122.5,693.7,84.7,585.6,3064.5,52.8,57.9,98.4,231.5,526.2,115.1,0.7,585.7,117.7,1178.9,25.8,79.1,64.3] - [PKTLENS.....: 78,74,66,424,584,1514,1514,66,66,1514,66,94,94,94,94,86,78,86,1514,86,1514,78,1514,94,78,66,78,66,1514,66,1514,1514] + [PKTLENS.....: 64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500] + [ENTROPIES...: 4.5,5.2,5.0,6.3,5.8,4.5,4.2,5.1,5.0,3.8,5.0,5.1,5.1,5.2,5.2,5.2,5.1,5.2,4.3,5.2,4.2,5.0,4.3,5.1,5.1,5.1,5.1,5.1,4.5,5.1,4.5,4.5] analyse: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.546| 0.356| 0.683|466078.499| 0.000] - [PKTLEN......: 66.000| 1514.000| 507.200| 638.400|407523.400| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.546| 0.356| 0.683| 466078.499| 3.500] + [PKTLEN......: 52.000| 1500.000| 493.200| 638.400| 407523.400| 3.900] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1] [IATS(ms)....: 43.2,45.3,13.2,106.7,4.9,97.9,1317.7,102.1,98.2,0.2,515.8,59.8,1148.4,57.2,54.9,165.2,3546.3,68.4,92.3,156.0,131.0,70.0,95.9,104.0,104.5,205.1,729.4,92.0,551.2,1189.4,68.2] - [PKTLENS.....: 78,74,66,423,584,1514,66,94,94,86,86,86,86,86,78,78,66,1514,66,1514,66,1514,1514,66,1514,66,1514,78,66,66,1514,1514] + [PKTLENS.....: 64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500] + [ENTROPIES...: 4.5,5.3,5.0,6.4,5.8,4.5,5.1,5.4,5.4,5.4,5.3,5.4,5.4,5.3,5.3,5.3,5.3,4.4,5.2,4.5,5.0,4.5,4.5,5.2,4.5,5.1,4.5,5.3,5.2,5.0,4.4,4.4] analyse: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.457| 0.415| 0.811|658300.731| 0.000] - [PKTLEN......: 66.000| 1514.000| 552.100| 656.800|431419.800| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.457| 0.415| 0.811| 658300.731| 3.600] + [PKTLEN......: 52.000| 1500.000| 538.100| 656.800| 431419.800| 3.900] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1] [IATS(ms)....: 41.4,43.5,2.9,82.1,0.1,78.7,1252.1,77.7,132.2,0.8,525.3,100.7,510.0,513.0,40.3,4457.1,87.0,1393.0,522.4,574.9,39.6,91.2,57.6,58.1,139.0,449.1,380.1,69.9,139.5,473.4,516.8] - [PKTLENS.....: 78,74,66,424,584,1514,66,94,94,86,86,86,86,86,78,78,1514,1514,66,66,1514,1514,66,1514,66,1514,66,1514,1514,66,66,1514] + [PKTLENS.....: 64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500] + [ENTROPIES...: 4.5,5.3,5.0,6.4,5.8,4.4,5.1,5.3,5.4,5.4,5.4,5.4,5.3,5.3,5.2,5.2,4.4,4.5,5.1,5.2,4.4,4.5,5.2,4.4,5.1,4.5,5.2,4.3,4.3,5.2,5.2,4.4] analyse: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 4.432| 0.435| 0.814|663375.512| 0.000] - [PKTLEN......: 66.000| 1514.000| 418.200| 589.200|347103.400| 3.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 4.432| 0.435| 0.814| 663375.512| 3.600] + [PKTLEN......: 52.000| 1500.000| 404.200| 589.200| 347103.400| 3.700] [BINS(c->s)..: 22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1] [IATS(ms)....: 43.9,45.8,13.4,88.6,4.9,81.9,1250.8,92.5,118.4,0.7,544.2,69.2,495.5,501.7,62.9,1143.9,28.6,39.1,4432.0,83.0,87.8,169.9,586.4,795.5,292.9,509.0,501.2,1203.5,55.9,83.0,70.7] - [PKTLENS.....: 78,74,66,424,583,1514,66,94,94,86,86,86,86,86,78,78,78,78,78,1514,66,1514,78,66,1514,78,66,66,1514,1514,66,1514] + [PKTLENS.....: 64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500] + [ENTROPIES...: 4.6,5.2,5.0,6.4,5.8,4.5,5.1,5.3,5.3,5.4,5.4,5.3,5.4,5.3,5.3,5.1,5.3,5.3,5.2,4.3,5.0,4.3,5.2,5.2,4.4,5.2,5.2,5.2,4.3,4.3,5.2,4.4] analyse: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 30.086| 1.958| 7.380|54461959.504| 0.000] - [PKTLEN......: 66.000| 1514.000| 394.000| 556.900|310128.200| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 30.086| 1.958| 7.380| 54461959.504| 1.100] + [PKTLEN......: 52.000| 1500.000| 380.000| 556.900| 310128.200| 3.800] [BINS(c->s)..: 9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0] [BINS(s->c)..: 9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1] [IATS(ms)....: 47.0,48.4,1.7,53.1,2.6,1.0,62.3,11.1,6.0,10.8,0.3,0.3,60.3,3.4,50.1,4.4,0.9,0.6,55.9,50.5,0.3,42.7,4.0,5.1,5.2,0.1,57.7,0.3,30033.4,30086.0,0.8] - [PKTLENS.....: 78,74,66,295,66,1514,1514,66,229,66,141,72,111,66,117,66,1416,1514,1514,66,1514,351,66,66,66,1007,126,66,66,66,97,66] + [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52] + [ENTROPIES...: 4.5,5.3,5.1,5.8,5.1,7.3,7.3,5.1,6.9,5.1,6.1,5.0,6.0,5.2,6.0,5.2,7.9,7.9,7.9,5.2,7.8,7.4,5.1,5.1,5.1,7.8,6.3,5.2,5.1,5.1,5.8,5.1] detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] new: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] new: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] @@ -385,14 +409,15 @@ detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 30.431| 1.003| 5.373|28867930.620| 0.000] - [PKTLEN......: 66.000| 1514.000| 393.500| 557.000|310204.400| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 30.431| 1.003| 5.373| 28867930.620| 0.200] + [PKTLEN......: 52.000| 1500.000| 379.500| 557.000| 310204.400| 3.800] [BINS(c->s)..: 10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0] [BINS(s->c)..: 7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0] [IATS(ms)....: 44.9,46.3,7.4,58.2,1.8,1.0,55.8,12.1,9.9,9.3,0.3,0.2,60.5,0.1,50.8,11.5,0.5,0.2,72.1,60.9,0.3,50.8,0.4,15.7,16.9,0.1,0.1,82.9,0.3,0.1,30431.5] - [PKTLENS.....: 78,74,66,295,66,1514,1514,66,229,66,141,72,111,66,117,66,1416,1514,1514,66,1514,336,66,66,66,1007,121,100,66,66,66,66] + [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52] + [ENTROPIES...: 4.6,5.3,5.1,5.8,5.2,7.2,7.3,5.1,7.0,5.2,6.3,5.1,5.9,5.3,6.1,5.2,7.9,7.9,7.9,5.2,7.9,7.3,5.2,5.3,5.3,7.8,6.2,5.9,5.2,5.2,5.2,5.0] detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] detected: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS @@ -410,67 +435,73 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun] analyse: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.266| 0.048| 0.057| 3291.764| 0.000] - [PKTLEN......: 66.000| 1514.000| 879.400| 680.500|463015.400| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.266| 0.048| 0.057| 3291.764| 4.000] + [PKTLEN......: 52.000| 1500.000| 865.400| 680.500| 463015.400| 4.400] [BINS(c->s)..: 5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] [BINS(s->c)..: 5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1] [IATS(ms)....: 53.4,54.6,4.5,73.7,0.5,53.6,123.5,11.6,72.5,62.7,1.5,55.8,52.4,2.2,0.2,0.4,0.2,96.3,96.4,0.2,0.1,0.1,82.6,81.7,0.9,0.2,0.2,38.2,40.6,146.6,266.1] - [PKTLENS.....: 78,74,66,583,66,1514,1146,66,192,117,66,1058,120,66,1514,1514,1514,1514,66,1514,1514,1514,1514,66,1514,1514,1514,1514,1514,1514,1514,86] + [PKTLENS.....: 64,60,52,569,52,1500,1132,52,178,103,52,1044,106,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,72] + [ENTROPIES...: 4.6,5.3,5.2,4.4,5.2,7.2,7.6,5.2,6.6,6.0,5.2,7.8,6.2,5.2,7.9,7.9,7.9,7.9,5.3,7.9,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,7.9,7.9,7.9,5.4] detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.282| 0.053| 0.058| 3383.537| 0.000] - [PKTLEN......: 66.000| 1514.000| 566.500| 629.700|396553.700| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.282| 0.053| 0.058| 3383.537| 4.200] + [PKTLEN......: 52.000| 1500.000| 552.500| 629.700| 396553.700| 4.000] [BINS(c->s)..: 10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [BINS(s->c)..: 5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0] [IATS(ms)....: 50.8,52.1,6.3,61.1,40.7,74.7,170.4,11.8,79.4,67.6,2.0,57.4,55.8,1.7,0.8,0.2,0.2,82.5,79.7,0.2,94.6,127.5,60.6,282.5,10.6,27.6,38.0,39.9,42.9,7.7,0.7] - [PKTLENS.....: 78,74,66,583,66,1514,1146,66,192,117,66,1057,120,66,1514,1514,1514,1514,66,1514,401,66,66,1257,66,1514,1500,66,115,66,97,66] + [PKTLENS.....: 64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52] + [ENTROPIES...: 4.6,5.4,5.2,4.4,5.2,7.2,7.7,5.2,6.5,6.0,5.1,7.8,6.2,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.4,5.2,5.2,7.8,5.2,7.9,7.9,5.2,6.2,5.2,5.8,5.1] detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.333| 0.059| 0.083| 6944.879| 0.000] - [PKTLEN......: 66.000| 1514.000| 760.100| 703.800|495333.000| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.333| 0.059| 0.083| 6944.879| 3.800] + [PKTLEN......: 52.000| 1500.000| 746.100| 703.800| 495333.000| 4.200] [BINS(c->s)..: 6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0] [BINS(s->c)..: 6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0] [IATS(ms)....: 69.5,71.0,2.6,55.6,49.1,64.4,167.9,331.9,332.6,26.5,0.7,0.7,87.7,0.5,60.7,8.8,7.1,0.4,81.1,62.8,0.8,0.2,0.1,68.1,67.1,0.8,0.2,0.1,111.2,109.6,2.5] - [PKTLENS.....: 78,74,66,295,66,1514,1514,66,229,66,141,72,111,66,117,66,1417,1514,1514,66,1514,1514,1514,1514,66,1514,1514,1514,1514,66,1514,1514] + [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500] + [ENTROPIES...: 4.6,5.3,5.2,5.8,5.1,7.2,7.3,5.2,6.9,5.2,6.2,5.1,6.1,5.2,6.0,5.2,7.9,7.9,7.9,5.2,7.9,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9] detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun] analyse: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.003| 0.472| 0.093| 0.119|14235.635| 0.000] - [PKTLEN......: 66.000| 1514.000| 698.800| 659.100|434476.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.003| 0.472| 0.093| 0.119| 14235.635| 4.100] + [PKTLEN......: 52.000| 1500.000| 684.800| 659.100| 434476.800| 4.200] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,0,0,0,1,1] [IATS(ms)....: 26.1,27.5,2.6,46.5,5.4,49.4,29.6,29.5,8.5,38.4,5.4,39.8,38.4,39.7,140.3,138.3,356.6,206.9,472.0,29.3,417.4,40.8,81.5,44.0,43.4,83.0,187.8,28.6,25.2,184.4,25.5] - [PKTLENS.....: 78,74,66,575,635,1514,66,677,66,581,643,1514,66,1514,66,1514,1514,94,1514,78,66,1514,1514,66,1514,66,1514,86,78,66,1514,1514] + [PKTLENS.....: 64,60,52,561,621,1500,52,663,52,567,629,1500,52,1500,52,1500,1500,80,1500,64,52,1500,1500,52,1500,52,1500,72,64,52,1500,1500] + [ENTROPIES...: 4.6,5.3,5.1,6.3,5.8,4.5,5.1,4.2,5.1,6.3,5.8,3.8,5.1,6.9,5.0,7.6,7.9,5.2,7.9,5.2,5.1,7.9,7.9,5.1,7.9,5.0,7.9,5.3,5.1,5.1,7.9,7.9] analyse: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.005| 0.731| 0.102| 0.156|24231.225| 0.000] - [PKTLEN......: 66.000| 1514.000| 662.300| 653.400|426995.300| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.005| 0.731| 0.102| 0.156| 24231.225| 4.000] + [PKTLEN......: 52.000| 1500.000| 648.300| 653.400| 426995.300| 4.200] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0] [IATS(ms)....: 30.5,31.5,13.2,64.0,5.3,56.4,6.1,68.2,5.4,71.5,109.5,202.7,164.8,560.3,47.3,79.0,279.5,27.7,94.5,26.6,26.1,15.8,70.5,85.9,39.5,39.8,41.6,84.4,730.9,41.5,39.7] - [PKTLENS.....: 78,74,66,571,632,965,66,578,642,1514,66,1514,1514,1514,86,78,66,1514,1514,66,1514,66,1514,1514,66,1514,66,1514,78,86,78,66] + [PKTLENS.....: 64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52] + [ENTROPIES...: 4.5,5.2,5.2,6.2,5.8,3.9,5.1,6.2,5.7,3.2,5.1,7.9,7.8,7.8,5.3,5.2,5.1,7.8,7.8,5.1,7.8,5.0,5.9,7.8,5.1,7.8,5.0,7.8,5.0,5.2,5.1,5.1] new: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] detected: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.004| 0.530| 0.111| 0.160|25664.158| 0.000] - [PKTLEN......: 66.000| 1514.000| 786.900| 666.800|444580.800| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.004| 0.530| 0.111| 0.160| 25664.158| 3.900] + [PKTLEN......: 52.000| 1500.000| 772.900| 666.800| 444580.800| 4.300] [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,1,0,1,0,1,0,1,1,0,1,0] [IATS(ms)....: 18.4,19.9,3.7,28.9,18.1,45.8,41.6,39.6,18.5,45.3,5.4,31.7,29.4,29.5,41.1,41.1,82.2,87.7,42.1,64.3,51.5,299.9,159.8,515.7,436.0,526.6,530.0,40.0,69.9,40.4,40.4] - [PKTLENS.....: 78,74,66,575,634,1514,66,635,66,581,643,1514,66,1514,66,1514,1514,66,1514,1514,1514,1514,94,1514,78,1514,66,1514,1514,66,1514,66] + [PKTLENS.....: 64,60,52,561,620,1500,52,621,52,567,629,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,80,1500,64,1500,52,1500,1500,52,1500,52] + [ENTROPIES...: 4.5,5.3,5.2,6.3,5.8,4.5,5.2,4.2,5.2,6.2,5.8,3.4,5.2,7.0,5.1,6.3,3.9,5.1,7.9,7.8,7.8,7.9,5.4,7.9,5.2,7.9,5.2,7.9,7.9,5.2,7.8,5.1] update: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] @@ -481,14 +512,15 @@ detected: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] RISK: HTTP Numeric IP Address analyse: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.286| 0.030| 0.050| 2491.019| 0.000] - [PKTLEN......: 66.000| 1514.000| 833.000| 665.800|443241.700| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.286| 0.030| 0.050| 2491.019| 4.000] + [PKTLEN......: 52.000| 1500.000| 819.000| 665.800| 443241.700| 4.400] [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,0] [IATS(ms)....: 13.0,14.8,4.0,30.3,0.8,3.7,30.3,0.2,16.5,35.6,2.0,21.5,3.2,3.3,13.3,13.3,26.5,13.3,13.5,13.8,42.7,56.4,14.7,15.2,71.0,25.5,25.5,25.5,51.6,55.2,286.1] - [PKTLENS.....: 78,74,66,575,634,1514,677,66,66,584,643,1514,66,1514,66,1514,1514,66,1514,66,1514,1514,66,1514,66,1514,1514,1514,1514,1514,1514,86] + [PKTLENS.....: 64,60,52,561,620,1500,663,52,52,570,629,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,72] + [ENTROPIES...: 4.5,5.3,5.2,6.3,5.8,4.4,4.2,5.0,5.1,6.2,5.8,4.3,5.1,7.1,5.0,7.9,7.9,5.2,7.9,5.0,7.9,7.9,5.2,7.9,5.0,7.9,7.9,7.9,7.9,7.9,7.9,5.4] update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] @@ -529,14 +561,15 @@ detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.141| 0.020| 0.029| 838.464| 0.000] - [PKTLEN......: 66.000| 1514.000| 434.800| 506.400|256458.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.141| 0.020| 0.029| 838.464| 3.900] + [PKTLEN......: 52.000| 1500.000| 420.800| 506.400| 256458.000| 4.100] [BINS(c->s)..: 12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 52.7,54.2,4.7,50.1,0.9,46.0,1.1,0.4,2.3,0.6,48.9,36.1,58.6,0.1,1.0,141.4,13.3,12.2,4.7,8.7,8.5,4.5,3.7,4.5,12.4,12.8,15.2,13.9,6.1,6.2,6.8] - [PKTLENS.....: 78,74,66,274,66,211,66,72,111,1514,564,66,66,1514,227,1514,66,559,66,1005,66,439,66,1306,66,1406,66,660,66,808,66,721] + [PKTLENS.....: 64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707] + [ENTROPIES...: 4.5,5.3,5.1,6.0,5.2,6.5,5.1,5.2,6.0,7.9,7.6,5.1,5.2,7.9,7.0,7.8,5.1,7.6,5.1,7.8,5.2,7.5,5.1,7.8,5.2,7.9,5.1,7.7,5.1,7.8,5.1,7.7] new: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] detected: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] detection-update: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] @@ -545,33 +578,36 @@ detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] analyse: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.501| 0.064| 0.122|14766.799| 0.000] - [PKTLEN......: 66.000| 1514.000| 456.800| 552.300|305076.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.501| 0.064| 0.122| 14766.799| 3.300] + [PKTLEN......: 52.000| 1500.000| 442.800| 552.300| 305076.800| 4.000] [BINS(c->s)..: 10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1] [IATS(ms)....: 58.3,61.2,1.8,70.6,2.9,1.0,71.3,11.6,12.3,13.1,0.1,0.1,65.7,0.8,52.3,3.6,0.2,91.6,51.8,0.3,140.2,3.7,3.4,3.9,5.5,6.4,5.0,437.2,0.9,500.9,291.9] - [PKTLENS.....: 78,74,66,583,66,1514,1514,66,259,66,141,72,111,66,117,66,1514,803,66,1514,490,66,462,66,765,66,100,66,1514,686,66,1514] + [PKTLENS.....: 64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500] + [ENTROPIES...: 4.6,5.3,5.2,4.1,5.0,7.3,7.3,5.2,7.0,5.2,6.3,5.1,6.0,5.1,6.0,5.2,7.9,7.8,5.2,7.9,7.5,5.2,7.6,5.1,7.7,5.2,6.0,5.2,7.9,7.7,5.0,7.9] detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 0.100| 0.036| 0.022| 464.586| 0.000] - [PKTLEN......: 66.000| 1514.000| 1160.700| 613.300|376142.500| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 0.100| 0.036| 0.022| 464.586| 4.700] + [PKTLEN......: 52.000| 1500.000| 1146.700| 613.300| 376142.500| 4.700] [BINS(c->s)..: 5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 16.7,17.7,12.0,38.5,0.5,12.7,40.1,27.1,27.1,58.5,99.8,81.1,33.9,23.7,53.8,53.8,65.1,48.0,65.4,13.9,30.9,13.3,28.7,40.4,54.5,28.8,29.4,29.4,27.5,25.5,25.5] - [PKTLENS.....: 78,74,66,311,66,1514,1514,66,1514,66,1514,78,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514] + [PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] + [ENTROPIES...: 4.5,5.2,5.2,5.9,5.3,7.0,7.5,5.1,7.7,5.1,7.7,5.2,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.9,7.8,7.9,7.9,7.8,7.8] analyse: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.416| 0.126| 0.341|116136.157| 0.000] - [PKTLEN......: 66.000| 1514.000| 781.500| 698.900|488505.900| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.416| 0.126| 0.341| 116136.157| 2.600] + [PKTLEN......: 52.000| 1500.000| 767.500| 698.900| 488505.900| 4.300] [BINS(c->s)..: 12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0] [IATS(ms)....: 15.4,16.8,2.1,27.2,1.0,1.1,27.3,38.1,39.4,39.9,44.7,83.4,40.7,236.7,277.7,1389.8,1416.3,0.3,12.8,48.7,0.2,12.8,12.8,15.9,13.8,16.3,12.8,12.7,23.2,13.3,13.2] - [PKTLENS.....: 78,74,66,311,66,1514,1514,66,1514,66,1514,1514,66,1514,733,66,311,1514,1514,1514,66,66,1514,1514,66,1514,66,1514,1514,66,1514,66] + [PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52] + [ENTROPIES...: 4.5,5.2,5.1,5.9,5.3,7.3,7.8,5.2,7.8,5.0,7.8,7.8,5.1,7.8,7.7,5.2,5.8,6.9,7.5,7.8,5.1,5.0,7.8,7.8,5.0,7.9,4.9,7.8,7.8,5.1,7.8,5.1] end: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] idle: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Network][Acceptable] idle: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] diff --git a/test/results/flow-info/nfsv2.pcap.out b/test/results/flow-info/nfsv2.pcap.out index 2cb0e31cb..21cb66441 100644 --- a/test/results/flow-info/nfsv2.pcap.out +++ b/test/results/flow-info/nfsv2.pcap.out @@ -15,14 +15,15 @@ new: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] detected: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable] analyse: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.010| 0.040| 0.015| 0.011| 125.000| 0.000] - [PKTLEN......: 70.000| 214.000| 147.500| 43.100| 1860.800| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.010| 0.040| 0.015| 0.011| 125.000| 3.300] + [PKTLEN......: 56.000| 200.000| 133.500| 43.100| 1860.800| 4.900] [BINS(c->s)..: 0,0,0,5,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 40.0,40.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0] - [PKTLENS.....: 166,138,166,90,174,70,174,70,206,170,166,138,166,138,174,170,198,138,174,170,174,70,174,70,174,170,174,70,214,70,166,138] + [PKTLENS.....: 152,124,152,76,160,56,160,56,192,156,152,124,152,124,160,156,184,124,160,156,160,56,160,56,160,156,160,56,200,56,152,124] + [ENTROPIES...: 3.4,3.5,3.4,3.5,3.3,3.3,3.3,3.3,3.3,3.3,3.4,3.3,3.4,3.5,3.3,3.3,3.7,3.4,3.3,3.4,3.4,3.3,3.4,3.2,3.3,3.4,3.4,3.3,3.2,3.2,3.4,3.5] new: [.....6] [ip4][..udp] [....139.25.22.2][.3293] -> [..139.25.22.102][..111] detected: [.....6] [ip4][..udp] [....139.25.22.2][.3293] -> [..139.25.22.102][..111] [NFS][DataTransfer][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/nfsv3.pcap.out b/test/results/flow-info/nfsv3.pcap.out index f0c174016..e72968ec8 100644 --- a/test/results/flow-info/nfsv3.pcap.out +++ b/test/results/flow-info/nfsv3.pcap.out @@ -18,14 +18,15 @@ new: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] detected: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable] analyse: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.010| 0.050| 0.017| 0.015| 222.222| 0.000] - [PKTLEN......: 74.000| 314.000| 176.400| 63.400| 4021.900| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.010| 0.050| 0.017| 0.015| 222.222| 3.200] + [PKTLEN......: 60.000| 300.000| 162.400| 63.400| 4021.900| 4.900] [BINS(c->s)..: 0,0,0,0,13,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,6,0,2,2,2,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 10.0,10.0,50.0,50.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0,10.0] - [PKTLENS.....: 170,154,170,206,170,210,170,182,178,74,178,74,226,314,170,154,206,186,178,74,178,74,178,282,178,74,222,302,178,282,178,74] + [PKTLENS.....: 156,140,156,192,156,196,156,168,164,60,164,60,212,300,156,140,192,172,164,60,164,60,164,268,164,60,208,288,164,268,164,60] + [ENTROPIES...: 3.3,3.3,3.3,3.2,3.3,3.2,3.3,3.1,3.3,3.2,3.3,3.1,2.9,3.3,3.3,3.1,3.2,3.3,3.3,3.1,3.3,3.1,3.3,3.2,3.3,3.2,3.2,3.3,3.3,3.4,3.5,3.2] new: [.....7] [ip4][..udp] [....139.25.22.2][.3299] -> [..139.25.22.102][..111] detected: [.....7] [ip4][..udp] [....139.25.22.2][.3299] -> [..139.25.22.102][..111] [NFS][DataTransfer][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/nintendo.pcap.out b/test/results/flow-info/nintendo.pcap.out index cc0b61c58..fb07724a7 100644 --- a/test/results/flow-info/nintendo.pcap.out +++ b/test/results/flow-info/nintendo.pcap.out @@ -12,14 +12,15 @@ new: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] detected: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][Game][Fun] analyse: [.....1] [ip4][..udp] [.192.168.12.114][52119] -> [....91.8.243.35][49432] [Nintendo][Game][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.730| 0.194| 0.332|110172.324| 0.000] - [PKTLEN......: 102.000| 854.000| 167.000| 179.500|32207.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.730| 0.194| 0.332| 110172.324| 3.600] + [PKTLEN......: 88.000| 840.000| 153.000| 179.500| 32207.000| 4.500] [BINS(c->s)..: 0,7,7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,4,8,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1] [IATS(ms)....: 87.9,239.6,335.4,89.8,30.6,131.2,103.3,500.0,507.3,130.9,234.8,19.3,15.8,5.2,16.9,12.6,53.5,8.8,0.2,60.8,14.2,505.6,501.5,5.1,514.4,94.6,0.2,1729.7,0.1,52.6,0.1] - [PKTLENS.....: 102,102,198,230,118,102,150,118,102,118,150,134,118,118,118,854,118,854,102,102,118,102,102,102,102,102,118,118,118,118,118,118] + [PKTLENS.....: 88,88,184,216,104,88,136,104,88,104,136,120,104,104,104,840,104,840,88,88,104,88,88,88,88,88,104,104,104,104,104,104] + [ENTROPIES...: 6.1,6.1,6.8,6.9,6.2,6.1,6.7,6.2,6.1,6.3,6.6,6.4,6.2,6.2,6.2,6.3,6.3,5.9,5.8,5.9,6.2,5.9,6.1,6.2,6.0,6.0,6.1,6.1,6.0,6.2,6.2,6.2] new: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343] new: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] detected: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] @@ -52,14 +53,15 @@ detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][Game][Fun] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS.AmazonAWS][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 14.019| 1.263| 3.443|11853821.379| 0.000] - [PKTLEN......: 66.000| 471.000| 134.200| 98.400| 9678.600| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 14.019| 1.263| 3.443| 11853821.379| 2.400] + [PKTLEN......: 52.000| 457.000| 120.200| 98.400| 9678.600| 4.600] [BINS(c->s)..: 8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1] [IATS(ms)....: 6.3,307.1,3508.7,3481.6,0.2,0.0,276.4,18.5,55.2,0.1,35.7,210.9,214.2,255.3,13944.5,14019.1,0.8,0.1,5.3,332.5,29.9,280.4,254.2,215.7,3.4,13.6,231.1,4.3,259.0,453.5,730.8] - [PKTLENS.....: 166,117,66,133,66,124,113,66,117,166,166,66,66,117,66,471,66,113,400,166,66,117,66,382,66,123,113,66,117,66,166,117] + [PKTLENS.....: 152,103,52,119,52,110,99,52,103,152,152,52,52,103,52,457,52,99,386,152,52,103,52,368,52,109,99,52,103,52,152,103] + [ENTROPIES...: 6.5,5.8,5.0,6.0,5.0,6.0,6.0,5.0,5.7,6.6,6.6,5.0,5.1,5.7,5.0,7.5,5.1,6.1,7.4,6.5,5.0,5.8,5.1,7.3,5.1,6.2,6.0,5.1,5.8,5.1,6.7,5.7] new: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] detected: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] [Nintendo][Game][Fun] new: [....18] [ip4][.icmp] [..151.6.184.100] -> [.192.168.12.114] @@ -71,32 +73,35 @@ new: [....21] [ip4][.icmp] [...151.6.184.98] -> [.192.168.12.114] detected: [....21] [ip4][.icmp] [...151.6.184.98] -> [.192.168.12.114] [ICMP][Network][Acceptable] analyse: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] [Nintendo][Game][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.754| 0.078| 0.153|23284.658| 0.000] - [PKTLEN......: 102.000| 886.000| 168.000| 186.200|34652.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.754| 0.078| 0.153| 23284.658| 3.200] + [PKTLEN......: 88.000| 872.000| 154.000| 186.200| 34652.000| 4.500] [BINS(c->s)..: 0,2,18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,1,1,1,0,0,1,0,0,1,1,1] [IATS(ms)....: 0.3,0.4,210.0,0.2,0.4,203.8,0.3,0.2,311.9,2.3,0.2,754.1,1.1,30.7,0.6,242.3,245.6,5.5,2.8,1.9,125.6,0.1,0.0,109.1,0.2,10.7,20.1,10.4,105.8,2.2,28.9] - [PKTLENS.....: 118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,182,102,118,118,182,102,118,118,118,118,886,102,886,118,118,102] + [PKTLENS.....: 104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,88,104,104,104,104,872,88,872,104,104,88] + [ENTROPIES...: 6.0,6.2,6.0,6.0,6.0,6.0,6.0,6.1,6.0,6.0,6.1,6.1,6.1,6.2,6.0,6.1,6.6,5.9,6.1,6.1,6.7,6.1,6.2,6.3,6.0,6.1,5.6,5.9,5.6,6.1,6.2,5.9] analyse: [....19] [ip4][..udp] [.192.168.12.114][55915] -> [.93.237.131.235][56066] [Nintendo][Game][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.758| 0.106| 0.188|35487.695| 0.000] - [PKTLEN......: 102.000| 886.000| 221.000| 231.800|53743.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.758| 0.106| 0.188| 35487.695| 3.400] + [PKTLEN......: 88.000| 872.000| 207.000| 231.800| 53743.000| 4.400] [BINS(c->s)..: 0,3,13,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,0,1,1,1,0,0,0,0,0] [IATS(ms)....: 0.7,2.7,200.8,0.2,0.4,313.8,0.2,0.3,757.9,0.1,245.9,0.2,38.4,0.2,116.7,3.0,25.9,110.5,1.2,79.7,8.0,87.9,10.1,91.9,20.1,506.4,607.1,9.7,10.2,12.9,36.7] - [PKTLENS.....: 118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,182,102,182,102,886,102,886,102,118,118,102,358,854,486,486] + [PKTLENS.....: 104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,168,88,872,88,872,88,104,104,88,344,840,472,472] + [ENTROPIES...: 6.0,6.1,6.0,6.0,6.1,6.0,6.1,6.1,6.1,6.2,6.2,6.1,6.1,6.1,6.2,6.2,6.1,6.7,6.0,6.7,5.9,5.6,6.0,5.6,5.8,6.2,6.2,6.0,7.3,5.8,6.2,6.2] analyse: [....20] [ip4][..udp] [.192.168.12.114][55915] -> [..81.61.158.138][51769] [Nintendo][Game][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.649| 0.099| 0.184|33766.533| 0.000] - [PKTLEN......: 102.000| 886.000| 167.500| 186.300|34709.800| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.649| 0.099| 0.184| 33766.533| 3.200] + [PKTLEN......: 88.000| 872.000| 153.500| 186.300| 34709.800| 4.400] [BINS(c->s)..: 0,3,15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0] [IATS(ms)....: 0.3,0.4,313.5,0.3,0.3,284.3,0.1,0.4,629.4,5.2,43.7,5.3,61.4,0.1,131.6,65.4,7.9,0.2,0.8,31.1,0.4,67.6,2.9,0.5,7.5,105.9,5.7,103.3,9.8,549.4,649.3] - [PKTLENS.....: 118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,182,102,118,118,182,118,118,102,118,118,886,102,886,102,118,118,102] + [PKTLENS.....: 104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,104,104,88,104,104,872,88,872,88,104,104,88] + [ENTROPIES...: 6.1,6.1,6.1,6.0,6.2,6.2,6.2,6.2,6.1,6.0,6.1,6.1,6.1,6.1,6.1,6.7,6.0,6.1,6.2,6.8,6.2,6.2,5.9,6.2,6.2,5.5,5.9,5.6,6.0,6.2,6.1,6.0] guessed: [....11] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][10025] [AmazonAWS][Cloud][Acceptable] idle: [....11] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][10025] idle: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] diff --git a/test/results/flow-info/nntp.pcap.out b/test/results/flow-info/nntp.pcap.out index 31650d71f..ab42d8014 100644 --- a/test/results/flow-info/nntp.pcap.out +++ b/test/results/flow-info/nntp.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] detected: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Web][Acceptable] analyse: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 25.684| 4.346| 7.782|60565611.348| 0.000] - [PKTLEN......: 54.000| 1514.000| 219.900| 397.400|157950.100| 3.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 25.684| 4.346| 7.782| 60565611.348| 3.100] + [PKTLEN......: 40.000| 1500.000| 205.900| 397.400| 157950.100| 3.600] [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0] [IATS(ms)....: 0.2,0.2,17.0,17.1,0.2,0.4,673.1,673.7,0.6,0.3,40.5,19518.0,19565.8,8.0,4770.1,4784.4,14.3,0.1,0.0,25683.6,25684.3,0.8,12078.4,12090.7,12.5,0.2,0.1,4544.0,0.1,4544.3,0.3] - [PKTLENS.....: 74,74,66,190,66,79,66,113,92,66,115,66,79,1294,66,79,1514,66,186,66,97,116,66,77,1514,66,332,66,72,66,94,54] + [PKTLENS.....: 60,60,52,176,52,65,52,99,78,52,101,52,65,1280,52,65,1500,52,172,52,83,102,52,63,1500,52,318,52,58,52,80,40] + [ENTROPIES...: 4.5,4.9,4.9,5.5,4.9,5.2,5.0,5.6,5.4,5.0,5.5,4.9,5.2,5.7,5.0,5.3,5.9,4.9,5.4,4.9,5.5,5.5,4.9,5.3,5.8,4.8,5.4,4.8,5.0,4.8,5.5,3.7] end: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/no_sni.pcap.out b/test/results/flow-info/no_sni.pcap.out index b94be78bb..74ffeba9f 100644 --- a/test/results/flow-info/no_sni.pcap.out +++ b/test/results/flow-info/no_sni.pcap.out @@ -8,25 +8,27 @@ detection-update: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Network][Fun] new: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] analyse: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Network][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.180| 0.028| 0.054| 2913.211| 0.000] - [PKTLEN......: 54.000| 736.000| 141.200| 163.800|26828.900| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.180| 0.028| 0.054| 2913.211| 3.000] + [PKTLEN......: 40.000| 722.000| 127.200| 163.800| 26828.900| 4.200] [BINS(c->s)..: 10,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0] [IATS(ms)....: 137.9,138.0,4.7,0.3,0.1,180.3,3.0,178.2,0.2,0.0,0.1,2.3,6.4,1.4,5.5,15.4,0.1,0.7,0.1,1.4,74.0,13.5,4.2,2.9,0.0,76.8,0.1,5.4,2.5,0.0,8.0] - [PKTLENS.....: 78,66,54,670,60,224,60,736,54,116,60,54,138,60,85,54,205,140,114,146,85,60,60,60,380,85,54,54,60,307,85,54] + [PKTLENS.....: 64,52,40,656,46,210,46,722,40,102,46,40,124,46,71,40,191,126,100,132,71,46,46,46,366,71,40,40,46,293,71,40] + [ENTROPIES...: 4.4,4.9,4.5,7.1,4.6,7.0,4.4,7.7,4.6,6.1,4.5,4.6,6.3,4.4,5.6,4.5,6.8,6.4,6.2,6.4,5.5,4.4,4.4,4.4,7.3,5.7,4.6,4.6,4.5,7.3,5.6,4.6] detected: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable] detection-update: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable] analyse: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.473| 0.050| 0.107|11455.737| 0.000] - [PKTLEN......: 54.000| 1514.000| 381.000| 489.400|239474.400| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.473| 0.050| 0.107| 11455.737| 3.000] + [PKTLEN......: 40.000| 1500.000| 367.000| 489.400| 239474.400| 3.900] [BINS(c->s)..: 12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0] [IATS(ms)....: 121.2,121.3,5.4,100.4,0.4,95.3,1.0,4.8,0.1,77.1,0.5,71.8,0.2,0.4,0.6,0.2,76.9,15.5,380.4,472.6,2.8,2.8,2.1,2.1,1.6,1.6,1.4,0.3,1.6,0.6,0.6] - [PKTLENS.....: 78,66,54,1001,60,286,54,118,224,917,60,566,54,60,85,54,85,60,60,1092,54,844,54,1445,54,1445,54,1514,407,54,1178,54] + [PKTLENS.....: 64,52,40,987,46,272,40,104,210,903,46,552,40,46,71,40,71,46,46,1078,40,830,40,1431,40,1431,40,1500,393,40,1164,40] + [ENTROPIES...: 4.5,4.9,4.4,7.5,4.5,6.8,4.6,6.0,6.9,7.8,4.5,7.6,4.6,4.5,5.7,4.6,5.6,4.5,4.5,7.8,4.6,7.8,4.6,7.9,4.6,7.9,4.6,7.9,7.4,4.6,7.8,4.6] new: [.....4] [ip4][..tcp] [..192.168.1.119][51635] -> [..104.17.198.37][..443] new: [.....5] [ip4][..tcp] [..192.168.1.119][51636] -> [..104.17.198.37][..443] new: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] @@ -43,14 +45,15 @@ detection-update: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] detection-update: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] analyse: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.144| 0.032| 0.043| 1852.691| 0.000] - [PKTLEN......: 54.000| 1514.000| 285.300| 409.400|167573.600| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.144| 0.032| 0.043| 1852.691| 3.800] + [PKTLEN......: 40.000| 1500.000| 271.300| 409.400| 167573.600| 3.800] [BINS(c->s)..: 12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0] [IATS(ms)....: 81.9,82.0,5.3,129.4,1.7,0.7,126.4,64.0,9.1,0.1,11.9,1.6,143.7,57.1,79.2,1.6,80.8,1.6,14.7,0.3,13.3,11.9,0.0,12.1,0.1,25.4,25.0,0.8,0.8,5.3,5.5] - [PKTLENS.....: 78,66,54,766,60,1514,1385,54,118,224,380,129,129,1385,66,60,566,54,85,60,85,54,581,85,54,54,368,54,85,54,368,54] + [PKTLENS.....: 64,52,40,752,46,1500,1371,40,104,210,366,115,115,1371,52,46,552,40,71,46,71,40,567,71,40,40,354,40,71,40,354,40] + [ENTROPIES...: 4.5,4.9,4.5,7.3,4.5,7.9,7.8,4.7,5.9,7.0,7.4,6.3,6.4,7.8,4.7,4.5,7.6,4.7,5.4,4.5,5.6,4.7,7.6,5.6,4.6,4.6,7.4,4.7,5.6,4.7,7.3,4.7] idle: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] end: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] end: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] diff --git a/test/results/flow-info/ocs.pcap.out b/test/results/flow-info/ocs.pcap.out index 550d1f188..b655c807b 100644 --- a/test/results/flow-info/ocs.pcap.out +++ b/test/results/flow-info/ocs.pcap.out @@ -33,14 +33,15 @@ detected: [....15] [ip4][..tcp] [..192.168.180.2][36680] -> [.178.248.208.54][..443] [TLS.OCS][Media][Fun] RISK: Obsolete TLS (v1.1 or older) analyse: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] [HTTP.OCS][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.929| 0.088| 0.173|29794.175| 0.000] - [PKTLEN......: 52.000| 715.000| 83.100| 113.800|12942.200| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.929| 0.088| 0.173| 29794.175| 3.500] + [PKTLEN......: 52.000| 715.000| 83.100| 113.800| 12942.200| 4.500] [BINS(c->s)..: 31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 83.8,14.3,246.9,0.6,0.5,68.4,1.8,71.5,0.5,5.4,4.1,41.7,146.0,90.8,71.1,77.4,63.4,3.7,80.5,1.7,86.1,0.6,67.3,32.6,43.3,386.6,73.7,2.5,928.6,31.7,2.1] [PKTLENS.....: 60,52,715,64,72,72,80,72,72,72,72,72,64,52,64,64,64,52,52,52,52,64,64,64,64,52,52,64,64,52,64,64] + [ENTROPIES...: 4.5,5.1,6.0,5.1,5.2,5.2,5.2,5.2,5.3,5.2,5.2,5.2,5.2,5.1,5.2,5.2,5.1,5.2,5.1,5.1,5.0,5.1,5.2,5.1,5.2,5.1,5.2,5.2,5.2,5.0,5.1,5.1] new: [....16] [ip4][..tcp] [..192.168.180.2][32946] -> [.64.233.184.188][..443] detected: [....16] [ip4][..tcp] [..192.168.180.2][32946] -> [.64.233.184.188][..443] [TLS.GoogleServices][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS @@ -60,14 +61,15 @@ new: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] detected: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][Media][Fun] analyse: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.079| 0.027| 0.030| 875.550| 0.000] - [PKTLEN......: 52.000| 204.000| 63.900| 26.300| 690.500| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.079| 0.027| 0.030| 875.550| 4.000] + [PKTLEN......: 52.000| 204.000| 63.900| 26.300| 690.500| 4.900] [BINS(c->s)..: 31,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 71.4,1.5,54.8,1.1,3.6,59.9,0.6,0.1,5.3,64.8,1.7,1.5,79.5,5.5,58.4,1.8,64.6,2.0,67.5,26.5,42.9,26.0,65.4,1.0,48.6,1.3,2.0,1.3,75.5,1.4,4.8] [PKTLENS.....: 60,52,204,52,52,52,52,52,64,64,64,64,72,64,64,72,72,72,64,64,64,52,52,52,52,52,52,52,52,52,64,72] + [ENTROPIES...: 4.6,5.0,5.9,5.2,5.1,5.2,5.2,5.2,5.2,5.2,5.2,5.2,5.3,5.2,5.3,5.3,5.4,5.3,5.3,5.3,5.3,5.2,5.2,5.2,5.1,5.2,5.2,5.1,5.2,5.2,5.3,5.3] update: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] idle: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][Media][Fun] end: [.....8] [ip4][..tcp] [..192.168.180.2][44959] -> [137.135.129.206][...80] diff --git a/test/results/flow-info/ocsp.pcapng.out b/test/results/flow-info/ocsp.pcapng.out index 04d545155..e4392288b 100644 --- a/test/results/flow-info/ocsp.pcapng.out +++ b/test/results/flow-info/ocsp.pcapng.out @@ -11,23 +11,25 @@ new: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] detected: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Network][Safe] analyse: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Cloud][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.003| 10.243| 7.530| 4.272|18250505.126| 0.000] - [PKTLEN......: 118.000| 820.000| 187.000| 189.100|35745.500| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.003| 10.243| 7.530| 4.272| 18250505.126| 4.500] + [PKTLEN......: 104.000| 806.000| 173.000| 189.100| 35745.500| 4.500] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0] [IATS(ms)....: 3.4,7.0,7.4,103.0,109.3,10007.8,10013.0,10151.7,10152.0,10240.5,10240.6,10243.1,10242.9,10236.1,10235.9,10239.9,10240.5,10239.9,10239.5,5617.7,5617.9,102.9,109.3,10148.8,10155.0,10236.1,10236.1,10239.8,10239.7,10240.0] - [PKTLENS.....: 126,126,118,512,118,820,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,512,118,820,118,118,118,118,118,118,118,118] + [PKTLENS.....: 112,112,104,498,104,806,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,498,104,806,104,104,104,104,104,104,104,104] + [ENTROPIES...: 3.9,4.3,4.0,6.2,4.4,7.1,4.5,4.4,4.3,4.3,4.4,4.4,4.3,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,6.2,4.4,7.0,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4] analyse: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 10.244| 7.440| 4.399|19348030.751| 0.000] - [PKTLEN......: 118.000| 1007.000| 198.200| 228.700|52281.300| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.244| 7.440| 4.399| 19348030.751| 4.500] + [PKTLEN......: 104.000| 993.000| 184.200| 228.700| 52281.300| 4.400] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 12.0,16.1,0.3,19.6,157.1,176.9,7779.8,7796.1,1.3,16.6,10045.9,10060.7,10239.9,10239.7,10239.8,10240.0,10244.0,10243.9,10239.9,10240.0,10236.0,10236.1,10243.9,10244.0,10236.0,10235.9,10240.0,10239.8,10240.0,10240.0,10239.9] - [PKTLENS.....: 126,126,118,504,118,1007,118,504,118,1007,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118] + [PKTLENS.....: 112,112,104,490,104,993,104,490,104,993,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104] + [ENTROPIES...: 3.9,4.2,4.1,6.3,4.3,7.0,4.4,6.3,4.4,7.0,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.3,4.4,4.3,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.3] new: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] detected: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] new: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] @@ -41,14 +43,15 @@ end: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] end: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] analyse: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 10.240| 6.308| 4.932|24328020.165| 0.000] - [PKTLEN......: 118.000| 917.000| 229.700| 247.800|61420.800| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.240| 6.308| 4.932| 24328020.165| 4.300] + [PKTLEN......: 104.000| 903.000| 215.700| 247.800| 61420.800| 4.300] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 3.1,7.5,2.6,10.4,0.3,8.0,10198.6,10205.6,10239.9,10239.7,10240.0,10239.8,10240.1,10240.2,10239.7,10239.9,594.5,595.4,7.8,0.3,7.9,7.3,10142.0,10148.6,10239.9,10240.0,10239.9,10239.9,10240.0,10239.9,10239.9] - [PKTLENS.....: 126,126,118,505,118,917,118,118,118,118,118,118,118,118,118,118,118,505,917,118,505,917,118,118,118,118,118,118,118,118,118,118] + [PKTLENS.....: 112,112,104,491,104,903,104,104,104,104,104,104,104,104,104,104,104,491,903,104,491,903,104,104,104,104,104,104,104,104,104,104] + [ENTROPIES...: 3.9,4.3,4.0,6.3,4.3,7.0,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.3,6.3,7.0,4.4,6.3,7.0,4.3,4.4,4.3,4.3,4.3,4.4,4.3,4.4,4.3,4.4] DAEMON-EVENT: [Processed: 207 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] @@ -57,23 +60,25 @@ detected: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Network][Safe] end: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Network][Safe] analyse: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 10.241| 7.851| 4.241|17983611.077| 0.000] - [PKTLEN......: 118.000| 1462.000| 193.500| 263.000|69147.600| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 10.241| 7.851| 4.241| 17983611.077| 4.500] + [PKTLEN......: 104.000| 1448.000| 179.500| 263.000| 69147.600| 4.200] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 3.4,7.4,0.9,8.1,0.6,9.1,10126.9,10134.8,10240.4,10240.5,10239.2,10239.6,10239.9,10239.7,10239.9,10239.5,10239.9,10240.2,10239.9,10240.1,10240.6,10240.2,10239.6,10239.4,10239.5,10240.0,10240.0,10240.0,2594.9] - [PKTLENS.....: 126,126,118,519,118,1462,772,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118] + [PKTLENS.....: 112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104] + [ENTROPIES...: 3.8,4.2,4.1,6.2,4.4,6.9,7.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4] analyse: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 10.241| 7.462| 4.365|19049033.499| 0.000] - [PKTLEN......: 118.000| 1124.000| 162.300| 185.900|34567.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.241| 7.462| 4.365| 19049033.499| 4.600] + [PKTLEN......: 104.000| 1110.000| 148.300| 185.900| 34567.000| 4.500] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 12.0,16.5,0.4,17.1,110.0,126.6,9996.4,10012.4,10239.9,10239.8,10239.9,10240.2,10239.9,10239.6,10240.0,10240.0,10239.9,10240.1,10239.9,10239.7,10239.9,10240.0,10240.6,10240.6,10239.8,10239.8,10239.3,10239.5,3107.0,3107.9,16.9] - [PKTLENS.....: 126,126,118,514,118,1124,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118,118] + [PKTLENS.....: 112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104] + [ENTROPIES...: 3.9,4.3,4.0,6.3,4.3,7.0,4.4,4.4,4.3,4.4,4.3,4.4,4.3,4.4,4.3,4.3,4.3,4.4,4.3,4.4,4.3,4.4,4.3,4.3,4.3,4.3,4.3,4.4,4.3,4.3,4.3,4.4] DAEMON-EVENT: [Processed: 274 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] @@ -84,13 +89,14 @@ detected: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Network][Safe] end: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Network][Safe] analyse: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 10.241| 4.682| 4.929|24292207.100| 0.000] - [PKTLEN......: 118.000| 1566.000| 338.200| 431.700|186386.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.241| 4.682| 4.929| 24292207.100| 3.600] + [PKTLEN......: 104.000| 1552.000| 324.200| 431.700| 186386.900| 4.100] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 12.2,16.6,0.5,17.8,3.4,21.7,1169.7,1186.8,9.8,24.7,1031.5,1046.7,2.5,19.0,10158.4,10174.4,10240.2,10240.5,10240.7,10240.4,10239.9,10239.9,10238.7,10240.1,10241.2] - [PKTLENS.....: 126,126,118,504,118,1566,627,118,118,504,118,1566,627,118,118,505,118,1566,628,118,118,118,118,118,118,118,118,118,118,118,118,118] + [PKTLENS.....: 112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104] + [ENTROPIES...: 3.9,4.2,4.0,6.3,4.3,7.0,7.2,4.4,4.4,6.3,4.3,7.0,7.2,4.3,4.3,6.2,4.4,7.0,7.2,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4] end: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/ookla.pcap.out b/test/results/flow-info/ookla.pcap.out index 91a870708..ab9aa8c5e 100644 --- a/test/results/flow-info/ookla.pcap.out +++ b/test/results/flow-info/ookla.pcap.out @@ -6,14 +6,15 @@ new: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] detected: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Network][Safe] analyse: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Network][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.138| 0.055| 0.033| 1064.798| 0.000] - [PKTLEN......: 66.000| 100.000| 77.900| 9.700| 93.700| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.138| 0.055| 0.033| 1064.798| 4.700] + [PKTLEN......: 52.000| 86.000| 63.900| 9.700| 93.700| 5.000] [BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 36.8,36.9,28.0,64.0,0.1,36.1,38.4,72.7,34.3,27.1,61.9,34.7,97.7,133.2,35.5,27.7,63.1,35.3,68.5,103.7,35.3,26.0,61.1,35.1,103.2,137.7,34.5,32.6,67.3,34.6,94.1] - [PKTLENS.....: 78,74,66,69,66,100,66,85,85,66,85,85,66,85,85,66,85,85,66,85,85,66,85,85,66,85,85,66,85,85,66,85] + [PKTLENS.....: 64,60,52,55,52,86,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71] + [ENTROPIES...: 4.5,5.3,5.1,5.2,5.2,5.5,5.1,5.4,5.5,5.0,5.4,5.5,5.1,5.5,5.5,5.1,5.4,5.6,5.1,5.4,5.6,5.1,5.5,5.5,5.0,5.5,5.6,5.1,5.5,5.5,5.0,5.4] end: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Network][Safe] end: [.....1] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Network][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/openvpn.pcap.out b/test/results/flow-info/openvpn.pcap.out index c1e86960f..a210a7ff9 100644 --- a/test/results/flow-info/openvpn.pcap.out +++ b/test/results/flow-info/openvpn.pcap.out @@ -5,28 +5,30 @@ detected: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.998| 0.088| 0.234|54526.591| 0.000] - [PKTLEN......: 66.000| 371.000| 154.300| 75.300| 5671.500| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.998| 0.088| 0.234| 54526.591| 2.700] + [PKTLEN......: 52.000| 357.000| 140.300| 75.300| 5671.500| 4.800] [BINS(c->s)..: 6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1] [IATS(ms)....: 54.9,55.0,945.3,997.7,0.5,52.9,0.2,76.4,76.2,41.0,2.7,0.1,43.9,0.1,0.2,0.3,40.5,40.5,41.0,41.0,0.1,0.1,0.3,41.0,41.0,40.3,40.3,0.5,0.1,0.6,40.1] - [PKTLENS.....: 74,74,66,110,66,122,66,118,66,371,66,222,210,118,210,210,66,210,222,210,118,210,210,66,210,222,210,118,210,210,66,210] + [PKTLENS.....: 60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196] + [ENTROPIES...: 4.6,5.1,4.9,5.5,5.1,5.6,4.9,5.8,5.1,5.7,5.1,6.0,6.1,5.7,6.5,6.7,5.0,6.6,6.2,6.4,5.7,6.7,6.7,4.8,6.1,6.1,6.4,5.8,6.6,6.8,5.0,6.4] DAEMON-EVENT: [Processed: 95 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] detected: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.196| 0.045| 0.060| 3547.546| 0.000] - [PKTLEN......: 84.000| 345.000| 140.400| 58.600| 3436.100| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.196| 0.045| 0.060| 3547.546| 3.900] + [PKTLEN......: 70.000| 331.000| 126.400| 58.600| 3436.100| 4.900] [BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 195.2,195.8,0.8,177.2,176.2,0.5,0.5,0.5,0.4,0.5,0.5,98.5,98.6,29.6,29.6,19.8,19.8,0.4,0.5,50.1,50.0,29.9,30.0,20.3,20.2,9.5,9.5,38.3,38.3,31.9,31.9] - [PKTLENS.....: 84,96,92,345,196,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92] + [PKTLENS.....: 70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78] + [ENTROPIES...: 5.3,5.5,5.7,5.6,5.9,5.6,6.0,5.7,6.6,5.7,6.7,5.7,6.6,5.7,6.4,5.7,6.6,5.6,6.6,5.7,6.0,5.6,6.4,5.7,6.6,5.6,6.6,5.6,6.3,5.7,6.5,5.7] idle: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 178 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -35,14 +37,15 @@ detected: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.242| 0.188| 0.537|288658.031| 0.000] - [PKTLEN......: 84.000| 345.000| 137.300| 58.900| 3466.400| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.242| 0.188| 0.537| 288658.031| 2.400] + [PKTLEN......: 70.000| 331.000| 123.300| 58.900| 3466.400| 4.900] [BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 2195.9,2242.5,46.7,0.1,203.1,15.1,218.1,0.6,0.6,0.5,0.5,3.5,3.5,185.2,185.2,0.4,0.4,39.5,39.5,9.4,9.4,82.3,82.3,3.8,3.8,34.2,34.2,15.7,15.7,74.3,74.3] - [PKTLENS.....: 84,84,96,92,345,92,196,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92] + [PKTLENS.....: 70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78] + [ENTROPIES...: 5.2,5.3,5.4,5.5,5.6,5.5,5.8,5.6,6.1,5.5,6.6,5.5,6.7,5.6,6.6,5.5,6.4,5.6,6.7,5.5,6.5,5.6,6.0,5.6,6.3,5.6,6.6,5.6,6.6,5.5,6.4,5.6] idle: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port idle: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable] diff --git a/test/results/flow-info/pgm.pcap.out b/test/results/flow-info/pgm.pcap.out index f9747bd1f..88c56b940 100644 --- a/test/results/flow-info/pgm.pcap.out +++ b/test/results/flow-info/pgm.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] detected: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Network][Acceptable] analyse: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.841| 0.063| 0.156|24250.839| 0.000] - [PKTLEN......: 70.000| 1344.000| 203.200| 214.800|46132.500| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.841| 0.063| 0.156| 24250.839| 2.900] + [PKTLEN......: 56.000| 1330.000| 189.200| 214.800| 46132.500| 4.500] [BINS(c->s)..: 0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 840.7,20.8,0.0,36.8,5.6,0.1,6.6,0.0,17.0,0.0,14.9,14.7,0.0,37.3,0.0,168.2,95.0,1.6,67.0,1.6,11.0,51.2,0.0,243.0,25.5,16.0,6.4,15.0,3.5,0.1,240.0] - [PKTLENS.....: 70,129,127,321,1344,206,126,130,170,285,252,333,179,131,227,313,129,141,148,128,129,144,146,145,128,135,133,134,133,135,126,127] + [PKTLENS.....: 56,115,113,307,1330,192,112,116,156,271,238,319,165,117,213,299,115,127,134,114,115,130,132,131,114,121,119,120,119,121,112,113] + [ENTROPIES...: 4.2,3.8,3.7,4.3,4.0,4.3,3.7,3.9,4.1,4.3,4.3,4.2,4.1,3.9,4.2,4.4,3.8,3.8,4.3,3.8,3.9,4.3,4.3,4.2,3.8,3.9,3.9,4.0,4.0,4.0,3.8,3.8] idle: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/pinterest.pcap.out b/test/results/flow-info/pinterest.pcap.out index 3d2cbe63f..50fd28000 100644 --- a/test/results/flow-info/pinterest.pcap.out +++ b/test/results/flow-info/pinterest.pcap.out @@ -8,14 +8,15 @@ detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] analyse: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.172| 0.014| 0.033| 1083.758| 0.000] - [PKTLEN......: 86.000| 1134.000| 378.100| 421.400|177613.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.172| 0.014| 0.033| 1083.758| 2.700] + [PKTLEN......: 72.000| 1120.000| 364.100| 421.400| 177613.600| 4.200] [BINS(c->s)..: 10,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1] [IATS(ms)....: 17.6,17.7,0.5,40.0,1.7,0.0,0.0,41.2,0.0,0.0,0.2,0.0,0.2,0.0,0.0,7.0,0.3,0.4,41.6,0.0,0.0,33.9,0.5,0.0,0.5,0.2,42.0,172.4,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1134,1134,1134,86,86,86,1134,1134,168,86,86,86,179,185,451,86,86,344,86,152,86,86,124,86,1134,1134,563] + [PKTLENS.....: 80,80,72,589,72,1120,1120,1120,72,72,72,1120,1120,154,72,72,72,165,171,437,72,72,330,72,138,72,72,110,72,1120,1120,549] + [ENTROPIES...: 4.8,5.2,5.2,4.5,5.0,6.8,4.5,6.6,5.2,5.2,5.3,7.1,7.6,6.3,5.2,5.2,5.1,6.1,6.4,7.4,5.1,5.0,7.1,5.3,6.2,5.1,5.2,5.6,5.1,7.8,7.8,7.6] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] new: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] new: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38514] -> [.......................2a04:4e42:1d::84][..443] @@ -45,14 +46,15 @@ new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] [MIDSTREAM] new: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][34626] -> [.....................64:ff9b::acd9:13e2][..443] [MIDSTREAM] analyse: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.054| 0.008| 0.015| 223.156| 0.000] - [PKTLEN......: 86.000| 1474.000| 395.000| 486.900|237029.200| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.054| 0.008| 0.015| 223.156| 3.000] + [PKTLEN......: 72.000| 1460.000| 381.000| 486.900| 237029.200| 4.100] [BINS(c->s)..: 9,1,1,1,0,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,1,0,0,1,0] [IATS(ms)....: 29.2,29.3,0.5,30.6,2.1,0.0,0.0,0.0,32.2,0.0,0.0,0.0,7.2,0.3,2.0,0.2,0.1,0.3,0.4,53.9,0.0,0.2,0.0,43.6,1.3,0.0,1.3,0.2,0.8,0.5] - [PKTLENS.....: 94,94,86,603,86,1474,1474,1474,1244,86,86,86,86,179,185,377,397,364,1040,342,86,86,86,344,86,152,86,86,86,124,1474,86] + [PKTLENS.....: 80,80,72,589,72,1460,1460,1460,1230,72,72,72,72,165,171,363,383,350,1026,328,72,72,72,330,72,138,72,72,72,110,1460,72] + [ENTROPIES...: 4.6,5.1,5.1,4.4,4.9,6.4,5.2,7.3,7.6,5.1,5.0,5.1,5.1,6.0,6.2,7.2,7.1,6.9,7.4,6.9,4.9,4.9,4.9,7.1,5.1,6.1,4.9,5.0,5.1,5.6,7.9,5.1] new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe] new: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] @@ -62,48 +64,52 @@ detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Web][Acceptable] detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.044| 0.009| 0.014| 199.945| 0.000] - [PKTLEN......: 86.000| 1294.000| 265.000| 327.800|107441.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.044| 0.009| 0.014| 199.945| 3.400] + [PKTLEN......: 72.000| 1280.000| 251.000| 327.800| 107441.100| 4.100] [BINS(c->s)..: 12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1] [IATS(ms)....: 26.0,26.0,0.2,34.5,9.5,43.8,0.0,0.1,0.0,2.4,0.1,0.1,39.2,0.0,0.2,0.3,37.1,0.3,3.1,2.9,7.2,0.0,7.1,0.0,0.0,0.7,0.6,0.6,26.3] - [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,303,86,150,178,409,86,86,86,666,86,117,117,86,507,832,281,86,86,86,125,86,125,86] + [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,289,72,136,164,395,72,72,72,652,72,103,103,72,493,818,267,72,72,72,111,72,111,72] + [ENTROPIES...: 4.8,5.3,5.2,4.5,5.1,7.8,7.8,5.3,5.3,7.1,5.3,6.2,6.6,7.4,5.1,5.1,5.1,7.7,5.2,5.8,5.8,5.2,7.5,7.8,7.0,5.2,5.3,5.3,5.9,5.3,5.9,5.1] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.133| 0.017| 0.031| 941.058| 0.000] - [PKTLEN......: 86.000| 1294.000| 323.400| 401.100|160869.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.133| 0.017| 0.031| 941.058| 3.100] + [PKTLEN......: 72.000| 1280.000| 309.400| 401.100| 160869.700| 4.100] [BINS(c->s)..: 11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0] [IATS(ms)....: 23.5,23.5,0.2,32.3,1.9,0.0,34.0,0.0,0.0,0.3,0.2,0.0,1.7,0.1,0.1,35.1,5.7,3.7,0.0,42.6,0.0,0.1,39.2,93.6,132.7,1.2,0.1,0.1] - [PKTLENS.....: 94,94,86,603,86,1294,1294,1294,86,86,86,1294,187,86,86,150,178,465,86,86,666,117,86,86,86,117,86,344,86,125,243,585] + [PKTLENS.....: 80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571] + [ENTROPIES...: 4.7,5.1,5.0,4.5,4.9,7.8,7.8,7.8,5.0,5.0,5.0,7.8,6.6,5.0,5.0,6.1,6.3,7.4,4.9,4.8,7.6,5.5,4.9,5.1,5.1,5.7,4.8,7.2,5.0,5.9,6.8,7.6] detected: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Web][Safe] detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Web][Safe] detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Media][Safe] analyse: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.090| 0.016| 0.023| 544.707| 0.000] - [PKTLEN......: 86.000| 1134.000| 314.800| 374.800|140490.000| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.090| 0.016| 0.023| 544.707| 3.300] + [PKTLEN......: 72.000| 1120.000| 300.800| 374.800| 140490.000| 4.100] [BINS(c->s)..: 11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0] [IATS(ms)....: 39.8,39.9,0.4,39.9,1.9,0.0,41.3,0.0,0.1,0.0,0.0,0.6,0.6,0.0,2.9,2.6,0.6,39.8,0.1,1.1,1.9,36.8,0.0,0.2,49.7,40.1,89.6] - [PKTLENS.....: 94,94,86,603,86,1134,1134,86,86,1134,1134,86,86,1134,168,86,86,179,185,382,86,86,86,344,152,86,86,124,86,530,260,86] + [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72] + [ENTROPIES...: 4.8,5.1,5.1,4.6,5.0,6.8,4.4,5.2,5.1,6.6,7.1,5.2,5.2,7.6,6.2,5.2,5.2,6.1,6.3,7.3,5.0,5.0,5.0,7.0,6.2,5.2,5.2,5.6,5.0,7.5,6.9,5.2] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] analyse: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.050| 0.009| 0.016| 268.348| 0.000] - [PKTLEN......: 86.000| 1474.000| 512.700| 595.900|355070.700| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.050| 0.009| 0.016| 268.348| 2.900] + [PKTLEN......: 72.000| 1460.000| 498.700| 595.900| 355070.700| 4.000] [BINS(c->s)..: 12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1] [IATS(ms)....: 50.3,50.3,0.2,31.7,3.1,34.6,0.0,0.7,0.7,1.2,0.0,1.2,0.0,2.6,0.1,0.2,32.3,0.0,29.5,0.0,0.5,0.0,0.5,0.0,0.0,0.6] - [PKTLENS.....: 94,94,86,603,86,1474,1474,86,86,1474,86,1474,1219,86,86,179,185,454,86,86,86,344,152,86,86,1474,1474,1474,86,86,86,1474] + [PKTLENS.....: 80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460] + [ENTROPIES...: 4.7,5.1,5.1,4.5,5.0,6.7,4.9,5.1,5.1,7.4,5.1,7.3,7.6,5.1,5.2,5.9,6.3,7.4,5.0,5.0,5.0,7.1,6.2,5.2,5.1,7.9,7.9,7.9,5.1,5.1,5.1,7.8] detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Media][Safe] new: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Web][Acceptable] @@ -115,32 +121,35 @@ detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Web][Acceptable] detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][SocialNetwork][Fun] analyse: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.077| 0.017| 0.027| 751.406| 0.000] - [PKTLEN......: 86.000| 1294.000| 421.600| 486.000|236213.000| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.077| 0.017| 0.027| 751.406| 2.800] + [PKTLEN......: 72.000| 1280.000| 407.600| 486.000| 236213.000| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0] [IATS(ms)....: 76.8,76.9,1.8,47.3,30.0,75.4,0.0,0.0,2.1,0.6,1.6,47.9,0.1,0.0,0.0,0.0,0.0,43.7,0.0,0.0,0.0,0.0,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,356,86,86,86,150,178,400,86,86,86,666,117,484,1294,1294,1294,1294,1294,86,86,86,86,86,86,86] + [PKTLENS.....: 80,80,72,589,72,1280,1280,342,72,72,72,136,164,386,72,72,72,652,103,470,1280,1280,1280,1280,1280,72,72,72,72,72,72,72] + [ENTROPIES...: 4.8,5.3,5.2,4.5,5.1,7.8,7.8,7.3,5.2,5.2,5.2,6.0,6.5,7.4,5.1,5.1,5.2,7.6,5.7,7.5,7.8,7.8,7.8,7.9,7.8,5.2,5.1,5.2,5.2,5.2,5.2,5.2] analyse: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.079| 0.014| 0.022| 503.587| 0.000] - [PKTLEN......: 86.000| 1294.000| 436.100| 496.100|246097.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.079| 0.014| 0.022| 503.587| 3.300] + [PKTLEN......: 72.000| 1280.000| 422.100| 496.100| 246097.600| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,1,0,0,0,0,1,1] [IATS(ms)....: 51.6,51.7,0.6,28.0,20.5,0.0,47.7,0.0,0.0,3.3,0.2,0.1,70.0,0.0,0.0,13.2,79.5,0.3,8.7,8.4,16.7,0.0,0.0,0.0,16.7,0.0,0.0,0.0,0.2,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,326,86,86,86,150,178,347,86,86,86,666,86,117,117,86,1002,1294,1294,1294,86,86,86,86,1294,1294] + [PKTLENS.....: 80,80,72,589,72,1280,1280,312,72,72,72,136,164,333,72,72,72,652,72,103,103,72,988,1280,1280,1280,72,72,72,72,1280,1280] + [ENTROPIES...: 4.9,5.2,5.2,4.4,5.1,7.8,7.8,7.2,5.2,5.2,5.2,6.2,6.7,7.2,5.1,5.1,5.1,7.6,5.2,5.8,5.7,5.2,7.8,7.8,7.9,7.8,5.2,5.2,5.2,5.2,7.8,7.8] analyse: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.093| 0.012| 0.022| 484.499| 0.000] - [PKTLEN......: 86.000| 1466.000| 285.000| 368.400|135732.300| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.093| 0.012| 0.022| 484.499| 3.000] + [PKTLEN......: 72.000| 1452.000| 271.000| 368.400| 135732.300| 4.100] [BINS(c->s)..: 12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0] [IATS(ms)....: 27.0,27.1,0.2,32.3,0.0,32.0,0.0,3.9,0.4,0.1,64.7,93.2,0.0,0.0,0.3,0.0,0.0,0.0,24.3,0.0,0.0,0.0,0.2,0.0,0.0,0.1,0.0,0.0,4.4,39.9] - [PKTLENS.....: 94,94,86,603,86,1466,993,86,86,150,178,344,344,86,86,86,265,166,130,667,86,86,86,86,497,1466,128,86,86,86,117,213] + [PKTLENS.....: 80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199] + [ENTROPIES...: 5.1,5.4,5.4,4.6,5.3,7.8,7.8,5.5,5.5,6.2,6.5,7.3,7.3,5.3,5.2,5.3,7.0,6.4,5.9,7.6,5.4,5.4,5.4,5.4,7.5,7.9,6.1,5.4,5.4,5.4,5.9,6.7] new: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][SocialNetwork][Fun] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] @@ -150,44 +159,48 @@ new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [MIDSTREAM] detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Web][Safe] analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.029| 0.002| 0.007| 49.867| 0.000] - [PKTLEN......: 86.000| 1294.000| 752.800| 578.200|334348.700| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.029| 0.002| 0.007| 49.867| 1.800] + [PKTLEN......: 72.000| 1280.000| 738.800| 578.200| 334348.700| 4.500] [BINS(c->s)..: 7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1] [IATS(ms)....: 0.2,23.5,0.2,5.1,0.0,28.6,0.3,0.0,0.0,0.0,0.2,0.0,0.0,0.0,0.4,0.0,0.0,0.4,0.0,1.3,0.0,1.3,0.1,0.0,0.0] - [PKTLENS.....: 244,209,86,86,277,1294,86,1294,1294,1294,1294,86,86,1294,1294,86,1294,1294,1294,1294,86,86,1294,1294,251,125,213,86,1294,1294,1294,1294] + [PKTLENS.....: 230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280] + [ENTROPIES...: 6.9,6.7,5.1,5.1,7.0,7.9,5.2,7.8,7.8,7.8,7.8,5.1,5.1,7.8,7.8,5.2,7.9,7.8,7.8,7.9,5.2,5.2,7.8,7.8,6.9,5.8,6.7,5.1,7.8,7.8,7.8,7.8] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable] detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable] analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.486| 0.068| 0.273|74793.992| 0.000] - [PKTLEN......: 86.000| 1294.000| 252.100| 317.700|100919.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.486| 0.068| 0.273| 74793.992| 1.600] + [PKTLEN......: 72.000| 1280.000| 238.100| 317.700| 100919.600| 4.100] [BINS(c->s)..: 11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0] [IATS(ms)....: 55.5,55.6,2.6,45.1,17.8,0.0,60.2,0.0,0.3,0.3,9.4,2.5,0.6,42.9,0.2,0.0,30.6,0.2,14.9,14.7,23.0,23.0,0.0,0.1,0.1,1.6,29.4,1485.9] - [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,587,86,150,178,458,86,86,86,666,86,117,117,86,476,149,86,86,125,86,86,125,86,251] + [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237] + [ENTROPIES...: 4.8,5.2,5.1,4.7,5.0,7.8,7.8,5.2,5.2,7.6,5.2,6.1,6.5,7.5,5.1,5.1,5.1,7.6,5.2,5.8,5.7,5.2,7.5,6.2,5.2,5.2,5.9,5.1,5.2,6.0,5.1,6.9] analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.043| 0.009| 0.013| 174.232| 0.000] - [PKTLEN......: 86.000| 1294.000| 432.800| 492.400|242485.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.043| 0.009| 0.013| 174.232| 3.500] + [PKTLEN......: 72.000| 1280.000| 418.800| 492.400| 242485.900| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0] [IATS(ms)....: 23.4,23.6,0.6,27.8,5.3,0.0,32.3,0.0,0.0,3.2,0.2,0.2,43.0,0.9,0.0,0.2,40.4,0.9,3.4,2.5,21.4,0.0,21.3,0.0,7.8,0.0,0.0,7.8,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,336,86,86,86,150,178,341,86,86,86,666,86,117,117,86,890,1294,86,86,1294,1294,1294,1294,86,86] + [PKTLENS.....: 80,80,72,589,72,1280,1280,322,72,72,72,136,164,327,72,72,72,652,72,103,103,72,876,1280,72,72,1280,1280,1280,1280,72,72] + [ENTROPIES...: 4.9,5.4,5.2,4.6,5.1,7.8,7.8,7.2,5.2,5.3,5.3,6.2,6.4,7.2,5.1,5.1,5.1,7.6,5.2,5.8,5.8,5.2,7.8,7.8,5.3,5.3,7.8,7.8,7.9,7.8,5.2,5.2] analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.522| 0.133| 0.377|141791.068| 0.000] - [PKTLEN......: 86.000| 1466.000| 273.400| 363.600|132225.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.522| 0.133| 0.377| 141791.068| 2.300] + [PKTLEN......: 72.000| 1452.000| 259.400| 363.600| 132225.800| 4.100] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,1,0,1] [IATS(ms)....: 51.0,51.1,0.7,184.3,0.0,183.7,0.1,7.5,8.6,3.9,48.7,0.0,10.6,0.0,0.0,39.2,0.1,0.0,1.7,5.8,4.0,34.7,42.4,77.0,1489.8,1522.2,0.0,32.5,72.0] - [PKTLENS.....: 94,94,86,603,86,1466,994,86,86,150,178,456,86,86,86,257,166,117,86,86,86,117,121,86,86,506,86,632,86,121,86,1388] + [PKTLENS.....: 80,80,72,589,72,1452,980,72,72,136,164,442,72,72,72,243,152,103,72,72,72,103,107,72,72,492,72,618,72,107,72,1374] + [ENTROPIES...: 5.1,5.4,5.4,4.5,5.3,7.9,7.8,5.4,5.3,6.3,6.5,7.5,5.3,5.3,5.2,6.9,6.5,5.9,5.3,5.3,5.3,5.9,6.0,5.4,5.3,7.6,5.4,7.6,5.3,6.0,5.4,7.8] new: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56940] -> [......................2a04:4e42:1d::720][..443] [MIDSTREAM] new: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] [MIDSTREAM] new: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54308] -> [...............2a00:1450:4007:806::200e][..443] [MIDSTREAM] @@ -207,37 +220,40 @@ detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Advertisement][Acceptable] analyse: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Advertisement][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.157| 0.019| 0.038| 1426.179| 0.000] - [PKTLEN......: 86.000| 1294.000| 427.000| 486.700|236885.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.157| 0.019| 0.038| 1426.179| 2.700] + [PKTLEN......: 72.000| 1280.000| 413.000| 486.700| 236885.800| 4.100] [BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0] [IATS(ms)....: 46.9,46.9,0.2,112.0,45.4,0.0,157.3,0.0,0.0,2.9,0.3,3.0,37.7,0.0,1.1,0.0,32.6,0.0,0.0,0.6,1.0,0.0,0.3,0.0,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,563,86,86,86,150,178,351,86,86,86,666,500,1294,86,86,86,117,1294,1294,1294,1294,86,86,86,86] + [PKTLENS.....: 80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72] + [ENTROPIES...: 4.9,5.3,5.1,4.6,5.1,7.8,7.8,7.5,5.1,5.1,5.2,6.1,6.6,7.3,5.0,5.1,5.1,7.6,7.5,7.8,5.1,5.1,5.1,5.8,7.8,7.9,7.8,7.9,5.1,5.2,5.1,5.2] analyse: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.136| 0.027| 0.042| 1750.865| 0.000] - [PKTLEN......: 86.000| 1474.000| 444.600| 544.300|296293.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.136| 0.027| 0.042| 1750.865| 3.200] + [PKTLEN......: 72.000| 1460.000| 430.600| 544.300| 296293.800| 4.000] [BINS(c->s)..: 9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1] [IATS(ms)....: 46.5,46.6,0.4,49.8,3.6,52.9,0.0,1.3,0.0,1.3,0.0,2.4,0.3,0.5,109.0,0.0,0.0,105.9,0.0,0.0,6.5,35.8,111.1,136.0,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1474,1474,86,86,1474,1244,86,86,179,185,352,86,86,344,152,86,584,86,86,86,124,86,224,86,1474,1474,1474] + [PKTLENS.....: 80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460] + [ENTROPIES...: 4.7,5.1,5.1,4.5,5.0,6.4,5.2,5.2,5.2,7.3,7.6,5.2,5.1,6.1,6.3,7.2,5.0,5.0,7.1,6.1,4.9,7.5,5.2,5.1,5.2,5.6,5.0,6.7,5.0,7.9,7.8,7.8] detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Web][Safe] detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Web][Safe] detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Media][Safe] analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.045| 0.007| 0.012| 147.627| 0.000] - [PKTLEN......: 86.000| 1134.000| 391.700| 441.200|194656.500| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.045| 0.007| 0.012| 147.627| 3.200] + [PKTLEN......: 72.000| 1120.000| 377.700| 441.200| 194656.500| 4.100] [BINS(c->s)..: 11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1] [IATS(ms)....: 21.0,21.0,0.5,37.1,8.9,0.0,45.5,0.0,2.0,0.0,0.0,0.0,2.0,0.0,0.0,0.0,0.1,0.0,7.8,0.5,0.4,31.0,0.0,0.4,0.0,22.8,0.0,0.4,8.3,2.6,0.0] - [PKTLENS.....: 94,94,86,603,86,1134,1134,86,86,1134,1134,1134,1134,86,86,86,86,127,86,179,185,356,86,86,344,152,86,86,124,86,1134,1134] + [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120] + [ENTROPIES...: 4.8,5.1,5.2,4.5,5.1,6.9,5.1,5.2,5.2,6.7,7.2,7.3,7.6,5.2,5.1,5.2,5.2,5.6,5.2,6.0,6.4,7.1,5.1,5.1,7.0,6.2,5.2,5.2,5.7,5.0,7.8,7.8] detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Media][Safe] guessed: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] [TLS][Web][Safe] idle: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] diff --git a/test/results/flow-info/pop3_stls.pcap.out b/test/results/flow-info/pop3_stls.pcap.out index c24de3787..8965ca3ec 100644 --- a/test/results/flow-info/pop3_stls.pcap.out +++ b/test/results/flow-info/pop3_stls.pcap.out @@ -11,14 +11,15 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Email][Safe] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) analyse: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.072| 0.263| 0.525|275477.529| 0.000] - [PKTLEN......: 54.000| 1514.000| 248.500| 417.000|173868.900| 3.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.072| 0.263| 0.525| 275477.529| 3.300] + [PKTLEN......: 40.000| 1500.000| 234.500| 417.000| 173868.900| 3.700] [BINS(c->s)..: 9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1] [IATS(ms)....: 68.2,69.0,68.7,120.6,119.8,1003.1,1075.3,72.5,0.5,70.8,70.3,69.5,71.0,0.2,69.9,69.1,0.3,69.2,7.0,114.4,36.0,229.4,154.0,2002.9,2072.1,69.1,0.7,117.2,116.7,68.9,75.8] - [PKTLENS.....: 66,66,54,65,60,60,82,60,60,203,60,91,222,1514,1514,54,1514,414,54,368,60,292,85,60,107,85,60,222,98,103,96,103] + [PKTLENS.....: 52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89] + [ENTROPIES...: 4.5,4.8,4.7,5.2,5.0,4.5,5.4,5.0,4.5,5.5,5.0,5.4,5.5,7.1,7.1,4.7,6.9,7.2,4.8,7.4,4.5,7.0,5.8,4.5,5.8,5.7,4.5,7.0,5.9,6.0,5.7,5.9] detection-update: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Email][Safe] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) end: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Email][Safe] diff --git a/test/results/flow-info/pps.pcap.out b/test/results/flow-info/pps.pcap.out index 70b216125..acb20cf1e 100644 --- a/test/results/flow-info/pps.pcap.out +++ b/test/results/flow-info/pps.pcap.out @@ -9,47 +9,51 @@ new: [.....6] [ip4][..udp] [..192.168.115.8][22793] -> [.111.249.53.196][32443] new: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] analyse: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.014| 0.003| 0.004| 16.289| 0.000] - [PKTLEN......: 79.000| 1107.000| 400.200| 476.500|227043.400| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.014| 0.003| 0.004| 16.289| 3.700] + [PKTLEN......: 65.000| 1093.000| 386.200| 476.500| 227043.400| 4.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1] [IATS(ms)....: 0.3,0.3,3.0,2.0,4.7,0.3,0.1,0.0,0.6,0.6,2.0,0.9,0.2,1.9,1.1,0.1,11.9,11.8,0.1,13.6,13.5,0.1,2.8,2.6,0.2,1.3,1.0,0.1,1.6,1.9,0.3] - [PKTLENS.....: 1107,79,79,1107,1107,79,79,79,79,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79] + [PKTLENS.....: 1093,65,65,1093,1093,65,65,65,65,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65] + [ENTROPIES...: 7.8,5.1,5.1,7.8,7.8,5.2,5.1,5.2,5.1,5.2,5.2,7.8,5.1,5.1,7.8,5.2,5.2,7.8,5.1,5.1,7.8,5.2,5.2,7.8,5.1,5.1,7.6,5.2,5.2,7.8,5.2,5.2] not-detected: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793] [Unknown][Unrated] analyse: [.....3] [ip4][..udp] [..192.168.115.8][22793] -> [...114.42.0.158][.7716] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.013| 0.002| 0.004| 13.731| 0.000] - [PKTLEN......: 79.000| 1107.000| 400.200| 476.500|227043.400| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.013| 0.002| 0.004| 13.731| 3.800] + [PKTLEN......: 65.000| 1093.000| 386.200| 476.500| 227043.400| 4.000] [BINS(c->s)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.3,12.6,12.6,0.2,1.1,0.9,0.1,1.6,1.5,0.2,2.1,1.8,0.3,0.7,0.6,0.3,1.7,1.1,0.1,3.6,5.8,0.4,11.9,9.1,0.1,1.2,1.4,0.1,1.5,1.1,0.1] - [PKTLENS.....: 79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79] + [PKTLENS.....: 65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65] + [ENTROPIES...: 5.1,5.1,7.8,5.2,5.2,7.7,5.0,5.0,7.8,5.2,5.2,7.8,5.1,5.1,7.8,5.1,5.1,7.8,5.1,5.1,7.8,5.1,5.1,7.8,5.1,5.1,7.8,5.2,5.2,7.8,5.2,5.2] not-detected: [.....3] [ip4][..udp] [..192.168.115.8][22793] -> [...114.42.0.158][.7716] [Unknown][Unrated] new: [.....8] [ip4][..udp] [.183.228.182.44][13913] -> [..192.168.115.8][22793] analyse: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.027| 0.009| 0.008| 71.240| 0.000] - [PKTLEN......: 79.000| 1107.000| 400.200| 476.500|227043.400| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.027| 0.009| 0.008| 71.240| 4.100] + [PKTLEN......: 65.000| 1093.000| 386.200| 476.500| 227043.400| 4.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,1,0,1,1,0] [IATS(ms)....: 0.4,0.2,4.9,0.2,24.3,18.9,0.1,5.4,6.9,0.2,19.1,17.6,0.1,13.8,13.8,0.1,13.1,15.4,0.1,27.0,24.4,0.2,9.0,11.0,0.4,2.0,0.9,14.1,8.3,0.1,12.1] - [PKTLENS.....: 1107,79,79,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107] + [PKTLENS.....: 1093,65,65,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093] + [ENTROPIES...: 7.7,5.1,5.1,5.1,5.1,7.8,5.1,5.1,7.8,5.2,5.2,7.8,5.1,5.1,7.8,5.0,5.0,7.8,5.1,5.1,7.8,5.2,5.2,7.8,5.1,5.1,5.0,5.0,7.8,5.1,5.1,7.8] not-detected: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793] [Unknown][Unrated] new: [.....9] [ip4][..tcp] [..192.168.115.8][50462] -> [.202.108.14.236][...80] [MIDSTREAM] new: [....10] [ip4][..tcp] [...192.168.5.15][65125] -> [.68.233.253.133][...80] [MIDSTREAM] analyse: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.070| 0.024| 0.021| 457.568| 0.000] - [PKTLEN......: 79.000| 1107.000| 336.000| 445.100|198147.000| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.070| 0.024| 0.021| 457.568| 4.200] + [PKTLEN......: 65.000| 1093.000| 322.000| 445.100| 198147.000| 3.900] [BINS(c->s)..: 0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0] [IATS(ms)....: 0.4,29.9,29.7,0.1,32.0,32.8,0.3,45.7,0.3,69.6,23.0,0.1,42.0,41.6,0.1,36.0,0.3,59.5,23.0,0.1,31.8,32.2,0.3,44.4,0.3,68.3,22.7,0.2,30.9,30.8,0.2] - [PKTLENS.....: 79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79] + [PKTLENS.....: 65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093,65,65] + [ENTROPIES...: 5.1,5.1,7.8,5.2,5.2,7.8,5.2,5.2,5.2,5.2,7.8,5.3,5.3,7.8,5.1,5.1,5.1,5.1,7.8,5.2,5.2,7.8,5.2,5.2,5.2,5.2,7.8,5.1,5.1,7.8,4.9,4.9] not-detected: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] [Unknown][Unrated] new: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] new: [....12] [ip4][..udp] [..192.168.115.8][22793] -> [...210.44.171.1][29702] @@ -78,14 +82,15 @@ new: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] new: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] analyse: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.108| 0.029| 0.031| 941.853| 0.000] - [PKTLEN......: 61.000| 1107.000| 303.300| 425.300|180865.500| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.108| 0.029| 0.031| 941.853| 4.000] + [PKTLEN......: 47.000| 1093.000| 289.300| 425.300| 180865.500| 3.800] [BINS(c->s)..: 0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1] [IATS(ms)....: 0.9,52.8,52.3,0.3,55.5,0.1,77.7,22.0,0.2,78.3,79.3,0.5,0.4,0.1,46.5,44.4,0.1,18.4,18.5,0.3,36.0,0.1,108.0,71.5,0.7,28.3,0.5,45.9,16.1,0.4,33.5] - [PKTLENS.....: 79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,79,79,1107,79,79,61] + [PKTLENS.....: 65,65,1093,65,65,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,65,65,1093,65,65,47] + [ENTROPIES...: 5.3,5.3,7.8,5.3,5.3,5.3,5.3,7.8,5.2,5.2,7.8,5.0,5.0,5.1,5.1,7.8,5.2,5.2,7.7,5.1,5.1,5.1,5.1,7.8,5.1,5.1,5.1,5.1,7.8,5.1,5.1,4.9] not-detected: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] [Unknown][Unrated] new: [....37] [ip4][..tcp] [..192.168.115.8][50463] -> [.101.227.200.11][...80] [MIDSTREAM] detected: [....37] [ip4][..tcp] [..192.168.115.8][50463] -> [.101.227.200.11][...80] [HTTP.PPStream][Streaming][Fun] @@ -219,14 +224,15 @@ new: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [MIDSTREAM] detected: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] analyse: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.036| 0.003| 0.009| 84.840| 0.000] - [PKTLEN......: 198.000| 1314.000| 1221.000| 293.900|86398.000| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.036| 0.003| 0.009| 84.840| 1.800] + [PKTLEN......: 184.000| 1300.000| 1207.000| 293.900| 86398.000| 4.900] [BINS(c->s)..: 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 2.9,35.0,35.8,0.0,0.1,1.0,0.0,0.0,0.0,0.0,0.0,0.0,4.1,0.0,0.0,0.0,0.0,0.6,0.0,0.0,0.0,4.3,0.1,0.0,0.0,0.0,0.0] - [PKTLENS.....: 198,566,202,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314] + [PKTLENS.....: 184,552,188,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300] + [ENTROPIES...: 5.6,5.7,5.6,4.4,0.3,0.3,3.7,6.1,5.9,6.1,6.0,6.2,6.1,6.0,6.1,5.9,6.3,6.2,6.3,6.4,5.8,6.2,6.0,6.1,6.1,6.4,6.3,6.0,6.1,6.0,6.4,6.3] new: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900] detected: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [....84] [ip4][..udp] [...192.168.5.41][50374] -> [239.255.255.250][.1900] @@ -268,14 +274,15 @@ new: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [MIDSTREAM] detected: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] analyse: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.061| 0.005| 0.014| 183.828| 0.000] - [PKTLEN......: 303.000| 1314.000| 1282.400| 175.900|30943.100| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.061| 0.005| 0.014| 183.828| 1.800] + [PKTLEN......: 289.000| 1300.000| 1268.400| 175.900| 30943.100| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 61.4,0.0,0.0,0.0,0.0,30.3,0.0,0.0,0.0,25.9,0.0,0.5,0.0,0.0,0.0,0.6,0.0,3.5,0.0,0.8,0.0,0.0,0.0,0.0,0.0,2.2] - [PKTLENS.....: 303,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314] + [PKTLENS.....: 289,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300] + [ENTROPIES...: 5.7,7.1,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.7,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8] new: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] detected: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [...104] [ip4][..tcp] [..192.168.115.8][50779] -> [..111.206.22.77][...80] [MIDSTREAM] @@ -283,14 +290,15 @@ new: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [MIDSTREAM] detected: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] analyse: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.063| 0.006| 0.016| 268.635| 0.000] - [PKTLEN......: 303.000| 1314.000| 1282.400| 175.900|30943.100| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.063| 0.006| 0.016| 268.635| 1.700] + [PKTLEN......: 289.000| 1300.000| 1268.400| 175.900| 30943.100| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 62.9,0.0,0.0,0.0,0.0,0.0,28.6,0.0,0.0,57.9,0.0,0.0,0.0,0.0,0.0,0.3,0.0,0.3,0.0,3.2,0.0,0.0,0.8,0.0,0.0,0.0,0.0] - [PKTLENS.....: 303,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314] + [PKTLENS.....: 289,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300] + [ENTROPIES...: 5.7,7.1,7.8,7.8,7.8,7.8,7.8,7.7,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8] update: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [MIDSTREAM] detected: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] diff --git a/test/results/flow-info/psiphon3.pcap.out b/test/results/flow-info/psiphon3.pcap.out index 8637a6bff..184e81107 100644 --- a/test/results/flow-info/psiphon3.pcap.out +++ b/test/results/flow-info/psiphon3.pcap.out @@ -9,14 +9,15 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable] RISK: Missing SNI TLS Extn analyse: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 0.046| 0.011| 0.012| 137.508| 0.000] - [PKTLEN......: 40.000| 1500.000| 277.500| 421.900|177964.300| 3.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 0.046| 0.011| 0.012| 137.508| 3.600] + [PKTLEN......: 40.000| 1500.000| 277.500| 421.900| 177964.300| 3.800] [BINS(c->s)..: 10,1,3,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0] [IATS(ms)....: 6.0,17.4,14.4,1.0,16.0,7.0,5.0,3.0,28.0,2.0,3.0,1.0,7.0,25.9,1.4,4.0,20.8,1.0,46.1,1.0] [PKTLENS.....: 60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048] + [ENTROPIES...: 4.6,4.6,4.8,4.8,4.8,5.4,4.8,5.4,4.8,4.8,7.0,7.2,7.0,7.2,4.8,4.8,4.8,4.8,5.9,5.9,4.8,4.8,7.0,6.0,7.0,6.0,4.7,4.7,6.3,7.3,5.4,7.8] detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable] RISK: Missing SNI TLS Extn end: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable] diff --git a/test/results/flow-info/quic-28.pcap.out b/test/results/flow-info/quic-28.pcap.out index 455182a57..12c31f6a8 100644 --- a/test/results/flow-info/quic-28.pcap.out +++ b/test/results/flow-info/quic-28.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] detected: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC.Cloudflare][Web][Acceptable] analyse: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC.Cloudflare][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.021| 0.006| 0.007| 51.479| 0.000] - [PKTLEN......: 85.000| 1242.000| 343.800| 425.600|181138.200| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.021| 0.006| 0.007| 51.479| 3.900] + [PKTLEN......: 71.000| 1228.000| 329.800| 425.600| 181138.200| 4.000] [BINS(c->s)..: 0,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,9,3,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,0,1,1,0,0,1,1,0,0,1] [IATS(ms)....: 13.6,13.8,13.9,1.1,15.1,1.4,0.0,0.0,2.2,0.3,0.0,0.0,0.0,14.7,0.0,0.0,0.0,0.0,0.0,0.0,0.0,13.8,1.2,10.5,11.8,5.5,19.9,6.5,21.0,4.0,19.1] - [PKTLENS.....: 1242,89,1242,113,203,1242,1238,1239,259,152,103,85,85,168,112,557,85,85,110,85,85,85,85,85,700,85,147,85,859,85,122,86] + [PKTLENS.....: 1228,75,1228,99,189,1228,1224,1225,245,138,89,71,71,154,98,543,71,71,96,71,71,71,71,71,686,71,133,71,845,71,108,72] + [ENTROPIES...: 7.8,5.4,7.8,6.0,6.7,7.8,7.8,7.9,7.1,6.5,6.1,5.9,5.9,6.7,6.1,7.6,5.8,5.7,6.1,5.7,5.7,5.8,5.8,5.8,7.7,5.8,6.6,5.8,7.8,5.9,6.2,5.7] idle: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC.Cloudflare][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-33.pcapng.out b/test/results/flow-info/quic-33.pcapng.out index 646aa8f3f..4a698d57a 100644 --- a/test/results/flow-info/quic-33.pcapng.out +++ b/test/results/flow-info/quic-33.pcapng.out @@ -5,14 +5,15 @@ detected: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.003| 0.000| 0.001| 0.627| 0.000] - [PKTLEN......: 115.000| 1502.000| 1004.900| 605.000|366070.200| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.003| 0.000| 0.001| 0.627| 3.200] + [PKTLEN......: 101.000| 1488.000| 990.900| 605.000| 366070.200| 4.600] [BINS(c->s)..: 0,4,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,15,0,0] [DIRECTIONS..: 0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 2.8,0.1,0.0,3.4,0.6,0.3,0.0,0.4,0.1,0.4,0.0,1.1,1.4,0.5,0.0,0.3,0.1,0.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] - [PKTLENS.....: 1294,1294,805,1502,115,117,209,117,1294,1294,373,1502,501,245,117,117,117,117,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502,1502] + [PKTLENS.....: 1280,1280,791,1488,101,103,195,103,1280,1280,359,1488,487,231,103,103,103,103,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488] + [ENTROPIES...: 7.8,7.8,7.6,7.8,4.5,4.9,6.0,4.9,7.8,7.8,7.0,7.8,7.4,6.6,4.8,4.9,4.7,4.9,7.8,7.8,7.8,7.8,7.9,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8] idle: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-mvfst-22.pcap.out b/test/results/flow-info/quic-mvfst-22.pcap.out index 527383a21..83d6ff0b0 100644 --- a/test/results/flow-info/quic-mvfst-22.pcap.out +++ b/test/results/flow-info/quic-mvfst-22.pcap.out @@ -2,14 +2,15 @@ new: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] detected: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] analyse: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.091| 0.169| 0.515|264779.547| 0.000] - [PKTLEN......: 66.000| 1294.000| 630.500| 577.000|332915.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.091| 0.169| 0.515| 264779.547| 2.100] + [PKTLEN......: 52.000| 1280.000| 616.500| 577.000| 332915.800| 4.300] [BINS(c->s)..: 1,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,3,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,0,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,1,1,1,1] [IATS(ms)....: 6.6,0.2,0.0,0.0,15.8,0.2,0.1,25.7,16.5,24.4,2091.0,2072.8,30.6,212.7,1.8,0.1,243.4,0.0,25.4,21.9,80.7,0.0,0.0,0.0,0.0,96.7,35.8,60.9,0.1,0.0] - [PKTLENS.....: 1274,1294,1294,235,95,1274,120,109,80,275,73,66,1142,70,74,612,1274,1235,70,70,74,66,1294,1294,1294,1294,98,79,66,1294,1294,1294] + [PKTLENS.....: 1260,1280,1280,221,81,1260,106,95,66,261,59,52,1128,56,60,598,1260,1221,56,56,60,52,1280,1280,1280,1280,84,65,52,1280,1280,1280] + [ENTROPIES...: 7.9,7.8,7.9,6.9,5.8,7.8,6.0,6.1,5.4,7.1,5.4,5.2,7.8,5.2,5.4,7.6,7.8,7.8,5.4,5.2,5.4,5.1,7.8,7.8,7.9,7.8,5.9,5.5,5.2,7.9,7.8,7.8] update: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] idle: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-mvfst-22_decryption_error.pcap.out b/test/results/flow-info/quic-mvfst-22_decryption_error.pcap.out index bbd353386..7370e5534 100644 --- a/test/results/flow-info/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/flow-info/quic-mvfst-22_decryption_error.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..udp] [..10.230.40.168][62196] -> [..94.97.225.146][..443] detected: [.....1] [ip4][..udp] [..10.230.40.168][62196] -> [..94.97.225.146][..443] [QUIC][Web][Acceptable] analyse: [.....1] [ip4][..udp] [..10.230.40.168][62196] -> [..94.97.225.146][..443] [QUIC][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 0.003| 0.002| 0.001| 0.889| 0.000] - [PKTLEN......: 60.000| 1280.000| 708.500| 531.100|282057.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 0.003| 0.002| 0.001| 0.889| 1.400] + [PKTLEN......: 60.000| 1280.000| 708.500| 531.100| 282057.000| 4.500] [BINS(c->s)..: 0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,3,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 1.0,3.0,1.0] [PKTLENS.....: 1260,106,106,106,698,698,698,60,60,60,66,66,66,261,261,261,400,400,400,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280] + [ENTROPIES...: 7.9,6.1,6.1,6.2,7.7,7.7,7.7,5.5,5.5,5.5,5.4,5.4,5.5,7.2,7.2,7.2,7.4,7.4,7.4,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9] idle: [.....1] [ip4][..udp] [..10.230.40.168][62196] -> [..94.97.225.146][..443] [QUIC][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-v2-01.pcapng.out b/test/results/flow-info/quic-v2-01.pcapng.out index 020949c60..c1badbb49 100644 --- a/test/results/flow-info/quic-v2-01.pcapng.out +++ b/test/results/flow-info/quic-v2-01.pcapng.out @@ -5,14 +5,15 @@ detected: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.003| 0.000| 0.001| 0.343| 0.000] - [PKTLEN......: 97.000| 1482.000| 1045.900| 592.800|351417.000| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.003| 0.000| 0.001| 0.343| 3.200] + [PKTLEN......: 83.000| 1468.000| 1031.900| 592.800| 351417.000| 4.700] [BINS(c->s)..: 0,4,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0] [BINS(s->c)..: 0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,18,0,0] [DIRECTIONS..: 0,1,1,1,0,0,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,0,1] [IATS(ms)....: 2.2,0.0,0.1,2.6,0.0,0.2,0.5,0.1,0.1,0.4,0.5,0.3,0.4,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.3,0.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.4,0.3] - [PKTLENS.....: 1294,1294,766,1482,445,1482,225,97,97,481,97,97,225,1482,1482,1482,1482,1482,1482,1482,1482,97,1482,1482,1482,1482,1482,1482,1482,1482,97,1482] + [PKTLENS.....: 1280,1280,752,1468,431,1468,211,83,83,467,83,83,211,1468,1468,1468,1468,1468,1468,1468,1468,83,1468,1468,1468,1468,1468,1468,1468,1468,83,1468] + [ENTROPIES...: 7.9,7.8,7.7,7.9,7.5,7.9,7.0,5.9,6.0,7.6,6.1,5.9,7.0,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.8,5.8,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,5.9,7.9] idle: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic.pcap.out b/test/results/flow-info/quic.pcap.out index 1fe34e397..9ad391e0d 100644 --- a/test/results/flow-info/quic.pcap.out +++ b/test/results/flow-info/quic.pcap.out @@ -4,14 +4,15 @@ new: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] detected: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable] analyse: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.198| 0.584| 0.964|929164.558| 0.000] - [PKTLEN......: 61.000| 1392.000| 323.100| 382.900|146578.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.198| 0.584| 0.964| 929164.558| 3.400] + [PKTLEN......: 47.000| 1378.000| 309.100| 382.900| 146578.800| 4.100] [BINS(c->s)..: 0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0] [BINS(s->c)..: 4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0] [IATS(ms)....: 46.0,60.1,14.8,65.4,2.5,93.4,168.1,168.1,622.7,681.3,0.0,58.0,3119.1,3197.6,0.0,0.0,54.1,25.5,1951.1,28.6,2034.7,28.3,0.0,0.0,56.9,470.8,496.4,2190.2,2289.8,44.7,126.0] - [PKTLENS.....: 1392,478,1392,79,74,725,82,725,79,214,508,70,82,194,170,69,101,82,79,255,163,77,71,240,61,88,215,79,1190,77,758,469] + [PKTLENS.....: 1378,464,1378,65,60,711,68,711,65,200,494,56,68,180,156,55,87,68,65,241,149,63,57,226,47,74,201,65,1176,63,744,455] + [ENTROPIES...: 4.8,7.5,7.8,5.7,5.5,7.7,5.7,7.7,5.7,6.9,7.5,5.4,5.8,6.9,6.6,5.4,6.0,5.7,5.6,7.1,6.6,5.5,5.4,7.0,5.1,5.8,6.9,5.6,7.9,5.4,7.8,7.6] DAEMON-EVENT: [Processed: 413 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [.......10.0.0.4][40134] -> [.......10.0.0.3][.6121] @@ -40,14 +41,15 @@ new: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] detected: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun] analyse: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.829| 0.062| 0.199|39440.069| 0.000] - [PKTLEN......: 75.000| 1392.000| 871.800| 620.800|385421.500| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.829| 0.062| 0.199| 39440.069| 2.000] + [PKTLEN......: 61.000| 1378.000| 857.800| 620.800| 385421.500| 4.500] [BINS(c->s)..: 0,8,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,0,1,1,1,0,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,1,1] [IATS(ms)....: 0.6,35.4,0.0,40.5,0.1,24.0,26.0,16.8,0.1,0.5,35.5,51.7,0.4,0.0,26.6,25.6,828.6,0.0,803.2,0.6,0.4,0.2,0.8,0.2,0.4,0.2,0.3,0.2,0.5,0.3,0.2] - [PKTLENS.....: 1392,387,1392,1392,1392,383,79,82,1392,75,75,85,1392,1392,1188,82,79,1392,1392,82,1392,1392,1392,82,1392,82,1392,1392,1392,82,1392,1392] + [PKTLENS.....: 1378,373,1378,1378,1378,369,65,68,1378,61,61,71,1378,1378,1174,68,65,1378,1378,68,1378,1378,1378,68,1378,68,1378,1378,1378,68,1378,1378] + [ENTROPIES...: 5.1,7.4,7.6,2.6,5.4,7.4,5.3,5.5,7.9,5.5,5.5,5.7,7.9,7.9,7.8,5.6,5.6,7.9,7.9,5.7,7.9,7.9,7.9,5.6,7.9,5.7,7.9,7.8,7.9,5.6,7.9,7.9] idle: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] [QUIC.Google][Web][Acceptable] guessed: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443] [Google][Web][Acceptable] idle: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443] diff --git a/test/results/flow-info/quic046.pcap.out b/test/results/flow-info/quic046.pcap.out index 02443648f..4a2d54274 100644 --- a/test/results/flow-info/quic046.pcap.out +++ b/test/results/flow-info/quic046.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] detected: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Media][Fun] analyse: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.029| 0.002| 0.006| 39.230| 0.000] - [PKTLEN......: 62.000| 1392.000| 907.100| 591.600|350034.900| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.029| 0.002| 0.006| 39.230| 2.600] + [PKTLEN......: 48.000| 1378.000| 893.100| 591.600| 350034.900| 4.600] [BINS(c->s)..: 2,0,1,0,5,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1] [IATS(ms)....: 1.0,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.7,21.2,29.5,0.4,0.2,0.2,0.2,0.2,0.2,0.3,0.3,0.3,0.2,0.3,0.2,0.2,0.3,0.3,6.5,0.2,0.5,0.7,0.2] - [PKTLENS.....: 1392,574,128,201,199,199,200,199,205,202,1392,1392,269,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,70,62,1392,70,1392] + [PKTLENS.....: 1378,560,114,187,185,185,186,185,191,188,1378,1378,255,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,56,48,1378,56,1378] + [ENTROPIES...: 4.1,7.6,6.3,6.9,6.9,6.8,6.9,6.9,7.0,6.9,4.1,7.9,7.1,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,5.4,5.1,7.8,5.4,7.9] idle: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Media][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_q39.pcap.out b/test/results/flow-info/quic_q39.pcap.out index c09e2f48a..6b9eb32ad 100644 --- a/test/results/flow-info/quic_q39.pcap.out +++ b/test/results/flow-info/quic_q39.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] detected: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Media][Fun] analyse: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 6.515| 0.578| 1.532|2346988.339| 0.000] - [PKTLEN......: 60.000| 1392.000| 556.200| 603.700|364512.400| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 6.515| 0.578| 1.532| 2346988.339| 2.700] + [PKTLEN......: 46.000| 1378.000| 542.200| 603.700| 364512.400| 4.100] [BINS(c->s)..: 0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,9,0,0,0,0,0] [BINS(s->c)..: 4,10,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,1,1,1,0] [IATS(ms)....: 8.9,36.7,89.8,0.0,404.1,1.4,298.3,119.2,0.0,434.8,6185.3,12.8,6514.6,11.4,11.4,22.7,702.6,702.7,435.3,435.2,11.4,11.4,16.0,15.9,397.2,9.2,397.7,33.9,93.4,0.1,499.9] - [PKTLENS.....: 1392,1174,77,1392,73,83,83,72,305,60,83,270,1392,78,1392,1392,75,1392,74,1392,76,1392,76,1392,76,1392,730,76,76,104,60,98] + [PKTLENS.....: 1378,1160,63,1378,59,69,69,58,291,46,69,256,1378,64,1378,1378,61,1378,60,1378,62,1378,62,1378,62,1378,716,62,62,90,46,84] + [ENTROPIES...: 4.2,7.8,5.0,7.8,5.4,5.6,5.7,5.3,7.3,4.8,5.8,7.1,7.9,5.4,7.8,7.9,5.5,7.9,5.4,7.9,5.4,7.9,5.4,7.9,5.5,7.8,7.7,5.5,5.5,6.0,4.8,6.0] idle: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Media][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_t51.pcap.out b/test/results/flow-info/quic_t51.pcap.out index a59012dfd..a39038c23 100644 --- a/test/results/flow-info/quic_t51.pcap.out +++ b/test/results/flow-info/quic_t51.pcap.out @@ -4,14 +4,15 @@ new: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] detected: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] analyse: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 19.583| 2.165| 5.210|27140724.621| 0.000] - [PKTLEN......: 67.000| 1392.000| 451.200| 500.300|250315.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 19.583| 2.165| 5.210| 27140724.621| 2.500] + [PKTLEN......: 53.000| 1378.000| 437.200| 500.300| 250315.800| 4.100] [BINS(c->s)..: 0,8,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 7,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,1,0,0,0,1,1,0,0,1,1,1,1,0,0,0,1,1,1,1,0,0,0,1,1,1,1,0] [IATS(ms)....: 5.9,69.3,110.8,0.0,0.0,113.6,2.3,5.8,80.0,0.0,46.4,10090.9,10162.3,246.2,1.4,0.0,331.6,26.2,19472.4,19582.6,120.2,0.7,0.2,185.0,26.5,2999.5,3090.0,125.9,1.4,0.1,205.6] - [PKTLENS.....: 1392,1392,1392,1392,1392,1254,83,83,115,68,658,75,1003,67,682,68,313,75,75,511,67,734,68,151,75,75,225,67,470,68,273,75] + [PKTLENS.....: 1378,1378,1378,1378,1378,1240,69,69,101,54,644,61,989,53,668,54,299,61,61,497,53,720,54,137,61,61,211,53,456,54,259,61] + [ENTROPIES...: 7.9,7.9,7.8,7.8,7.9,7.8,5.6,5.7,6.2,5.2,7.7,5.6,7.8,5.2,7.7,5.4,7.3,5.7,5.6,7.5,5.3,7.7,5.3,6.5,5.6,5.6,7.0,5.3,7.5,5.2,7.3,5.6] update: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] idle: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quickplay.pcap.out b/test/results/flow-info/quickplay.pcap.out index 3955279a4..81e78bb65 100644 --- a/test/results/flow-info/quickplay.pcap.out +++ b/test/results/flow-info/quickplay.pcap.out @@ -34,14 +34,15 @@ detected: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Chat][Fun] RISK: Known Proto on Non Std Port analyse: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.183| 5.871| 2.460| 1.331|1772261.736| 0.000] - [PKTLEN......: 76.000| 1456.000| 656.400| 347.900|121006.600| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.183| 5.871| 2.460| 1.331| 1772261.736| 4.700] + [PKTLEN......: 60.000| 1440.000| 640.400| 347.900| 121006.600| 4.800] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,13,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,1,2,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 2337.9,2470.8,5776.6,5871.2,324.6,2084.5,1689.1,182.6,2170.3,2013.3,645.6,519.6,2223.7,2353.5,480.9,4401.9,3911.8,3909.7,3936.6,2356.5,2338.3,2620.0,2626.5,2264.1,2270.5,2391.5,2349.5,2604.5,2642.0,2224.9,2252.1] - [PKTLENS.....: 500,1456,500,240,585,502,1248,585,502,854,587,76,504,1268,585,502,158,502,658,502,1124,502,1208,502,348,502,1456,502,962,502,580,502] + [PKTLENS.....: 484,1440,484,224,569,486,1232,569,486,838,571,60,488,1252,569,486,142,486,642,486,1108,486,1192,486,332,486,1440,486,946,486,564,486] + [ENTROPIES...: 5.9,7.9,6.0,7.1,5.9,5.9,7.8,5.9,5.9,7.7,6.0,5.0,6.0,7.8,6.0,5.9,6.6,5.9,7.7,6.0,7.8,5.9,7.8,6.0,7.3,5.9,7.9,5.9,7.8,5.9,7.6,5.9] new: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [MIDSTREAM] detected: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Chat][Fun] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/rdp.pcap.out b/test/results/flow-info/rdp.pcap.out index e23956442..2dccf5fdd 100644 --- a/test/results/flow-info/rdp.pcap.out +++ b/test/results/flow-info/rdp.pcap.out @@ -5,14 +5,15 @@ detected: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][RemoteAccess][Acceptable] RISK: Desktop/File Sharing analyse: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][RemoteAccess][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.086| 0.035| 0.023| 533.403| 0.000] - [PKTLEN......: 44.000| 1223.000| 157.300| 233.300|54415.100| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.086| 0.035| 0.023| 533.403| 4.500] + [PKTLEN......: 40.000| 1219.000| 153.300| 233.300| 54415.100| 4.100] [BINS(c->s)..: 12,3,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,4,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,0,1,0] [IATS(ms)....: 42.4,42.5,0.4,46.1,45.8,5.9,50.4,44.5,5.2,48.3,43.1,41.5,86.2,44.7,10.2,53.9,43.7,0.3,43.8,43.5,0.3,43.7,43.4,0.3,0.1,43.6,40.3,83.3,0.3,42.5,42.2] - [PKTLENS.....: 68,56,44,63,63,44,217,1223,44,170,95,44,130,335,44,616,132,44,149,77,44,535,199,44,85,81,44,84,44,85,88,44] + [PKTLENS.....: 64,52,40,59,59,40,213,1219,40,166,91,40,126,331,40,612,128,40,145,73,40,531,195,40,81,77,40,80,40,81,84,40] + [ENTROPIES...: 4.4,4.9,4.6,4.3,4.8,4.6,5.3,7.6,4.7,6.6,5.5,4.7,6.4,7.1,4.7,7.7,6.2,4.7,6.7,5.2,4.7,7.5,6.7,4.7,5.8,5.6,4.9,5.4,4.7,5.7,5.5,4.7] end: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][RemoteAccess][Acceptable] RISK: Desktop/File Sharing DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/reasm_crash_anon.pcapng.out b/test/results/flow-info/reasm_crash_anon.pcapng.out index 1dda04114..00e0d167c 100644 --- a/test/results/flow-info/reasm_crash_anon.pcapng.out +++ b/test/results/flow-info/reasm_crash_anon.pcapng.out @@ -3,14 +3,15 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [192.168.145.147][51218] -> [...10.209.8.148][21999] [MIDSTREAM] analyse: [.....1] [ip4][..tcp] [192.168.145.147][51218] -> [...10.209.8.148][21999] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 30.166| 9.710| 14.065|197823744.180| 0.000] - [PKTLEN......: 68.000| 793.000| 171.000| 234.800|55144.500| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 30.166| 9.710| 14.065| 197823744.180| 3.300] + [PKTLEN......: 52.000| 777.000| 155.000| 234.800| 55144.500| 4.000] [BINS(c->s)..: 23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0] [IATS(ms)....: 0.0,1.5,1.5,0.0,1.2,1.2,0.0,30097.7,30099.5,1.8,0.0,1.2,1.2,30097.5,0.0,30099.3,1.8,1.2,30097.4,1.8,0.0,30101.7,1.2,30097.5,30165.6,1.3,69.4,30031.1,0.0,30032.8,1.7] - [PKTLENS.....: 81,81,142,68,68,793,68,68,81,122,68,68,781,68,81,81,122,68,68,81,68,68,793,68,81,122,793,68,81,81,122,68] + [PKTLENS.....: 65,65,126,52,52,777,52,52,65,106,52,52,765,52,65,65,106,52,52,65,52,52,777,52,65,106,777,52,65,65,106,52] + [ENTROPIES...: 5.5,5.5,3.0,5.2,5.2,5.3,5.2,5.2,5.4,5.6,5.1,5.1,0.5,5.1,5.4,5.4,5.6,5.2,5.2,5.5,5.1,5.2,5.3,5.1,5.4,5.6,5.3,5.0,5.4,5.4,5.6,5.2] not-detected: [.....1] [ip4][..tcp] [192.168.145.147][51218] -> [...10.209.8.148][21999] [Unknown][Unrated] DAEMON-EVENT: [Processed: 93 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 1|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/reasm_segv_anon.pcapng.out b/test/results/flow-info/reasm_segv_anon.pcapng.out index 1c5472ea1..84ceabd8a 100644 --- a/test/results/flow-info/reasm_segv_anon.pcapng.out +++ b/test/results/flow-info/reasm_segv_anon.pcapng.out @@ -13,14 +13,15 @@ ERROR-EVENT: Captured packet size is smaller than expected packet size ERROR-EVENT: Captured packet size is smaller than expected packet size analyse: [.....1] [ip4][..udp] [...145.76.2.236][.2152] -> [...187.96.52.85][.2152] [GTP.GTP_U][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.859| 0.305| 0.564|318078.976| 0.000] - [PKTLEN......: 90.000| 1490.000| 934.200| 651.300|424215.900| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.859| 0.305| 0.564| 318078.976| 3.100] + [PKTLEN......: 76.000| 1476.000| 920.200| 651.300| 424215.900| 4.500] [BINS(c->s)..: 0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,17,0,0] [DIRECTIONS..: 0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,1,0,0,0,1,1,1,0,1,1] [IATS(ms)....: 396.0,83.8,1376.2,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.1,1859.1,964.9,439.7,439.7,0.1,0.0,0.0,0.0,0.0,0.1,163.9,20.1,1615.4,1799.0,0.1,0.0,155.8,155.6,0.1] - [PKTLENS.....: 106,106,106,1490,1490,1490,1490,1490,1490,1490,1490,1490,1490,114,1490,114,1490,1490,1490,1490,1386,1490,1490,122,122,114,90,402,1178,114,90,402] + [PKTLENS.....: 92,92,92,1476,1476,1476,1476,1476,1476,1476,1476,1476,1476,100,1476,100,1476,1476,1476,1476,1372,1476,1476,108,108,100,76,388,1164,100,76,388] + [ENTROPIES...: 5.4,5.4,5.4,7.9,7.8,7.8,7.9,7.8,7.8,7.8,7.8,7.8,7.8,5.4,7.8,5.4,7.8,7.9,7.8,7.9,7.8,7.9,7.8,5.5,5.5,5.4,5.2,7.3,7.8,5.5,5.2,7.4] ERROR-EVENT: Captured packet size is smaller than expected packet size ERROR-EVENT: Captured packet size is smaller than expected packet size ERROR-EVENT: Captured packet size is smaller than expected packet size diff --git a/test/results/flow-info/reddit.pcap.out b/test/results/flow-info/reddit.pcap.out index 2ded32e29..a9e8a4bf3 100644 --- a/test/results/flow-info/reddit.pcap.out +++ b/test/results/flow-info/reddit.pcap.out @@ -16,23 +16,25 @@ detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.076| 0.015| 0.024| 570.611| 0.000] - [PKTLEN......: 86.000| 1294.000| 295.100| 342.100|117045.100| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.076| 0.015| 0.024| 570.611| 3.200] + [PKTLEN......: 72.000| 1280.000| 281.100| 342.100| 117045.100| 4.200] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0] [IATS(ms)....: 24.9,25.0,0.5,75.6,0.0,0.0,75.2,0.0,0.0,8.8,5.0,0.6,0.7,37.6,3.5,25.9,1.2,0.5,1.6,1.1,59.9,0.0,0.0,0.0,0.0,58.8,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,586,86,86,86,150,178,910,724,86,666,86,86,117,86,117,86,86,398,436,299,125,153,86,86,86] + [PKTLENS.....: 80,80,72,589,72,1280,1280,572,72,72,72,136,164,896,710,72,652,72,72,103,72,103,72,72,384,422,285,111,139,72,72,72] + [ENTROPIES...: 4.7,5.2,5.1,4.6,4.9,7.8,7.8,7.5,5.2,5.0,5.1,6.1,6.5,7.8,7.7,5.0,7.6,5.1,5.1,5.7,5.1,5.8,5.1,5.0,7.3,7.4,7.1,6.0,6.2,5.1,5.1,5.1] analyse: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.288| 0.099| 0.316|100085.416| 0.000] - [PKTLEN......: 86.000| 1134.000| 413.800| 437.600|191482.000| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.288| 0.099| 0.316| 100085.416| 1.800] + [PKTLEN......: 72.000| 1120.000| 399.800| 437.600| 191482.000| 4.200] [BINS(c->s)..: 9,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,0,1,1,1,1,1] [IATS(ms)....: 33.2,33.2,0.9,66.6,0.0,0.0,0.0,0.0,65.7,0.0,0.0,0.0,13.2,0.7,0.5,42.1,0.0,27.6,0.5,0.5,1.4,59.9,0.1,1228.9,1287.6,0.9,0.0,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1134,1134,1134,601,86,86,86,86,179,185,459,86,344,86,86,152,86,124,86,86,1134,86,1134,1134,1134,217,1134] + [PKTLENS.....: 80,80,72,589,72,1120,1120,1120,587,72,72,72,72,165,171,445,72,330,72,72,138,72,110,72,72,1120,72,1120,1120,1120,203,1120] + [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,6.9,7.4,7.3,7.6,5.3,5.2,5.3,5.3,6.1,6.3,7.4,5.1,7.1,5.1,5.2,6.2,5.2,5.7,5.1,5.1,7.8,5.2,7.8,7.8,7.8,6.7,7.8] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] new: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] new: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] @@ -95,61 +97,66 @@ detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.042| 0.008| 0.014| 206.884| 0.000] - [PKTLEN......: 86.000| 1474.000| 330.100| 366.700|134435.400| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.042| 0.008| 0.014| 206.884| 3.100] + [PKTLEN......: 72.000| 1460.000| 316.100| 366.700| 134435.400| 4.300] [BINS(c->s)..: 8,1,1,4,2,0,2,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] [BINS(s->c)..: 4,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,0,0] [IATS(ms)....: 29.9,29.9,0.1,38.0,2.3,0.0,40.2,0.0,0.1,0.0,0.0,2.7,0.1,0.6,0.0,0.2,0.0,41.5,1.3,39.1,1.6,0.0,7.3,1.5,7.3,2.1,0.2,0.1,0.0,0.2] - [PKTLENS.....: 94,94,86,603,86,1134,1134,86,86,1134,606,86,86,179,185,375,405,1474,283,86,344,86,209,241,86,152,86,231,124,196,197,308] + [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,592,72,72,165,171,361,391,1460,269,72,330,72,195,227,72,138,72,217,110,182,183,294] + [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,6.9,7.3,5.2,5.2,7.3,7.5,5.2,5.2,5.9,6.4,7.2,7.2,7.6,6.8,5.1,7.1,5.2,6.6,6.5,5.1,6.2,5.2,6.7,5.5,6.5,6.5,6.9] detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.048| 0.010| 0.016| 264.552| 0.000] - [PKTLEN......: 86.000| 1134.000| 423.600| 435.500|189657.000| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.048| 0.010| 0.016| 264.552| 3.200] + [PKTLEN......: 72.000| 1120.000| 409.600| 435.500| 189657.000| 4.200] [BINS(c->s)..: 8,2,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,1,1] [IATS(ms)....: 38.7,38.7,0.2,38.5,0.0,38.3,0.0,0.0,0.3,0.3,0.0,2.2,2.8,0.2,0.2,6.5,48.3,2.9,39.3,6.8,2.7,0.0,9.6,0.3,0.8,2.1,0.0] - [PKTLENS.....: 94,94,86,603,86,1134,86,1134,86,1134,616,86,86,179,185,450,482,129,86,344,86,86,86,152,86,124,86,1134,1134,1134,1134,1134] + [PKTLENS.....: 80,80,72,589,72,1120,72,1120,72,1120,602,72,72,165,171,436,468,115,72,330,72,72,72,138,72,110,72,1120,1120,1120,1120,1120] + [ENTROPIES...: 4.7,5.2,5.3,4.6,5.1,6.9,5.3,7.3,5.3,7.4,7.6,5.3,5.3,6.0,6.4,7.4,7.2,5.8,5.1,7.1,5.2,5.1,5.1,6.2,5.2,5.7,5.1,7.8,7.8,7.8,7.8,7.8] detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.060| 0.011| 0.020| 392.540| 0.000] - [PKTLEN......: 86.000| 1134.000| 311.400| 353.700|125114.100| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.060| 0.011| 0.020| 392.540| 2.700] + [PKTLEN......: 72.000| 1120.000| 297.400| 353.700| 125114.100| 4.200] [BINS(c->s)..: 10,1,1,1,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,1,1,0,0,0,0] [IATS(ms)....: 36.1,36.1,0.1,41.3,0.0,41.2,0.0,0.0,0.7,0.7,0.0,2.3,1.1,0.2,0.0,0.2,60.3,1.0,57.4,0.0,0.0,0.0,0.0,0.0,0.9] - [PKTLENS.....: 94,94,86,603,86,1134,86,1134,86,1134,590,86,86,179,185,460,373,241,86,344,86,86,152,86,86,86,1134,701,86,86,86,124] + [PKTLENS.....: 80,80,72,589,72,1120,72,1120,72,1120,576,72,72,165,171,446,359,227,72,330,72,72,138,72,72,72,1120,687,72,72,72,110] + [ENTROPIES...: 4.8,5.3,5.3,4.5,5.1,6.9,5.3,7.4,5.3,7.3,7.5,5.3,5.3,6.1,6.5,7.4,7.1,6.8,5.1,7.1,5.1,5.2,6.2,5.0,5.0,5.1,7.8,7.7,5.2,5.2,5.2,5.6] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.052| 0.011| 0.020| 382.734| 0.000] - [PKTLEN......: 86.000| 1134.000| 377.000| 422.800|178733.300| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.052| 0.011| 0.020| 382.734| 2.800] + [PKTLEN......: 72.000| 1120.000| 363.000| 422.800| 178733.300| 4.100] [BINS(c->s)..: 11,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,1,0,1] [IATS(ms)....: 44.6,44.7,0.3,51.0,1.8,0.0,52.5,0.0,0.0,0.0,2.4,0.7,0.1,0.1,49.0,0.0,45.8,0.1,0.2,1.2,0.0,0.0,1.4,0.0,0.0,0.1,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1134,1134,1134,616,86,86,86,86,179,185,403,167,86,344,86,86,86,152,86,1134,1132,86,86,86,1134,86,1134] + [PKTLENS.....: 80,80,72,589,72,1120,1120,1120,602,72,72,72,72,165,171,389,153,72,330,72,72,72,138,72,1120,1118,72,72,72,1120,72,1120] + [ENTROPIES...: 4.9,5.4,5.3,4.6,5.1,6.9,7.3,7.4,7.5,5.2,5.2,5.2,5.3,6.1,6.4,7.3,6.1,5.1,7.1,5.3,5.1,5.0,6.2,5.1,7.8,7.8,5.3,5.2,5.3,7.8,5.2,7.8] detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.092| 0.013| 0.024| 558.351| 0.000] - [PKTLEN......: 86.000| 1134.000| 377.300| 424.000|179781.300| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.092| 0.013| 0.024| 558.351| 2.800] + [PKTLEN......: 72.000| 1120.000| 363.300| 424.000| 179781.300| 4.100] [BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0] [IATS(ms)....: 25.8,25.9,0.4,66.4,26.1,92.0,0.8,0.8,0.0,0.0,1.6,0.1,0.3,42.1,0.0,0.0,6.2,0.0,0.0,46.4,0.0,0.0,0.0,0.0,0.0,0.9] - [PKTLENS.....: 94,94,86,603,86,1134,86,1134,1134,637,86,86,86,179,185,417,86,86,86,360,152,1134,1134,1134,1134,86,86,86,86,86,86,124] + [PKTLENS.....: 80,80,72,589,72,1120,72,1120,1120,623,72,72,72,165,171,403,72,72,72,346,138,1120,1120,1120,1120,72,72,72,72,72,72,110] + [ENTROPIES...: 4.9,5.3,5.3,4.6,5.1,7.0,5.3,7.3,7.3,7.6,5.3,5.3,5.3,6.1,6.5,7.3,5.1,5.2,5.2,7.2,6.2,7.8,7.8,7.8,7.8,5.3,5.3,5.3,5.3,5.3,5.3,5.7] detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] @@ -161,33 +168,36 @@ detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Web][Safe] analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.044| 0.009| 0.015| 214.376| 0.000] - [PKTLEN......: 86.000| 1294.000| 436.500| 490.000|240053.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.044| 0.009| 0.015| 214.376| 3.100] + [PKTLEN......: 72.000| 1280.000| 422.500| 490.000| 240053.700| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1] [IATS(ms)....: 31.5,31.5,0.2,36.8,7.0,43.6,0.0,0.6,0.6,2.4,0.2,0.1,37.7,0.7,1.1,36.8,0.1,0.1,0.0,0.5,8.6,9.1,0.1,0.1,0.2,0.2,0.0,0.1] - [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,547,86,150,178,347,86,86,666,86,117,86,117,86,792,86,1294,86,1294,1294,86,86,1294,1294] + [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,533,72,136,164,333,72,72,652,72,103,72,103,72,778,72,1280,72,1280,1280,72,72,1280,1280] + [ENTROPIES...: 4.8,5.3,5.1,4.6,5.2,7.8,7.8,5.2,5.2,7.6,5.2,6.2,6.5,7.2,5.1,5.1,7.6,5.2,5.8,5.2,5.9,5.2,7.7,5.2,7.8,5.2,7.8,7.8,5.2,5.2,7.8,7.8] analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.051| 0.009| 0.016| 249.330| 0.000] - [PKTLEN......: 86.000| 1474.000| 475.600| 586.500|343946.100| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.051| 0.009| 0.016| 249.330| 3.000] + [PKTLEN......: 72.000| 1460.000| 461.600| 586.500| 343946.100| 4.000] [BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,1,1,0,0,0,0] [IATS(ms)....: 38.5,38.6,0.4,37.3,14.2,0.0,0.0,51.0,0.0,0.0,0.0,0.0,2.4,0.1,0.1,31.3,0.0,1.6,0.0,30.2,0.1,3.4,0.0,3.2,0.0,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1474,1474,1474,1474,401,86,86,86,86,86,150,178,344,86,86,86,157,86,117,1474,1474,1474,1474,86,86,86,86] + [PKTLENS.....: 80,80,72,589,72,1460,1460,1460,1460,387,72,72,72,72,72,136,164,330,72,72,72,143,72,103,1460,1460,1460,1460,72,72,72,72] + [ENTROPIES...: 4.8,5.2,5.2,4.5,5.1,7.8,7.8,7.9,7.8,7.4,5.2,5.2,5.2,5.2,5.1,6.1,6.5,7.3,5.0,5.0,5.1,6.3,5.2,5.9,7.9,7.8,7.9,7.8,5.2,5.2,5.3,5.3] detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable] analyse: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.072| 0.015| 0.019| 374.318| 0.000] - [PKTLEN......: 86.000| 1474.000| 446.900| 553.500|306346.900| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.072| 0.015| 0.019| 374.318| 3.400] + [PKTLEN......: 72.000| 1460.000| 432.900| 553.500| 306346.900| 4.000] [BINS(c->s)..: 11,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,5,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,1,1,1,0] [IATS(ms)....: 27.4,27.4,0.3,37.3,35.3,0.0,72.3,0.0,0.0,2.5,0.1,0.1,31.2,2.1,15.1,0.0,45.6,0.0,0.0,0.2,29.8,10.3,39.8,0.7,0.0,0.7] - [PKTLENS.....: 94,94,86,603,86,1474,1474,324,86,86,86,166,178,364,86,86,86,357,357,156,86,86,86,117,86,1474,86,1459,1474,1459,1474,86] + [PKTLENS.....: 80,80,72,589,72,1460,1460,310,72,72,72,152,164,350,72,72,72,343,343,142,72,72,72,103,72,1460,72,1445,1460,1445,1460,72] + [ENTROPIES...: 4.9,5.3,5.2,4.4,5.1,7.8,7.8,7.2,5.3,5.2,5.2,6.3,6.5,7.4,5.1,5.1,5.1,7.2,7.3,6.3,5.2,5.3,5.2,5.9,5.1,7.9,5.2,7.9,7.8,7.9,7.9,5.3] new: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] detected: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Advertisement][Acceptable] new: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] @@ -196,37 +206,40 @@ detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] analyse: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Advertisement][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.049| 0.009| 0.015| 230.505| 0.000] - [PKTLEN......: 86.000| 1474.000| 456.600| 558.600|312025.400| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.049| 0.009| 0.015| 230.505| 3.100] + [PKTLEN......: 72.000| 1460.000| 442.600| 558.600| 312025.400| 4.000] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,1] [IATS(ms)....: 27.2,27.2,0.3,32.1,7.5,39.3,0.5,0.5,0.0,1.9,0.1,0.1,39.4,0.3,11.8,49.5,0.0,0.2,1.9,0.0,1.7,0.0,0.0,0.1,0.1,1.6] - [PKTLENS.....: 94,94,86,603,86,1474,86,1474,188,86,86,150,178,360,86,86,86,666,117,86,86,117,522,1474,1474,86,86,86,1474,86,1474,1474] + [PKTLENS.....: 80,80,72,589,72,1460,72,1460,174,72,72,136,164,346,72,72,72,652,103,72,72,103,508,1460,1460,72,72,72,1460,72,1460,1460] + [ENTROPIES...: 4.9,5.2,5.2,4.7,5.1,7.8,5.2,7.8,6.6,5.3,5.2,6.1,6.5,7.2,5.0,5.0,5.0,7.6,5.7,5.1,5.1,5.8,7.5,7.9,7.9,5.2,5.2,5.2,7.9,5.2,7.8,7.8] analyse: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.061| 0.009| 0.016| 263.464| 0.000] - [PKTLEN......: 86.000| 1134.000| 377.200| 425.800|181298.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.061| 0.009| 0.016| 263.464| 2.900] + [PKTLEN......: 72.000| 1120.000| 363.200| 425.800| 181298.700| 4.100] [BINS(c->s)..: 12,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1,1,1,0,0,0,0] [IATS(ms)....: 30.4,30.4,0.3,47.5,14.0,61.1,0.1,0.0,0.0,0.0,0.0,3.3,0.1,0.1,30.6,2.1,0.1,29.2,1.3,1.3,0.2,0.4,0.0,0.0,0.0,0.2,0.0,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1134,86,1134,1134,718,86,86,86,179,185,351,86,86,86,344,86,152,86,124,1134,1134,1134,1134,86,86,86,86] + [PKTLENS.....: 80,80,72,589,72,1120,72,1120,1120,704,72,72,72,165,171,337,72,72,72,330,72,138,72,110,1120,1120,1120,1120,72,72,72,72] + [ENTROPIES...: 4.9,5.3,5.2,4.5,5.0,6.9,5.1,7.2,7.3,7.6,5.2,5.2,5.1,6.0,6.4,7.2,5.1,5.1,5.1,7.0,5.2,6.3,5.2,5.6,7.8,7.8,7.8,7.8,5.2,5.2,5.2,5.2] detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] new: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] detected: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable] detection-update: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable] new: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] analyse: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.044| 0.009| 0.015| 214.690| 0.000] - [PKTLEN......: 86.000| 1294.000| 429.800| 486.500|236643.500| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.044| 0.009| 0.015| 214.690| 3.200] + [PKTLEN......: 72.000| 1280.000| 415.800| 486.500| 236643.500| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1] [IATS(ms)....: 34.3,34.3,1.7,38.1,7.5,0.0,43.9,0.0,0.0,3.0,0.2,0.3,37.3,0.0,0.4,0.0,34.1,0.0,0.2,2.3,6.9,9.1,0.8,0.0,0.9,0.0,0.1,0.0,0.7] - [PKTLENS.....: 94,94,86,603,86,1294,1294,564,86,86,86,150,178,349,86,86,666,117,86,86,117,86,559,86,1294,1294,86,86,1294,86,1294,1294] + [PKTLENS.....: 80,80,72,589,72,1280,1280,550,72,72,72,136,164,335,72,72,652,103,72,72,103,72,545,72,1280,1280,72,72,1280,72,1280,1280] + [ENTROPIES...: 4.8,5.3,5.1,4.6,5.0,7.8,7.8,7.6,5.2,5.2,5.2,6.0,6.6,7.3,5.0,5.0,7.7,5.7,5.2,5.2,5.8,5.1,7.6,5.2,7.8,7.8,5.2,5.2,7.8,5.2,7.8,7.8] detected: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] [TLS][Web][Safe] new: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] detected: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] @@ -247,24 +260,26 @@ detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] analyse: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.180| 0.022| 0.040| 1578.121| 0.000] - [PKTLEN......: 86.000| 1474.000| 460.900| 554.600|307585.900| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.180| 0.022| 0.040| 1578.121| 3.300] + [PKTLEN......: 72.000| 1460.000| 446.900| 554.600| 307585.900| 4.000] [BINS(c->s)..: 10,1,0,2,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1] [IATS(ms)....: 41.3,41.4,0.2,45.6,16.1,0.0,61.5,0.0,0.0,3.9,0.4,0.1,94.0,180.2,10.5,0.0,92.3,0.1,0.4,5.5,8.0,1.9,14.9,15.5,0.0,15.5,0.0,0.3,0.0] - [PKTLENS.....: 94,94,86,603,86,1474,1474,674,86,86,86,212,185,344,344,86,360,155,86,86,124,86,86,124,86,1474,1474,86,86,1474,1474,1474] + [PKTLENS.....: 80,80,72,589,72,1460,1460,660,72,72,72,198,171,330,330,72,346,141,72,72,110,72,72,110,72,1460,1460,72,72,1460,1460,1460] + [ENTROPIES...: 5.3,5.6,5.5,4.7,5.4,6.9,7.4,7.6,5.4,5.4,5.3,6.5,6.4,7.2,7.2,5.4,7.2,6.3,5.5,5.5,5.8,5.4,5.4,6.0,5.4,7.9,7.9,5.5,5.5,7.9,7.9,7.9] detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe] analyse: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.169| 0.024| 0.039| 1530.136| 0.000] - [PKTLEN......: 86.000| 1294.000| 408.800| 466.200|217386.300| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.169| 0.024| 0.039| 1530.136| 3.300] + [PKTLEN......: 72.000| 1280.000| 394.800| 466.200| 217386.300| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,1,1,0,0,1,0,1] [IATS(ms)....: 34.8,34.8,0.2,53.0,4.9,57.8,0.5,0.4,0.0,0.0,3.6,2.0,0.4,91.7,168.8,1.8,72.8,0.2,1.0,2.0,2.7,14.6,61.7,0.0,76.3,0.0,0.7,0.7,0.1] - [PKTLENS.....: 94,94,86,603,86,1294,86,1294,1294,286,86,86,86,150,178,491,491,86,666,86,117,86,117,86,86,827,1294,86,86,1294,86,1294] + [PKTLENS.....: 80,80,72,589,72,1280,72,1280,1280,272,72,72,72,136,164,477,477,72,652,72,103,72,103,72,72,813,1280,72,72,1280,72,1280] + [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,7.8,5.2,7.8,7.9,7.2,5.2,5.2,5.2,6.1,6.5,7.4,7.4,5.1,7.6,5.1,5.7,5.1,5.7,5.2,5.1,7.7,7.8,5.2,5.2,7.8,5.2,7.8] new: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] new: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] @@ -275,23 +290,25 @@ detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable] detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Web][Safe] analyse: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.043| 0.011| 0.015| 223.794| 0.000] - [PKTLEN......: 86.000| 1474.000| 264.000| 362.600|131502.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.043| 0.011| 0.015| 223.794| 3.600] + [PKTLEN......: 72.000| 1460.000| 250.000| 362.600| 131502.000| 4.000] [BINS(c->s)..: 11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1] [IATS(ms)....: 41.1,41.1,0.2,31.9,11.0,42.7,0.5,0.0,0.5,0.0,2.8,1.3,0.1,34.2,10.2,0.0,40.2,0.5,1.5,0.0,0.9,16.6,0.0,0.0,16.5,0.0,0.0,4.4,0.3,12.7,24.5] - [PKTLENS.....: 94,94,86,603,86,1474,86,1474,186,86,86,150,178,500,86,666,86,86,117,86,117,86,807,117,125,86,86,86,125,121,296,86] + [PKTLENS.....: 80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72] + [ENTROPIES...: 4.9,5.3,5.3,4.5,5.1,7.8,5.3,7.9,6.5,5.3,5.3,6.1,6.5,7.4,5.2,7.6,5.1,5.3,5.9,5.1,5.8,5.3,7.7,5.7,6.0,5.3,5.3,5.3,6.1,5.9,7.1,5.2] analyse: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.217| 0.048| 0.068| 4645.676| 0.000] - [PKTLEN......: 86.000| 1474.000| 272.400| 353.400|124913.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.217| 0.048| 0.068| 4645.676| 3.600] + [PKTLEN......: 72.000| 1460.000| 258.400| 353.400| 124913.600| 4.100] [BINS(c->s)..: 9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1] [IATS(ms)....: 29.2,29.3,0.2,29.5,187.3,216.6,0.3,0.3,0.0,1.8,0.2,0.0,70.3,211.9,6.5,0.0,182.9,58.3,20.2,41.8,0.1,0.0,0.9,11.7,10.9,9.9,6.2,112.5,128.6,76.1] - [PKTLENS.....: 94,94,86,603,86,1474,86,1474,749,86,86,212,185,376,376,86,86,86,186,86,328,86,130,86,124,124,86,86,86,545,86,352] + [PKTLENS.....: 80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338] + [ENTROPIES...: 4.8,5.2,5.2,4.6,5.1,6.8,5.2,7.4,7.6,5.2,5.2,6.4,6.3,7.1,7.1,5.1,5.1,5.1,6.4,5.1,7.0,5.2,5.9,5.2,5.6,5.9,5.2,5.1,5.1,7.5,5.2,7.3] detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][SocialNetwork][Fun] @@ -301,14 +318,15 @@ detected: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Advertisement][Acceptable] detected: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable] analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.051| 0.013| 0.018| 330.361| 0.000] - [PKTLEN......: 86.000| 1294.000| 321.800| 396.400|157103.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.051| 0.013| 0.018| 330.361| 3.500] + [PKTLEN......: 72.000| 1280.000| 307.800| 396.400| 157103.100| 4.100] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1] [IATS(ms)....: 43.0,43.1,0.3,41.3,10.2,51.1,0.4,38.4,3.5,41.5,0.5,0.0,0.5,0.0,0.1,0.1,2.3,0.2,0.1,38.5,0.0,36.0,0.0,0.0,0.1,5.2,2.2,17.6,0.2] - [PKTLENS.....: 94,94,86,603,86,185,86,609,86,1294,86,1294,1294,86,86,423,86,160,178,473,86,341,341,182,86,86,86,117,86,86,117,1294] + [PKTLENS.....: 80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280] + [ENTROPIES...: 5.2,5.5,5.4,4.7,5.3,6.2,5.3,5.1,5.3,7.8,5.5,7.8,7.9,5.4,5.4,7.4,5.5,6.4,6.6,7.5,5.4,7.3,7.3,6.5,5.4,5.5,5.4,6.0,5.4,5.4,5.9,7.8] detection-update: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Advertisement][Acceptable] new: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] new: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] @@ -319,59 +337,64 @@ detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] detected: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun] analyse: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.062| 0.010| 0.018| 322.960| 0.000] - [PKTLEN......: 86.000| 1294.000| 426.800| 483.300|233579.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.062| 0.010| 0.018| 322.960| 3.000] + [PKTLEN......: 72.000| 1280.000| 412.800| 483.300| 233579.900| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,0,1,1] [IATS(ms)....: 37.4,37.4,0.2,47.4,15.0,62.3,0.0,0.4,0.3,2.5,0.2,0.3,39.9,0.1,2.3,39.3,0.2,2.9,2.6,0.8,0.8,0.3,0.0,0.0,0.3,0.0,0.0,0.1,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,303,86,150,178,372,86,86,86,666,86,117,511,86,1294,86,1294,1294,1294,86,86,86,1294,306] + [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292] + [ENTROPIES...: 4.7,5.3,5.2,4.4,5.1,7.8,7.8,5.2,5.2,7.2,5.2,6.1,6.5,7.3,5.1,5.1,5.1,7.7,5.1,5.8,7.5,5.2,7.8,5.2,7.8,7.9,7.8,5.1,5.2,5.1,7.8,7.2] detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Media][Fun] detection-update: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun] detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Media][Fun] detection-update: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] analyse: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.069| 0.013| 0.024| 573.258| 0.000] - [PKTLEN......: 86.000| 1294.000| 399.700| 459.200|210886.500| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.069| 0.013| 0.024| 573.258| 2.800] + [PKTLEN......: 72.000| 1280.000| 385.700| 459.200| 210886.500| 4.100] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1] [IATS(ms)....: 63.7,63.8,0.2,68.5,0.7,0.0,0.0,0.0,69.0,0.0,0.0,0.0,0.0,0.0,8.3,2.6,2.5,40.2,1.0,27.8,0.2,1.6,0.0,1.4,0.0,0.1,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,1294,1294,86,86,86,86,483,86,150,178,421,86,666,86,86,86,117,117,517,86,86,1294,1294,342,125] + [PKTLENS.....: 80,80,72,589,72,1280,1280,1280,1280,72,72,72,72,469,72,136,164,407,72,652,72,72,72,103,103,503,72,72,1280,1280,328,111] + [ENTROPIES...: 4.8,5.2,5.1,4.5,5.1,7.8,7.8,7.8,7.8,5.2,5.2,5.2,5.2,7.4,5.2,6.1,6.6,7.5,5.1,7.6,5.0,5.1,5.1,5.8,5.6,7.6,5.2,5.2,7.8,7.9,7.2,5.9] analyse: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.073| 0.012| 0.021| 448.970| 0.000] - [PKTLEN......: 86.000| 1294.000| 423.500| 484.500|234727.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.073| 0.012| 0.021| 448.970| 3.000] + [PKTLEN......: 72.000| 1280.000| 409.500| 484.500| 234727.200| 4.100] [BINS(c->s)..: 11,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1] [IATS(ms)....: 45.3,45.4,0.4,65.7,8.2,73.5,0.0,0.0,0.0,12.6,0.9,0.2,0.2,41.2,1.6,28.9,0.1,3.3,0.0,3.7,0.0,0.0,7.0,0.0,0.0,0.0,0.1,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,86,1294,355,86,86,150,178,387,167,86,666,86,117,86,86,86,480,1294,1294,1294,86,86,86,86,1294,1294] + [PKTLENS.....: 80,80,72,589,72,1280,72,1280,341,72,72,136,164,373,153,72,652,72,103,72,72,72,466,1280,1280,1280,72,72,72,72,1280,1280] + [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,7.8,5.2,7.9,7.3,5.2,5.1,6.1,6.5,7.4,6.4,5.1,7.6,5.3,5.8,5.1,5.2,5.1,7.5,7.8,7.8,7.8,5.3,5.3,5.3,5.3,7.8,7.8] analyse: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.068| 0.014| 0.023| 533.315| 0.000] - [PKTLEN......: 86.000| 1294.000| 434.500| 488.800|238946.400| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.068| 0.014| 0.023| 533.315| 3.200] + [PKTLEN......: 72.000| 1280.000| 420.500| 488.800| 238946.400| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,0,0] [IATS(ms)....: 63.3,63.4,1.1,67.8,0.8,0.0,0.0,67.4,0.0,0.0,11.7,1.8,0.2,41.6,0.4,28.5,0.5,4.2,1.9,5.5,17.9,17.9,0.1,0.1,0.2,0.0,0.2,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,765,86,86,86,150,178,389,86,666,86,117,86,86,117,86,470,86,1294,86,1294,1294,1294,1294,86,86] + [PKTLENS.....: 80,80,72,589,72,1280,1280,751,72,72,72,136,164,375,72,652,72,103,72,72,103,72,456,72,1280,72,1280,1280,1280,1280,72,72] + [ENTROPIES...: 4.9,5.3,5.2,4.4,5.1,7.8,7.9,7.7,5.2,5.2,5.3,6.3,6.6,7.4,5.1,7.7,5.1,5.9,5.1,5.1,5.8,5.2,7.5,5.3,7.9,5.3,7.8,7.8,7.8,7.8,5.2,5.3] new: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.144| 0.017| 0.037| 1404.834| 0.000] - [PKTLEN......: 86.000| 1134.000| 277.200| 320.800|102914.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.144| 0.017| 0.037| 1404.834| 2.700] + [PKTLEN......: 72.000| 1120.000| 263.200| 320.800| 102914.800| 4.200] [BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,1,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1] [IATS(ms)....: 25.7,25.8,0.2,144.2,0.0,144.0,0.0,0.1,0.0,0.0,0.0,2.5,0.6,1.3,49.7,0.0,0.0,45.4,0.0,0.1,0.0,0.1,0.7,0.4,0.9,38.4,2.5,1.1,2.2] - [PKTLENS.....: 94,94,86,603,86,1134,1134,86,86,1134,601,86,86,179,185,485,86,86,344,152,86,86,86,453,86,124,580,156,86,86,86,128] + [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,587,72,72,165,171,471,72,72,330,138,72,72,72,439,72,110,566,142,72,72,72,114] + [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,6.9,7.4,5.2,5.2,7.3,7.5,5.2,5.2,6.1,6.4,7.4,5.2,5.1,7.1,6.2,5.2,5.3,5.1,7.5,5.3,5.6,7.6,6.2,5.1,5.1,5.1,6.0] detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] new: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] @@ -387,23 +410,25 @@ detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable] detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable] analyse: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.046| 0.008| 0.012| 155.374| 0.000] - [PKTLEN......: 86.000| 1294.000| 294.100| 371.700|138197.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.046| 0.008| 0.012| 155.374| 3.400] + [PKTLEN......: 72.000| 1280.000| 280.100| 371.700| 138197.800| 4.100] [BINS(c->s)..: 12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1] [IATS(ms)....: 18.5,18.6,0.4,37.2,9.0,0.0,0.0,0.0,45.9,0.0,0.0,0.0,8.7,0.4,0.3,33.6,0.0,0.1,1.2,0.0,25.4,0.0,0.5,7.3,0.0,0.0,6.8,0.0,0.0,3.7,20.5] - [PKTLENS.....: 94,94,86,603,86,1294,1294,1294,287,86,86,86,86,150,178,363,86,86,86,666,117,86,86,117,789,530,125,86,86,86,125,86] + [PKTLENS.....: 80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72] + [ENTROPIES...: 4.8,5.3,5.2,4.6,5.1,7.8,7.8,7.8,7.0,5.2,5.2,5.2,5.2,6.3,6.6,7.3,5.1,5.1,5.1,7.6,5.7,5.3,5.3,5.9,7.7,7.6,5.9,5.2,5.2,5.2,6.0,5.0] analyse: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Advertisement][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.034| 0.007| 0.011| 129.744| 0.000] - [PKTLEN......: 86.000| 1294.000| 337.800| 408.200|166632.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.007| 0.011| 129.744| 3.400] + [PKTLEN......: 72.000| 1280.000| 323.800| 408.200| 166632.700| 4.100] [BINS(c->s)..: 13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0] [IATS(ms)....: 28.1,28.1,0.7,33.2,1.6,34.2,0.1,0.0,0.6,0.6,4.6,0.2,0.2,27.0,3.5,25.5,0.2,4.3,1.4,5.5,0.1,6.3,0.0,6.4,0.0,0.0,0.2,0.0,0.2,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,86,1294,86,548,86,150,178,436,86,666,86,117,86,117,86,86,496,1294,1294,86,86,86,718,125,86,86] + [PKTLENS.....: 80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72] + [ENTROPIES...: 4.8,5.3,5.1,5.0,5.0,7.8,5.2,7.8,5.2,7.6,5.1,6.1,6.6,7.4,5.0,7.7,5.2,5.9,5.0,5.8,5.1,5.1,7.5,7.8,7.8,5.2,5.2,5.1,7.7,5.9,5.2,5.2] new: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] new: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] new: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] @@ -436,32 +461,35 @@ detection-update: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] detection-update: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] analyse: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.042| 0.008| 0.012| 152.931| 0.000] - [PKTLEN......: 86.000| 1294.000| 482.500| 513.400|263601.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.042| 0.008| 0.012| 152.931| 3.300] + [PKTLEN......: 72.000| 1280.000| 468.500| 513.400| 263601.800| 4.200] [BINS(c->s)..: 10,0,2,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,0,0] [IATS(ms)....: 25.6,25.6,1.1,31.5,7.2,0.0,37.6,0.0,0.1,0.0,0.0,0.0,0.1,0.0,7.1,13.6,0.6,0.2,42.2,0.0,20.7,0.3,10.1,0.0,0.3,0.0,0.0,0.0,10.1,0.1] - [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,1294,1294,1294,1294,234,86,86,150,178,356,403,86,666,86,117,86,86,86,1076,1294,1294,86,86] + [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,1280,1280,1280,1280,220,72,72,136,164,342,389,72,652,72,103,72,72,72,1062,1280,1280,72,72] + [ENTROPIES...: 4.8,5.3,5.1,4.6,5.0,7.8,7.8,5.2,5.2,7.9,7.9,7.8,7.8,6.8,5.1,5.1,6.1,6.4,7.3,7.3,5.0,7.6,5.1,5.7,5.1,5.0,5.1,7.8,7.9,7.8,5.1,5.1] analyse: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.046| 0.009| 0.014| 203.864| 0.000] - [PKTLEN......: 86.000| 1294.000| 334.900| 398.400|158685.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.046| 0.009| 0.014| 203.864| 3.400] + [PKTLEN......: 72.000| 1280.000| 320.900| 398.400| 158685.900| 4.100] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1] [IATS(ms)....: 29.5,29.5,0.1,39.8,6.2,0.0,0.0,45.9,0.0,0.0,16.6,7.4,0.9,0.2,45.4,0.2,20.4,0.5,14.7,1.9,0.0,0.0,16.1,2.9,0.0,3.0,0.0,0.0,1.6,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,325,86,86,86,150,178,405,389,86,666,86,117,86,117,86,86,86,565,412,221,86,86,86,1294,1294] + [PKTLENS.....: 80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280] + [ENTROPIES...: 4.9,5.3,5.2,4.6,5.1,7.8,7.9,7.2,5.2,5.2,5.1,6.1,6.5,7.4,7.3,5.0,7.7,5.2,5.8,5.1,5.8,5.0,5.0,5.1,7.6,7.4,6.7,5.2,5.2,5.1,7.8,7.8] analyse: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.044| 0.010| 0.014| 184.491| 0.000] - [PKTLEN......: 86.000| 1294.000| 284.100| 336.600|113301.500| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.044| 0.010| 0.014| 184.491| 3.600] + [PKTLEN......: 72.000| 1280.000| 270.100| 336.600| 113301.500| 4.200] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1] [IATS(ms)....: 28.7,28.7,0.2,37.9,6.1,43.8,0.1,0.0,0.6,0.6,16.4,9.8,0.9,43.8,3.9,20.7,0.6,14.9,1.7,16.0,10.5,0.0,0.0,0.0,10.5,0.0,0.0,0.0,0.2,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,86,1294,86,586,86,150,178,369,86,666,86,117,86,117,86,86,545,911,286,371,86,86,86,86,125,86] + [PKTLENS.....: 80,80,72,589,72,1280,72,1280,72,572,72,136,164,355,72,652,72,103,72,103,72,72,531,897,272,357,72,72,72,72,111,72] + [ENTROPIES...: 4.8,5.2,5.1,4.6,5.0,7.8,5.1,7.8,5.0,7.6,5.0,6.0,6.4,7.3,5.0,7.6,5.1,5.8,5.0,5.5,5.0,5.1,7.5,7.7,7.1,7.3,5.1,5.1,5.1,5.1,5.8,5.0] new: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] detected: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Web][Safe] detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/rtsp.pcap.out b/test/results/flow-info/rtsp.pcap.out index 384061bc7..e192cc264 100644 --- a/test/results/flow-info/rtsp.pcap.out +++ b/test/results/flow-info/rtsp.pcap.out @@ -8,78 +8,84 @@ detected: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.021| 0.002| 0.006| 34.529| 0.000] - [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.021| 0.002| 0.006| 34.529| 2.200] + [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1] [IATS(ms)....: 0.0,0.0,0.1,0.2,0.1,0.0,0.0,0.2,0.0,0.0,0.1,13.1,0.0,0.0,0.1,13.5,0.0,0.0,0.0,20.6,0.0,0.0,0.0,21.1,0.0,0.0,0.1,0.5,0.0,0.0,0.0] - [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,56,62,62,181,181,181,181,198,198,198,198,62,56,62,62] + [PKTLENS.....: 52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,40,46,46,165,165,165,165,182,182,182,182,46,40,46,46] + [ENTROPIES...: 4.4,4.4,4.5,4.5,4.7,4.7,4.7,4.7,4.4,4.4,4.7,4.4,5.7,5.7,5.7,5.7,4.3,4.6,4.3,4.3,5.7,5.7,5.7,5.7,5.8,5.8,5.8,5.8,4.3,4.7,4.4,4.3] new: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] detected: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.021| 0.002| 0.005| 29.923| 0.000] - [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.021| 0.002| 0.005| 29.923| 2.200] + [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1] [IATS(ms)....: 0.0,0.0,0.1,0.3,0.0,0.0,0.0,0.6,0.0,0.0,0.1,9.3,0.0,0.0,0.1,10.1,0.0,0.0,0.0,20.5,0.0,0.0,0.0,21.2,0.0,0.0,0.4,0.9,0.1,0.0,0.0] - [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,56,62,62,181,181,181,181,198,198,198,198,62,62,56,62] + [PKTLENS.....: 52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,40,46,46,165,165,165,165,182,182,182,182,46,46,40,46] + [ENTROPIES...: 4.4,4.4,4.4,4.4,4.6,4.7,4.7,4.6,4.4,4.4,4.7,4.4,5.8,5.8,5.8,5.8,4.3,4.7,4.4,4.3,5.7,5.7,5.7,5.7,5.8,5.8,5.8,5.8,4.3,4.3,4.6,4.3] new: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] detected: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.021| 0.002| 0.005| 26.106| 0.000] - [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.021| 0.002| 0.005| 26.106| 2.200] + [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1] [IATS(ms)....: 0.0,0.0,0.3,0.3,0.1,0.0,0.1,0.8,0.1,0.0,0.2,4.8,0.0,0.0,0.4,6.2,0.1,0.0,0.1,20.1,0.0,0.1,0.0,21.0,0.0,0.0,0.1,0.9,0.0,0.0,0.1] - [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,62,56,62,181,181,181,181,198,198,198,198,62,56,62,62] + [PKTLENS.....: 52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,46,40,46,165,165,165,165,182,182,182,182,46,40,46,46] + [ENTROPIES...: 4.3,4.3,4.4,4.4,4.6,4.6,4.6,4.6,4.3,4.3,4.6,4.3,5.7,5.7,5.7,5.7,4.3,4.3,4.6,4.3,5.7,5.7,5.7,5.7,5.8,5.8,5.8,5.8,4.2,4.5,4.2,4.3] new: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] detected: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.505| 0.033| 0.124|15344.430| 0.000] - [PKTLEN......: 56.000| 181.000| 92.300| 48.800| 2380.700| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.505| 0.033| 0.124| 15344.430| 1.200] + [PKTLEN......: 40.000| 165.000| 76.300| 48.800| 2380.700| 4.700] [BINS(c->s)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] [IATS(ms)....: 0.0,0.0,0.1,1.3,0.0,0.0,0.3,505.2,0.0,0.0,0.1,504.5,0.0,0.0,0.1,1.0,0.0,0.0,0.1,0.1,0.0,0.0,0.0,0.6,0.1,0.0,0.0,20.4,0.0,0.0,0.1] - [PKTLENS.....: 68,68,68,68,62,56,62,62,68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,62,56,62,181,181,181,181] + [PKTLENS.....: 52,52,52,52,46,40,46,46,52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,46,40,46,165,165,165,165] + [ENTROPIES...: 4.4,4.4,4.4,4.4,3.5,3.8,3.5,3.5,4.4,4.4,4.4,4.4,4.6,4.7,4.6,4.7,4.3,4.3,4.6,4.3,5.7,5.7,5.7,5.7,4.3,4.3,4.6,4.3,5.7,5.7,5.7,5.7] end: [.....1] [ip4][..tcp] [......10.1.1.10][52470] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port new: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] detected: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.024| 0.002| 0.006| 34.195| 0.000] - [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.024| 0.002| 0.006| 34.195| 2.400] + [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1] [IATS(ms)....: 0.0,0.0,0.1,0.4,0.0,0.0,0.1,0.6,0.0,0.0,0.1,10.3,0.0,0.0,11.4,0.0,0.8,0.0,0.1,20.3,0.0,0.0,0.1,23.8,0.0,0.0,0.1,3.5,0.0,0.0,0.1] - [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,62,56,172,62,62,181,181,181,181,198,198,198,198,62,56,62,62] + [PKTLENS.....: 52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,46,40,156,46,46,165,165,165,165,182,182,182,182,46,40,46,46] + [ENTROPIES...: 4.3,4.3,4.4,4.4,4.6,4.6,4.6,4.6,4.3,4.3,4.6,4.3,5.7,5.7,5.7,4.2,4.6,5.7,4.2,4.3,5.7,5.7,5.7,5.7,5.8,5.8,5.8,5.8,4.2,4.6,4.2,4.3] end: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port new: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] detected: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port analyse: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.021| 0.002| 0.005| 26.978| 0.000] - [PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.021| 0.002| 0.005| 26.978| 2.200] + [PKTLEN......: 40.000| 182.000| 92.600| 58.600| 3438.900| 4.700] [BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1] [IATS(ms)....: 0.0,0.0,0.1,0.4,0.0,0.0,0.1,0.6,0.0,0.0,0.1,6.6,0.0,0.0,0.1,7.5,0.0,0.1,0.1,20.0,0.0,0.1,0.1,21.0,0.0,0.0,0.1,0.8,0.0,0.0,0.1] - [PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,56,62,62,181,181,181,181,198,198,198,198,62,56,62,62] + [PKTLENS.....: 52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,40,46,46,165,165,165,165,182,182,182,182,46,40,46,46] + [ENTROPIES...: 4.3,4.3,4.3,4.3,4.4,4.5,4.4,4.5,4.3,4.3,4.5,4.3,5.7,5.7,5.7,5.7,4.2,4.5,4.2,4.3,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,4.3,4.6,4.3,4.3] end: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] RISK: Known Proto on Non Std Port end: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun] diff --git a/test/results/flow-info/rx.pcap.out b/test/results/flow-info/rx.pcap.out index d92547a7d..2823af8e3 100644 --- a/test/results/flow-info/rx.pcap.out +++ b/test/results/flow-info/rx.pcap.out @@ -12,14 +12,15 @@ new: [.....5] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.124][.7000] detected: [.....5] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.124][.7000] [RX][RPC][Acceptable] analyse: [.....4] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.241][.7000] [RX][RPC][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.105| 0.029| 0.034| 1128.030| 0.000] - [PKTLEN......: 70.000| 782.000| 176.700| 165.900|27529.200| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.105| 0.029| 0.034| 1128.030| 4.000] + [PKTLEN......: 56.000| 768.000| 162.700| 165.900| 27529.200| 4.500] [BINS(c->s)..: 1,4,7,0,1,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,6,5,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1] [IATS(ms)....: 77.5,77.6,57.0,57.2,38.2,1.3,39.5,65.7,0.3,65.9,103.2,105.3,2.1,9.0,9.1,3.0,1.8,4.8,61.4,65.2,3.8,0.1,6.8,6.7,0.1,3.7,3.7,4.9,8.0,3.0,2.8] - [PKTLENS.....: 74,108,107,74,510,107,118,70,107,78,107,94,86,435,74,510,107,198,107,174,782,107,94,198,107,110,214,107,94,86,435,74] + [PKTLENS.....: 60,94,93,60,496,93,104,56,93,64,93,80,72,421,60,496,93,184,93,160,768,93,80,184,93,96,200,93,80,72,421,60] + [ENTROPIES...: 4.1,3.4,3.5,4.0,4.3,3.5,3.9,4.1,3.5,3.9,3.6,5.3,3.8,7.1,4.1,4.3,3.5,6.5,3.6,6.4,7.7,3.6,5.2,6.5,3.6,5.6,6.7,3.6,5.2,3.9,7.1,4.1] idle: [.....1] [ip4][..udp] [131.114.219.168][41559] -> [192.167.206.124][.7002] [RX][RPC][Acceptable] idle: [.....5] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.124][.7000] [RX][RPC][Acceptable] idle: [.....4] [ip4][..udp] [131.114.219.168][.7001] -> [192.167.206.241][.7000] [RX][RPC][Acceptable] diff --git a/test/results/flow-info/s7comm.pcap.out b/test/results/flow-info/s7comm.pcap.out index 588cbf3f8..293476066 100644 --- a/test/results/flow-info/s7comm.pcap.out +++ b/test/results/flow-info/s7comm.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Network][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.009| 0.005| 0.003| 11.033| 0.000] - [PKTLEN......: 61.000| 275.000| 91.200| 40.300| 1625.500| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.009| 0.005| 0.003| 11.033| 4.500] + [PKTLEN......: 47.000| 261.000| 77.200| 40.300| 1625.500| 4.900] [BINS(c->s)..: 17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,5,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0] [IATS(ms)....: 3.7,3.9,3.1,3.1,0.1,7.0,6.9,4.6,9.0,4.4,0.6,7.0,6.4,0.3,6.0,5.7,0.3,9.0,8.7,0.2,9.0,8.8,0.2,9.0,8.8,0.2,9.0,8.8,0.2,5.0,4.7] - [PKTLENS.....: 76,76,79,81,61,87,135,61,87,135,61,87,275,61,87,135,61,83,115,61,83,115,61,83,115,61,83,115,61,85,91,61] + [PKTLENS.....: 62,62,65,67,47,73,121,47,73,121,47,73,261,47,73,121,47,69,101,47,69,101,47,69,101,47,69,101,47,71,77,47] + [ENTROPIES...: 4.4,4.3,4.3,3.9,4.5,4.6,3.9,4.5,4.4,3.5,4.5,4.5,2.4,4.4,4.5,3.9,4.5,4.4,4.4,4.5,4.4,4.4,4.4,4.4,4.4,4.5,4.4,4.4,4.4,4.7,4.4,4.5] idle: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/safari.pcap.out b/test/results/flow-info/safari.pcap.out index 76335848d..9ad62237d 100644 --- a/test/results/flow-info/safari.pcap.out +++ b/test/results/flow-info/safari.pcap.out @@ -11,14 +11,15 @@ new: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443] new: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] analyse: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.579| 0.077| 0.167|27833.076| 0.000] - [PKTLEN......: 66.000| 1506.000| 569.500| 644.500|415419.900| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.579| 0.077| 0.167| 27833.076| 2.800] + [PKTLEN......: 52.000| 1492.000| 555.500| 644.500| 415419.900| 4.000] [BINS(c->s)..: 11,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,1,1,1,0] [IATS(ms)....: 28.3,28.4,0.6,28.7,7.0,0.1,0.0,35.1,0.0,52.7,82.0,0.0,29.3,0.9,28.1,550.6,1.2,579.0,0.2,0.3,0.1,0.1,0.1,0.1,0.1,0.1,428.1,455.0,4.4,1.2,32.6] - [PKTLENS.....: 78,74,66,301,66,1506,1506,641,66,66,159,66,117,66,425,66,1506,1506,66,1506,66,1506,66,1506,66,1506,66,445,66,1506,1506,66] + [PKTLENS.....: 64,60,52,287,52,1492,1492,627,52,52,145,52,103,52,411,52,1492,1492,52,1492,52,1492,52,1492,52,1492,52,431,52,1492,1492,52] + [ENTROPIES...: 4.4,5.3,5.0,5.6,5.0,7.1,7.3,7.6,5.0,4.9,6.1,5.0,5.9,5.0,7.4,5.0,7.9,7.9,4.9,7.9,4.8,7.9,5.0,7.9,4.9,7.9,5.0,7.4,5.1,7.9,7.9,5.1] detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe] detected: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe] RISK: TLS (probably) Not Carrying HTTPS @@ -41,50 +42,55 @@ detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.119| 0.018| 0.029| 823.374| 0.000] - [PKTLEN......: 66.000| 1506.000| 632.000| 660.500|436248.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.119| 0.018| 0.029| 823.374| 3.500] + [PKTLEN......: 52.000| 1492.000| 618.000| 660.500| 436248.100| 4.100] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,0,0,1,1] [IATS(ms)....: 29.6,29.7,2.4,30.5,0.0,28.2,51.9,8.9,77.9,8.5,0.6,1.2,27.4,0.1,0.1,0.2,0.1,0.1,0.3,0.1,0.1,0.2,0.5,0.1,0.6,24.0,24.0,84.5,7.8,118.9,0.9] - [PKTLENS.....: 78,74,66,277,66,207,66,117,508,66,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66,1043,66,66,497,66,1506] + [PKTLENS.....: 64,60,52,263,52,193,52,103,494,52,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1029,52,52,483,52,1492] + [ENTROPIES...: 4.4,5.2,4.9,5.8,5.0,6.4,4.9,5.5,7.5,5.0,4.8,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,4.9,7.9,7.9,5.0,7.9,7.9,4.9,7.8,5.0,4.8,7.5,5.1,7.9] analyse: [.....2] [ip4][..tcp] [..192.168.1.178][55265] -> [...146.48.58.18][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.140| 0.019| 0.033| 1086.908| 0.000] - [PKTLEN......: 66.000| 1506.000| 616.100| 656.600|431150.100| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.140| 0.019| 0.033| 1086.908| 3.400] + [PKTLEN......: 52.000| 1492.000| 602.100| 656.600| 431150.100| 4.100] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0,1,1,0,1] [IATS(ms)....: 30.4,30.4,2.4,30.7,1.7,30.1,50.3,8.6,78.3,9.2,5.0,0.1,33.7,0.1,0.7,0.9,0.1,0.1,0.0,0.3,0.0,104.0,6.6,140.4,1.5,0.5,31.8,0.1,0.1,0.2,0.4] - [PKTLENS.....: 78,74,66,277,66,207,66,117,472,66,66,1506,1506,66,1506,1506,66,1506,1506,565,66,66,66,500,66,1506,1506,66,1506,1506,66,1506] + [PKTLENS.....: 64,60,52,263,52,193,52,103,458,52,52,1492,1492,52,1492,1492,52,1492,1492,551,52,52,52,486,52,1492,1492,52,1492,1492,52,1492] + [ENTROPIES...: 4.4,5.2,4.9,5.8,5.1,6.5,4.9,5.5,7.4,5.0,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,7.5,4.9,5.0,4.9,7.5,5.1,7.9,7.9,4.9,7.9,7.9,4.9,7.9] analyse: [.....3] [ip4][..tcp] [..192.168.1.178][55266] -> [...146.48.58.18][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.144| 0.020| 0.034| 1135.493| 0.000] - [PKTLEN......: 66.000| 1506.000| 624.000| 657.100|431734.900| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.144| 0.020| 0.034| 1135.493| 3.400] + [PKTLEN......: 52.000| 1492.000| 610.000| 657.100| 431734.900| 4.100] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1] [IATS(ms)....: 31.3,31.4,1.4,32.4,1.0,32.0,49.5,8.2,77.5,8.4,0.6,1.2,30.1,0.1,0.0,0.1,0.1,0.1,106.8,7.1,144.0,5.8,0.1,35.9,0.1,0.1,0.2,0.1,0.1,0.2,0.1] - [PKTLENS.....: 78,74,66,277,66,207,66,117,503,66,66,1506,1506,66,1506,1506,66,791,66,66,497,66,1506,1506,66,1506,1506,66,1506,1506,66,1506] + [PKTLENS.....: 64,60,52,263,52,193,52,103,489,52,52,1492,1492,52,1492,1492,52,777,52,52,483,52,1492,1492,52,1492,1492,52,1492,1492,52,1492] + [ENTROPIES...: 4.3,5.2,4.9,5.8,5.0,6.4,4.8,5.4,7.5,5.0,5.0,7.9,7.9,4.9,7.9,7.9,5.0,7.8,4.9,4.8,7.4,5.1,7.9,7.9,4.8,7.9,7.9,4.9,7.9,7.9,4.9,7.9] analyse: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.147| 0.020| 0.034| 1161.612| 0.000] - [PKTLEN......: 66.000| 1506.000| 604.800| 660.800|436665.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.147| 0.020| 0.034| 1161.612| 3.300] + [PKTLEN......: 52.000| 1492.000| 590.800| 660.800| 436665.800| 4.100] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0] [IATS(ms)....: 33.6,33.6,1.2,33.6,0.0,32.4,46.9,8.3,78.2,6.3,1.0,0.3,30.4,0.9,0.0,0.9,105.4,6.5,147.0,2.1,0.1,37.3,0.1,0.1,0.2,0.1,0.6,0.8,0.1,0.1,0.2] - [PKTLENS.....: 78,74,66,277,66,207,66,117,495,66,66,1506,1506,66,1506,181,66,66,500,66,1506,1506,66,1506,1506,66,1506,1506,66,1506,1506,66] + [PKTLENS.....: 64,60,52,263,52,193,52,103,481,52,52,1492,1492,52,1492,167,52,52,486,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52] + [ENTROPIES...: 4.4,5.3,5.0,5.8,5.0,6.4,4.9,5.7,7.5,5.0,5.1,7.9,7.9,5.1,7.9,6.8,4.9,4.9,7.5,5.0,7.9,7.8,5.1,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.1] analyse: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.146| 0.022| 0.035| 1194.506| 0.000] - [PKTLEN......: 66.000| 1506.000| 533.000| 616.900|380607.300| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.146| 0.022| 0.035| 1194.506| 3.500] + [PKTLEN......: 52.000| 1492.000| 519.000| 616.900| 380607.300| 4.000] [BINS(c->s)..: 10,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,8,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0] [IATS(ms)....: 30.4,30.5,1.4,31.3,0.1,30.0,50.7,8.3,78.2,9.2,0.2,28.7,116.2,146.0,0.5,0.1,30.4,0.1,0.4,0.5,0.1,0.1,0.0,0.2,0.0,0.9,5.5,36.2,1.5,0.1,31.5] - [PKTLENS.....: 78,74,66,277,66,207,66,117,494,66,66,1413,66,497,66,1506,1506,66,1506,1506,66,1506,1506,425,66,66,66,503,66,1506,1506,66] + [PKTLENS.....: 64,60,52,263,52,193,52,103,480,52,52,1399,52,483,52,1492,1492,52,1492,1492,52,1492,1492,411,52,52,52,489,52,1492,1492,52] + [ENTROPIES...: 4.4,5.2,4.9,5.9,4.9,6.5,4.8,5.6,7.5,5.0,5.0,7.9,5.0,7.4,4.9,7.9,7.9,4.8,7.9,7.9,4.9,7.9,7.9,7.5,4.9,4.9,4.8,7.5,5.1,7.9,7.9,5.1] new: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] detected: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe] detection-update: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/signal.pcap.out b/test/results/flow-info/signal.pcap.out index e03441b8d..123390a31 100644 --- a/test/results/flow-info/signal.pcap.out +++ b/test/results/flow-info/signal.pcap.out @@ -19,14 +19,15 @@ detected: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] detected: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] analyse: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.052| 0.012| 0.020| 399.390| 0.000] - [PKTLEN......: 66.000| 1506.000| 427.300| 522.500|272968.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.052| 0.012| 0.020| 399.390| 3.200] + [PKTLEN......: 52.000| 1492.000| 413.300| 522.500| 272968.600| 4.000] [BINS(c->s)..: 10,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,1] [IATS(ms)....: 44.2,46.0,0.1,45.6,0.8,0.2,0.3,0.2,47.8,0.0,0.1,46.0,44.7,7.8,1.7,0.1,0.4,0.1,52.3,0.0,1.1,0.0,42.6,0.1,0.7,0.5,0.1,0.9,0.1,0.4,0.0] - [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,1506,66,66,66,673,66,146,112,109,101,207,337,337,66,136,66,66,66,66,97,1112,1112,1506,427] + [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,1492,52,52,52,659,52,132,98,95,87,193,323,323,52,122,52,52,52,52,83,1098,1098,1492,413] + [ENTROPIES...: 4.5,5.3,5.1,4.4,5.2,7.8,7.9,7.8,7.9,5.1,5.1,5.0,7.6,5.2,6.3,5.8,5.9,5.8,6.9,7.3,7.4,5.1,6.4,5.1,5.1,5.0,5.0,5.6,7.8,7.8,7.9,7.5] detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] @@ -59,14 +60,15 @@ detected: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] detected: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] analyse: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.101| 0.015| 0.025| 625.062| 0.000] - [PKTLEN......: 66.000| 1506.000| 445.700| 520.400|270842.400| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.101| 0.015| 0.025| 625.062| 3.300] + [PKTLEN......: 52.000| 1492.000| 431.700| 520.400| 270842.400| 4.100] [BINS(c->s)..: 9,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1] [IATS(ms)....: 34.9,37.7,0.1,37.4,0.8,0.2,0.3,0.2,37.0,0.2,34.8,100.7,83.3,17.6,1.1,2.5,0.1,0.4,0.1,36.0,0.0,31.6,0.5,2.4,0.0,0.5,2.2,1.1,0.2,0.2,0.0] - [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,1506,66,66,673,66,673,78,146,112,109,101,207,337,337,66,66,66,136,66,66,1112,1112,1506,427] + [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,1492,52,52,659,52,659,64,132,98,95,87,193,323,323,52,52,52,122,52,52,1098,1098,1492,413] + [ENTROPIES...: 4.5,5.2,5.1,4.4,5.2,7.9,7.9,7.8,7.9,5.1,5.1,7.7,5.1,7.7,5.0,6.4,6.0,5.9,5.8,6.8,7.3,7.3,5.2,5.1,5.2,6.3,5.1,5.1,7.8,7.8,7.9,7.5] detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] @@ -82,14 +84,15 @@ detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] analyse: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.115| 0.033| 0.050| 2490.513| 0.000] - [PKTLEN......: 66.000| 1506.000| 533.200| 606.200|367455.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.115| 0.033| 0.050| 2490.513| 3.300] + [PKTLEN......: 52.000| 1492.000| 519.200| 606.200| 367455.800| 4.100] [BINS(c->s)..: 4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] [BINS(s->c)..: 7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1] [IATS(ms)....: 108.9,110.6,0.1,110.4,2.1,0.0,112.4,5.0,114.9,0.0,109.6,1.9,0.0,0.0,0.1,0.8,0.1,0.2,0.1,111.4,0.2,108.4,1.8,0.6,1.7,0.2,0.2,0.3,0.1,109.4,1.5] - [PKTLENS.....: 78,74,66,583,66,1506,1104,66,192,117,135,66,119,116,108,312,1506,1506,1506,378,66,104,848,66,66,1506,1506,1506,1506,151,66,66] + [PKTLENS.....: 64,60,52,569,52,1492,1090,52,178,103,121,52,105,102,94,298,1492,1492,1492,364,52,90,834,52,52,1492,1492,1492,1492,137,52,52] + [ENTROPIES...: 4.4,5.2,5.1,4.6,5.2,7.1,7.7,5.0,6.5,5.8,6.4,5.1,5.7,5.6,5.6,7.1,7.9,7.9,7.9,7.4,5.2,5.9,7.7,5.1,5.1,7.9,7.9,7.9,7.9,6.1,5.2,5.0] new: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [MIDSTREAM] detected: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [TLS][Web][Safe] new: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] @@ -97,14 +100,15 @@ detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] analyse: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.043| 0.012| 0.016| 257.340| 0.000] - [PKTLEN......: 66.000| 1506.000| 512.200| 608.000|369644.200| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.043| 0.012| 0.016| 257.340| 3.700] + [PKTLEN......: 52.000| 1492.000| 498.200| 608.000| 369644.200| 4.000] [BINS(c->s)..: 5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] [BINS(s->c)..: 7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1] [IATS(ms)....: 32.9,39.8,0.1,40.0,2.7,0.0,39.4,7.8,43.4,0.4,0.0,34.7,0.1,7.5,0.5,0.0,0.1,0.4,5.9,0.1,0.4,42.2,0.0,0.5,26.8,7.6,10.7,0.1,0.3,0.3,26.1] - [PKTLENS.....: 78,74,66,583,66,1506,1009,66,192,66,117,135,66,66,119,116,108,257,104,1506,1506,1506,66,104,66,685,66,1506,1506,1506,1506,66] + [PKTLENS.....: 64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52] + [ENTROPIES...: 4.4,5.2,5.0,4.3,5.1,7.1,7.7,5.1,6.3,5.1,6.0,6.4,5.1,5.1,5.7,5.6,5.5,7.0,5.4,7.9,7.9,7.9,4.9,5.9,5.1,7.6,5.1,7.9,7.9,7.9,7.9,5.1] detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] idle: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] end: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [TLS.Apple][Web][Safe] diff --git a/test/results/flow-info/simple-dnscrypt.pcap.out b/test/results/flow-info/simple-dnscrypt.pcap.out index 4040b7b84..366191b95 100644 --- a/test/results/flow-info/simple-dnscrypt.pcap.out +++ b/test/results/flow-info/simple-dnscrypt.pcap.out @@ -6,14 +6,15 @@ detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS][Web][Safe] detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] analyse: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.222| 0.043| 0.053| 2772.255| 0.000] - [PKTLEN......: 54.000| 1364.000| 397.400| 516.900|267229.700| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.222| 0.043| 0.053| 2772.255| 3.900] + [PKTLEN......: 40.000| 1350.000| 383.400| 516.900| 267229.700| 3.900] [BINS(c->s)..: 7,4,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1] [IATS(ms)....: 110.6,111.2,27.9,119.6,18.5,5.2,114.9,3.0,7.5,0.0,0.0,10.6,4.9,14.9,0.1,0.1,0.4,91.8,0.0,71.5,3.1,28.8,26.8,76.4,36.0,32.6,95.2,61.6,222.0,0.0] - [PKTLENS.....: 66,66,54,260,54,1364,1364,54,1364,1364,1364,360,54,180,107,110,96,272,312,123,54,92,54,92,54,54,54,415,54,119,1364,1324] + [PKTLENS.....: 52,52,40,246,40,1350,1350,40,1350,1350,1350,346,40,166,93,96,82,258,298,109,40,78,40,78,40,40,40,401,40,105,1350,1310] + [ENTROPIES...: 4.7,5.1,4.9,5.6,4.9,7.3,7.2,4.7,7.6,7.5,7.6,7.3,4.8,6.4,5.7,5.8,5.5,7.1,7.1,6.1,4.9,5.4,4.9,5.8,4.9,4.9,4.9,7.3,4.9,6.0,7.8,7.8] detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] new: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] new: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] @@ -28,14 +29,15 @@ detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] analyse: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.106| 0.026| 0.036| 1310.829| 0.000] - [PKTLEN......: 54.000| 1364.000| 333.100| 456.800|208637.000| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.106| 0.026| 0.036| 1310.829| 3.600] + [PKTLEN......: 40.000| 1350.000| 319.100| 456.800| 208637.000| 3.900] [BINS(c->s)..: 7,4,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,0,1,1,1,0] [IATS(ms)....: 76.9,77.0,0.2,75.5,27.7,2.5,105.6,0.6,0.0,0.6,1.3,0.0,1.6,3.3,3.7,0.1,0.1,3.1,0.1,0.0,84.7,0.0,74.1,4.3,9.6,25.1,23.4,82.0,4.1,98.4] - [PKTLENS.....: 66,66,54,264,54,1364,1364,54,1364,1364,54,1364,360,54,180,107,110,96,334,133,132,312,123,54,54,92,54,92,54,416,415,54] + [PKTLENS.....: 52,52,40,250,40,1350,1350,40,1350,1350,40,1350,346,40,166,93,96,82,320,119,118,298,109,40,40,78,40,78,40,402,401,40] + [ENTROPIES...: 4.7,5.0,4.8,5.5,4.8,7.3,7.3,4.8,7.6,7.5,4.7,7.6,7.4,4.8,6.3,5.6,5.8,5.5,7.3,6.0,6.1,7.2,6.3,4.9,4.9,5.8,4.8,5.4,4.9,7.5,7.4,4.9] detection-update: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] idle: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] idle: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] diff --git a/test/results/flow-info/sip.pcap.out b/test/results/flow-info/sip.pcap.out index 772d7c99d..e91efb687 100644 --- a/test/results/flow-info/sip.pcap.out +++ b/test/results/flow-info/sip.pcap.out @@ -19,14 +19,15 @@ update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] analyse: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.026| 279.042| 42.751| 57.874|3349363405.357| 0.000] - [PKTLEN......: 47.000| 867.000| 429.300| 273.000|74531.700| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.026| 279.042| 42.751| 57.874| 3349363405.357| 4.000] + [PKTLEN......: 33.000| 853.000| 415.300| 273.000| 74531.700| 4.600] [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0] [IATS(ms)....: 136.8,17415.6,17425.0,49.8,89928.6,89874.9,17280.7,17290.4,150200.0,150188.2,17325.2,17335.8,73916.0,73902.7,17325.0,17333.2,25.9,17725.0,29031.8,29092.7,34118.2,34119.1,29272.4,29031.8,29031.6,29031.5,17105.0,497.7,1001.8,279041.8,227.1] - [PKTLENS.....: 509,528,722,348,388,509,528,722,533,509,528,722,533,509,528,722,348,512,47,47,47,47,47,47,47,47,47,867,867,867,635,382] + [PKTLENS.....: 495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368] + [ENTROPIES...: 5.7,5.7,5.7,5.7,5.7,5.7,5.8,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.6,4.1,4.1,4.1,4.1,4.1,4.1,4.0,4.1,4.1,5.7,5.7,5.7,5.8,5.7] update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] idle: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] diff --git a/test/results/flow-info/sites.pcapng.out b/test/results/flow-info/sites.pcapng.out index 00720c07a..9f8f04c91 100644 --- a/test/results/flow-info/sites.pcapng.out +++ b/test/results/flow-info/sites.pcapng.out @@ -23,14 +23,15 @@ detected: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] analyse: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.053| 0.020| 0.024| 571.173| 0.000] - [PKTLEN......: 66.000| 1514.000| 613.800| 646.400|417856.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.053| 0.020| 0.024| 571.173| 2.800] + [PKTLEN......: 52.000| 1500.000| 599.800| 646.400| 417856.700| 4.100] [BINS(c->s)..: 10,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0] [IATS(ms)....: 46.8,50.1,2.2,52.9,0.2,52.2,1.5,0.6,2.4,52.4,0.8,3.1,0.2,0.2,47.9,0.2] - [PKTLENS.....: 74,74,66,583,66,1514,1514,1266,166,66,66,66,66,146,236,304,369,109,97,1514,1514,1514,1514,1514,1514,1514,1514,388,66,66,66,97] + [PKTLENS.....: 60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83] + [ENTROPIES...: 4.7,5.2,5.0,5.4,5.1,7.8,7.9,7.8,6.5,5.0,5.0,5.1,5.1,6.3,6.9,7.1,7.4,6.0,5.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.4,5.1,5.0,5.1,5.6] detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] end: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] DAEMON-EVENT: [Processed: 118 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -38,14 +39,15 @@ new: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] detected: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][SocialNetwork][Fun] analyse: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.031| 0.138| 0.327|107215.077| 0.000] - [PKTLEN......: 60.000| 1514.000| 659.100| 701.200|491744.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.031| 0.138| 0.327| 107215.077| 1.600] + [PKTLEN......: 46.000| 1500.000| 645.100| 701.200| 491744.000| 4.000] [BINS(c->s)..: 15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0] [IATS(ms)....: 27.9,29.1,9.5,39.2,3.0,0.2,59.9,0.3,0.3,974.3,1031.1,29.6,0.5,2.0,0.5,0.7] - [PKTLENS.....: 74,66,60,244,60,1514,1514,1514,1514,1514,1514,1396,60,60,60,60,60,60,60,244,1514,1514,1514,1514,60,60,1514,1514,60,60,60,60] + [PKTLENS.....: 60,52,46,230,46,1500,1500,1500,1500,1500,1500,1382,46,46,46,46,46,46,46,230,1500,1500,1500,1500,46,46,1500,1500,46,46,46,46] + [ENTROPIES...: 4.7,4.9,4.3,5.7,4.3,7.7,7.9,7.8,7.9,7.9,7.9,7.9,4.3,4.3,4.3,4.3,4.3,4.3,4.3,5.7,7.7,7.9,7.9,7.9,4.3,4.3,7.9,7.9,4.3,4.3,4.3,4.3] end: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] DAEMON-EVENT: [Processed: 230 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0] diff --git a/test/results/flow-info/skinny.pcap.out b/test/results/flow-info/skinny.pcap.out index df08b2382..d1e9b2246 100644 --- a/test/results/flow-info/skinny.pcap.out +++ b/test/results/flow-info/skinny.pcap.out @@ -6,14 +6,15 @@ new: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [MIDSTREAM] detected: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [CiscoSkinny][VoIP][Acceptable] analyse: [.....1] [ip4][..tcp] [.192.168.195.58][49399] -> [.192.168.193.12][.2000] [CiscoSkinny][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.610| 0.245| 0.877|769437.794| 0.000] - [PKTLEN......: 60.000| 378.000| 114.200| 74.300| 5521.700| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.610| 0.245| 0.877| 769437.794| 1.500] + [PKTLEN......: 46.000| 364.000| 100.200| 74.300| 5521.700| 4.700] [BINS(c->s)..: 9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,2,0,0,5,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,0,1,1,1,1,0,1,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,0,1,0] [IATS(ms)....: 2.2,0.0,0.0,6.0,3.8,0.3,0.0,0.0,20.0,19.7,10.4,48.8,3559.6,0.0,0.1,3609.8,11.7,20.1,16.5,36.5,7.0,23.4,32.8,20.0,11.7,0.0,20.0,11.5,27.3,50.7,26.7] - [PKTLENS.....: 78,82,70,78,60,378,82,90,82,60,214,74,60,78,194,90,60,266,60,102,60,198,60,198,60,198,186,60,106,106,60,106] + [PKTLENS.....: 64,68,56,64,46,364,68,76,68,46,200,60,46,64,180,76,46,252,46,88,46,184,46,184,46,184,172,46,92,92,46,92] + [ENTROPIES...: 3.9,4.0,4.5,4.3,4.4,3.7,4.4,4.2,4.6,4.4,4.5,4.3,4.7,4.5,2.6,4.2,4.4,4.3,4.5,4.0,4.7,2.7,4.5,2.7,4.5,2.6,4.7,4.4,4.0,4.0,4.6,4.0] new: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] detected: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] [RTP][Media][Acceptable] new: [.....4] [ip4][..udp] [.192.168.195.58][32144] -> [.192.168.195.50][17718] @@ -25,61 +26,67 @@ new: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] detected: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] [RTP][Media][Acceptable] analyse: [.....4] [ip4][..udp] [.192.168.195.58][32144] -> [.192.168.195.50][17718] [RTP][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.026| 0.010| 0.010| 104.356| 0.000] - [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.026| 0.010| 0.010| 104.356| 3.900] + [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0] [IATS(ms)....: 0.0,19.9,0.0,25.6,0.0,20.0,0.0,19.9,0.0,19.9,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0] - [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] + [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] + [ENTROPIES...: 4.2,4.2,4.8,4.8,4.4,4.4,5.1,5.1,4.4,4.4,4.9,4.9,5.5,5.5,5.1,5.1,5.2,5.2,5.1,5.1,5.3,5.3,5.2,5.2,5.6,5.6,5.8,5.8,5.2,5.2,5.2,5.2] analyse: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] [RTP][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 0.000] - [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 5.000] + [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 20.0,20.0,19.9,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.1,20.0,20.0,20.0,20.1,19.9,20.0,20.0,20.0,19.9,20.0,20.1,20.0,20.0,20.0] - [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] + [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] + [ENTROPIES...: 4.3,4.8,5.1,4.9,5.1,5.1,5.2,5.9,5.3,4.8,5.1,5.2,4.8,4.8,4.9,4.7,4.5,4.6,4.6,4.5,4.5,4.3,4.4,4.6,4.4,4.4,4.5,4.8,4.7,4.8,3.9,4.3] analyse: [.....5] [ip4][..udp] [.192.168.195.50][17726] -> [.192.168.193.24][.9399] [RTP][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 0.000] - [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 5.000] + [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 20.0,20.0,20.1,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0] - [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] + [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] + [ENTROPIES...: 4.4,4.4,5.6,5.2,5.4,5.6,5.3,5.1,4.8,4.5,4.8,4.4,4.1,3.9,3.8,3.3,3.4,3.4,3.6,4.3,4.6,4.8,4.8,4.6,4.4,6.2,4.9,6.3,6.5,6.2,6.5,6.5] analyse: [.....6] [ip4][..udp] [.192.168.195.58][32152] -> [.192.168.193.24][.9396] [RTP][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.019| 0.021| 0.020| 0.000| 0.020| 0.000] - [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.019| 0.021| 0.020| 0.000| 0.020| 5.000] + [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 19.8,20.0,20.1,19.9,20.0,20.0,20.0,20.0,20.0,20.0,20.0,19.9,20.0,20.0,20.0,20.0,20.0,20.0,20.5,19.5,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0] - [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] + [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] + [ENTROPIES...: 4.4,4.4,5.6,5.2,5.4,5.7,5.3,5.1,4.8,4.4,4.8,4.4,4.1,3.8,3.8,3.2,3.4,3.4,3.5,4.3,4.6,4.8,4.8,4.5,4.4,6.2,4.9,6.4,6.4,6.2,6.5,6.5] analyse: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] [RTP][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 0.000] - [PKTLEN......: 214.000| 214.000| 214.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.020| 0.020| 0.020| 0.000| 0.001| 5.000] + [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 20.0,20.0,20.1,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.1,20.0,20.0,20.0,20.1,19.9,20.0,19.9,20.0,19.9,20.0,20.1,20.0,20.0,20.0,20.0,20.0,20.0] - [PKTLENS.....: 214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214,214] + [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] + [ENTROPIES...: 4.9,5.0,5.1,5.2,5.8,5.2,4.8,5.0,5.2,4.8,4.8,4.9,4.7,4.5,4.6,4.6,4.5,4.5,4.3,4.4,4.6,4.4,4.4,4.5,4.8,4.7,4.7,3.9,4.3,5.2,5.6,5.5] new: [.....8] [ip4][..tcp] [.192.168.195.58][50917] -> [.....10.16.2.25][.2000] [MIDSTREAM] detected: [.....8] [ip4][..tcp] [.192.168.195.58][50917] -> [.....10.16.2.25][.2000] [CiscoSkinny][VoIP][Acceptable] analyse: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [CiscoSkinny][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 7.046| 0.705| 1.877|3523893.789| 0.000] - [PKTLEN......: 60.000| 546.000| 110.900| 93.800| 8793.000| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 7.046| 0.705| 1.877| 3523893.789| 2.200] + [PKTLEN......: 46.000| 532.000| 96.900| 93.800| 8793.000| 4.600] [BINS(c->s)..: 10,2,0,0,4,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,0,1,1,1,0,0,0,0,1,0,1,0,0,1,0,1,1,0,1,1,1,0,1,0,0,0,0,1] [IATS(ms)....: 0.0,0.1,0.7,0.7,19.9,3583.0,19.3,3622.2,2.1,0.0,0.0,18.0,15.9,20.1,36.3,2.1,20.0,30.9,40.0,6.9,19.1,13.1,64.1,28.3,103.9,42.3,80.4,6999.6,0.0,5.8,7045.9] - [PKTLENS.....: 90,82,86,60,266,60,74,74,60,82,70,78,60,546,60,198,198,60,198,60,102,186,60,106,106,60,106,60,82,82,78,60] + [PKTLENS.....: 76,68,72,46,252,46,60,60,46,68,56,64,46,532,46,184,184,46,184,46,88,172,46,92,92,46,92,46,68,68,64,46] + [ENTROPIES...: 4.2,4.7,4.6,4.6,4.3,4.5,4.2,4.5,4.6,4.1,4.5,4.3,4.4,3.3,4.4,2.7,2.6,4.4,2.7,4.4,3.8,4.8,4.5,4.0,3.9,4.6,4.0,4.6,4.5,4.6,4.4,4.6] new: [.....9] [ip4][.icmp] [.192.168.195.50] -> [.192.168.195.58] detected: [.....9] [ip4][.icmp] [.192.168.195.50] -> [.192.168.195.58] [ICMP][Network][Acceptable] idle: [.....9] [ip4][.icmp] [.192.168.195.50] -> [.192.168.195.58] [ICMP][Network][Acceptable] diff --git a/test/results/flow-info/skype-conference-call.pcap.out b/test/results/flow-info/skype-conference-call.pcap.out index e435ba487..6038cbb81 100644 --- a/test/results/flow-info/skype-conference-call.pcap.out +++ b/test/results/flow-info/skype-conference-call.pcap.out @@ -5,14 +5,15 @@ detected: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.100| 0.011| 0.022| 503.840| 0.000] - [PKTLEN......: 77.000| 957.000| 299.500| 317.000|100457.800| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.100| 0.011| 0.022| 503.840| 3.000] + [PKTLEN......: 63.000| 943.000| 285.500| 317.000| 100457.800| 4.300] [BINS(c->s)..: 0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 7.3,44.5,54.5,0.2,54.9,0.3,10.3,20.1,24.4,100.1,0.3,0.1,0.2,0.1,0.2,0.2,0.1,0.2,0.2,0.2,0.1,2.8,14.7,0.4,0.2,0.2,0.3,0.2,0.2,0.2,3.7] - [PKTLENS.....: 146,146,114,114,146,114,150,152,145,137,209,77,169,169,169,169,169,169,169,169,169,169,114,85,957,957,957,957,957,957,169,135] + [PKTLENS.....: 132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121] + [ENTROPIES...: 5.5,5.4,5.7,5.6,5.4,5.7,5.6,6.5,6.5,6.4,6.8,5.2,6.5,6.5,6.6,6.6,6.5,6.5,6.4,6.6,6.5,6.5,5.6,5.6,7.8,7.8,7.8,7.8,7.8,7.8,6.6,6.3] idle: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/skype.pcap.out b/test/results/flow-info/skype.pcap.out index b4057120d..7949b425c 100644 --- a/test/results/flow-info/skype.pcap.out +++ b/test/results/flow-info/skype.pcap.out @@ -45,14 +45,15 @@ detected: [....18] [ip4][..tcp] [...192.168.1.34][50029] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS.Skype_Teams][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.301| 0.083| 0.084| 7113.901| 0.000] - [PKTLEN......: 66.000| 1506.000| 371.800| 468.900|219872.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.301| 0.083| 0.084| 7113.901| 4.200] + [PKTLEN......: 52.000| 1492.000| 357.800| 468.900| 219872.600| 4.000] [BINS(c->s)..: 10,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,1,0,0,0,1,0,1,1,0] [IATS(ms)....: 75.2,75.2,28.8,111.2,0.2,82.6,77.2,0.2,77.4,12.7,300.9,288.2,83.4,83.5,0.3,86.7,86.3,3.1,96.5,93.4,0.3,253.9,0.0,253.6,0.0,0.4,87.2,86.8,115.8,0.0,115.7] - [PKTLENS.....: 78,70,66,160,1506,86,66,1506,864,66,173,66,125,125,66,295,247,66,695,247,66,263,759,279,66,66,631,167,1383,1506,71,66] + [PKTLENS.....: 64,56,52,146,1492,72,52,1492,850,52,159,52,111,111,52,281,233,52,681,233,52,249,745,265,52,52,617,153,1369,1492,57,52] + [ENTROPIES...: 4.6,5.4,5.2,5.8,7.0,5.6,5.2,7.5,7.7,5.2,6.7,5.2,6.0,6.1,5.1,7.2,7.1,5.2,7.7,7.0,5.2,7.0,7.7,7.2,5.2,5.1,7.7,6.7,7.9,7.9,5.3,5.1] new: [....19] [ip4][..tcp] [...192.168.1.34][50030] -> [...65.55.223.33][..443] new: [....20] [ip4][..udp] [...192.168.1.34][60288] -> [....192.168.1.1][...53] detected: [....20] [ip4][..udp] [...192.168.1.34][60288] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] @@ -448,14 +449,15 @@ new: [...225] [ip4][..tcp] [...192.168.1.34][50102] -> [...65.55.223.15][..443] new: [...226] [ip4][..tcp] [...192.168.1.34][50103] -> [....64.4.23.166][..443] analyse: [....22] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.015| 19.851| 1.938| 5.863|34377878.733| 0.000] - [PKTLEN......: 327.000| 405.000| 372.000| 29.200| 851.500| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.015| 19.851| 1.938| 5.863| 34377878.733| 1.700] + [PKTLEN......: 313.000| 391.000| 358.000| 29.200| 851.500| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,3,10,6,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 15.9,16.7,17.0,17.1,15.8,17.0,16.6,16.4,16.8,19850.7,15.7,18.8,14.7,83.2,16.8,19850.7,16.1,16.6,16.9,16.9,16.2,17.0,16.5,16.5,16.9,19850.6,16.3,16.4,16.7,16.7,16.5] - [PKTLENS.....: 333,351,405,397,327,369,401,347,399,393,333,351,405,397,399,393,333,351,405,397,327,369,401,347,399,393,333,351,405,397,327,369] + [PKTLENS.....: 319,337,391,383,313,355,387,333,385,379,319,337,391,383,385,379,319,337,391,383,313,355,387,333,385,379,319,337,391,383,313,355] + [ENTROPIES...: 5.8,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.8,5.7,5.7,5.7,5.7,5.7,5.8,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.8,5.7,5.7,5.8,5.7,5.7] update: [....69] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.24][40001] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [....76] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.21][40004] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [....42] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.33][40011] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] @@ -521,14 +523,15 @@ detected: [...231] [ip4][.icmp] [....192.168.1.1] -> [...192.168.1.34] [ICMP][Network][Acceptable] new: [...232] [ip4][..tcp] [...192.168.1.34][50109] -> [.91.190.216.125][12350] analyse: [...227] [ip4][..tcp] [...192.168.1.34][50108] -> [...157.56.52.28][40009] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.965| 0.176| 0.204|41803.604| 0.000] - [PKTLEN......: 66.000| 1506.000| 178.600| 286.000|81813.500| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.965| 0.176| 0.204| 41803.604| 4.200] + [PKTLEN......: 52.000| 1492.000| 164.600| 286.000| 81813.500| 3.900] [BINS(c->s)..: 10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,1] [IATS(ms)....: 244.0,244.1,0.5,204.3,761.0,964.7,0.5,202.0,201.5,40.2,40.2,162.2,162.2,40.2,40.2,200.9,0.0,201.0,204.1,204.1,0.1,240.8,240.6,207.5,0.0,207.6,3.0,4.5,199.6,198.0,41.6] - [PKTLENS.....: 78,74,66,138,66,123,66,74,74,66,66,102,134,66,66,105,66,69,66,210,66,70,66,675,66,70,66,1506,120,619,549,66] + [PKTLENS.....: 64,60,52,124,52,109,52,60,60,52,52,88,120,52,52,91,52,55,52,196,52,56,52,661,52,56,52,1492,106,605,535,52] + [ENTROPIES...: 4.7,5.2,5.1,6.4,5.1,6.1,5.1,5.5,5.4,5.2,5.1,6.1,6.4,5.1,5.2,6.0,5.1,5.1,5.2,6.8,5.1,5.3,5.1,7.7,5.1,5.2,5.1,7.9,6.3,7.7,7.6,5.0] not-detected: [...227] [ip4][..tcp] [...192.168.1.34][50108] -> [...157.56.52.28][40009] [Unknown][Unrated] new: [...233] [ip4][..tcp] [...192.168.1.34][50110] -> [.91.190.216.125][12350] new: [...234] [ip4][..udp] [...192.168.1.34][13021] -> [..176.26.55.167][63773] @@ -559,14 +562,15 @@ new: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639] new: [...252] [ip4][..tcp] [...192.168.1.34][50122] -> [..81.133.19.185][44431] analyse: [...250] [ip4][..tcp] [...192.168.1.34][50119] -> [....86.31.35.30][59621] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.200| 0.063| 0.061| 3703.968| 0.000] - [PKTLEN......: 66.000| 1249.000| 173.800| 252.000|63524.500| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.200| 0.063| 0.061| 3703.968| 4.200] + [PKTLEN......: 52.000| 1235.000| 159.800| 252.000| 63524.500| 4.000] [BINS(c->s)..: 14,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,1,1,1,0,0,0,1,1,0,0] [IATS(ms)....: 83.4,83.5,0.1,64.1,64.0,0.4,68.5,68.1,2.9,71.2,68.2,199.8,199.7,154.2,154.1,2.6,133.8,131.2,0.2,0.1,0.1,64.3,8.4,55.5,127.9,0.2,0.2,70.5,0.0,70.1,0.2] - [PKTLENS.....: 78,74,66,126,113,66,83,80,66,820,80,66,66,70,1249,66,623,166,144,94,133,123,66,66,146,66,94,87,361,66,66,93] + [PKTLENS.....: 64,60,52,112,99,52,69,66,52,806,66,52,52,56,1235,52,609,152,130,80,119,109,52,52,132,52,80,73,347,52,52,79] + [ENTROPIES...: 4.7,5.3,5.2,6.3,6.2,5.2,5.5,5.4,5.1,7.7,5.5,5.1,5.1,5.3,7.9,5.1,7.6,6.6,6.4,5.7,6.4,6.3,5.2,5.2,6.4,5.2,5.9,5.7,7.3,5.2,5.1,5.7] not-detected: [...250] [ip4][..tcp] [...192.168.1.34][50119] -> [....86.31.35.30][59621] [Unknown][Unrated] new: [...253] [ip4][..tcp] [...192.168.1.34][50123] -> [...80.14.46.121][.4415] new: [...254] [ip4][..tcp] [...192.168.1.34][50124] -> [..81.133.19.185][44431] @@ -586,14 +590,15 @@ RISK: TLS (probably) Not Carrying HTTPS new: [...261] [ip4][..tcp] [...192.168.1.34][50129] -> [.91.190.218.125][12350] analyse: [...260] [ip4][..tcp] [...192.168.1.34][50128] -> [..17.172.100.36][..443] [TLS.AppleiCloud][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.605| 0.068| 0.136|18472.737| 0.000] - [PKTLEN......: 54.000| 1494.000| 248.900| 350.900|123149.100| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.605| 0.068| 0.136| 18472.737| 3.000] + [PKTLEN......: 40.000| 1480.000| 234.900| 350.900| 123149.100| 3.900] [BINS(c->s)..: 9,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,3,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1] [IATS(ms)....: 148.7,148.8,0.8,151.6,0.0,0.0,150.8,0.0,0.2,0.0,31.5,0.1,153.3,0.7,32.6,5.2,16.8,0.0,176.7,0.1,2.1,1.5,0.0,3.5,0.0,449.5,0.1,604.7,5.5,16.5,0.0] - [PKTLENS.....: 78,60,54,287,60,146,91,54,54,60,91,680,620,60,60,60,60,387,90,54,54,1494,1221,80,54,54,673,632,60,60,387,90] + [PKTLENS.....: 64,46,40,273,46,132,77,40,40,46,77,666,606,46,46,46,46,373,76,40,40,1480,1207,66,40,40,659,618,46,46,373,76] + [ENTROPIES...: 4.6,5.0,4.8,6.0,4.6,6.1,5.8,4.8,4.8,4.8,5.7,7.7,7.7,4.6,4.6,4.7,4.5,7.4,5.7,4.7,4.8,7.9,7.8,5.5,4.8,4.8,7.7,7.6,4.6,4.6,7.4,5.8] update: [...108] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.26][40026] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [...111] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.47][40029] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [...104] [ip4][..udp] [...192.168.1.34][13021] -> [....64.4.23.146][33033] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] @@ -635,14 +640,15 @@ new: [...263] [ip4][..udp] [...192.168.1.34][56387] -> [....192.168.1.1][...53] detected: [...263] [ip4][..udp] [...192.168.1.34][56387] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] analyse: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.782| 0.325| 0.510|259840.393| 0.000] - [PKTLEN......: 66.000| 1190.000| 157.300| 243.100|59118.200| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.782| 0.325| 0.510| 259840.393| 3.600] + [PKTLEN......: 52.000| 1176.000| 143.300| 243.100| 59118.200| 3.900] [BINS(c->s)..: 14,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,1,0] [IATS(ms)....: 60.8,60.9,0.1,60.1,60.0,0.4,72.4,72.0,2.9,63.2,60.3,262.3,262.3,157.4,157.5,3.6,187.8,184.1,1.9,62.9,110.0,171.0,0.2,63.7,63.5,1468.1,1782.0,746.1,1060.0,1410.3,1410.3] - [PKTLENS.....: 78,74,66,111,127,66,82,80,66,819,80,66,66,70,1190,66,623,111,102,86,66,109,66,95,94,66,103,66,104,66,105,66] + [PKTLENS.....: 64,60,52,97,113,52,68,66,52,805,66,52,52,56,1176,52,609,97,88,72,52,95,52,81,80,52,89,52,90,52,91,52] + [ENTROPIES...: 4.7,5.3,5.2,6.0,6.4,5.2,5.6,5.5,5.2,7.8,5.6,5.2,5.2,5.3,7.8,5.2,7.6,6.1,5.9,5.6,5.2,5.9,5.2,5.7,5.8,5.2,5.9,5.2,6.0,5.1,6.0,5.2] not-detected: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639] [Unknown][Unrated] new: [...264] [ip4][..udp] [...192.168.1.34][52714] -> [....192.168.1.1][...53] detected: [...264] [ip4][..udp] [...192.168.1.34][52714] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] @@ -729,14 +735,15 @@ update: [....11] [ip4][..udp] [...192.168.1.34][65045] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] update: [...206] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.145][40027] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] analyse: [...248] [ip4][..tcp] [...192.168.1.34][50117] -> [...71.238.7.203][18767] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 25.524| 1.927| 6.197|38401982.071| 0.000] - [PKTLEN......: 66.000| 1090.000| 156.500| 232.300|53983.100| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 25.524| 1.927| 6.197| 38401982.071| 2.000] + [PKTLEN......: 52.000| 1076.000| 142.500| 232.300| 53983.100| 4.000] [BINS(c->s)..: 14,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,1,0] [IATS(ms)....: 228.1,228.2,0.1,219.6,219.5,0.4,214.5,214.2,209.7,209.7,0.1,381.8,2061.0,2011.7,148.2,480.5,212.1,212.2,3.6,275.2,271.5,0.2,220.2,0.0,220.1,0.1,216.1,216.0,136.2,25387.6,25523.8] - [PKTLENS.....: 78,78,66,123,101,66,83,80,66,80,66,70,66,843,66,1090,66,156,66,623,108,134,93,66,112,66,95,122,66,66,81,66] + [PKTLENS.....: 64,64,52,109,87,52,69,66,52,66,52,56,52,829,52,1076,52,142,52,609,94,120,79,52,98,52,81,108,52,52,67,52] + [ENTROPIES...: 4.6,4.7,4.9,6.2,5.9,5.3,5.7,5.6,5.3,5.7,5.3,5.3,5.2,7.8,5.1,7.8,5.2,6.5,5.1,7.7,5.9,6.4,5.9,5.2,6.1,5.2,5.9,6.1,5.3,5.3,5.8,5.3] not-detected: [...248] [ip4][..tcp] [...192.168.1.34][50117] -> [...71.238.7.203][18767] [Unknown][Unrated] new: [...274] [ip4][..udp] [...192.168.1.34][56886] -> [239.255.255.250][.1900] detected: [...274] [ip4][..udp] [...192.168.1.34][56886] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] @@ -984,14 +991,15 @@ update: [....25] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.155][40020] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [....32] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.235.176][40022] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] analyse: [...283] [ip4][..tcp] [...192.168.1.34][50138] -> [...71.238.7.203][18767] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 30.126| 1.349| 5.301|28102044.418| 0.000] - [PKTLEN......: 66.000| 1090.000| 155.400| 232.500|54056.900| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 30.126| 1.349| 5.301| 28102044.418| 1.900] + [PKTLEN......: 52.000| 1076.000| 141.400| 232.500| 54056.900| 4.000] [BINS(c->s)..: 15,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,0,1,1,0,1,0,0] [IATS(ms)....: 214.7,214.8,0.1,223.5,223.4,0.4,217.5,217.2,213.6,213.7,0.1,315.3,2988.5,3022.2,145.3,494.2,215.9,215.9,3.6,275.6,272.1,0.2,291.4,291.1,0.2,75.0,137.0,211.9,164.3,30125.6,821.1] - [PKTLENS.....: 78,78,66,106,101,66,83,80,66,80,66,70,66,842,66,1090,66,156,66,622,101,146,95,111,66,95,66,114,66,66,66,66] + [PKTLENS.....: 64,64,52,92,87,52,69,66,52,66,52,56,52,828,52,1076,52,142,52,608,87,132,81,97,52,81,52,100,52,52,52,52] + [ENTROPIES...: 4.7,4.7,4.9,6.0,6.0,5.3,5.7,5.7,5.3,5.7,5.3,5.3,5.3,7.7,5.4,7.8,5.1,6.6,5.2,7.6,6.1,6.5,5.9,6.2,5.2,5.8,5.2,6.2,5.2,5.3,5.2,5.3] not-detected: [...283] [ip4][..tcp] [...192.168.1.34][50138] -> [...71.238.7.203][18767] [Unknown][Unrated] not-detected: [...221] [ip4][..tcp] [...192.168.1.34][50098] -> [...65.55.223.15][40026] [Unknown][Unrated] end: [...221] [ip4][..tcp] [...192.168.1.34][50098] -> [...65.55.223.15][40026] diff --git a/test/results/flow-info/skype_no_unknown.pcap.out b/test/results/flow-info/skype_no_unknown.pcap.out index 02fbc6224..a057e2974 100644 --- a/test/results/flow-info/skype_no_unknown.pcap.out +++ b/test/results/flow-info/skype_no_unknown.pcap.out @@ -46,14 +46,15 @@ detected: [....19] [ip4][..tcp] [.17.143.160.149][.5223] -> [...192.168.1.34][50407] [TLS.Apple][Web][Safe] RISK: Known Proto on Non Std Port analyse: [....13] [ip4][..tcp] [...192.168.1.34][51230] -> [.157.56.126.211][..443] [TLS.Skype_Teams][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.302| 0.085| 0.091| 8331.101| 0.000] - [PKTLEN......: 66.000| 1506.000| 371.800| 468.900|219872.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.302| 0.085| 0.091| 8331.101| 4.100] + [PKTLEN......: 52.000| 1492.000| 357.800| 468.900| 219872.600| 4.000] [BINS(c->s)..: 9,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,1] [IATS(ms)....: 75.6,75.7,27.5,108.8,0.2,81.5,75.6,0.8,76.4,15.4,302.2,286.8,74.7,74.7,0.5,91.1,90.5,1.7,83.6,81.9,0.3,247.1,246.9,0.3,0.2,0.3,92.3,92.0,289.8,38.7,0.0] - [PKTLENS.....: 78,70,66,160,1506,86,66,1506,864,66,173,66,125,125,66,295,247,66,695,247,66,263,759,66,279,66,631,167,1383,66,1506,71] + [PKTLENS.....: 64,56,52,146,1492,72,52,1492,850,52,159,52,111,111,52,281,233,52,681,233,52,249,745,52,265,52,617,153,1369,52,1492,57] + [ENTROPIES...: 4.6,5.2,5.2,5.7,7.0,5.6,5.1,7.5,7.7,5.1,6.7,5.2,6.0,6.1,5.1,7.3,7.0,5.1,7.7,7.0,5.1,7.2,7.7,5.2,7.2,5.2,7.7,6.6,7.9,5.2,7.9,5.3] new: [....20] [ip4][..udp] [...192.168.1.34][50055] -> [....192.168.1.1][...53] detected: [....20] [ip4][..udp] [...192.168.1.34][50055] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] new: [....21] [ip4][..udp] [...192.168.1.34][51753] -> [....192.168.1.1][...53] @@ -62,14 +63,15 @@ new: [....23] [ip4][..tcp] [...192.168.1.34][51227] -> [..17.172.100.36][..443] [MIDSTREAM] detected: [....23] [ip4][..tcp] [...192.168.1.34][51227] -> [..17.172.100.36][..443] [TLS.Apple][Web][Safe] analyse: [....23] [ip4][..tcp] [...192.168.1.34][51227] -> [..17.172.100.36][..443] [TLS.Apple][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.077| 0.169| 0.340|115831.161| 0.000] - [PKTLEN......: 54.000| 680.000| 238.900| 252.700|63877.700| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.077| 0.169| 0.340| 115831.161| 2.700] + [PKTLEN......: 40.000| 666.000| 224.900| 252.700| 63877.700| 4.200] [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,3,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0] [IATS(ms)....: 0.1,141.8,4.6,11.8,0.0,158.2,1.4,0.0,1.4,933.1,0.1,1077.4,3.9,16.1,0.0,164.2,1.9,0.0,1.8,866.4,0.1,1010.6,5.0,11.8,160.8,0.2,0.1] - [PKTLENS.....: 680,622,60,60,387,90,54,54,656,80,54,54,673,630,60,60,387,90,54,54,661,80,54,54,677,556,60,60,387,54,90,54] + [PKTLENS.....: 666,608,46,46,373,76,40,40,642,66,40,40,659,616,46,46,373,76,40,40,647,66,40,40,663,542,46,46,373,40,76,40] + [ENTROPIES...: 7.7,7.7,4.7,4.5,7.4,5.7,4.8,4.9,7.6,5.6,4.8,4.8,7.7,7.7,4.6,4.6,7.5,5.7,4.8,4.8,7.7,5.6,4.8,4.9,7.7,7.6,4.6,4.5,7.4,4.8,5.8,4.8] new: [....24] [ip4][..udp] [...192.168.1.34][..137] -> [..192.168.1.255][..137] detected: [....24] [ip4][..udp] [...192.168.1.34][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] new: [....25] [ip4][..udp] [....192.168.1.1][..137] -> [...192.168.1.34][..137] @@ -464,14 +466,15 @@ new: [...227] [ip4][..tcp] [...192.168.1.34][51284] -> [.91.190.218.125][12350] new: [...228] [ip4][..tcp] [...192.168.1.34][51285] -> [.91.190.218.125][12350] analyse: [...210] [ip4][..tcp] [...192.168.1.34][51279] -> [..111.221.74.48][40008] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.297| 0.245| 0.278|77244.252| 0.000] - [PKTLEN......: 66.000| 1506.000| 180.600| 288.600|83264.900| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.297| 0.245| 0.278| 77244.252| 4.100] + [PKTLEN......: 52.000| 1492.000| 166.600| 288.600| 83264.900| 3.900] [BINS(c->s)..: 11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0] [IATS(ms)....: 1006.2,1296.9,290.8,0.6,292.8,2.2,294.3,0.5,293.3,292.8,39.6,39.6,253.3,253.3,40.1,40.1,350.4,0.0,350.4,293.9,293.9,0.1,334.3,334.2,300.0,0.0,300.0,2.1,4.2,292.4,290.3] - [PKTLENS.....: 78,78,74,66,116,66,169,66,74,74,66,66,112,95,66,66,105,66,69,66,210,66,70,66,675,66,70,66,1506,120,617,609] + [PKTLENS.....: 64,64,60,52,102,52,155,52,60,60,52,52,98,81,52,52,91,52,55,52,196,52,56,52,661,52,56,52,1492,106,603,595] + [ENTROPIES...: 4.6,4.7,5.4,5.2,6.1,5.3,6.7,5.2,5.4,5.4,5.2,5.2,6.3,6.0,5.2,5.1,6.2,5.3,5.2,5.3,6.9,5.2,5.3,5.2,7.7,5.2,5.3,5.2,7.9,6.2,7.7,7.6] not-detected: [...210] [ip4][..tcp] [...192.168.1.34][51279] -> [..111.221.74.48][40008] [Unknown][Unrated] new: [...229] [ip4][..tcp] [...192.168.1.34][51286] -> [.91.190.218.125][..443] new: [...230] [ip4][..udp] [...192.168.1.34][13021] -> [.174.49.171.224][32011] @@ -531,14 +534,15 @@ new: [...251] [ip4][..tcp] [...192.168.1.34][51302] -> [.91.190.216.125][..443] new: [...252] [ip4][..tcp] [...192.168.1.34][51303] -> [...80.121.84.93][62381] analyse: [...242] [ip4][..tcp] [...192.168.1.34][51294] -> [...81.83.77.141][17639] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.004| 0.281| 0.501|251090.993| 0.000] - [PKTLEN......: 66.000| 1190.000| 157.200| 243.000|59065.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.004| 0.281| 0.501| 251090.993| 3.500] + [PKTLEN......: 52.000| 1176.000| 143.200| 243.000| 59065.600| 3.900] [BINS(c->s)..: 13,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1] [IATS(ms)....: 69.8,69.9,0.1,64.1,63.9,0.4,65.4,65.0,2.0,66.7,64.9,268.0,267.9,126.5,126.5,3.7,173.4,169.7,0.2,68.9,95.7,164.4,0.2,67.0,66.9,198.4,1936.2,2004.1,795.9,1062.3,592.6] - [PKTLENS.....: 78,74,66,131,94,66,82,80,66,818,80,66,66,70,1190,66,622,109,110,92,66,109,66,93,87,66,66,104,66,105,66,111] + [PKTLENS.....: 64,60,52,117,80,52,68,66,52,804,66,52,52,56,1176,52,608,95,96,78,52,95,52,79,73,52,52,90,52,91,52,97] + [ENTROPIES...: 4.6,5.3,5.2,6.3,5.7,5.2,5.6,5.6,5.2,7.7,5.6,5.2,5.2,5.3,7.8,5.2,7.7,6.1,6.2,5.7,5.1,6.0,5.1,5.9,5.7,5.2,5.2,6.0,5.2,6.0,5.2,6.1] not-detected: [...242] [ip4][..tcp] [...192.168.1.34][51294] -> [...81.83.77.141][17639] [Unknown][Unrated] new: [...253] [ip4][..tcp] [...192.168.1.34][51305] -> [...149.13.32.15][13392] new: [...254] [ip4][..tcp] [...192.168.1.34][51306] -> [...80.121.84.93][62381] @@ -619,14 +623,15 @@ new: [...266] [ip4][..udp] [...192.168.1.34][13021] -> [..133.236.67.25][49195] detected: [...266] [ip4][..udp] [...192.168.1.34][13021] -> [..133.236.67.25][49195] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] analyse: [....49] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 19.857| 1.935| 5.865|34398418.239| 0.000] - [PKTLEN......: 327.000| 405.000| 370.700| 29.100| 844.300| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 19.857| 1.935| 5.865| 34398418.239| 1.700] + [PKTLEN......: 313.000| 391.000| 356.700| 29.100| 844.300| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,4,9,7,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 0.6,0.6,0.5,0.5,0.5,99.7,0.6,0.6,0.6,19856.6,16.2,17.0,16.6,16.5,16.7,19850.6,16.2,16.5,16.7,16.7,16.6,17.0,16.6,16.7,16.6,19850.6,16.0,16.7,16.8,16.7,16.6] - [PKTLENS.....: 333,351,405,397,327,369,401,347,399,393,327,369,401,347,399,393,333,351,405,397,327,369,401,347,399,393,333,351,405,397,327,369] + [PKTLENS.....: 319,337,391,383,313,355,387,333,385,379,313,355,387,333,385,379,319,337,391,383,313,355,387,333,385,379,319,337,391,383,313,355] + [ENTROPIES...: 5.8,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.8,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.8,5.7,5.7,5.7,5.7,5.7] new: [...267] [ip4][..tcp] [...192.168.1.34][51319] -> [...212.161.8.36][13392] idle: [...233] [ip4][..udp] [...192.168.1.34][13021] -> [189.188.134.174][22436] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] guessed: [....75] [ip4][..tcp] [...192.168.1.34][51240] -> [..111.221.74.45][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/smb_deletefile.pcap.out b/test/results/flow-info/smb_deletefile.pcap.out index ba7c7efd1..01666965f 100644 --- a/test/results/flow-info/smb_deletefile.pcap.out +++ b/test/results/flow-info/smb_deletefile.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][System][Acceptable] analyse: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][System][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.158| 0.143| 0.529|280112.169| 0.000] - [PKTLEN......: 54.000| 554.000| 266.600| 190.900|36432.900| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.158| 0.143| 0.529| 280112.169| 1.200] + [PKTLEN......: 40.000| 540.000| 252.600| 190.900| 36432.900| 4.500] [BINS(c->s)..: 10,0,0,2,0,0,0,1,0,0,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,1,2,0,0,0,0,0,1,0,1,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1] [IATS(ms)....: 1.2,1.2,2157.3,2158.4,1.2,0.1,1.3,1.2,7.5,9.4,1.9,0.1,0.1,0.1,0.0,0.5,0.2,0.6,5.6,5.6,4.7,5.9,1.1,0.1,1.2,1.1,0.1,1.0,0.9,26.0,26.9] - [PKTLENS.....: 434,554,54,378,522,54,394,538,54,466,180,54,554,54,158,154,60,158,54,130,54,394,538,54,434,410,54,298,370,54,402,466] + [PKTLENS.....: 420,540,40,364,508,40,380,524,40,452,166,40,540,40,144,140,46,144,40,116,40,380,524,40,420,396,40,284,356,40,388,452] + [ENTROPIES...: 3.1,3.4,4.5,2.7,3.0,4.5,2.9,3.2,4.5,3.0,3.5,4.5,2.9,4.5,3.5,3.2,4.4,3.7,4.5,3.4,4.5,2.9,3.2,4.5,3.1,2.8,4.5,2.8,3.0,4.5,2.6,3.0] idle: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][System][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/smtp-starttls.pcap.out b/test/results/flow-info/smtp-starttls.pcap.out index 545966bd0..2c1fefa27 100644 --- a/test/results/flow-info/smtp-starttls.pcap.out +++ b/test/results/flow-info/smtp-starttls.pcap.out @@ -11,14 +11,15 @@ detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Email][Acceptable] RISK: Obsolete TLS (v1.1 or older) analyse: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Email][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.157| 0.030| 0.035| 1204.841| 0.000] - [PKTLEN......: 66.000| 1484.000| 254.300| 368.100|135468.500| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.157| 0.030| 0.035| 1204.841| 4.200] + [PKTLEN......: 52.000| 1470.000| 240.300| 368.100| 135468.500| 4.000] [BINS(c->s)..: 9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1] [IATS(ms)....: 11.2,11.2,11.9,11.8,0.1,11.2,39.2,67.1,28.2,11.5,12.2,0.3,12.3,0.0,24.8,37.9,13.5,11.9,11.6,11.6,11.8,51.4,103.7,157.0,13.6,11.5,11.1,16.4,67.3,42.9,94.1] - [PKTLENS.....: 74,74,66,117,66,94,66,220,76,96,178,1484,1484,66,919,380,276,119,231,127,131,127,66,172,752,66,94,66,142,66,97,147] + [PKTLENS.....: 60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133] + [ENTROPIES...: 4.5,5.2,4.9,5.7,4.9,4.9,5.0,5.8,5.1,5.4,5.2,6.6,7.4,4.9,7.2,7.3,6.9,6.0,6.9,6.1,6.2,6.2,4.9,6.5,7.7,4.9,5.6,4.9,6.3,4.8,5.6,6.3] DAEMON-EVENT: [Processed: 36 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] new: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] @@ -28,14 +29,15 @@ detection-update: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Email][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS analyse: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Email][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.203| 0.019| 0.049| 2372.381| 0.000] - [PKTLEN......: 78.000| 1218.000| 198.500| 257.100|66086.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.203| 0.019| 0.049| 2372.381| 2.800] + [PKTLEN......: 60.000| 1200.000| 180.500| 257.100| 66086.800| 4.200] [BINS(c->s)..: 7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0] [IATS(ms)....: 0.7,1.0,19.0,29.5,11.1,0.1,1.2,1.0,1.0,6.1,12.8,0.6,8.6,202.0,202.9,1.0,7.3,6.8,7.3,7.3,1.2,2.1,3.0,0.4,21.0,21.8,1.0,6.8,0.0,6.8,0.7] - [PKTLENS.....: 90,90,78,136,128,78,230,88,108,260,1218,204,157,336,245,78,167,121,141,121,113,144,78,1112,78,143,113,122,109,78,109,78] + [PKTLENS.....: 72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60] + [ENTROPIES...: 4.3,5.0,4.6,5.6,5.4,4.8,5.6,4.9,5.2,5.4,7.6,6.2,5.9,7.2,6.9,4.7,6.1,5.7,5.6,5.7,5.2,6.1,4.8,7.8,4.8,6.1,5.1,5.8,5.0,4.6,5.5,4.4] end: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Email][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS end: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Email][Acceptable] diff --git a/test/results/flow-info/smtp.pcap.out b/test/results/flow-info/smtp.pcap.out index 05b638bd4..1f2f6a83f 100644 --- a/test/results/flow-info/smtp.pcap.out +++ b/test/results/flow-info/smtp.pcap.out @@ -4,13 +4,14 @@ new: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] detected: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Email][Acceptable] analyse: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Email][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.055| 0.006| 0.012| 143.094| 0.000] - [PKTLEN......: 60.000| 138.000| 87.600| 15.200| 230.100| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.055| 0.006| 0.012| 143.094| 3.200] + [PKTLEN......: 46.000| 124.000| 73.600| 15.200| 230.100| 5.000] [BINS(c->s)..: 5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 0.3,1.1,19.7,31.1,24.6,55.1,2.2,21.4,1.1,1.2,1.1,1.2,1.2,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.1,1.0,1.0,1.1,1.1,1.1,1.1] - [PKTLENS.....: 60,60,60,138,60,76,60,80,76,98,90,97,93,92,93,92,94,93,93,92,93,92,94,93,92,91,91,90,94,93,92,91] + [PKTLENS.....: 46,46,46,124,46,62,46,66,62,84,76,83,79,78,79,78,80,79,79,78,79,78,80,79,78,77,77,76,80,79,78,77] + [ENTROPIES...: 4.2,5.0,4.4,5.6,4.4,5.4,4.4,5.4,5.4,5.5,5.5,5.5,5.5,5.6,5.5,5.6,5.6,5.6,5.5,5.6,5.5,5.6,5.5,5.5,5.5,5.5,5.5,5.5,5.5,5.6,5.5,5.5] end: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Email][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/snapchat_call.pcapng.out b/test/results/flow-info/snapchat_call.pcapng.out index ec0741abf..4750e02ce 100644 --- a/test/results/flow-info/snapchat_call.pcapng.out +++ b/test/results/flow-info/snapchat_call.pcapng.out @@ -7,14 +7,15 @@ detection-update: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][VoIP][Acceptable] RISK: Missing SNI TLS Extn analyse: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.447| 0.221| 0.397|157833.134| 0.000] - [PKTLEN......: 62.000| 1392.000| 345.900| 468.500|219532.900| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.447| 0.221| 0.397| 157833.134| 3.200] + [PKTLEN......: 48.000| 1378.000| 331.900| 468.500| 219532.900| 3.900] [BINS(c->s)..: 4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1] [IATS(ms)....: 16.8,0.1,30.4,0.1,24.2,5.1,0.0,0.0,20.3,29.1,5.5,0.1,0.0,0.2,2.1,54.4,0.0,0.0,507.6,1447.3,48.7,53.5,57.9,1172.7,3.3,7.5,379.7,803.5,440.1,1155.7,589.8] - [PKTLENS.....: 1392,1392,1392,1392,625,78,1392,62,428,70,86,80,80,80,201,100,62,62,62,86,351,303,351,303,86,70,70,86,70,86,86,86] + [PKTLENS.....: 1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72] + [ENTROPIES...: 2.2,7.7,4.7,4.0,7.7,5.2,7.8,5.4,7.4,5.4,5.7,5.6,5.7,5.6,6.8,6.0,5.3,5.3,5.2,5.5,7.4,7.2,7.4,7.2,5.6,5.4,5.3,5.7,5.1,5.6,5.6,5.7] idle: [.....1] [ip4][..udp] [.192.168.12.169][42083] -> [.18.184.138.142][..443] [QUIC.SnapchatCall][VoIP][Acceptable] RISK: Missing SNI TLS Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/softether.pcap.out b/test/results/flow-info/softether.pcap.out index c7d46b532..395625caf 100644 --- a/test/results/flow-info/softether.pcap.out +++ b/test/results/flow-info/softether.pcap.out @@ -72,14 +72,15 @@ DAEMON-EVENT: [Processed: 130 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 29] analyse: [.....6] [ip4][..udp] [..192.168.2.100][51381] -> [..130.158.6.113][.5004] [Softether][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.257| 1566.080| 36.711| 451.865|204182401654.456| 0.000] - [PKTLEN......: 43.000| 522.000| 104.300| 132.500|17556.200| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.257| 1566.080| 36.711| 451.865|204182401654.456| 2.700] + [PKTLEN......: 29.000| 508.000| 90.300| 132.500| 17556.200| 4.100] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1] [IATS(ms)....: 257.0,27676.0,27674.0,26195.0,26194.0,26159.0,26161.0,10299.0,10301.0,14858.0,14853.0,27814.0,27815.0,25788.0,1540291.2,1566080.2,18689.0,18689.0,5427.0,5426.0,27856.0,27856.0,26072.0,26072.0,26524.0,26524.0,24993.0,24993.0,25093.0,862645.0,887738.0] - [PKTLENS.....: 43,70,43,70,43,70,43,70,522,370,43,70,43,70,43,43,70,522,370,43,70,43,70,43,70,43,70,43,70,43,43,70] + [PKTLENS.....: 29,56,29,56,29,56,29,56,508,356,29,56,29,56,29,29,56,508,356,29,56,29,56,29,56,29,56,29,56,29,29,56] + [ENTROPIES...: 4.5,5.1,4.6,5.1,4.6,5.0,4.6,5.1,5.0,4.5,4.6,5.1,4.5,5.0,4.6,4.6,5.0,5.0,4.5,4.6,5.0,4.6,5.1,4.5,5.1,4.6,5.1,4.6,5.1,4.6,4.6,5.0] update: [.....6] [ip4][..udp] [..192.168.2.100][51381] -> [..130.158.6.113][.5004] [Softether][VPN][Acceptable] update: [.....6] [ip4][..udp] [..192.168.2.100][51381] -> [..130.158.6.113][.5004] [Softether][VPN][Acceptable] update: [.....6] [ip4][..udp] [..192.168.2.100][51381] -> [..130.158.6.113][.5004] [Softether][VPN][Acceptable] diff --git a/test/results/flow-info/ssh.pcap.out b/test/results/flow-info/ssh.pcap.out index 8764b9f0e..950e8406e 100644 --- a/test/results/flow-info/ssh.pcap.out +++ b/test/results/flow-info/ssh.pcap.out @@ -13,14 +13,15 @@ detection-update: [.....1] [ip4][..tcp] [...172.16.238.1][58395] -> [.172.16.238.168][...22] [SSH][RemoteAccess][Acceptable] RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher analyse: [.....1] [ip4][..tcp] [...172.16.238.1][58395] -> [.172.16.238.168][...22] [SSH][RemoteAccess][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.907| 0.395| 0.889|789856.780| 0.000] - [PKTLEN......: 66.000| 970.000| 172.700| 230.100|52961.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.907| 0.395| 0.889| 789856.780| 2.500] + [PKTLEN......: 52.000| 956.000| 158.700| 230.100| 52961.800| 4.100] [BINS(c->s)..: 12,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0] [IATS(ms)....: 0.0,0.0,8.1,8.1,0.3,0.8,0.5,0.1,1.5,1.6,0.3,1.8,1.6,1.6,14.7,13.1,1.8,42.3,40.5,0.2,0.3,0.4,0.3,40.6,51.2,91.6,2632.3,2632.6,1868.8,1869.1,2907.1] - [PKTLENS.....: 78,74,66,87,66,87,66,970,66,850,66,90,218,66,210,786,66,82,66,114,66,114,66,130,66,146,66,210,66,146,66,210] + [PKTLENS.....: 64,60,52,73,52,73,52,956,52,836,52,76,204,52,196,772,52,68,52,100,52,100,52,116,52,132,52,196,52,132,52,196] + [ENTROPIES...: 4.5,5.0,4.9,5.4,4.9,5.4,4.9,5.1,4.9,5.2,4.9,4.4,6.5,5.0,6.7,7.5,4.9,4.5,4.8,6.0,4.9,6.0,4.9,6.3,4.9,6.4,4.9,6.8,4.9,6.3,4.9,6.8] end: [.....1] [ip4][..tcp] [...172.16.238.1][58395] -> [.172.16.238.168][...22] [SSH][RemoteAccess][Acceptable] RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/starcraft_battle.pcap.out b/test/results/flow-info/starcraft_battle.pcap.out index 5202c90d9..f8ddecc44 100644 --- a/test/results/flow-info/starcraft_battle.pcap.out +++ b/test/results/flow-info/starcraft_battle.pcap.out @@ -42,14 +42,15 @@ detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer, Suspicious DGA Domain name analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.072| 0.012| 0.024| 562.008| 0.000] - [PKTLEN......: 54.000| 1514.000| 699.500| 719.000|516967.300| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.072| 0.012| 0.024| 562.008| 2.800] + [PKTLEN......: 40.000| 1500.000| 685.500| 719.000| 516967.300| 4.100] [BINS(c->s)..: 15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 58.1,58.1,0.1,58.2,14.3,72.4,0.1,0.1,0.2,0.2,0.1,0.2,0.2,0.2,0.2,0.2,0.1,0.1,0.2,0.2,56.8,56.9,0.2,0.2,0.2,0.2,0.2,0.1,0.1,0.1,0.2] - [PKTLENS.....: 66,66,54,241,60,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514,54,1514] + [PKTLENS.....: 52,52,40,227,46,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500] + [ENTROPIES...: 4.6,4.9,4.7,5.8,4.5,5.3,4.7,5.1,4.6,5.2,4.7,5.1,4.7,5.1,4.6,5.2,4.6,5.2,4.6,5.1,4.7,5.2,4.7,5.1,4.7,5.1,4.7,5.2,4.7,5.2,4.7,5.1] new: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] detected: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Game][Fun] new: [....17] [ip4][..tcp] [..192.168.1.100][.3492] -> [...2.228.46.104][..443] [MIDSTREAM] @@ -86,14 +87,15 @@ detected: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Game][Fun] detected: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Web][Acceptable] analyse: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Game][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.166| 0.038| 0.053| 2837.592| 0.000] - [PKTLEN......: 54.000| 797.000| 116.400| 136.000|18494.500| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.166| 0.038| 0.053| 2837.592| 3.600] + [PKTLEN......: 40.000| 783.000| 102.400| 136.000| 18494.500| 4.300] [BINS(c->s)..: 23,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 52.5,52.6,94.6,145.7,24.3,95.1,95.9,166.3,70.9,49.6,160.3,31.2,128.6,15.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] - [PKTLENS.....: 66,60,54,156,60,797,54,234,317,54,249,60,122,56,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77] + [PKTLENS.....: 52,46,40,142,46,783,40,220,303,40,235,46,108,42,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63] + [ENTROPIES...: 4.5,4.6,4.7,5.4,4.5,7.8,5.0,7.1,7.2,4.9,6.2,4.7,5.0,4.8,5.6,5.5,5.6,5.6,5.6,5.7,5.5,5.5,5.5,5.7,5.7,5.7,5.5,5.6,5.6,5.7,5.6,5.6] new: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] new: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119] new: [....36] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.212][.1119] @@ -129,14 +131,15 @@ detected: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] detected: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] analyse: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.034| 0.007| 0.013| 169.003| 0.000] - [PKTLEN......: 54.000| 1514.000| 880.800| 718.400|516058.300| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.007| 0.013| 169.003| 2.900] + [PKTLEN......: 40.000| 1500.000| 866.800| 718.400| 516058.300| 4.300] [BINS(c->s)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] [IATS(ms)....: 32.5,32.5,1.6,34.3,1.1,0.1,33.9,0.2,0.1,0.3,0.1,0.3,0.4,0.2,0.1,0.3,0.1,0.1,0.2,0.1,0.6,0.7,0.1,0.1,0.2,0.1,0.1,0.3,32.9,0.3,33.2] - [PKTLENS.....: 66,66,54,203,60,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54,1514,1514,54] + [PKTLENS.....: 52,52,40,189,46,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40] + [ENTROPIES...: 4.5,4.8,4.7,5.8,4.5,5.9,7.7,4.7,7.8,7.8,4.7,7.8,7.7,4.7,7.7,7.8,4.7,7.8,7.8,4.7,7.8,7.8,4.7,7.7,7.8,4.7,7.8,7.7,4.7,7.8,7.8,4.7] guessed: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119] [Starcraft][Game][Fun] idle: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119] guessed: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228] [Google][Web][Acceptable] diff --git a/test/results/flow-info/stun.pcap.out b/test/results/flow-info/stun.pcap.out index e6bd50f82..ca430e2e9 100644 --- a/test/results/flow-info/stun.pcap.out +++ b/test/results/flow-info/stun.pcap.out @@ -6,14 +6,15 @@ update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] analyse: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.003| 10.359| 9.105| 2.980|8880623.976| 0.000] - [PKTLEN......: 82.000| 106.000| 94.000| 12.000| 144.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.003| 10.359| 9.105| 2.980| 8880623.976| 4.800] + [PKTLEN......: 68.000| 92.000| 80.000| 12.000| 144.000| 5.000] [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 6.9,10132.2,10132.3,10358.5,2.9,10358.5,2.9,10055.4,10055.5,10056.9,10056.9,10057.2,10057.2,10053.9,10054.0,10069.5,10069.5,10027.1,10027.1,10027.3,10027.3,10064.0,10063.9,10098.3,10098.4,10035.5,10035.4,10061.4,10061.4,10028.4,10028.3] - [PKTLENS.....: 82,106,82,106,82,82,106,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106,82,106] + [PKTLENS.....: 68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92] + [ENTROPIES...: 5.4,5.5,5.4,5.5,5.5,5.5,5.5,5.5,5.5,5.6,5.5,5.6,5.4,5.6,5.5,5.6,5.4,5.5,5.5,5.5,5.4,5.6,5.4,5.5,5.5,5.6,5.5,5.6,5.5,5.5,5.4,5.5] update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] DAEMON-EVENT: [Processed: 42 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] @@ -21,14 +22,15 @@ detected: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 6.004| 0.447| 1.463|2139022.033| 0.000] - [PKTLEN......: 70.000| 182.000| 153.600| 32.100| 1033.400| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 6.004| 0.447| 1.463| 2139022.033| 1.900] + [PKTLEN......: 56.000| 168.000| 139.600| 32.100| 1033.400| 5.000] [BINS(c->s)..: 1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1] [IATS(ms)....: 11.5,15.6,15.9,6004.4,4.7,5997.4,4.5,7.5,7.1,108.4,344.5,499.2,68.5,0.2,19.7,29.0,92.2,23.6,96.4,1.6,50.3,48.3,0.3,50.1,3.3,0.0,52.9,0.4,9.7,44.9,232.2] - [PKTLENS.....: 70,146,178,118,182,182,154,182,154,86,178,178,174,182,142,86,178,142,174,142,178,174,142,178,142,174,142,182,142,86,174,174] + [PKTLENS.....: 56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160] + [ENTROPIES...: 4.9,5.6,5.9,5.8,5.9,6.0,5.6,5.8,5.5,5.6,5.9,6.0,6.0,5.9,5.8,5.5,6.0,5.9,6.0,5.9,5.9,6.0,5.8,6.0,5.9,6.0,5.9,5.9,5.8,5.6,6.1,6.0] idle: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] DAEMON-EVENT: [Processed: 117 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] @@ -41,14 +43,15 @@ new: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] detected: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][VoIP][Acceptable] analyse: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.836| 0.131| 0.227|51553.292| 0.000] - [PKTLEN......: 76.000| 1240.000| 193.200| 221.300|48965.100| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.836| 0.131| 0.227| 51553.292| 3.400] + [PKTLEN......: 62.000| 1226.000| 179.200| 221.300| 48965.100| 4.400] [BINS(c->s)..: 0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0] [IATS(ms)....: 22.9,25.6,18.8,27.0,9.0,16.5,8.2,0.0,96.0,9.4,96.1,13.9,9.7,14.0,0.0,0.0,28.4,12.0,233.2,17.4,835.9,625.3,352.7,699.8,203.7,550.7,72.1,9.0,20.6,28.1,14.7] - [PKTLENS.....: 150,134,195,154,1240,588,134,123,612,123,154,159,175,134,155,107,111,107,127,76,107,154,134,76,124,154,134,108,108,109,109,109] + [PKTLENS.....: 136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95] + [ENTROPIES...: 5.9,5.9,5.0,5.9,7.3,6.7,5.8,5.7,7.4,5.7,6.0,6.2,6.4,5.9,6.1,5.4,5.4,5.6,5.9,5.3,5.2,5.9,5.8,5.2,6.1,5.9,6.0,6.1,6.0,5.9,6.1,5.9] idle: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][VoIP][Acceptable] idle: [.....3] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/stun_signal.pcapng.out b/test/results/flow-info/stun_signal.pcapng.out index 53949adcf..9d4189dff 100644 --- a/test/results/flow-info/stun_signal.pcapng.out +++ b/test/results/flow-info/stun_signal.pcapng.out @@ -33,28 +33,30 @@ detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.AmazonAWS][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.679| 0.149| 0.201|40331.911| 0.000] - [PKTLEN......: 70.000| 146.000| 105.900| 24.900| 621.500| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.679| 0.149| 0.201| 40331.911| 3.900] + [PKTLEN......: 56.000| 132.000| 91.900| 24.900| 621.500| 4.900] [BINS(c->s)..: 4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1] [IATS(ms)....: 83.9,0.0,92.5,7.8,46.1,91.4,0.0,37.9,40.0,9.1,41.9,367.7,0.1,441.0,0.0,600.8,610.2,117.9,49.9,49.8,64.2,212.9,679.4,8.7,0.0,503.8,102.9,201.0,101.8,9.3,62.2] - [PKTLENS.....: 138,106,138,106,146,146,106,138,106,106,138,106,98,70,98,70,138,106,98,98,138,106,70,98,70,70,70,138,106,98,70,98] + [PKTLENS.....: 124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84] + [ENTROPIES...: 5.8,5.8,5.9,5.8,5.7,5.6,5.9,5.9,5.8,5.8,5.9,5.8,5.7,5.1,5.8,5.3,5.9,5.8,5.8,5.7,5.9,5.8,5.1,5.8,5.2,5.2,5.1,5.8,5.8,5.6,5.1,5.8] update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][Network][Acceptable] detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 17.079| 1.597| 3.547|12584568.750| 0.000] - [PKTLEN......: 90.000| 138.000| 95.500| 11.600| 133.800| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 17.079| 1.597| 3.547| 12584568.750| 2.800] + [PKTLEN......: 76.000| 124.000| 81.500| 11.600| 133.800| 5.000] [BINS(c->s)..: 0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 4.1,63.0,0.0,180.8,3.5,1499.2,2002.8,0.0,4842.0,0.1,17079.4,30.0,28.1,10.0,178.6,30.7,1472.4,2000.5,31.0,3968.8,29.9,37.3,7.8,7927.3,28.5,35.4,6.5,7931.2,29.2,34.6,5.1] - [PKTLENS.....: 90,90,98,98,90,90,90,90,90,138,138,90,90,98,98,90,90,90,90,90,90,90,98,98,90,90,98,98,90,90,98,98] + [PKTLENS.....: 76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84] + [ENTROPIES...: 5.0,5.2,5.1,5.0,5.1,5.1,5.0,5.0,5.1,5.5,5.7,5.0,5.0,5.0,5.0,4.9,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.1,5.1,5.0,5.0,5.0,5.0,5.1] update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] @@ -89,14 +91,15 @@ detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.665| 0.153| 0.189|35784.253| 0.000] - [PKTLEN......: 70.000| 146.000| 108.200| 24.600| 605.900| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.665| 0.153| 0.189| 35784.253| 4.000] + [PKTLEN......: 56.000| 132.000| 94.200| 24.600| 605.900| 4.900] [BINS(c->s)..: 3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0] [IATS(ms)....: 68.5,0.1,70.3,29.3,44.7,113.4,0.0,43.2,26.5,8.5,31.0,313.6,0.3,410.7,0.0,665.0,630.5,122.5,190.5,61.6,378.1,7.9,325.5,42.2,76.0,424.9,96.8,5.4,434.3,47.7,66.2] - [PKTLENS.....: 138,106,138,106,146,146,106,138,106,106,138,106,98,70,98,70,138,106,138,106,98,98,70,70,70,98,138,98,70,106,138,106] + [PKTLENS.....: 124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92] + [ENTROPIES...: 5.9,5.8,5.9,5.7,5.9,5.8,5.8,6.0,5.8,5.8,5.9,5.8,5.8,5.2,5.7,5.1,5.8,5.8,5.9,5.7,5.7,5.9,5.2,5.1,5.1,5.8,5.9,5.8,5.1,5.8,5.8,5.8] update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable] update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/teams.pcap.out b/test/results/flow-info/teams.pcap.out index ab743f6de..844619d2d 100644 --- a/test/results/flow-info/teams.pcap.out +++ b/test/results/flow-info/teams.pcap.out @@ -20,14 +20,15 @@ detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.030| 0.006| 0.009| 77.930| 0.000] - [PKTLEN......: 54.000| 1506.000| 407.900| 548.100|300365.600| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.030| 0.006| 0.009| 77.930| 3.700] + [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900] [BINS(c->s)..: 10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0] [IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5] - [PKTLENS.....: 78,66,54,264,60,1506,1506,54,1506,54,1506,271,54,212,60,380,54,123,54,147,92,312,92,60,54,60,570,54,1506,1506,685,54] + [PKTLENS.....: 64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40] + [ENTROPIES...: 4.4,4.9,4.5,5.4,4.6,7.4,7.4,4.7,7.5,4.6,7.6,7.1,4.6,6.6,4.6,7.2,4.7,6.0,4.6,6.2,5.1,7.0,5.4,4.6,4.7,4.6,7.6,4.7,7.8,7.8,7.7,4.7] detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS @@ -36,14 +37,15 @@ detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable] detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable] analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.221| 0.032| 0.054| 2931.592| 0.000] - [PKTLEN......: 66.000| 1506.000| 921.900| 687.500|472618.500| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.221| 0.032| 0.054| 2931.592| 3.400] + [PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400] [BINS(c->s)..: 5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0] [BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0] [IATS(ms)....: 43.2,43.3,94.0,139.8,0.2,45.9,0.1,0.1,1.4,46.8,45.4,177.2,0.0,0.0,221.2,44.0,0.0,0.0,0.0,21.3,21.2,0.0,23.0,23.0,0.0,0.0,0.0,1.2,1.2,0.0,0.0] - [PKTLENS.....: 78,74,66,240,1506,1506,66,1389,66,159,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,66,1494,1494,1494,1494,66,1494,1494,1494] + [PKTLENS.....: 64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480] + [ENTROPIES...: 4.4,5.2,4.9,5.6,7.3,7.3,4.9,7.7,4.9,5.9,5.5,4.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9] detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS new: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] @@ -53,23 +55,25 @@ detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.050| 0.018| 0.021| 449.200| 0.000] - [PKTLEN......: 66.000| 1506.000| 694.600| 673.100|453031.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.050| 0.018| 0.021| 449.200| 3.900] + [PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200] [BINS(c->s)..: 7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0] [IATS(ms)....: 45.3,45.4,0.3,49.2,0.0,48.8,0.2,0.2,1.3,46.5,45.3,1.9,0.0,0.0,47.7,45.8,0.0,0.0,0.0,37.7,37.7,0.0,8.0,8.1,0.0,0.7,37.0,7.8,4.3,49.8,1.3] - [PKTLENS.....: 78,74,66,272,1506,1389,78,1506,66,159,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,66,1494,839,66,66,66,511,66,97] + [PKTLENS.....: 64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83] + [ENTROPIES...: 4.3,5.2,5.0,6.0,7.3,7.7,5.1,7.3,5.0,6.0,5.7,5.1,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.8,5.1,5.2,5.2,7.5,5.0,5.3] analyse: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.050| 0.005| 0.010| 94.878| 0.000] - [PKTLEN......: 54.000| 1506.000| 430.000| 569.700|324516.500| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.050| 0.005| 0.010| 94.878| 3.300] + [PKTLEN......: 40.000| 1492.000| 416.000| 569.700| 324516.500| 3.800] [BINS(c->s)..: 8,1,2,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 7,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,0,0,0,0,1,1,0,1,1,1,1,1] [IATS(ms)....: 11.4,11.5,0.2,11.3,2.8,0.1,13.8,0.1,0.1,0.1,0.0,0.1,4.8,15.5,11.8,1.3,0.0,0.2,0.0,0.3,0.2,0.0,0.1,10.9,0.0,10.4,1.7,0.2,0.0,50.4,0.0] - [PKTLENS.....: 78,66,54,268,60,1506,1506,54,1506,54,1506,271,54,212,60,147,380,123,54,54,92,1494,1061,138,60,92,54,60,60,60,1506,1069] + [PKTLENS.....: 64,52,40,254,46,1492,1492,40,1492,40,1492,257,40,198,46,133,366,109,40,40,78,1480,1047,124,46,78,40,46,46,46,1492,1055] + [ENTROPIES...: 4.4,4.9,4.6,5.5,4.5,7.3,7.4,4.7,7.5,4.6,7.6,7.1,4.7,6.5,4.5,6.1,7.2,5.9,4.7,4.6,5.1,7.9,7.8,6.1,4.5,5.4,4.6,4.6,4.6,4.5,7.8,7.8] detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type @@ -143,14 +147,15 @@ detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe] detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe] analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.153| 0.028| 0.040| 1626.047| 0.000] - [PKTLEN......: 66.000| 1506.000| 833.700| 699.200|488828.900| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.153| 0.028| 0.040| 1626.047| 3.600] + [PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300] [BINS(c->s)..: 5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0] [IATS(ms)....: 50.5,50.6,0.3,64.6,72.0,0.2,136.5,0.1,0.1,1.4,68.0,86.2,152.9,2.3,0.0,0.0,46.4,44.1,0.0,0.0,0.0,23.6,23.6,0.0,20.9,20.9,0.0,0.0,0.0,0.8,0.8] - [PKTLENS.....: 78,74,66,272,66,1506,1506,66,1389,66,159,66,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,66,1494,1494,1494,1494,66,1494] + [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] + [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] @@ -159,14 +164,15 @@ detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe] RISK: Known Proto on Non Std Port analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.201| 0.025| 0.047| 2215.159| 0.000] - [PKTLEN......: 54.000| 1506.000| 354.200| 510.300|260451.700| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.201| 0.025| 0.047| 2215.159| 3.200] + [PKTLEN......: 40.000| 1492.000| 340.200| 510.300| 260451.700| 3.800] [BINS(c->s)..: 11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1] [IATS(ms)....: 45.7,45.8,0.2,47.9,0.0,47.7,0.0,0.1,0.2,0.1,0.2,9.9,9.9,3.5,10.4,0.4,51.4,37.1,0.2,0.2,0.2,7.1,7.0,1.3,1.2,79.2,201.4,0.0,0.0,167.5,0.2] - [PKTLENS.....: 78,66,54,273,1506,1506,66,54,54,1506,1506,54,467,54,212,147,517,105,54,123,54,92,92,54,493,54,60,1494,164,220,60,96] + [PKTLENS.....: 64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82] + [ENTROPIES...: 4.4,5.0,4.6,5.4,7.1,7.4,4.7,4.7,4.5,7.6,7.6,4.7,7.5,4.7,6.6,6.1,7.6,5.4,4.6,6.0,4.5,5.2,5.4,4.7,7.5,4.7,4.5,7.9,6.6,6.7,4.5,5.4] new: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] @@ -179,14 +185,15 @@ detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Collaborative][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.115| 0.021| 0.031| 968.681| 0.000] - [PKTLEN......: 66.000| 1506.000| 391.200| 521.700|272149.200| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.115| 0.021| 0.031| 968.681| 3.500] + [PKTLEN......: 52.000| 1492.000| 377.200| 521.700| 272149.200| 3.900] [BINS(c->s)..: 11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] [BINS(s->c)..: 3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1] [IATS(ms)....: 34.2,34.3,0.3,36.9,0.0,36.6,0.0,0.2,0.2,0.1,0.0,0.1,1.0,12.0,0.3,36.0,22.7,0.2,0.2,0.1,10.4,10.3,0.6,0.6,77.1,91.7,0.0,49.1,80.4,115.1,0.2] - [PKTLENS.....: 78,74,66,287,1506,1506,78,66,1506,66,1506,316,66,192,159,547,117,66,135,66,104,104,66,428,66,66,1494,261,66,241,66,1153] + [PKTLENS.....: 64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139] + [ENTROPIES...: 4.3,5.1,4.7,5.5,7.4,7.3,4.8,4.8,7.5,4.7,7.6,7.4,4.8,6.3,6.2,7.5,5.6,4.9,6.0,4.9,5.4,5.5,4.8,7.4,4.9,5.1,7.8,7.0,5.0,6.8,4.7,7.8] ERROR-EVENT: Unknown packet type new: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable] @@ -195,25 +202,27 @@ detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable] analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.010| 0.146| 0.490|239614.050| 0.000] - [PKTLEN......: 54.000| 1506.000| 319.200| 468.100|219152.800| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.010| 0.146| 0.490| 239614.050| 1.700] + [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800] [BINS(c->s)..: 9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1] [IATS(ms)....: 12.7,12.8,0.2,12.4,2.5,0.3,14.9,0.5,0.5,0.2,0.0,0.8,4.9,17.1,1.4,0.0,13.1,0.0,0.2,0.3,0.1,11.8,0.0,11.2,0.1,0.6,112.9,113.7,1998.1,2009.8,174.6] - [PKTLENS.....: 78,66,54,271,60,1506,1506,54,1506,54,1506,195,54,212,60,380,123,54,54,147,92,575,60,92,54,60,60,454,54,356,60,359] + [PKTLENS.....: 64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345] + [ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3] detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] ERROR-EVENT: Unknown packet type analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.540| 0.024| 0.095| 8949.939| 0.000] - [PKTLEN......: 54.000| 1506.000| 345.500| 473.500|224192.200| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.540| 0.024| 0.095| 8949.939| 1.900] + [PKTLEN......: 40.000| 1492.000| 331.500| 473.500| 224192.200| 3.900] [BINS(c->s)..: 9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0] [IATS(ms)....: 11.5,11.6,0.3,11.9,32.5,0.1,44.2,0.2,0.0,0.2,3.8,7.7,0.3,0.1,14.6,1.5,0.0,4.2,0.0,0.3,6.5,0.5,6.7,4.3,9.9,14.2,10.7,10.7,539.6,0.0,0.3] - [PKTLENS.....: 78,66,54,265,60,1506,1506,54,1506,94,54,212,147,592,186,60,380,123,54,54,92,60,92,54,60,703,54,373,54,1494,708,262] + [PKTLENS.....: 64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248] + [ENTROPIES...: 4.4,4.9,4.5,5.4,4.5,6.7,7.5,4.6,7.6,5.7,4.7,6.5,6.2,7.6,6.5,4.5,7.2,5.8,4.6,4.6,5.3,4.5,5.4,4.6,4.5,7.7,4.7,7.3,4.7,7.8,7.7,7.0] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable] new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] @@ -259,14 +268,15 @@ detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.154| 0.015| 0.036| 1274.324| 0.000] - [PKTLEN......: 54.000| 1506.000| 599.700| 671.400|450756.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.154| 0.015| 0.036| 1274.324| 2.800] + [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000] [BINS(c->s)..: 10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1] [IATS(ms)....: 12.9,13.0,0.5,12.4,2.0,1.5,15.4,0.1,0.1,0.1,0.0,0.1,21.6,33.0,11.5,11.7,0.1,11.8,0.6,13.4,140.4,0.7,154.0,0.2,0.2,0.2,0.2,0.5,0.0,0.1,0.2] - [PKTLENS.....: 78,66,54,240,60,1506,1506,54,1506,54,1506,182,54,161,60,105,60,105,54,1136,60,1506,1506,54,1331,54,1506,1506,54,54,1506,1506] + [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] + [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type @@ -281,14 +291,15 @@ detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.053| 0.020| 0.022| 492.470| 0.000] - [PKTLEN......: 66.000| 1506.000| 654.900| 667.900|446080.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.053| 0.020| 0.022| 492.470| 3.900] + [PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100] [BINS(c->s)..: 9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0] [IATS(ms)....: 48.6,48.7,0.3,51.0,0.1,50.7,0.0,0.3,0.3,1.7,49.8,48.1,1.4,0.0,0.0,50.5,49.1,0.0,0.0,0.0,37.2,37.2,0.0,11.5,11.5,1.0,36.0,16.0,53.0,0.7,0.1] - [PKTLENS.....: 78,74,66,272,1506,1506,78,66,1389,66,159,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,66,999,66,66,511,66,97,66] + [PKTLENS.....: 64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52] + [ENTROPIES...: 4.4,5.3,4.9,6.0,7.3,7.3,5.1,4.9,7.6,5.0,5.9,5.7,5.0,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.8,7.9,5.1,7.8,5.1,5.2,7.6,5.1,5.3,5.0] ERROR-EVENT: Unknown packet type new: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] detected: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable] @@ -308,27 +319,29 @@ RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Azure][Cloud][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.126| 0.019| 0.032| 1006.354| 0.000] - [PKTLEN......: 66.000| 1506.000| 359.200| 499.900|249913.200| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.126| 0.019| 0.032| 1006.354| 3.400] + [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900] [BINS(c->s)..: 12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [BINS(s->c)..: 2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0] [IATS(ms)....: 29.5,29.6,0.2,45.7,0.2,45.7,0.1,0.1,0.1,0.1,0.0,0.1,0.6,23.2,0.2,30.2,0.0,6.1,0.0,0.2,22.9,22.6,1.5,1.4,2.9,0.0,32.7,0.2,30.1,125.5,125.6] - [PKTLENS.....: 78,74,66,280,1506,1506,78,1506,66,66,1506,295,66,159,159,438,117,135,66,66,104,104,66,562,66,1379,149,66,108,66,524,66] + [PKTLENS.....: 64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52] + [ENTROPIES...: 4.4,5.2,4.9,5.6,7.4,7.5,4.9,7.4,4.9,4.8,7.6,7.1,5.0,5.9,6.3,7.4,5.6,6.1,4.9,4.9,5.4,5.6,4.9,7.5,5.0,7.9,6.1,5.1,5.7,5.0,7.5,4.9] new: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] detected: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.162| 0.032| 0.044| 1964.919| 0.000] - [PKTLEN......: 66.000| 1506.000| 750.700| 694.000|481656.100| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.162| 0.032| 0.044| 1964.919| 3.600] + [PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200] [BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0] [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1] [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] - [PKTLENS.....: 78,74,66,272,272,78,1506,1506,66,1389,66,159,117,66,1494,1494,1494,66,1494,1494,1494,1494,66,1494,1494,1494,1494,66,1476,66,66,66] + [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] + [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Azure][Cloud][Acceptable] @@ -350,24 +363,26 @@ detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe] ERROR-EVENT: Unknown packet type analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.277| 0.019| 0.049| 2449.644| 0.000] - [PKTLEN......: 66.000| 1506.000| 384.200| 512.100|262257.700| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.277| 0.019| 0.049| 2449.644| 2.900] + [PKTLEN......: 52.000| 1492.000| 370.200| 512.100| 262257.700| 3.900] [BINS(c->s)..: 11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1] [IATS(ms)....: 19.2,19.3,0.2,22.0,0.0,21.8,0.0,0.2,0.2,0.2,0.0,0.2,1.1,12.3,0.3,19.9,0.0,6.3,0.0,0.6,12.0,11.4,1.5,1.4,55.0,62.1,0.0,25.5,0.0,18.4,276.9] - [PKTLENS.....: 78,74,66,288,1506,1506,78,66,1506,66,1506,485,66,192,159,539,117,135,66,66,104,104,66,525,66,66,1060,148,66,108,66,1349] + [PKTLENS.....: 64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335] + [ENTROPIES...: 4.4,5.3,4.9,5.6,7.1,7.3,5.0,5.0,7.5,4.9,7.6,7.5,4.9,6.3,6.3,7.6,5.6,5.9,5.0,4.9,5.4,5.7,5.0,7.5,5.0,5.2,7.8,6.2,5.2,5.6,5.0,7.8] ERROR-EVENT: Unknown packet type analyse: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Collaborative][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 8.978| 0.329| 1.582|2503841.415| 0.000] - [PKTLEN......: 54.000| 1506.000| 353.200| 486.100|236250.500| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 8.978| 0.329| 1.582| 2503841.415| 0.800] + [PKTLEN......: 40.000| 1492.000| 339.200| 486.100| 236250.500| 3.900] [BINS(c->s)..: 10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1] [IATS(ms)....: 47.1,47.2,0.5,44.4,0.0,43.9,0.0,0.0,0.2,0.1,0.0,0.2,0.0,4.4,9.7,0.3,46.5,32.1,0.5,0.4,0.1,18.9,1.4,20.2,62.9,403.2,425.0,8978.2,0.0,0.0,0.0] - [PKTLENS.....: 78,66,54,290,1506,1506,66,54,54,1506,1506,323,54,54,212,147,582,105,54,123,54,92,60,423,54,60,1114,60,425,429,100,92] + [PKTLENS.....: 64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78] + [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5] new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] ERROR-EVENT: Unknown packet type new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] @@ -442,14 +457,15 @@ detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.567| 0.072| 0.275|75449.426| 0.000] - [PKTLEN......: 54.000| 1506.000| 270.900| 427.000|182315.300| 3.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.567| 0.072| 0.275| 75449.426| 1.900] + [PKTLEN......: 40.000| 1492.000| 256.900| 427.000| 182315.300| 3.700] [BINS(c->s)..: 15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1] [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9] - [PKTLENS.....: 78,66,54,241,1506,66,1506,602,66,66,1506,602,66,54,602,180,54,54,54,161,60,99,60,105,54,155,238,54,85,54,60,60] + [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46] + [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] @@ -460,14 +476,15 @@ new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Network][Acceptable] analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.168| 0.160| 0.366|133702.353| 0.000] - [PKTLEN......: 80.000| 1256.000| 267.400| 374.400|140199.200| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.168| 0.160| 0.366| 133702.353| 2.700] + [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000] [BINS(c->s)..: 0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 24.8,0.2,101.3,1168.2,1167.0,967.1,50.8,1119.2,0.0,0.0,51.0,80.3,2.0,2.7,3.7,0.0,0.0,0.0,10.7,24.2,9.3,21.5,4.5,19.9,25.3,9.2,24.4,24.6,9.5,26.0,24.3] - [PKTLENS.....: 154,130,154,130,158,130,152,150,80,1256,1256,150,115,80,1256,1256,84,208,140,108,110,117,122,124,116,112,126,120,117,115,116,116] + [PKTLENS.....: 140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102] + [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2] idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] end: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow-info/teamviewer.pcap.out b/test/results/flow-info/teamviewer.pcap.out index ca632c8eb..aeb82583c 100644 --- a/test/results/flow-info/teamviewer.pcap.out +++ b/test/results/flow-info/teamviewer.pcap.out @@ -2,26 +2,28 @@ new: [.....1] [ip4][..tcp] [......10.0.2.15][35732] -> [..162.250.2.170][.5938] detected: [.....1] [ip4][..tcp] [......10.0.2.15][35732] -> [..162.250.2.170][.5938] [TeamViewer][RemoteAccess][Acceptable] analyse: [.....1] [ip4][..tcp] [......10.0.2.15][35732] -> [..162.250.2.170][.5938] [TeamViewer][RemoteAccess][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.274| 0.067| 0.088| 7794.386| 0.000] - [PKTLEN......: 54.000| 1514.000| 383.000| 516.400|266637.300| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.274| 0.067| 0.088| 7794.386| 3.800] + [PKTLEN......: 40.000| 1500.000| 369.000| 516.400| 266637.300| 3.800] [BINS(c->s)..: 5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1] [IATS(ms)....: 136.3,137.2,0.6,1.8,12.1,11.9,35.7,0.1,35.8,0.0,88.3,88.6,11.6,11.6,151.9,0.1,152.0,35.7,35.9,255.8,274.4,18.6,256.5,257.6,1.1,0.3,0.3,28.9,0.0,29.1,0.0] - [PKTLENS.....: 74,58,60,91,54,120,54,1514,432,54,54,102,60,201,60,1514,1290,60,1132,54,1143,1155,54,494,110,54,102,54,1514,429,54,54] + [PKTLENS.....: 60,44,46,77,40,106,40,1500,418,40,40,88,46,187,46,1500,1276,46,1118,40,1129,1141,40,480,96,40,88,40,1500,415,40,40] + [ENTROPIES...: 4.6,4.7,4.3,4.6,4.6,4.0,4.6,7.6,7.3,4.5,4.5,4.9,4.3,3.9,4.4,7.7,7.8,4.4,7.7,4.7,7.5,7.7,4.7,6.5,4.6,4.7,3.8,4.6,7.6,7.4,4.7,4.7] new: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] detected: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] [TeamViewer][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing analyse: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] [TeamViewer][RemoteAccess][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.443| 0.037| 0.097| 9363.771| 0.000] - [PKTLEN......: 58.000| 1066.000| 452.800| 450.400|202865.500| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.443| 0.037| 0.097| 9363.771| 2.600] + [PKTLEN......: 44.000| 1052.000| 438.800| 450.400| 202865.500| 4.200] [BINS(c->s)..: 0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,7,4,1,2,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 12.3,12.3,0.1,40.7,3.9,3.2,6.6,81.8,9.0,0.1,7.4,9.2,442.9,41.9,345.1,0.1,0.0,0.0,0.0,0.0,0.0,2.0,0.1,0.0,9.6,0.1,0.0,51.0,58.8,0.1,0.0] - [PKTLENS.....: 138,138,506,1066,62,98,90,90,90,191,118,66,66,90,90,1066,1066,1066,1066,1066,1066,1066,1066,1066,1066,182,118,118,58,239,131,85] + [PKTLENS.....: 124,124,492,1052,48,84,76,76,76,177,104,52,52,76,76,1052,1052,1052,1052,1052,1052,1052,1052,1052,1052,168,104,104,44,225,117,71] + [ENTROPIES...: 2.7,2.7,0.8,0.4,3.9,2.8,3.1,3.0,3.3,4.1,4.0,4.0,3.9,3.1,3.2,0.4,0.4,0.4,0.4,0.4,0.4,0.4,0.4,0.4,0.4,4.1,3.9,5.5,4.0,3.9,4.2,4.7] update: [.....2] [ip4][..udp] [......10.0.2.15][34417] -> [..93.47.224.241][36037] [TeamViewer][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing DAEMON-EVENT: [Processed: 1282 pkts][ZLib][compressions: 0|diff: 0 / 0] diff --git a/test/results/flow-info/telegram.pcap.out b/test/results/flow-info/telegram.pcap.out index 42e1e5e45..b84d51f5a 100644 --- a/test/results/flow-info/telegram.pcap.out +++ b/test/results/flow-info/telegram.pcap.out @@ -28,23 +28,25 @@ new: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] detected: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] [MDNS][Network][Acceptable] analyse: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.089| 0.260| 0.238|56779.682| 0.000] - [PKTLEN......: 142.000| 308.000| 198.700| 56.400| 3176.800| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.089| 0.260| 0.238| 56779.682| 4.400] + [PKTLEN......: 128.000| 294.000| 184.700| 56.400| 3176.800| 4.900] [BINS(c->s)..: 0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 549.4,0.8,252.8,249.2,102.8,152.8,104.9,141.4,2.6,102.2,252.5,506.2,1089.0,524.5,0.5,254.5,249.1,108.9,146.8,101.0,145.2,2.4,102.1,256.0,497.9,504.7,600.2,564.9,0.4,248.3,249.2] - [PKTLENS.....: 142,233,308,169,153,169,153,211,184,308,153,167,275,142,233,308,169,153,169,153,211,184,308,153,167,211,167,142,233,308,169,153] + [PKTLENS.....: 128,219,294,155,139,155,139,197,170,294,139,153,261,128,219,294,155,139,155,139,197,170,294,139,153,197,153,128,219,294,155,139] + [ENTROPIES...: 5.1,5.4,5.2,5.2,4.7,5.2,4.7,5.2,5.2,5.2,4.7,4.8,5.1,5.1,5.4,5.2,5.2,4.7,5.2,4.7,5.2,5.2,5.2,4.7,4.8,5.2,4.7,5.1,5.4,5.2,5.2,4.7] analyse: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.089| 0.260| 0.238|56762.626| 0.000] - [PKTLEN......: 162.000| 328.000| 218.700| 56.400| 3176.800| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.089| 0.260| 0.238| 56762.626| 4.400] + [PKTLEN......: 148.000| 314.000| 204.700| 56.400| 3176.800| 4.900] [BINS(c->s)..: 0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 549.6,0.4,252.7,249.3,102.6,153.3,104.8,140.9,2.6,102.6,252.5,506.2,1088.5,524.6,0.5,254.5,249.4,109.0,147.1,100.8,145.2,1.9,102.6,256.1,498.0,504.7,600.4,564.2,0.4,249.0,248.4] - [PKTLENS.....: 162,253,328,189,173,189,173,231,204,328,173,187,295,162,253,328,189,173,189,173,231,204,328,173,187,231,187,162,253,328,189,173] + [PKTLENS.....: 148,239,314,175,159,175,159,217,190,314,159,173,281,148,239,314,175,159,175,159,217,190,314,159,173,217,173,148,239,314,175,159] + [ENTROPIES...: 4.9,5.3,5.1,5.1,4.5,5.1,4.5,5.1,5.0,5.1,4.5,4.5,5.0,4.9,5.3,5.1,5.1,4.5,5.1,4.5,5.0,5.0,5.1,4.5,4.5,5.0,4.5,4.9,5.3,5.1,5.1,4.5] detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] detection-update: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] new: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] @@ -78,27 +80,29 @@ detected: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] [OpenVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521] [Telegram][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 0.501| 0.118| 0.112|12556.351| 0.000] - [PKTLEN......: 74.000| 234.000| 158.000| 57.300| 3288.000| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 0.501| 0.118| 0.112| 12556.351| 4.400] + [PKTLEN......: 60.000| 220.000| 144.000| 57.300| 3288.000| 4.900] [BINS(c->s)..: 0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,4,4,0,8,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,1,0,1,1,1,1,1,1,0,1] [IATS(ms)....: 33.7,303.8,500.9,195.8,135.7,308.4,212.1,0.7,38.9,154.1,154.5,74.5,133.7,63.7,29.9,38.6,63.9,177.4,37.8,26.0,43.6,64.2,189.8,58.8,4.5,63.5,64.5,43.0,64.5,315.9,64.4] - [PKTLENS.....: 82,106,138,82,106,138,138,74,138,90,82,106,234,138,234,138,234,218,138,138,218,234,218,82,106,218,218,202,218,218,138,234] + [PKTLENS.....: 68,92,124,68,92,124,124,60,124,76,68,92,220,124,220,124,220,204,124,124,204,220,204,68,92,204,204,188,204,204,124,220] + [ENTROPIES...: 4.9,5.1,6.5,4.9,5.1,6.6,6.5,4.6,6.6,5.1,4.9,5.1,7.1,6.4,7.0,6.5,7.0,7.0,6.5,6.4,7.0,7.1,7.0,4.9,5.1,6.9,6.8,6.9,7.0,7.0,6.4,7.0] new: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] detected: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable] detection-update: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable] RISK: Suspicious DNS Traffic analyse: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.042| 1.999| 0.261| 0.473|223426.380| 0.000] - [PKTLEN......: 90.000| 282.000| 205.500| 54.500| 2971.800| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.042| 1.999| 0.261| 0.473| 223426.380| 3.600] + [PKTLEN......: 76.000| 268.000| 191.500| 54.500| 2971.800| 4.900] [BINS(c->s)..: 0,1,2,0,0,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,3,0,0,5,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,1,0,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 176.6,505.7,492.8,1175.3,327.6,331.9,1681.3,64.2,63.5,64.3,42.3,63.9,1998.8,63.8,58.3,64.1,69.6,64.4,57.8,43.1,58.1,62.2,58.1,63.8,58.2,64.2,58.2,62.0,69.6,66.6,57.7] - [PKTLENS.....: 122,122,122,90,106,90,106,234,266,282,266,266,250,218,234,234,234,218,202,234,218,218,218,234,218,218,218,218,234,218,234,234] + [PKTLENS.....: 108,108,108,76,92,76,92,220,252,268,252,252,236,204,220,220,220,204,188,220,204,204,204,220,204,204,204,204,220,204,220,220] + [ENTROPIES...: 6.4,6.1,6.3,5.8,6.0,5.8,6.0,6.9,7.1,7.2,7.1,7.1,7.1,7.0,7.0,7.1,7.0,6.9,6.8,7.0,7.0,7.0,6.9,6.9,6.9,6.9,6.9,6.9,7.0,6.9,7.0,7.1] not-detected: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] [Unknown][Unrated] new: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] detected: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] @@ -139,24 +143,26 @@ new: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] detected: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] analyse: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] [Telegram][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.008| 0.505| 0.099| 0.138|18965.475| 0.000] - [PKTLEN......: 74.000| 234.000| 158.000| 55.400| 3064.000| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.008| 0.505| 0.099| 0.138| 18965.475| 4.000] + [PKTLEN......: 60.000| 220.000| 144.000| 55.400| 3064.000| 4.900] [BINS(c->s)..: 0,5,0,4,0,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1] [IATS(ms)....: 38.7,504.7,472.2,31.4,48.8,83.1,90.1,75.5,57.5,58.0,58.1,58.1,52.0,386.6,9.5,8.5,27.3,36.0,21.7,40.2,58.1,58.0,58.2,57.9,70.0,57.9,58.0,8.2,436.3,11.3,25.6] - [PKTLENS.....: 82,106,82,138,106,138,138,74,218,218,218,234,218,82,138,138,218,106,138,218,90,218,218,202,218,202,218,218,82,138,138,106] + [PKTLENS.....: 68,92,68,124,92,124,124,60,204,204,204,220,204,68,124,124,204,92,124,204,76,204,204,188,204,188,204,204,68,124,124,92] + [ENTROPIES...: 4.8,5.0,4.8,6.4,4.9,6.5,6.5,4.5,7.0,6.9,6.9,7.0,6.9,4.9,6.5,6.5,7.0,5.0,6.4,6.9,5.1,6.9,6.9,6.8,7.0,6.8,6.8,7.0,4.9,6.4,6.5,5.0] new: [....44] [ip4][..udp] [...192.168.1.77][28150] -> [..87.11.205.195][59772] analyse: [....40] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.1][..533] [Telegram][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.007| 0.505| 0.113| 0.151|22855.887| 0.000] - [PKTLEN......: 74.000| 218.000| 157.000| 54.200| 2943.000| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.007| 0.505| 0.113| 0.151| 22855.887| 4.100] + [PKTLEN......: 60.000| 204.000| 143.000| 54.200| 2943.000| 4.900] [BINS(c->s)..: 0,5,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,4,5,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,1] [IATS(ms)....: 34.1,504.9,476.9,26.3,48.6,90.1,359.3,474.9,22.9,54.0,44.1,48.8,32.7,70.5,63.7,63.7,64.6,42.0,447.9,51.4,12.5,7.1,54.2,56.0,36.2,28.9,63.9,41.9,63.9,64.6,64.6] - [PKTLENS.....: 82,106,82,138,106,138,74,82,138,106,138,90,138,218,218,202,218,218,218,82,138,218,106,138,218,138,218,218,202,218,202,218] + [PKTLENS.....: 68,92,68,124,92,124,60,68,124,92,124,76,124,204,204,188,204,204,204,68,124,204,92,124,204,124,204,204,188,204,188,204] + [ENTROPIES...: 5.0,5.1,4.9,6.5,5.0,6.5,4.6,4.9,6.5,5.1,6.3,5.1,6.5,6.9,7.0,6.9,7.0,6.9,7.0,4.9,6.5,7.0,5.0,6.3,6.9,6.4,6.9,6.9,6.9,7.0,6.9,7.0] new: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] detected: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] update: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] diff --git a/test/results/flow-info/telnet.pcap.out b/test/results/flow-info/telnet.pcap.out index 1e8b35279..c2b739860 100644 --- a/test/results/flow-info/telnet.pcap.out +++ b/test/results/flow-info/telnet.pcap.out @@ -9,14 +9,15 @@ detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe] RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.233| 0.125| 0.337|113396.253| 0.000] - [PKTLEN......: 66.000| 151.000| 77.200| 18.800| 354.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.233| 0.125| 0.337| 113396.253| 2.200] + [PKTLEN......: 52.000| 137.000| 63.200| 18.800| 354.000| 4.900] [BINS(c->s)..: 15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0] [IATS(ms)....: 2.5,2.6,1.6,147.8,146.2,0.2,1.6,1.7,3.3,1.3,0.6,1.8,1.1,2.4,3.6,0.6,1.2,22.3,20.4,1.2,13.8,15.0,1.2,0.8,12.8,12.2,20.0,1107.3,1100.0,1232.8,1.4] - [PKTLENS.....: 74,74,66,93,69,66,69,66,91,130,66,84,75,66,90,66,151,66,69,69,66,78,72,66,81,66,98,66,73,66,72,66] + [PKTLENS.....: 60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52] + [ENTROPIES...: 4.3,4.8,4.8,5.0,4.8,4.8,4.9,4.7,5.1,5.3,4.6,5.0,5.0,4.8,4.8,4.8,5.6,4.9,4.9,4.9,4.8,4.9,4.9,4.7,4.9,4.8,5.5,4.8,5.0,4.7,5.0,4.8] detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe] RISK: Unsafe Protocol end: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe] diff --git a/test/results/flow-info/tftp.pcap.out b/test/results/flow-info/tftp.pcap.out index cb8c8a3c4..256702d99 100644 --- a/test/results/flow-info/tftp.pcap.out +++ b/test/results/flow-info/tftp.pcap.out @@ -13,14 +13,15 @@ detected: [.....4] [ip4][..udp] [...192.168.0.10][.3445] -> [..192.168.0.253][50618] [TFTP][DataTransfer][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....4] [ip4][..udp] [...192.168.0.10][.3445] -> [..192.168.0.253][50618] [TFTP][DataTransfer][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] - [PKTLEN......: 60.000| 558.000| 309.000| 249.000|62001.000| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000] + [PKTLEN......: 46.000| 544.000| 295.000| 249.000| 62001.000| 4.400] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: ] - [PKTLENS.....: 558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60,558,60] + [PKTLENS.....: 544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46] + [ENTROPIES...: 4.3,3.0,4.6,3.0,4.9,3.0,4.9,2.9,4.4,3.0,4.6,3.0,4.6,3.0,4.6,3.0,4.5,3.0,4.4,2.9,4.4,3.0,4.5,2.9,4.7,2.9,4.6,3.0,4.5,3.0,4.3,3.0] DAEMON-EVENT: [Processed: 101 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..udp] [....172.28.4.53][54627] -> [...172.16.5.170][...69] diff --git a/test/results/flow-info/tinc.pcap.out b/test/results/flow-info/tinc.pcap.out index 41b85ae11..4b823bea2 100644 --- a/test/results/flow-info/tinc.pcap.out +++ b/test/results/flow-info/tinc.pcap.out @@ -14,23 +14,25 @@ detected: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656] [TINC][VPN][Acceptable] RISK: Known Proto on Non Std Port analyse: [.....3] [ip4][..udp] [.131.114.168.27][55655] -> [.185.83.218.112][55655] [TINC][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.070| 0.172| 0.377|142420.984| 0.000] - [PKTLEN......: 190.000| 1510.000| 1149.200| 450.400|202833.500| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.070| 0.172| 0.377| 142420.984| 2.500] + [PKTLEN......: 176.000| 1496.000| 1135.200| 450.400| 202833.500| 4.900] [BINS(c->s)..: 0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,2,6,0,0] [BINS(s->c)..: 0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,6,0,0] [DIRECTIONS..: 0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,0,0] [IATS(ms)....: 0.2,27.5,0.0,0.0,27.5,0.2,0.1,0.2,0.2,0.1,15.4,0.0,41.8,0.0,0.0,1058.0,0.3,0.3,1003.7,0.1,1.8,0.2,45.3,0.1,0.0,1024.1,0.1,1069.5,0.1,1001.4,0.3] - [PKTLENS.....: 686,734,238,1486,782,230,1270,190,1310,1478,774,686,734,1278,190,1310,1358,1478,1374,1486,1502,1486,1494,1358,1486,1374,1502,1502,1502,1494,1510,1494] + [PKTLENS.....: 672,720,224,1472,768,216,1256,176,1296,1464,760,672,720,1264,176,1296,1344,1464,1360,1472,1488,1472,1480,1344,1472,1360,1488,1488,1488,1480,1496,1480] + [ENTROPIES...: 7.7,7.7,7.1,7.8,7.8,6.9,7.9,6.8,7.9,7.8,7.7,7.7,7.7,7.9,6.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9] analyse: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656] [TINC][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.412| 0.291| 0.559|312123.949| 0.000] - [PKTLEN......: 118.000| 1494.000| 1025.000| 450.300|202783.000| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.412| 0.291| 0.559| 312123.949| 2.900] + [PKTLEN......: 104.000| 1480.000| 1011.000| 450.300| 202783.000| 4.800] [BINS(c->s)..: 0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,2,1,0,0,1,0,0] [BINS(s->c)..: 0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,2,2,2,0,0,2,3,0,0] [DIRECTIONS..: 0,0,0,1,1,1,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,0] [IATS(ms)....: 0.1,0.0,0.6,0.5,0.2,0.1,1049.1,0.0,0.0,1048.0,0.1,0.2,0.1,0.1,0.1,44.1,0.0,0.0,1044.7,0.3,1022.0,20.6,1001.5,0.3,0.2,363.6,1001.2,0.1,0.1,2412.5,0.0] - [PKTLENS.....: 766,1486,958,734,1270,1486,958,1070,670,334,1062,190,1310,526,670,334,190,1310,526,1478,1374,1374,1374,1486,1350,1318,118,1494,1478,1342,1390,1374] + [PKTLENS.....: 752,1472,944,720,1256,1472,944,1056,656,320,1048,176,1296,512,656,320,176,1296,512,1464,1360,1360,1360,1472,1336,1304,104,1480,1464,1328,1376,1360] + [ENTROPIES...: 7.7,7.9,7.8,7.7,7.9,7.9,7.8,7.8,7.7,7.3,7.8,6.7,7.8,7.6,7.7,7.2,7.0,7.9,7.6,7.9,7.9,7.9,7.8,7.8,7.9,7.8,6.2,7.9,7.9,7.9,7.9,7.9] end: [.....2] [ip4][..tcp] [.131.114.168.27][49290] -> [.185.83.218.112][55656] [TINC][VPN][Acceptable] RISK: Known Proto on Non Std Port idle: [.....3] [ip4][..udp] [.131.114.168.27][55655] -> [.185.83.218.112][55655] [TINC][VPN][Acceptable] diff --git a/test/results/flow-info/tls-appdata.pcap.out b/test/results/flow-info/tls-appdata.pcap.out index a87dbcf3c..3e352ae5e 100644 --- a/test/results/flow-info/tls-appdata.pcap.out +++ b/test/results/flow-info/tls-appdata.pcap.out @@ -9,14 +9,15 @@ detected: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] [TLS.Twitch][Video][Fun] end: [.....1] [ip4][..tcp] [.179.60.195.173][..443] -> [..192.168.2.100][60636] analyse: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 15.956| 2.459| 5.752|33086771.298| 0.000] - [PKTLEN......: 54.000| 2958.000| 1143.200| 1252.100|1567845.500| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 15.956| 2.459| 5.752| 33086771.298| 1.000] + [PKTLEN......: 40.000| 2944.000| 1129.200| 1252.100| 1567845.600| 4.000] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,9] [DIRECTIONS..: 0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0] [IATS(ms)....: 2.0,15.0,3.0,16.0,1.0,1.0,15941.0,1.0,15956.0,5.0,19.0,1.0,1.0] - [PKTLENS.....: 1506,74,60,1506,2958,54,2958,54,54,2958,2885,54,54,54,54,1506,74,60,1506,2958,54,2958,54,2958,1506,74,60,1506,2958,54,2958,54] + [PKTLENS.....: 1492,60,46,1492,2944,40,2944,40,40,2944,2871,40,40,40,40,1492,60,46,1492,2944,40,2944,40,2944,1492,60,46,1492,2944,40,2944,40] + [ENTROPIES...: 7.9,5.5,4.7,7.9,7.9,5.0,7.9,4.9,4.9,7.9,7.9,5.0,4.9,4.9,5.0,7.9,5.5,4.6,7.9,7.9,4.9,7.9,4.9,7.9,7.9,5.6,4.5,7.9,7.9,4.9,7.9,4.9] detection-update: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] [TLS.Twitch][Video][Fun] DAEMON-EVENT: [Processed: 45 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] diff --git a/test/results/flow-info/tls_certificate_too_long.pcap.out b/test/results/flow-info/tls_certificate_too_long.pcap.out index 10e2d288b..9827d9d0a 100644 --- a/test/results/flow-info/tls_certificate_too_long.pcap.out +++ b/test/results/flow-info/tls_certificate_too_long.pcap.out @@ -70,23 +70,25 @@ detected: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS.Outlook][Email][Acceptable] detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] analyse: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS.Outlook][Email][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.067| 0.005| 0.015| 217.103| 0.000] - [PKTLEN......: 54.000| 1502.000| 423.600| 443.800|196953.100| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.067| 0.005| 0.015| 217.103| 1.700] + [PKTLEN......: 40.000| 1488.000| 409.600| 443.800| 196953.100| 4.300] [BINS(c->s)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [BINS(s->c)..: 2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1] [IATS(ms)....: 1.3,0.0,22.7,2.8,42.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,66.6,0.0,0.2,0.0,0.0,0.0] - [PKTLENS.....: 1502,936,1502,1502,1020,54,54,1372,166,112,269,281,285,281,267,273,287,273,275,275,271,281,273,283,273,114,54,54,254,275,341,96] + [PKTLENS.....: 1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82] + [ENTROPIES...: 7.8,7.8,7.8,7.9,7.8,4.9,4.9,7.9,6.6,5.9,7.1,7.1,7.1,7.1,7.1,7.1,7.1,7.1,7.2,7.0,7.1,7.1,7.1,7.0,7.0,5.9,4.7,4.7,7.0,7.1,7.3,5.7] analyse: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS.Outlook][Email][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.048| 0.009| 0.014| 206.122| 0.000] - [PKTLEN......: 54.000| 1502.000| 453.200| 490.600|240677.500| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.048| 0.009| 0.014| 206.122| 3.300] + [PKTLEN......: 40.000| 1488.000| 439.200| 490.600| 240677.500| 4.200] [BINS(c->s)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1] [IATS(ms)....: 0.0,1.1,23.2,47.6,37.0,0.0,0.0,0.0,0.0,0.0,11.7,0.4,0.5,9.9,10.2,0.0,0.6,25.3,48.0,32.2,0.0,8.7,0.4,0.0,0.0,0.0,0.0,0.0,0.0,0.5,13.0] - [PKTLENS.....: 1502,936,1292,54,1292,1366,189,273,452,96,99,54,88,54,66,1502,935,708,54,708,1003,445,54,193,253,295,137,96,99,88,54,66] + [PKTLENS.....: 1488,922,1278,40,1278,1352,175,259,438,82,85,40,74,40,52,1488,921,694,40,694,989,431,40,179,239,281,123,82,85,74,40,52] + [ENTROPIES...: 7.9,7.8,7.9,4.9,7.9,7.8,6.6,7.1,7.5,5.7,5.6,4.7,5.4,4.7,4.9,7.9,7.8,7.6,4.9,7.6,7.8,7.5,4.6,6.6,7.0,7.2,6.2,5.6,5.8,5.5,4.7,5.0] new: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] new: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] detected: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] diff --git a/test/results/flow-info/tls_long_cert.pcap.out b/test/results/flow-info/tls_long_cert.pcap.out index dffce61ca..f68c6570f 100644 --- a/test/results/flow-info/tls_long_cert.pcap.out +++ b/test/results/flow-info/tls_long_cert.pcap.out @@ -6,13 +6,14 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] analyse: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.034| 0.008| 0.011| 130.013| 0.000] - [PKTLEN......: 66.000| 1514.000| 546.900| 584.900|342142.300| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.008| 0.011| 130.013| 3.600] + [PKTLEN......: 52.000| 1500.000| 532.900| 584.900| 342142.300| 4.100] [BINS(c->s)..: 11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1] [IATS(ms)....: 25.2,25.3,0.3,30.1,3.3,1.1,34.2,0.8,0.7,1.9,1.9,0.8,8.4,0.4,28.1,18.6,6.5,0.6,7.1,0.1,26.0,0.0,0.0,25.9,0.0,0.1,0.2,0.2,0.7,0.0,0.0] - [PKTLENS.....: 78,74,66,583,66,1514,1514,66,1266,66,855,66,192,159,902,308,66,66,143,66,104,1119,1119,1514,66,66,66,724,66,1514,1514,1514] + [PKTLENS.....: 64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500] + [ENTROPIES...: 4.5,5.4,5.1,4.4,5.2,6.5,6.8,5.1,7.3,5.1,7.7,5.2,6.4,6.2,7.7,7.1,5.2,5.3,6.4,5.2,5.5,7.8,7.8,7.9,5.2,5.2,5.0,7.7,5.2,7.9,7.9,7.9] end: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_verylong_certificate.pcap.out b/test/results/flow-info/tls_verylong_certificate.pcap.out index f1f2b5af4..b3787f9c9 100644 --- a/test/results/flow-info/tls_verylong_certificate.pcap.out +++ b/test/results/flow-info/tls_verylong_certificate.pcap.out @@ -6,14 +6,15 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Web][Safe] detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe] analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.022| 0.005| 0.007| 43.853| 0.000] - [PKTLEN......: 66.000| 1434.000| 532.600| 615.300|378610.900| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.022| 0.005| 0.007| 43.853| 3.500] + [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000] [BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1] [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] - [PKTLENS.....: 78,74,66,583,66,1434,1434,66,1434,66,1434,276,66,192,117,66,236,1434,1434,118,66,66,66,1434,1434,118,66,66,1434,66,1434,118] + [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] + [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe] end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tor.pcap.out b/test/results/flow-info/tor.pcap.out index 20561d889..fa3dc4acc 100644 --- a/test/results/flow-info/tor.pcap.out +++ b/test/results/flow-info/tor.pcap.out @@ -45,23 +45,25 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type analyse: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 31.166| 2.329| 7.550|56997495.964| 0.000] - [PKTLEN......: 54.000| 1514.000| 369.800| 354.900|125974.500| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 31.166| 2.329| 7.550| 56997495.964| 1.900] + [PKTLEN......: 40.000| 1500.000| 355.800| 354.900| 125974.500| 4.300] [BINS(c->s)..: 4,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1] [IATS(ms)....: 143.8,144.2,0.4,152.7,0.2,159.6,171.7,164.7,190.9,0.1,190.7,0.6,185.1,185.5,145.1,5.7,151.7,184.2,104.7,290.0,146.6,2536.0,2930.5,30770.7,31166.0,0.9,147.0,185.7,696.5,885.2,147.1] - [PKTLENS.....: 66,66,60,278,54,983,252,113,128,1514,140,60,640,54,640,54,640,640,54,640,640,54,640,60,640,54,640,640,54,640,640,54] + [PKTLENS.....: 52,52,46,264,40,969,238,99,114,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40] + [ENTROPIES...: 4.5,4.8,4.4,5.4,4.8,7.6,6.9,5.9,6.1,7.9,6.5,4.3,7.7,4.8,7.7,4.8,7.6,7.7,4.7,7.7,7.6,4.8,7.7,4.3,7.6,4.6,7.6,7.7,4.8,7.6,7.6,4.7] analyse: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 37.996| 2.549| 9.274|86002509.021| 0.000] - [PKTLEN......: 54.000| 1514.000| 462.800| 476.200|226793.400| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 37.996| 2.549| 9.274| 86002509.021| 1.400] + [PKTLEN......: 40.000| 1500.000| 448.800| 476.200| 226793.400| 4.200] [BINS(c->s)..: 5,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,0,1,0,1,1,1,0,1,1] [IATS(ms)....: 71.0,71.3,6.7,104.3,10.8,112.6,88.6,84.6,73.7,0.1,73.7,0.8,108.4,107.7,67.8,2.3,74.6,103.6,101.8,113.4,368.7,686.5,37720.4,37995.8,68.2,67.5,104.0,189.0,360.8,68.7,0.2] - [PKTLENS.....: 66,66,60,269,54,802,188,113,128,1514,156,60,640,54,640,54,640,640,640,640,54,640,60,640,54,640,54,640,1514,60,1514,1514] + [PKTLENS.....: 52,52,46,255,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,626,626,40,626,46,626,40,626,40,626,1500,46,1500,1500] + [ENTROPIES...: 4.5,4.9,4.5,5.4,4.9,7.4,6.6,6.0,6.1,7.9,6.5,4.5,7.7,4.9,7.6,4.9,7.6,7.6,7.7,7.7,4.8,7.7,4.4,7.7,4.9,7.7,4.9,7.7,7.9,4.5,7.9,7.9] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type @@ -102,14 +104,15 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type analyse: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][VPN][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 71.328| 4.658| 14.789|218716025.389| 0.000] - [PKTLEN......: 54.000| 1514.000| 344.600| 347.100|120444.200| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 71.328| 4.658| 14.789| 218716025.389| 1.800] + [PKTLEN......: 40.000| 1500.000| 330.600| 347.100| 120444.200| 4.200] [BINS(c->s)..: 6,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0,0] [IATS(ms)....: 73.4,74.4,0.4,74.1,3.2,80.2,86.1,83.2,77.3,0.1,76.2,0.8,117.2,116.3,75.2,24.0,101.9,114.5,465.6,429.3,3.5,80.8,117.0,388.8,507.3,75.9,393.9,666.2,34353.1,34399.0,71328.4] - [PKTLENS.....: 66,66,60,276,54,803,188,113,128,1514,156,60,640,54,640,54,640,640,54,640,54,640,640,54,640,640,54,640,60,640,60,60] + [PKTLENS.....: 52,52,46,262,40,789,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,40,626,626,40,626,626,40,626,46,626,46,46] + [ENTROPIES...: 4.5,4.9,4.4,5.5,4.7,7.3,6.7,5.9,6.2,7.9,6.5,4.4,7.6,4.8,7.6,4.8,7.7,7.7,4.8,7.7,4.8,7.6,7.7,4.8,7.7,7.7,4.8,7.6,4.5,7.6,4.3,4.5] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type @@ -136,24 +139,26 @@ detection-update: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) analyse: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][VPN][Potentially Dangerous] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.991| 0.147| 0.220|48576.569| 0.000] - [PKTLEN......: 54.000| 1514.000| 362.200| 347.100|120448.800| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.991| 0.147| 0.220| 48576.569| 3.900] + [PKTLEN......: 40.000| 1500.000| 348.200| 347.100| 120448.800| 4.300] [BINS(c->s)..: 4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1] [IATS(ms)....: 64.4,65.8,9.5,82.1,4.2,79.8,91.0,88.4,79.6,0.1,78.2,0.9,110.0,109.4,69.1,1.5,80.2,113.6,35.7,145.8,70.8,343.7,637.5,693.9,990.9,1.6,72.0,109.0,69.0,180.1,69.9] - [PKTLENS.....: 66,66,60,267,54,802,188,113,128,1514,156,60,640,54,640,54,640,640,54,640,640,54,640,60,640,54,640,640,54,640,640,54] + [PKTLENS.....: 52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40] + [ENTROPIES...: 4.5,4.9,4.4,5.4,4.8,7.4,6.7,5.9,6.1,7.8,6.6,4.4,7.7,4.8,7.7,4.7,7.7,7.6,4.7,7.6,7.6,4.7,7.7,4.4,7.7,4.8,7.6,7.7,4.8,7.7,7.7,4.7] ERROR-EVENT: Unknown packet type analyse: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.755| 0.186| 0.164|26767.544| 0.000] - [PKTLEN......: 54.000| 1514.000| 351.400| 355.400|126324.200| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.755| 0.186| 0.164| 26767.544| 4.500] + [PKTLEN......: 40.000| 1500.000| 337.400| 355.400| 126324.200| 4.200] [BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,0] [IATS(ms)....: 143.9,144.3,0.7,149.5,37.2,196.0,163.6,154.0,192.3,56.2,0.2,255.1,2.1,152.8,143.9,143.9,44.6,192.1,147.6,608.5,755.3,145.5,149.4,149.8,132.7,281.6,155.0,87.8,477.2,367.8,127.5] - [PKTLENS.....: 66,66,60,264,54,983,252,113,128,54,1514,140,60,640,54,640,54,640,640,54,640,640,54,640,54,640,640,54,640,60,640,66] + [PKTLENS.....: 52,52,46,250,40,969,238,99,114,40,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,40,626,626,40,626,46,626,52] + [ENTROPIES...: 4.6,4.8,4.4,5.3,4.8,7.6,6.9,5.9,6.1,4.9,7.9,6.4,4.3,7.7,4.7,7.7,4.8,7.6,7.7,4.8,7.6,7.6,4.9,7.6,4.8,7.7,7.6,4.9,7.6,4.5,7.6,4.7] end: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) idle: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] @@ -243,14 +248,15 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type analyse: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 72.890| 8.727| 22.569|509351076.823| 0.000] - [PKTLEN......: 54.000| 1514.000| 326.000| 345.900|119666.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 72.890| 8.727| 22.569| 509351076.823| 2.100] + [PKTLEN......: 40.000| 1500.000| 312.000| 345.900| 119666.800| 4.200] [BINS(c->s)..: 9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0] [IATS(ms)....: 59.4,61.6,13.8,72.1,2.1,62.9,63.5,60.0,79.4,0.3,78.8,1.7,98.3,96.6,56.5,4.5,61.8,64.9,64.0,73.7,275.7,252.8,50.8,9.7,261.4,61538.3,61491.4,72591.4,72890.0,4.0,98.0] - [PKTLENS.....: 66,66,60,263,54,797,188,113,128,1514,140,60,640,54,640,54,640,640,640,640,640,60,640,66,640,60,640,60,60,54,54,60] + [PKTLENS.....: 52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46] + [ENTROPIES...: 4.5,4.9,4.4,5.3,4.8,7.4,6.7,6.0,6.2,7.9,6.5,4.4,7.7,4.8,7.6,4.9,7.7,7.7,7.6,7.7,7.6,4.5,7.7,4.9,7.6,4.5,7.7,4.5,4.5,4.7,4.7,4.5] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type diff --git a/test/results/flow-info/trickbot.pcap.out b/test/results/flow-info/trickbot.pcap.out index 92b72e29b..59b60456c 100644 --- a/test/results/flow-info/trickbot.pcap.out +++ b/test/results/flow-info/trickbot.pcap.out @@ -7,14 +7,15 @@ detection-update: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, HTTP Suspicious Content analyse: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.931| 0.157| 0.258|66793.452| 0.000] - [PKTLEN......: 54.000| 1514.000| 944.000| 662.500|438885.500| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.931| 0.157| 0.258| 66793.452| 3.300] + [PKTLEN......: 40.000| 1500.000| 930.000| 662.500| 438885.500| 4.500] [BINS(c->s)..: 7,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,3,0,0,14,0,0] [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1] [IATS(ms)....: 245.7,245.9,0.2,0.1,0.5,0.0,931.1,931.3,2.3,2.3,480.2,0.0,480.3,297.6,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,297.7,227.9,227.9,482.9,0.0,0.0] - [PKTLENS.....: 66,58,54,403,982,54,54,1412,54,1412,54,1514,1337,54,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,290,54,1412,54,1514,1514,1208] + [PKTLENS.....: 52,44,40,389,968,40,40,1398,40,1398,40,1500,1323,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,276,40,1398,40,1500,1500,1194] + [ENTROPIES...: 4.8,4.9,4.8,5.8,6.0,4.8,4.8,7.8,4.9,7.8,4.9,7.9,7.9,4.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.3,4.9,7.9,4.9,7.9,7.9,7.9] end: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, HTTP Suspicious Content DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tumblr.pcap.out b/test/results/flow-info/tumblr.pcap.out index 2d30b88e6..e986aca55 100644 --- a/test/results/flow-info/tumblr.pcap.out +++ b/test/results/flow-info/tumblr.pcap.out @@ -12,53 +12,57 @@ detected: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42908] -> [.....................64:ff9b::98c7:1593][..443] [TLS][Web][Safe] new: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [MIDSTREAM] analyse: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42908] -> [.....................64:ff9b::98c7:1593][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.701| 0.084| 0.189|35694.846| 0.000] - [PKTLEN......: 86.000| 1486.000| 463.500| 576.400|332266.900| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.701| 0.084| 0.189| 35694.846| 2.600] + [PKTLEN......: 72.000| 1472.000| 449.500| 576.400| 332266.900| 4.000] [BINS(c->s)..: 11,3,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,1,0,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0] [IATS(ms)....: 0.9,91.7,194.1,0.0,0.0,2.8,104.4,700.9,700.8,1.3,5.8,45.0,0.4,357.1,395.3,1.5,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.5,0.0,0.0,0.0,0.0,0.0,0.0,0.0] - [PKTLENS.....: 468,125,125,86,86,86,125,86,958,86,121,198,86,86,1474,86,98,1486,1486,1486,1486,849,1486,1486,86,86,86,86,86,86,86,86] + [PKTLENS.....: 454,111,111,72,72,72,111,72,944,72,107,184,72,72,1460,72,84,1472,1472,1472,1472,835,1472,1472,72,72,72,72,72,72,72,72] + [ENTROPIES...: 7.5,6.0,6.0,5.1,5.1,5.1,5.8,5.2,7.8,5.2,5.9,6.7,5.0,5.1,7.9,5.2,5.4,7.9,7.9,7.9,7.8,7.7,7.8,7.9,5.2,5.2,5.2,5.2,5.2,5.2,5.2,5.2] new: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] [MIDSTREAM] detected: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] new: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [MIDSTREAM] detected: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] new: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] analyse: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.037| 0.003| 0.008| 65.352| 0.000] - [PKTLEN......: 86.000| 1486.000| 472.500| 599.100|358951.000| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.003| 0.008| 65.352| 2.700] + [PKTLEN......: 72.000| 1472.000| 458.500| 599.100| 358951.000| 3.900] [BINS(c->s)..: 14,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,0,1,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0] [IATS(ms)....: 0.5,25.9,1.1,10.6,37.1,1.9,0.0,1.9,0.0,0.7,0.7,9.9,9.9,0.1,0.0,0.1,0.0,0.2,0.2,0.1,0.1,0.3,0.3,0.1,0.1,0.5,0.0,0.5,0.0,0.1,0.1] - [PKTLENS.....: 246,237,86,86,905,86,125,1474,86,86,98,86,1486,86,1486,1474,86,86,98,86,1486,86,1486,86,1474,86,98,1474,86,86,98,86] + [PKTLENS.....: 232,223,72,72,891,72,111,1460,72,72,84,72,1472,72,1472,1460,72,72,84,72,1472,72,1472,72,1460,72,84,1460,72,72,84,72] + [ENTROPIES...: 7.0,6.8,5.0,5.0,7.7,5.3,5.9,7.9,5.3,5.3,5.4,5.3,7.9,5.3,7.9,7.8,5.2,5.3,5.4,5.3,7.9,5.2,7.9,5.2,7.9,5.2,5.3,7.8,5.3,5.3,5.4,5.3] detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] analyse: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.045| 0.004| 0.009| 88.667| 0.000] - [PKTLEN......: 86.000| 1486.000| 622.300| 669.700|448506.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.045| 0.004| 0.009| 88.667| 2.800] + [PKTLEN......: 72.000| 1472.000| 608.300| 669.700| 448506.000| 4.100] [BINS(c->s)..: 12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0] [IATS(ms)....: 0.4,4.8,0.4,27.2,3.0,0.3,2.7,17.3,45.1,0.5,0.5,0.6,0.0,0.6,0.0,7.3,0.0,7.3,0.0,0.3,0.0,0.2,0.0,0.2,0.0,0.2,0.0,1.0,0.0,1.0,0.0] - [PKTLENS.....: 198,125,197,186,86,86,86,86,1486,86,1486,86,1486,1486,86,86,1486,1486,86,86,1486,1486,86,86,1486,1486,86,86,1486,1486,86,86] + [PKTLENS.....: 184,111,183,172,72,72,72,72,1472,72,1472,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72] + [ENTROPIES...: 6.6,5.9,6.6,6.5,5.0,5.0,4.9,5.0,7.9,5.1,7.9,5.1,7.9,7.8,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1] detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] analyse: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.048| 0.012| 0.017| 287.486| 0.000] - [PKTLEN......: 86.000| 1294.000| 314.700| 381.900|145812.800| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.048| 0.012| 0.017| 287.486| 3.200] + [PKTLEN......: 72.000| 1280.000| 300.700| 381.900| 145812.800| 4.100] [BINS(c->s)..: 10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0] [IATS(ms)....: 33.2,33.2,0.5,47.7,47.2,1.2,37.7,2.1,38.6,0.0,0.0,0.8,0.7,0.8,0.8,2.6,0.2,0.2,0.1,26.3,0.6,0.0,0.1,1.4,25.2,0.0] - [PKTLENS.....: 94,94,86,603,86,185,86,609,86,1294,1294,1294,86,86,86,558,86,1069,86,160,178,343,142,86,86,86,86,341,341,182,86,86] + [PKTLENS.....: 80,80,72,589,72,171,72,595,72,1280,1280,1280,72,72,72,544,72,1055,72,146,164,329,128,72,72,72,72,327,327,168,72,72] + [ENTROPIES...: 5.3,5.6,5.6,4.6,5.5,6.2,5.5,5.0,5.5,7.8,7.9,7.8,5.6,5.5,5.6,7.6,5.6,7.8,5.6,6.6,6.7,7.3,6.3,5.5,5.5,5.4,5.5,7.3,7.3,6.5,5.6,5.6] new: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47118] -> [.................2001:4998:14:800::1001][..443] detected: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] @@ -67,14 +71,15 @@ new: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [MIDSTREAM] detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Web][Safe] analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.037| 0.004| 0.009| 82.581| 0.000] - [PKTLEN......: 86.000| 1486.000| 449.700| 586.000|343353.700| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.004| 0.009| 82.581| 2.400] + [PKTLEN......: 72.000| 1472.000| 435.700| 586.000| 343353.700| 3.900] [BINS(c->s)..: 8,2,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,1,1,1,1,1,1,0,1,0,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0] [IATS(ms)....: 0.4,0.1,0.4,0.2,26.4,36.6,2.2,0.4,10.0,21.7,0.2,0.2,0.2,0.2,0.4,0.0,0.2,0.5,0.0,0.6,0.1,0.1,0.1,0.2,0.5,0.0,0.6] - [PKTLENS.....: 206,125,215,216,157,122,86,86,86,86,86,1486,86,1486,86,1474,98,1486,86,86,1474,98,1341,117,86,86,125,1474,86,98,1474,86] + [PKTLENS.....: 192,111,201,202,143,108,72,72,72,72,72,1472,72,1472,72,1460,84,1472,72,72,1460,84,1327,103,72,72,111,1460,72,84,1460,72] + [ENTROPIES...: 6.8,5.7,6.6,6.7,6.3,5.8,5.0,5.0,5.0,5.0,5.0,7.8,5.1,7.9,5.1,7.8,5.3,7.9,5.1,5.0,7.9,5.3,7.9,5.6,5.1,5.1,5.7,7.9,5.1,5.3,7.9,5.1] detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Web][Safe] new: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [MIDSTREAM] detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [TLS][Web][Safe] @@ -87,14 +92,15 @@ detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun] detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun] analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.070| 0.013| 0.021| 430.743| 0.000] - [PKTLEN......: 86.000| 1486.000| 377.800| 486.500|236637.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.070| 0.013| 0.021| 430.743| 3.100] + [PKTLEN......: 72.000| 1472.000| 363.800| 486.500| 236637.800| 4.000] [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,4,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,1,0,1,1,1,1,1,0,0,0] [IATS(ms)....: 22.6,22.7,0.4,30.7,24.8,0.0,0.0,54.9,0.0,0.0,0.0,0.0,0.0,1.5,0.2,0.1,59.7,70.2,0.0,28.6,37.1,0.5,0.0,0.0,0.5,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1486,1486,1382,1486,86,86,86,86,207,86,150,178,417,417,86,86,86,357,86,357,148,117,1486,422,86,86,86] + [PKTLENS.....: 80,80,72,589,72,1472,1472,1368,1472,72,72,72,72,193,72,136,164,403,403,72,72,72,343,72,343,134,103,1472,408,72,72,72] + [ENTROPIES...: 4.8,5.2,5.1,4.5,5.0,7.8,7.9,7.8,7.9,5.1,5.1,5.2,5.1,6.6,5.1,6.0,6.5,7.4,7.4,5.0,5.0,5.0,7.1,5.2,7.2,6.1,5.6,7.9,7.3,5.2,5.2,5.2] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [MIDSTREAM] new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [MIDSTREAM] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49496] -> [...............2a00:1450:4007:815::2003][..443] [MIDSTREAM] @@ -121,50 +127,54 @@ detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] analyse: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.189| 0.029| 0.050| 2509.587| 0.000] - [PKTLEN......: 86.000| 1486.000| 468.000| 568.300|322990.400| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.189| 0.029| 0.050| 2509.587| 3.200] + [PKTLEN......: 72.000| 1472.000| 454.000| 568.300| 322990.400| 4.000] [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,6,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1] [IATS(ms)....: 21.4,21.5,0.5,29.5,160.4,189.4,0.2,0.2,0.0,0.8,0.8,3.8,0.1,0.2,28.7,0.0,1.0,78.0,0.0,103.6,0.1,0.7,29.8,79.1,108.2,0.1,0.1,0.4,0.4,0.1] - [PKTLENS.....: 94,94,86,603,86,1486,86,1486,1382,86,86,1087,86,171,177,537,86,86,86,352,156,86,86,116,86,1486,86,1486,86,1486,86,1486] + [PKTLENS.....: 80,80,72,589,72,1472,72,1472,1368,72,72,1073,72,157,163,523,72,72,72,338,142,72,72,102,72,1472,72,1472,72,1472,72,1472] + [ENTROPIES...: 4.8,5.3,5.3,4.6,5.1,7.2,5.2,7.3,7.6,5.2,5.2,7.6,5.2,6.2,6.5,7.6,5.1,5.1,5.1,7.0,6.3,5.2,5.2,5.7,5.1,7.9,5.2,7.9,5.2,7.9,5.2,7.9] detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] new: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Web][Safe] detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable] new: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] analyse: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 19.514| 1.561| 5.288|27962124.534| 0.000] - [PKTLEN......: 86.000| 1134.000| 614.100| 520.100|270533.200| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 19.514| 1.561| 5.288| 27962124.534| 1.000] + [PKTLEN......: 72.000| 1120.000| 600.100| 520.100| 270533.200| 4.400] [BINS(c->s)..: 13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1] [IATS(ms)....: 19473.3,0.3,19513.6,40.0,0.1,0.0,0.0,0.0,0.0,0.6,0.6,1.1,0.0,0.0,0.0,1.1,0.0,0.1,0.0,0.0,0.0,0.0,0.1,0.0,0.0] - [PKTLENS.....: 86,172,132,86,1134,86,1134,1134,86,86,1134,86,1134,86,1134,1134,1134,1134,1134,1134,1134,86,86,86,86,86,86,86,1134,1134,1134,1134] + [PKTLENS.....: 72,158,118,72,1120,72,1120,1120,72,72,1120,72,1120,72,1120,1120,1120,1120,1120,1120,1120,72,72,72,72,72,72,72,1120,1120,1120,1120] + [ENTROPIES...: 5.3,6.2,5.8,5.1,7.8,5.2,7.8,7.8,5.2,5.2,7.8,5.2,7.8,5.3,7.8,7.8,7.8,7.8,7.8,7.8,7.8,5.3,5.2,5.3,5.3,5.2,5.2,5.3,7.8,7.8,7.8,7.8] detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Web][Safe] detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable] detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable] detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable] analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.067| 0.012| 0.020| 413.573| 0.000] - [PKTLEN......: 86.000| 1294.000| 392.400| 464.300|215557.600| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.067| 0.012| 0.020| 413.573| 3.200] + [PKTLEN......: 72.000| 1280.000| 378.400| 464.300| 215557.600| 4.100] [BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0] [IATS(ms)....: 67.4,67.5,0.3,44.1,5.3,0.0,49.1,0.0,0.1,0.1,18.6,10.2,0.7,42.4,12.9,0.2,14.3,2.0,0.0,16.1,2.6,0.0,2.6,0.0,0.1,0.0,0.0,0.0,0.0] - [PKTLENS.....: 94,94,86,603,86,1294,1294,86,86,586,86,150,178,364,86,666,86,117,86,117,86,86,535,1294,86,86,1294,1294,1294,86,86,86] + [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72] + [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,7.8,7.8,5.3,5.2,7.5,5.2,6.2,6.5,7.3,5.0,7.7,5.2,5.9,5.0,5.8,5.1,5.2,7.5,7.8,5.1,5.1,7.8,7.8,7.8,5.2,5.1,5.2] analyse: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.083| 0.015| 0.021| 439.399| 0.000] - [PKTLEN......: 86.000| 1294.000| 398.200| 474.800|225406.500| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.083| 0.015| 0.021| 439.399| 3.600] + [PKTLEN......: 72.000| 1280.000| 384.200| 474.800| 225406.500| 4.100] [BINS(c->s)..: 12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1] [IATS(ms)....: 30.3,30.3,0.2,70.7,12.6,0.0,0.0,83.0,0.1,0.0,0.9,32.4,31.5,5.9,16.3,0.1,34.6,1.9,14.2,7.2,10.7,16.9,0.0,0.0,34.7,0.0,0.0,0.0,0.9] - [PKTLENS.....: 94,94,86,603,86,1294,1294,325,86,86,86,150,86,666,86,178,117,344,86,117,86,86,86,999,1294,1294,1294,86,86,86,86,1294] + [PKTLENS.....: 80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280] + [ENTROPIES...: 4.8,5.3,5.2,4.5,5.1,7.8,7.8,7.2,5.2,5.2,5.2,6.2,5.2,7.6,5.2,6.5,5.8,7.2,5.1,5.7,5.2,5.1,5.2,7.8,7.8,7.8,7.8,5.2,5.2,5.2,5.2,7.8] detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] [TLS][Web][Safe] detected: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS][Web][Safe] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] @@ -172,14 +182,15 @@ new: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] [MIDSTREAM] detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] analyse: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 16.589| 1.119| 4.059|16477581.214| 0.000] - [PKTLEN......: 86.000| 1365.000| 364.400| 367.900|135349.600| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 16.589| 1.119| 4.059| 16477581.214| 1.400] + [PKTLEN......: 72.000| 1351.000| 350.400| 367.900| 135349.600| 4.300] [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,1,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0] [IATS(ms)....: 29.5,29.5,0.2,37.9,9.0,46.8,0.7,0.1,31.0,1.8,7.0,39.1,52.6,52.7,371.9,406.4,20.7,55.2,2.5,32.9,9.3,39.7,16556.7,16588.7,11.4,43.4,16.9,58.4,9.8,93.2,46.8] - [PKTLENS.....: 94,94,86,706,86,356,86,166,503,86,86,373,86,1273,86,838,86,869,86,850,86,356,86,514,86,1365,86,658,86,686,86,670] + [PKTLENS.....: 80,80,72,692,72,342,72,152,489,72,72,359,72,1259,72,824,72,855,72,836,72,342,72,500,72,1351,72,644,72,672,72,656] + [ENTROPIES...: 4.8,5.2,5.2,7.0,5.0,6.8,5.1,6.3,7.5,5.1,5.1,7.3,5.2,7.8,5.2,7.7,5.0,7.7,5.1,7.7,5.0,7.3,5.2,7.6,5.0,7.9,5.2,7.7,5.0,7.6,5.1,7.6] new: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] [MIDSTREAM] guessed: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48988] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Web][Safe] idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48988] -> [...............2a00:1450:4007:811::2004][..443] diff --git a/test/results/flow-info/tunnelbear.pcap.out b/test/results/flow-info/tunnelbear.pcap.out index 581124cef..0c13187ee 100644 --- a/test/results/flow-info/tunnelbear.pcap.out +++ b/test/results/flow-info/tunnelbear.pcap.out @@ -20,14 +20,15 @@ detected: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe] detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe] analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.266| 0.037| 0.060| 3626.297| 0.000] - [PKTLEN......: 54.000| 3711.000| 440.000| 812.300|659832.900| 3.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.266| 0.037| 0.060| 3626.297| 3.500] + [PKTLEN......: 40.000| 3697.000| 426.000| 812.300| 659832.900| 3.500] [BINS(c->s)..: 7,1,1,1,0,0,0,0,1,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1] [IATS(ms)....: 4.8,10.8,0.0,6.0,71.1,71.7,62.5,63.1,0.2,0.1,0.1,0.1,2.3,2.2,58.3,58.8,0.5,0.2,0.2,0.1,0.2,0.1,0.6,0.8,214.5,265.9,52.4,51.4,53.8,54.6,51.8] - [PKTLENS.....: 74,54,54,571,54,3711,54,147,54,590,54,590,54,319,54,390,375,54,590,54,164,54,54,92,54,1646,54,705,54,366,54,2885] + [PKTLENS.....: 60,40,40,557,40,3697,40,133,40,576,40,576,40,305,40,376,361,40,576,40,150,40,40,78,40,1632,40,691,40,352,40,2871] + [ENTROPIES...: 4.5,4.5,4.6,6.1,4.5,7.2,4.5,5.9,4.5,7.4,4.5,7.6,4.6,7.4,4.5,7.1,7.4,4.5,7.6,4.5,6.5,4.5,4.6,5.3,4.5,7.9,4.6,7.6,4.6,7.1,4.6,7.9] new: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] new: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] detected: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] @@ -35,14 +36,15 @@ detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] analyse: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.234| 0.036| 0.055| 3015.001| 0.000] - [PKTLEN......: 54.000| 803.000| 163.700| 198.300|39337.400| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.234| 0.036| 0.055| 3015.001| 3.600] + [PKTLEN......: 40.000| 789.000| 149.700| 198.300| 39337.400| 4.100] [BINS(c->s)..: 9,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0] [IATS(ms)....: 3.4,3.9,2.0,2.9,57.3,108.0,0.8,51.4,0.3,0.1,0.1,0.1,0.1,0.1,50.9,51.9,1.0,50.4,50.8,196.8,233.7,37.7,51.5,50.9,51.1,0.1,51.0,0.5,0.2,0.4,1.0] - [PKTLENS.....: 74,54,54,571,54,210,54,105,54,590,54,590,54,317,54,132,377,54,92,54,803,54,227,54,92,54,85,54,54,54,54,54] + [PKTLENS.....: 60,40,40,557,40,196,40,91,40,576,40,576,40,303,40,118,363,40,78,40,789,40,213,40,78,40,71,40,40,40,40,40] + [ENTROPIES...: 4.5,4.6,4.6,6.1,4.5,6.1,4.7,5.4,4.5,7.4,4.6,7.6,4.5,7.2,4.5,5.9,7.4,4.6,5.3,4.6,7.7,4.7,6.8,4.7,5.3,4.6,5.1,4.5,4.5,4.4,4.5,4.5] new: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] new: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [MIDSTREAM] @@ -91,14 +93,15 @@ detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe] analyse: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.340| 0.040| 0.084| 7024.527| 0.000] - [PKTLEN......: 54.000| 2954.000| 254.400| 516.400|266681.900| 3.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.340| 0.040| 0.084| 7024.527| 3.000] + [PKTLEN......: 40.000| 2940.000| 240.400| 516.400| 266681.900| 3.500] [BINS(c->s)..: 3,3,1,2,0,0,0,0,0,0,2,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,0,1,0,1,1] [IATS(ms)....: 4.1,5.3,2.0,3.4,237.7,240.1,0.0,2.4,9.3,9.4,0.2,0.1,1.4,1.5,0.1,0.1,0.1,0.1,100.5,152.6,52.3,7.0,20.6,16.0,10.0,8.0,0.8,1.3,7.0,6.2,340.4] - [PKTLENS.....: 74,54,54,571,54,210,54,105,54,107,54,140,54,590,54,590,54,179,54,123,92,54,92,375,54,590,54,162,54,377,54,2954] + [PKTLENS.....: 60,40,40,557,40,196,40,91,40,93,40,126,40,576,40,576,40,165,40,109,78,40,78,361,40,576,40,148,40,363,40,2940] + [ENTROPIES...: 4.5,4.5,4.5,6.1,4.6,6.0,4.6,5.4,4.6,5.5,4.6,5.9,4.5,7.6,4.5,7.6,4.6,6.8,4.5,5.9,5.3,4.6,5.3,7.2,4.6,7.6,4.6,6.5,4.6,7.3,4.5,7.9] new: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] detected: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] idle: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] diff --git a/test/results/flow-info/ultrasurf.pcap.out b/test/results/flow-info/ultrasurf.pcap.out index 7bbe734e6..4cddce789 100644 --- a/test/results/flow-info/ultrasurf.pcap.out +++ b/test/results/flow-info/ultrasurf.pcap.out @@ -4,42 +4,45 @@ new: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][VPN][Acceptable] analyse: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.150| 0.021| 0.036| 1271.455| 0.000] - [PKTLEN......: 98.000| 2646.000| 1366.500| 1007.200|1014474.800| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.150| 0.021| 0.036| 1271.455| 3.600] + [PKTLEN......: 80.000| 2628.000| 1348.500| 1007.200| 1014474.800| 4.500] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,10] [BINS(s->c)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,0,0,0,0] [IATS(ms)....: 0.0,21.3,0.0,11.0,29.1,61.5,0.0,10.8,0.0,9.2,30.8,10.8,0.0,20.0,0.0,29.3,0.0,0.0,0.0,9.3,30.6,150.5,0.0,11.9,141.8,0.0,17.9,20.0,0.0,20.0,10.1] - [PKTLENS.....: 2646,2646,1358,1358,2646,2646,98,98,1358,1358,2646,98,1358,1358,1350,2646,98,98,98,98,1358,98,1358,1358,2646,98,98,2646,1358,1358,2646,2646] + [PKTLENS.....: 2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628] + [ENTROPIES...: 7.9,7.9,7.8,7.8,7.9,7.9,5.5,5.4,7.9,7.9,7.9,5.5,7.9,7.9,7.8,7.9,5.5,5.3,5.4,5.4,7.8,5.5,7.8,7.9,7.9,5.5,5.5,7.9,7.9,7.9,7.9,7.9] new: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] detected: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn detection-update: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.271| 0.063| 0.099| 9897.855| 0.000] - [PKTLEN......: 70.000| 1418.000| 367.300| 449.600|202163.000| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.271| 0.063| 0.099| 9897.855| 3.400] + [PKTLEN......: 52.000| 1400.000| 349.300| 449.600| 202163.000| 4.000] [BINS(c->s)..: 7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0] [BINS(s->c)..: 4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1] [IATS(ms)....: 211.2,260.4,0.0,269.6,0.0,10.1,9.9,260.4,0.0,20.0,20.0,10.9,0.0,270.8,9.7,0.0,10.3,229.5,0.0,20.0,40.1,29.9,0.0,10.1,29.9,210.9,0.0,0.0,0.0,9.4,0.0] - [PKTLENS.....: 78,78,70,587,70,1358,1358,1274,70,70,70,134,156,708,125,105,101,126,101,70,112,1418,104,1166,698,668,70,105,262,205,105,131] + [PKTLENS.....: 60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113] + [ENTROPIES...: 4.7,5.2,5.3,6.1,5.1,7.8,7.8,7.8,5.2,5.2,5.2,6.1,6.4,7.7,6.3,5.9,5.7,6.1,5.8,5.2,6.0,7.9,5.9,7.8,7.7,7.7,5.2,5.9,6.9,6.8,5.9,6.2] new: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] detected: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn detection-update: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.269| 0.059| 0.101|10170.351| 0.000] - [PKTLEN......: 70.000| 1418.000| 403.600| 479.700|230117.000| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.269| 0.059| 0.101| 10170.351| 3.100] + [PKTLEN......: 52.000| 1400.000| 385.600| 479.700| 230117.000| 4.100] [BINS(c->s)..: 7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1] [IATS(ms)....: 209.5,239.7,0.0,251.1,0.0,11.4,0.0,260.7,0.0,9.6,20.0,20.0,269.1,20.0,0.0,231.0,0.0,20.0,0.0,0.0,0.0,0.0,0.0,249.6,0.0,0.0,0.0,0.0,10.1,0.0,0.0] - [PKTLENS.....: 78,78,70,587,70,1358,1358,1274,70,70,70,134,386,125,105,157,70,101,1418,446,1418,498,268,252,70,105,131,218,262,105,205,1358] + [PKTLENS.....: 60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340] + [ENTROPIES...: 4.7,5.2,5.0,6.1,5.2,7.8,7.9,7.9,5.2,5.2,5.1,6.0,7.4,6.0,5.8,6.3,5.1,5.7,7.9,7.4,7.8,7.6,7.1,7.0,5.1,5.9,6.1,6.8,6.9,5.9,6.8,7.9] end: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][VPN][Acceptable] end: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn diff --git a/test/results/flow-info/viber.pcap.out b/test/results/flow-info/viber.pcap.out index dfa723c25..49b65212a 100644 --- a/test/results/flow-info/viber.pcap.out +++ b/test/results/flow-info/viber.pcap.out @@ -33,14 +33,15 @@ detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] analyse: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.048| 0.009| 0.015| 217.133| 0.000] - [PKTLEN......: 66.000| 1514.000| 728.100| 673.400|453425.200| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.048| 0.009| 0.015| 217.133| 3.300] + [PKTLEN......: 52.000| 1500.000| 714.100| 673.400| 453425.200| 4.300] [BINS(c->s)..: 11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0] [IATS(ms)....: 19.5,21.7,1.0,22.3,3.2,0.2,0.0,0.2,39.4,0.1,0.6,0.3,10.8,47.8,22.3,40.8,0.3,0.1,0.2,0.3,0.0,0.2,0.3,0.2,0.2,0.5,41.2,0.1,0.0,0.0,1.1] - [PKTLENS.....: 74,74,66,249,66,1514,1514,1514,411,66,66,66,66,192,308,774,1514,1514,1514,1514,1514,1514,1514,1514,1514,1514,808,66,66,66,66,66] + [PKTLENS.....: 60,60,52,235,52,1500,1500,1500,397,52,52,52,52,178,294,760,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,794,52,52,52,52,52] + [ENTROPIES...: 4.6,5.2,5.2,5.6,5.1,7.2,7.5,7.5,7.3,5.1,5.2,5.2,5.2,6.4,7.2,7.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.7,5.2,5.2,5.1,5.2,5.1] detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] new: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443] new: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] @@ -60,14 +61,15 @@ detected: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe] detection-update: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe] analyse: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 10.702| 1.934| 2.902|8424002.683| 0.000] - [PKTLEN......: 66.000| 596.000| 155.700| 133.200|17739.800| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.702| 1.934| 2.902| 8424002.683| 3.500] + [PKTLEN......: 52.000| 582.000| 141.700| 133.200| 17739.800| 4.500] [BINS(c->s)..: 4,1,6,2,0,0,0,0,0,0,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,1,1,0,1,0] [IATS(ms)....: 54.2,95.9,0.3,44.0,41.8,57.0,16.1,92.1,91.6,10563.9,10701.7,4192.1,4152.7,4422.1,4422.1,309.5,309.6,21.6,197.0,0.1,215.0,3974.5,3934.9,3635.3,52.6,3635.3,52.6,12.7,140.8,167.5,4361.2] - [PKTLENS.....: 167,122,66,142,66,508,130,66,134,66,163,66,160,66,160,66,405,66,164,66,150,66,160,66,160,424,66,66,164,150,66,596] + [PKTLENS.....: 153,108,52,128,52,494,116,52,120,52,149,52,146,52,146,52,391,52,150,52,136,52,146,52,146,410,52,52,150,136,52,582] + [ENTROPIES...: 6.4,6.0,4.8,6.2,5.0,7.6,6.1,5.0,6.1,4.9,6.3,4.9,6.4,5.0,6.5,4.9,7.4,5.0,6.5,5.0,6.3,5.0,6.5,5.0,6.4,7.4,5.0,5.0,6.5,6.4,5.0,7.6] guessed: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] [Viber][VoIP][Acceptable] detected: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] [Viber][VoIP][Acceptable] new: [....18] [ip4][..tcp] [...192.168.0.17][45424] -> [....18.201.4.32][..443] @@ -80,14 +82,15 @@ detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] analyse: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.525| 0.329| 0.210|44226.417| 0.000] - [PKTLEN......: 62.000| 299.000| 163.200| 100.400|10086.100| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.525| 0.329| 0.210| 44226.417| 4.600] + [PKTLEN......: 48.000| 285.000| 149.200| 100.400| 10086.100| 4.700] [BINS(c->s)..: 6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 0.1,33.1,500.3,500.3,503.5,15.2,503.2,15.3,516.1,515.7,477.7,477.6,36.8,36.8,525.0,525.0,440.4,440.7,68.1,67.8,523.1,523.2,412.0,411.8,84.1,84.2,517.8,517.8,399.8,399.7,114.8] - [PKTLENS.....: 299,62,118,299,118,62,299,76,118,299,118,62,76,299,118,299,118,62,76,299,118,299,118,62,76,299,118,299,118,62,76,299] + [PKTLENS.....: 285,48,104,285,104,48,285,62,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285] + [ENTROPIES...: 6.4,5.1,3.4,6.5,3.5,5.1,6.5,4.0,3.5,6.5,3.5,5.1,4.0,6.4,3.5,6.5,3.4,5.0,4.0,6.4,3.5,6.4,3.5,5.1,4.0,6.5,3.5,6.4,3.5,5.1,4.0,6.5] new: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443] new: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] detected: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][VoIP][Acceptable] @@ -95,14 +98,15 @@ detected: [....24] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7987] [Viber][VoIP][Acceptable] update: [....15] [ip6][icmp6] [..............fe80::3207:4dff:fea3:5fa7] -> [................................ff02::2] [ICMPV6][Network][Acceptable] analyse: [....23] [ip4][..udp] [...192.168.0.17][38190] -> [.....18.201.4.3][.7985] [Viber][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.531| 0.262| 0.245|59968.385| 0.000] - [PKTLEN......: 54.000| 299.000| 143.800| 99.700| 9932.100| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.531| 0.262| 0.245| 59968.385| 4.100] + [PKTLEN......: 40.000| 285.000| 129.800| 99.700| 9932.100| 4.600] [BINS(c->s)..: 10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0] [IATS(ms)....: 2.5,0.1,31.7,2.3,505.5,505.7,496.9,2.1,6.7,496.6,8.7,505.3,505.4,490.8,0.1,15.0,490.7,15.1,513.2,513.2,531.4,0.1,0.0,531.4,0.2,492.9,493.0,448.2,0.1,448.1,58.4] - [PKTLENS.....: 299,60,62,118,76,299,118,62,54,299,76,118,299,118,62,54,299,76,118,299,118,62,54,299,76,118,299,118,62,54,76,299] + [PKTLENS.....: 285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285] + [ENTROPIES...: 6.3,4.5,5.0,3.5,4.0,6.4,3.5,5.1,4.4,6.4,4.0,3.5,6.3,3.5,5.0,4.4,6.3,3.9,3.4,6.4,3.5,5.0,4.4,6.3,3.9,3.5,6.4,3.5,5.0,4.4,4.0,6.4] new: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] detected: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Web][Acceptable] detection-update: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Web][Acceptable] diff --git a/test/results/flow-info/vnc.pcap.out b/test/results/flow-info/vnc.pcap.out index 4b435b887..f92c0b3b6 100644 --- a/test/results/flow-info/vnc.pcap.out +++ b/test/results/flow-info/vnc.pcap.out @@ -5,26 +5,28 @@ detected: [.....1] [ip4][..tcp] [..95.237.48.208][59791] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing analyse: [.....1] [ip4][..tcp] [..95.237.48.208][59791] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.545| 0.058| 0.113|12857.595| 0.000] - [PKTLEN......: 54.000| 89.000| 70.600| 12.800| 163.200| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.545| 0.058| 0.113| 12857.595| 3.200] + [PKTLEN......: 40.000| 75.000| 56.600| 12.800| 163.200| 5.000] [BINS(c->s)..: 12,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,1,1,1,0,0,0,1] [IATS(ms)....: 0.5,38.8,49.9,50.3,38.8,37.1,157.8,7.0,164.5,0.7,37.5,0.2,0.0,36.4,0.0,37.3,1.2,0.0,0.2,0.7,0.0,0.7,0.5,199.0,310.3,0.0,0.1,545.3,0.7,22.3,59.5] - [PKTLENS.....: 66,66,60,66,66,62,60,54,73,60,83,88,88,76,60,89,54,88,86,54,82,86,54,77,54,84,82,86,60,60,81,54] + [PKTLENS.....: 52,52,46,52,52,48,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,40,63,40,70,68,72,46,46,67,40] + [ENTROPIES...: 4.6,4.9,4.6,5.0,5.1,5.0,4.8,4.7,5.3,4.6,5.6,5.6,5.9,5.4,4.6,5.8,4.7,5.8,5.7,4.7,5.7,5.7,4.6,5.6,4.7,5.6,5.6,5.5,4.5,4.5,5.6,4.7] new: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] detected: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing analyse: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.539| 0.054| 0.125|15641.482| 0.000] - [PKTLEN......: 54.000| 89.000| 70.800| 12.600| 158.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.539| 0.054| 0.125| 15641.482| 3.000] + [PKTLEN......: 40.000| 75.000| 56.800| 12.600| 158.000| 5.000] [BINS(c->s)..: 13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0] [IATS(ms)....: 0.1,37.5,48.7,49.6,38.3,36.9,46.4,48.5,45.7,1.7,45.5,0.2,37.4,0.5,0.4,36.8,3.0,39.9,0.8,0.2,0.8,0.8,0.2,0.0,1.0,501.8,0.0,0.7,538.8,0.0,97.7] - [PKTLENS.....: 66,66,60,66,66,62,60,54,60,54,73,60,83,88,88,76,60,89,54,88,86,54,82,86,77,54,84,82,86,60,60,81] + [PKTLENS.....: 52,52,46,52,52,48,46,40,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,63,40,70,68,72,46,46,67] + [ENTROPIES...: 4.5,4.9,4.7,5.0,5.2,5.0,4.7,4.7,4.6,4.7,5.2,4.7,5.6,5.7,5.7,5.5,4.6,5.7,4.7,5.8,5.7,4.6,5.5,5.6,5.4,4.6,5.6,5.5,5.5,4.5,4.6,5.6] idle: [.....2] [ip4][..tcp] [..95.237.48.208][51559] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing end: [.....1] [ip4][..tcp] [..95.237.48.208][59791] -> [..192.168.2.110][.6900] [VNC][RemoteAccess][Acceptable] diff --git a/test/results/flow-info/vxlan.pcap.out b/test/results/flow-info/vxlan.pcap.out index 42f7c2f34..25d4bb6c7 100644 --- a/test/results/flow-info/vxlan.pcap.out +++ b/test/results/flow-info/vxlan.pcap.out @@ -20,23 +20,25 @@ new: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] detected: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Network][Acceptable] analyse: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.141| 0.010| 0.031| 963.930| 0.000] - [PKTLEN......: 120.000| 1500.000| 1169.700| 546.600|298767.600| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.141| 0.010| 0.031| 963.930| 2.200] + [PKTLEN......: 102.000| 1482.000| 1151.700| 546.600| 298767.600| 4.800] [BINS(c->s)..: 0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 10.5,1.4,0.1,0.0,11.4,0.5,9.5,113.3,10.6,140.6,0.1,0.1,3.1,0.2,0.6,0.2,1.3,0.2,1.3,3.6,0.2,0.4,0.2,2.3,0.2,0.3,0.2,0.8,0.2,0.7,0.2] - [PKTLENS.....: 128,120,1500,1500,588,120,289,120,572,120,1500,1500,874,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] + [PKTLENS.....: 110,102,1482,1482,570,102,271,102,554,102,1482,1482,856,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482] + [ENTROPIES...: 5.6,5.7,7.8,7.9,7.6,5.6,7.1,5.6,7.6,5.6,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9] analyse: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.151| 0.011| 0.030| 901.957| 0.000] - [PKTLEN......: 120.000| 438.000| 143.100| 68.200| 4655.600| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.151| 0.011| 0.030| 901.957| 2.500] + [PKTLEN......: 102.000| 420.000| 125.100| 68.200| 4655.600| 4.800] [BINS(c->s)..: 0,0,28,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 10.3,0.3,11.5,0.2,0.0,1.3,10.0,41.8,81.5,0.4,150.8,3.1,0.8,1.5,1.4,3.8,0.6,2.5,0.5,1.0,0.9,0.8,0.7,0.8,0.7,2.1,0.3,0.4,2.3,0.4,0.2] - [PKTLENS.....: 128,120,438,120,120,120,184,285,120,120,303,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120] + [PKTLENS.....: 110,102,420,102,102,102,166,267,102,102,285,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102] + [ENTROPIES...: 5.3,5.6,6.2,5.6,5.6,5.6,6.3,6.9,5.6,5.6,7.0,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.5,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.7] idle: [.....5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Network][Acceptable] idle: [.....6] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Network][Acceptable] idle: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Network][Acceptable] diff --git a/test/results/flow-info/wa_video.pcap.out b/test/results/flow-info/wa_video.pcap.out index 4fefc2819..5ab984b25 100644 --- a/test/results/flow-info/wa_video.pcap.out +++ b/test/results/flow-info/wa_video.pcap.out @@ -17,25 +17,27 @@ new: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] detected: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] analyse: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.404| 0.182| 0.481|231053.525| 0.000] - [PKTLEN......: 66.000| 1454.000| 282.400| 335.200|112371.900| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.404| 0.182| 0.481| 231053.525| 2.400] + [PKTLEN......: 52.000| 1440.000| 268.400| 335.200| 112371.900| 4.200] [BINS(c->s)..: 11,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,1,1,4,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0] [IATS(ms)....: 51.7,176.8,0.0,439.6,1227.8,0.8,306.1,108.9,2404.5,0.2,0.0,0.3,0.0,0.0,0.3,133.1,0.6,40.7,0.3,7.7,7.9,1.7,1.6,528.8,1.1,0.7,0.7,0.7,2.7,2.6] - [PKTLENS.....: 614,66,1454,169,522,522,346,203,239,1454,66,66,78,66,66,66,78,242,242,66,66,242,66,418,66,228,226,220,220,220,220,220] + [PKTLENS.....: 600,52,1440,155,508,508,332,189,225,1440,52,52,64,52,52,52,64,228,228,52,52,228,52,404,52,214,212,206,206,206,206,206] + [ENTROPIES...: 7.6,5.1,7.9,6.7,7.6,7.6,7.3,6.7,7.0,7.9,5.0,5.1,5.1,5.1,5.1,5.1,5.2,7.0,7.0,5.1,5.1,7.0,5.1,7.5,5.1,6.9,6.9,6.9,6.9,6.9,6.8,7.0] guessed: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable] detected: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable] analyse: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.550| 0.064| 0.136|18373.693| 0.000] - [PKTLEN......: 44.000| 514.000| 345.600| 205.800|42355.100| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.550| 0.064| 0.136| 18373.693| 3.100] + [PKTLEN......: 30.000| 500.000| 331.600| 205.800| 42355.100| 4.700] [BINS(c->s)..: 3,0,0,4,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,4,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0] [IATS(ms)....: 0.1,13.1,1.1,548.2,0.8,550.1,16.2,0.1,20.3,0.1,23.6,0.6,14.5,1.0,0.1,79.3,29.6,0.1,23.2,0.2,20.0,0.3,24.4,3.5,104.4,150.5,15.9,197.6,75.4,2.5,68.2] - [PKTLENS.....: 168,168,86,86,168,514,86,514,514,514,514,514,514,48,514,514,44,514,514,514,514,514,514,514,168,86,62,514,62,514,514,62] + [PKTLENS.....: 154,154,72,72,154,500,72,500,500,500,500,500,500,34,500,500,30,500,500,500,500,500,500,500,154,72,48,500,48,500,500,48] + [ENTROPIES...: 6.5,6.5,5.2,5.3,6.5,7.4,5.3,7.5,7.5,7.5,7.5,7.4,7.5,4.6,7.5,7.5,4.5,7.5,7.5,7.5,7.4,7.5,7.4,7.4,6.5,5.3,3.8,7.3,3.8,7.4,7.4,4.2] new: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] detected: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] new: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] @@ -45,14 +47,15 @@ detected: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.979| 0.150| 0.383|146861.081| 0.000] - [PKTLEN......: 86.000| 1160.000| 537.500| 432.000|186635.800| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.979| 0.150| 0.383| 146861.081| 2.700] + [PKTLEN......: 72.000| 1146.000| 523.500| 432.000| 186635.800| 4.500] [BINS(c->s)..: 0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1] [IATS(ms)....: 707.1,619.8,619.1,1979.4,36.3,69.7,132.0,26.4,100.1,1.5,36.5,24.6,0.1,0.2,0.3,0.3,10.7,26.1,102.4,15.1,0.3,0.6,0.5,0.9,0.2,0.8,7.6,0.9,0.1,0.6,131.2] - [PKTLENS.....: 86,86,86,86,86,86,86,170,86,179,164,144,913,913,913,912,1160,208,157,212,1036,1036,1036,1036,1036,1034,164,934,934,934,1062,224] + [PKTLENS.....: 72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210] + [ENTROPIES...: 5.6,5.7,5.5,5.6,5.4,5.5,5.6,6.6,5.7,6.7,6.5,6.4,7.7,7.8,7.8,7.8,7.8,6.7,6.4,6.9,7.8,7.8,7.8,7.8,7.8,7.8,6.6,7.8,7.8,7.8,7.8,7.0] new: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] detected: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] new: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] diff --git a/test/results/flow-info/wa_voice.pcap.out b/test/results/flow-info/wa_voice.pcap.out index 7dd27a4da..2d1869450 100644 --- a/test/results/flow-info/wa_voice.pcap.out +++ b/test/results/flow-info/wa_voice.pcap.out @@ -14,14 +14,15 @@ new: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] detected: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable] analyse: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.304| 0.044| 0.076| 5836.115| 0.000] - [PKTLEN......: 66.000| 1454.000| 309.400| 467.500|218553.500| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.304| 0.044| 0.076| 5836.115| 3.200] + [PKTLEN......: 52.000| 1440.000| 295.400| 467.500| 218553.500| 3.800] [BINS(c->s)..: 11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1] [IATS(ms)....: 40.7,137.0,170.4,304.1,130.2,0.1,31.0,5.3,0.0,0.4,0.0,0.2,0.0,1.2,210.1,0.3,0.0,0.0,0.2,0.0,0.3,41.4,129.9,0.1,0.0,0.0,0.0,1.0,24.3,131.9,0.0] - [PKTLENS.....: 78,74,66,322,66,123,117,151,1454,106,1454,169,1454,178,1454,66,66,66,66,66,66,66,1059,98,112,133,96,125,66,352,66,66] + [PKTLENS.....: 64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52] + [ENTROPIES...: 4.5,5.1,5.0,7.2,5.1,6.1,6.0,6.5,7.9,5.9,7.9,6.7,7.9,6.7,7.9,5.0,5.0,5.0,5.1,5.1,5.1,5.0,7.8,5.6,5.9,6.2,5.7,6.2,5.0,7.3,5.0,5.0] new: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable] detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable] @@ -29,14 +30,15 @@ detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] analyse: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.163| 0.021| 0.048| 2262.349| 0.000] - [PKTLEN......: 66.000| 1454.000| 357.600| 489.700|239839.300| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.163| 0.021| 0.048| 2262.349| 2.500] + [PKTLEN......: 52.000| 1440.000| 343.600| 489.700| 239839.300| 3.900] [BINS(c->s)..: 10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0] [IATS(ms)....: 19.7,127.7,2.8,126.3,2.9,0.0,0.0,21.0,0.2,145.2,0.0,0.0,0.0,0.0,0.0,163.3,0.0,0.0,0.2,0.0,0.0,17.5,0.3,0.0,0.0,2.4,0.3,0.1,0.4,0.6] - [PKTLENS.....: 78,74,66,583,66,1454,1454,349,66,66,130,112,109,101,402,325,66,237,140,97,66,114,498,66,66,66,66,1454,66,1454,1454,97] + [PKTLENS.....: 64,60,52,569,52,1440,1440,335,52,52,116,98,95,87,388,311,52,223,126,83,52,100,484,52,52,52,52,1440,52,1440,1440,83] + [ENTROPIES...: 4.5,5.2,5.0,5.0,5.1,7.8,7.9,7.4,5.0,5.1,6.0,6.0,6.0,5.7,7.3,7.2,5.1,7.0,6.3,5.8,5.0,6.0,7.5,4.9,5.0,5.0,4.9,7.9,5.0,7.9,7.9,5.7] new: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] detected: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] new: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [MIDSTREAM] @@ -68,40 +70,43 @@ detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] analyse: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.129| 0.020| 0.031| 949.768| 0.000] - [PKTLEN......: 66.000| 1454.000| 388.400| 526.300|277041.400| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.129| 0.020| 0.031| 949.768| 3.500] + [PKTLEN......: 52.000| 1440.000| 374.400| 526.300| 277041.400| 3.900] [BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1] [IATS(ms)....: 37.2,39.0,11.1,51.5,1.0,0.1,0.0,42.8,0.1,34.6,3.8,0.4,0.2,0.3,76.2,0.0,34.9,0.4,0.3,3.6,0.0,2.9,1.3,3.4,77.4,53.7,129.1,1.4,0.0,0.2,0.1] - [PKTLENS.....: 78,74,66,583,66,1454,1454,347,66,66,130,112,109,101,258,237,140,66,66,97,66,97,66,101,66,66,516,66,1454,1454,1454,1454] + [PKTLENS.....: 64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440] + [ENTROPIES...: 4.4,5.1,4.9,4.8,5.0,7.8,7.9,7.3,4.9,4.9,6.1,5.9,5.9,5.8,7.0,7.0,6.4,4.9,4.9,5.6,5.1,5.8,5.0,5.9,4.9,5.0,7.6,4.9,7.9,7.9,7.8,7.8] new: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] detected: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] new: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 12.196| 1.588| 3.050|9304956.469| 0.000] - [PKTLEN......: 44.000| 320.000| 124.000| 87.200| 7598.900| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 12.196| 1.588| 3.050| 9304956.469| 3.200] + [PKTLEN......: 30.000| 306.000| 110.000| 87.200| 7598.900| 4.600] [BINS(c->s)..: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1] [IATS(ms)....: 0.1,13.4,0.1,12194.2,12196.2,104.4,0.1,105.1,0.0,108.6,104.6,3043.3,3048.9,3100.9,3096.0,3015.3,3016.6,2001.9,2.2,107.1,164.0,190.1,88.5,28.8,198.6,134.0,3008.1,91.0,35.6,0.3,36.5] - [PKTLENS.....: 168,168,86,86,48,44,168,168,86,86,48,44,48,44,48,44,48,44,88,68,246,275,254,164,320,248,316,48,44,168,168,86] + [PKTLENS.....: 154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72] + [ENTROPIES...: 6.5,6.5,5.3,5.3,4.6,4.5,6.5,6.5,5.2,5.1,4.6,4.5,4.6,4.5,4.6,4.5,4.6,4.5,5.7,5.2,7.0,7.1,7.1,6.6,7.3,7.0,7.2,4.6,4.5,6.5,6.5,5.2] new: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.204| 0.182| 0.229|52393.320| 0.000] - [PKTLEN......: 68.000| 315.000| 158.900| 51.700| 2672.500| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.204| 0.182| 0.229| 52393.320| 4.200] + [PKTLEN......: 54.000| 301.000| 144.900| 51.700| 2672.500| 4.900] [BINS(c->s)..: 1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1] [IATS(ms)....: 578.2,623.6,1203.7,72.5,167.2,11.6,115.7,158.4,0.0,172.8,173.6,169.8,156.2,136.6,155.3,179.8,99.3,157.4,38.3,163.4,181.3,166.6,142.4,3.0,26.0,115.3,6.1,171.8,106.3,56.2,143.4] - [PKTLENS.....: 86,86,86,86,86,86,213,274,164,175,315,151,173,173,147,163,150,164,186,178,169,173,178,184,164,68,164,164,170,164,153,193] + [PKTLENS.....: 72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179] + [ENTROPIES...: 5.5,5.6,5.5,5.6,5.5,5.6,6.9,7.1,6.7,6.6,7.3,6.5,6.7,6.6,6.5,6.6,6.5,6.6,6.7,6.8,6.7,6.7,6.7,6.7,6.5,5.2,6.6,6.6,6.7,6.6,6.6,6.8] detection-update: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] new: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [MIDSTREAM] diff --git a/test/results/flow-info/waze.pcap.out b/test/results/flow-info/waze.pcap.out index ec2ec66fb..50b1e5d3d 100644 --- a/test/results/flow-info/waze.pcap.out +++ b/test/results/flow-info/waze.pcap.out @@ -65,23 +65,25 @@ detected: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] analyse: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.002| 3.681| 0.340| 0.885|782653.260| 0.000] - [PKTLEN......: 54.000|11833.000| 1966.700| 3090.500|9551439.000| 3.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.002| 3.681| 0.340| 0.885| 782653.260| 2.800] + [PKTLEN......: 40.000|11819.000| 1952.700| 3090.500| 9551440.000| 3.500] [BINS(c->s)..: 15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 3.7,3.9,21.8,22.4,3678.0,3680.6,286.1,284.3,338.9,393.5,330.3,329.4,54.6,2.0,179.3,179.5,2.6,51.2,50.7,3.1,28.5,76.3,51.1,51.3,122.7,73.5,10.2,59.1,52.6,58.3,56.5] - [PKTLENS.....: 74,54,54,317,54,1422,54,2790,54,5526,54,8262,54,2687,54,1422,54,1422,54,9630,54,2790,54,5526,54,5526,54,2790,54,11833,54,54] + [PKTLENS.....: 60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40] + [ENTROPIES...: 4.4,4.7,4.7,5.5,4.6,7.0,4.6,6.9,4.6,5.6,4.7,6.8,4.7,7.0,4.6,3.0,4.6,7.0,4.7,6.2,4.7,6.6,4.7,1.7,4.7,1.7,4.7,1.4,4.6,1.7,4.7,4.7] analyse: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.659| 0.289| 0.505|255075.107| 0.000] - [PKTLEN......: 54.000| 5515.000| 567.800| 1270.800|1615041.000| 3.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.659| 0.289| 0.505| 255075.107| 3.300] + [PKTLEN......: 40.000| 5501.000| 553.800| 1270.800| 1615041.000| 3.000] [BINS(c->s)..: 5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1] [IATS(ms)....: 1.2,10.9,357.2,367.1,474.4,475.3,8.1,9.0,265.9,317.7,52.0,0.9,0.6,0.3,0.3,1430.1,1483.3,119.5,172.8,51.4,51.9,1.4,0.9,0.5,0.4,0.3,0.4,1601.9,1658.8,0.2,57.1] - [PKTLENS.....: 74,54,54,236,54,3201,54,380,54,288,203,54,590,54,115,54,5515,54,203,54,590,54,590,54,590,54,115,54,4411,54,203,54] + [PKTLENS.....: 60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40] + [ENTROPIES...: 4.3,4.7,4.7,5.2,4.7,7.4,4.6,7.3,4.7,7.0,6.9,4.6,7.6,4.7,6.1,4.6,8.0,4.7,6.8,4.6,7.6,4.6,7.7,4.6,7.6,4.7,6.2,4.7,8.0,4.6,6.8,4.6] detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable] @@ -128,34 +130,37 @@ new: [....29] [ip4][..tcp] [.......10.8.0.1][43089] -> [..200.160.4.198][..443] [MIDSTREAM] new: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [MIDSTREAM] analyse: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.416| 0.170| 0.135|18249.146| 0.000] - [PKTLEN......: 54.000|21942.000| 1838.800| 4660.800|21723254.000| 2.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.416| 0.170| 0.135| 18249.146| 4.400] + [PKTLEN......: 40.000|21928.000| 1824.800| 4660.800| 21723256.000| 2.600] [BINS(c->s)..: 12,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,1] [IATS(ms)....: 1.3,1.6,226.9,227.5,336.5,387.2,51.3,1.2,297.2,297.8,252.5,309.4,358.7,415.9,0.8,0.5,0.5,0.6,254.3,305.5,51.8,52.5,211.3,161.3,248.0,249.1,81.3,79.5,208.7,209.7,0.6] - [PKTLENS.....: 74,54,54,236,54,1422,54,2177,54,188,54,288,54,203,54,590,54,77,54,1422,54,12366,54,5526,54,21942,54,11359,54,54,54,54] + [PKTLENS.....: 60,40,40,222,40,1408,40,2163,40,174,40,274,40,189,40,576,40,63,40,1408,40,12352,40,5512,40,21928,40,11345,40,40,40,40] + [ENTROPIES...: 4.4,4.8,4.7,5.3,4.7,7.2,4.7,7.6,4.7,6.5,4.8,7.1,4.7,6.9,4.8,7.6,4.7,5.6,4.7,7.9,4.7,8.0,4.7,8.0,4.6,8.0,4.7,8.0,4.7,4.7,4.7,4.7] analyse: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.449| 0.192| 0.280|78147.936| 0.000] - [PKTLEN......: 54.000|11186.000| 1394.300| 2994.000|8963944.000| 3.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.449| 0.192| 0.280| 78147.936| 3.800] + [PKTLEN......: 40.000|11172.000| 1380.300| 2994.000| 8963944.000| 2.900] [BINS(c->s)..: 12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0] [IATS(ms)....: 2.4,2.8,291.8,292.5,279.8,332.4,52.7,50.7,425.1,475.7,259.9,310.7,0.7,51.4,0.6,0.7,0.5,0.3,293.9,546.0,252.8,1.5,20.2,21.2,56.9,56.8,156.2,205.9,52.7,4.2,1449.2] - [PKTLENS.....: 74,54,54,236,54,1066,54,2533,54,188,54,288,54,590,54,403,54,91,54,10174,54,8150,54,1066,54,11186,54,1066,54,6590,54,54] + [PKTLENS.....: 60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40] + [ENTROPIES...: 4.4,4.8,4.8,5.2,4.7,7.0,4.8,7.6,4.6,6.6,4.7,7.0,4.7,7.6,4.8,7.4,4.7,5.7,4.7,8.0,4.8,8.0,4.7,7.8,4.7,8.0,4.8,7.8,4.8,8.0,4.7,4.8] detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) analyse: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 5.891| 1.026| 1.779|3164212.036| 0.000] - [PKTLEN......: 54.000| 3660.000| 366.100| 731.900|535720.000| 3.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 5.891| 1.026| 1.779| 3164212.036| 3.400] + [PKTLEN......: 40.000| 3646.000| 352.100| 731.900| 535720.000| 3.400] [BINS(c->s)..: 10,0,0,0,1,2,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1] [IATS(ms)....: 9.1,9.5,461.2,462.1,319.2,370.8,51.5,0.6,58.7,59.3,267.3,318.5,5838.7,5890.9,1.9,3.1,232.7,285.9,1892.6,1892.4,50.9,52.2,293.0,345.1,0.6,0.4,1258.6,1310.0,5014.8,5014.5,51.5] - [PKTLENS.....: 74,54,54,236,54,1066,54,2189,54,380,54,288,54,235,54,555,54,107,54,1066,54,3660,54,203,54,315,54,331,54,91,54,54] + [PKTLENS.....: 60,40,40,222,40,1052,40,2175,40,366,40,274,40,221,40,541,40,93,40,1052,40,3646,40,189,40,301,40,317,40,77,40,40] + [ENTROPIES...: 4.3,4.7,4.7,5.2,4.6,7.0,4.7,7.5,4.6,7.3,4.7,7.0,4.7,7.0,4.7,7.5,4.7,6.1,4.7,7.8,4.7,7.9,4.7,6.8,4.7,7.2,4.7,7.3,4.7,5.7,4.6,4.7] new: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] detected: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] RISK: Obsolete TLS (v1.1 or older) diff --git a/test/results/flow-info/webex.pcap.out b/test/results/flow-info/webex.pcap.out index aed878e15..6f601de5c 100644 --- a/test/results/flow-info/webex.pcap.out +++ b/test/results/flow-info/webex.pcap.out @@ -7,14 +7,15 @@ detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.557| 0.113| 0.156|24421.341| 0.000] - [PKTLEN......: 54.000| 2774.000| 401.900| 588.900|346810.600| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.557| 0.113| 0.156| 24421.341| 3.700] + [PKTLEN......: 40.000| 2760.000| 387.900| 588.900| 346810.600| 3.800] [BINS(c->s)..: 9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0] [IATS(ms)....: 6.5,6.7,0.2,0.6,505.7,557.3,57.9,60.1,0.9,55.6,257.5,309.3,10.1,61.4,0.8,0.7,299.2,351.3,56.0,56.2,0.8,52.9,0.4,2.8,268.6,322.3,52.3,51.9,18.4,69.5,0.5] - [PKTLENS.....: 74,54,54,249,54,2774,54,1273,54,364,54,97,54,590,54,138,54,1414,54,823,54,590,54,328,54,1414,54,762,54,590,54,518] + [PKTLENS.....: 60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504] + [ENTROPIES...: 4.4,4.7,4.7,5.5,4.7,7.3,4.8,7.1,4.7,7.2,4.6,5.6,4.6,7.7,4.5,6.3,4.6,7.9,4.7,7.8,4.8,7.6,4.6,7.3,4.7,7.9,4.7,7.7,4.7,7.6,4.5,7.6] detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] RISK: TLS (probably) Not Carrying HTTPS new: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] @@ -33,14 +34,15 @@ detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.455| 0.115| 0.126|15828.845| 0.000] - [PKTLEN......: 54.000|18020.000| 1588.700| 3700.100|13691056.000| 2.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.455| 0.115| 0.126| 15828.845| 4.100] + [PKTLEN......: 40.000|18006.000| 1574.700| 3700.100| 13691057.000| 2.900] [BINS(c->s)..: 10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 5.6,6.8,0.2,1.5,404.7,455.3,0.6,51.3,245.8,245.9,0.4,0.3,223.3,274.8,51.6,0.4,0.3,283.1,286.1,84.1,131.8,50.9,51.2,56.8,56.7,181.0,181.0,56.1,58.6,54.5,58.4] - [PKTLENS.....: 74,54,54,281,54,183,54,97,54,590,54,533,54,1658,590,54,503,54,6854,54,1414,54,9477,54,1414,54,1414,54,18020,54,6871,54] + [PKTLENS.....: 60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40] + [ENTROPIES...: 4.4,4.7,4.6,5.9,4.7,6.4,4.7,5.6,4.6,7.6,4.7,7.6,4.7,7.9,7.6,4.6,7.6,4.7,8.0,4.6,7.9,4.6,8.0,4.6,7.9,4.7,7.9,4.6,8.0,4.6,8.0,4.7] new: [.....5] [ip4][..tcp] [..10.133.206.47][54651] -> [..185.63.147.10][..443] [MIDSTREAM] new: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] [MIDSTREAM] new: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] @@ -59,14 +61,15 @@ detection-update: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher analyse: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.031| 0.154| 0.247|61096.366| 0.000] - [PKTLEN......: 54.000| 8901.000| 1122.500| 2294.900|5266404.000| 3.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.031| 0.154| 0.247| 61096.366| 3.800] + [PKTLEN......: 40.000| 8887.000| 1108.500| 2294.900| 5266403.500| 3.100] [BINS(c->s)..: 12,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,4] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 3.1,3.2,1.9,2.2,397.0,448.1,52.0,52.1,0.4,52.4,209.8,261.8,51.8,1.3,1.0,979.9,1031.5,52.6,53.5,94.1,93.8,53.1,53.9,119.1,117.5,148.4,147.8,51.4,51.4,96.7,96.6] - [PKTLENS.....: 74,54,54,117,54,1414,54,2633,54,380,54,113,590,54,88,54,1414,54,8171,54,1414,54,8901,54,187,54,1414,54,6731,54,1414,54] + [PKTLENS.....: 60,40,40,103,40,1400,40,2619,40,366,40,99,576,40,74,40,1400,40,8157,40,1400,40,8887,40,173,40,1400,40,6717,40,1400,40] + [ENTROPIES...: 4.4,4.7,4.7,5.3,4.6,7.2,4.7,7.2,4.6,7.3,4.6,6.0,7.6,4.5,5.7,4.6,7.9,4.7,8.0,4.7,7.9,4.7,8.0,4.7,6.8,4.6,7.9,4.6,8.0,4.7,7.9,4.7] new: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] new: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] detected: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] [TLS.Webex][VoIP][Acceptable] @@ -192,25 +195,27 @@ detected: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older) analyse: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.215| 0.340| 0.548|300050.219| 0.000] - [PKTLEN......: 54.000|10581.000| 633.600| 1915.700|3669828.500| 2.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.215| 0.340| 0.548| 300050.219| 3.700] + [PKTLEN......: 40.000|10567.000| 619.600| 1915.700| 3669828.500| 2.500] [BINS(c->s)..: 13,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,1,1,0,1,1,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] [IATS(ms)....: 14.2,16.6,0.1,3.2,966.8,968.2,50.6,52.1,160.0,217.3,56.9,151.8,203.4,506.4,456.2,506.1,506.2,258.0,307.3,51.0,1.8,210.7,261.7,55.5,54.3,51.9,51.3,2214.6,2165.1,3.2,2.9] - [PKTLENS.....: 74,54,54,117,54,3961,54,380,54,113,528,54,272,54,1024,54,10581,54,171,54,288,54,123,54,219,54,399,54,560,54,602,54] + [PKTLENS.....: 60,40,40,103,40,3947,40,366,40,99,514,40,258,40,1010,40,10567,40,157,40,274,40,109,40,205,40,385,40,546,40,588,40] + [ENTROPIES...: 4.5,4.8,4.8,5.4,4.7,7.3,4.8,7.2,4.7,5.9,7.5,4.7,7.2,4.7,7.7,4.8,8.0,4.8,6.6,4.8,7.2,4.8,6.1,4.8,6.9,4.8,7.3,4.7,7.5,4.8,7.6,4.8] detection-update: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher analyse: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.270| 0.347| 0.598|357673.959| 0.000] - [PKTLEN......: 54.000| 3961.000| 324.600| 685.400|469733.500| 3.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.270| 0.347| 0.598| 357673.959| 3.300] + [PKTLEN......: 40.000| 3947.000| 310.600| 685.400| 469733.500| 3.500] [BINS(c->s)..: 3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 9.1,24.1,0.4,16.5,915.3,917.4,50.7,52.7,154.6,206.6,52.4,7.9,9.4,3.3,2.1,963.3,962.0,0.5,0.4,0.4,0.3,562.0,562.1,368.6,368.5,0.7,0.6,2270.1,2270.1,1.0,1.0] - [PKTLENS.....: 74,54,54,117,54,3961,54,380,54,113,560,54,590,54,136,54,590,54,590,54,400,54,400,54,590,54,168,54,590,54,264,54] + [PKTLENS.....: 60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40] + [ENTROPIES...: 4.4,4.7,4.6,5.4,4.7,7.3,4.8,7.3,4.8,6.0,7.6,4.8,7.6,4.8,6.5,4.8,7.6,4.8,7.6,4.8,7.4,4.8,7.4,4.7,7.6,4.7,6.5,4.7,7.6,4.7,7.0,4.8] new: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] detected: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older) @@ -273,14 +278,15 @@ new: [....53] [ip4][..udp] [.......10.8.0.1][51772] -> [.62.109.229.158][.9000] new: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] analyse: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.367| 0.190| 0.352|124124.103| 0.000] - [PKTLEN......: 54.000| 3961.000| 248.000| 677.200|458632.100| 3.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.367| 0.190| 0.352| 124124.103| 3.400] + [PKTLEN......: 40.000| 3947.000| 234.000| 677.200| 458632.100| 3.100] [BINS(c->s)..: 7,0,2,3,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,2,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,1] [IATS(ms)....: 4.2,5.0,6.4,7.6,1312.6,1366.7,17.5,71.4,145.7,199.0,0.3,53.7,129.5,180.9,0.2,51.5,121.2,172.3,51.5,51.2,125.5,176.2,50.8,50.8,0.5,1.0,264.3,263.8,0.8,0.9,1006.9] - [PKTLENS.....: 74,54,54,241,54,3961,54,380,54,113,54,128,54,91,54,432,54,123,54,543,54,144,54,208,54,176,54,176,54,160,54,123] + [PKTLENS.....: 60,40,40,227,40,3947,40,366,40,99,40,114,40,77,40,418,40,109,40,529,40,130,40,194,40,162,40,162,40,146,40,109] + [ENTROPIES...: 4.5,4.8,4.8,5.2,4.7,7.3,4.8,7.3,4.8,6.0,4.8,6.2,4.8,5.7,4.8,7.5,4.8,6.2,4.8,7.4,4.8,6.4,4.8,6.8,4.7,6.6,4.6,6.6,4.8,6.4,4.7,6.2] new: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] detected: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older) diff --git a/test/results/flow-info/wechat.pcap.out b/test/results/flow-info/wechat.pcap.out index da440c010..68bc9f13d 100644 --- a/test/results/flow-info/wechat.pcap.out +++ b/test/results/flow-info/wechat.pcap.out @@ -41,14 +41,15 @@ detection-update: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detected: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] analyse: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.411| 0.155| 0.181|32640.860| 0.000] - [PKTLEN......: 66.000| 5892.000| 729.500| 1101.200|1212669.500| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.411| 0.155| 0.181| 32640.860| 3.800] + [PKTLEN......: 52.000| 5878.000| 715.500| 1101.200| 1212669.600| 3.900] [BINS(c->s)..: 9,0,0,1,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,1,0,1,0] [IATS(ms)....: 361.6,361.6,0.4,378.1,3.6,381.3,56.9,56.9,0.3,0.3,2.7,376.6,375.0,3.3,373.8,38.3,2.8,410.6,21.2,3.3,393.4,30.9,401.1,383.7,0.8,383.1,2.9,2.9,5.8,1.1,1.1] - [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1306,541,66,1494,233,66,1239,443,66,264,1154,1494,1494,66,1494,1494,66,5892,66] + [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,219,52,1225,429,52,250,1140,1480,1480,52,1480,1480,52,5878,52] + [ENTROPIES...: 4.7,5.2,5.0,5.8,5.2,6.8,5.0,7.5,5.0,7.3,5.0,6.3,5.8,7.8,7.6,5.1,7.9,7.0,5.0,7.8,7.4,5.2,7.1,7.8,7.9,7.9,4.9,7.9,7.9,5.0,8.0,5.1] detection-update: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detection-update: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detected: [.....6] [ip4][..tcp] [..192.168.1.103][47627] -> [..216.58.205.78][..443] [TLS.Google][Web][Acceptable] @@ -73,32 +74,35 @@ detection-update: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] new: [....25] [ip4][..tcp] [..192.168.1.103][40740] -> [203.205.151.211][..443] [MIDSTREAM] analyse: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 4.544| 0.482| 1.044|1090167.570| 0.000] - [PKTLEN......: 66.000| 1754.000| 537.200| 556.000|309130.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 4.544| 0.482| 1.044| 1090167.570| 3.200] + [PKTLEN......: 52.000| 1740.000| 523.200| 556.000| 309130.700| 4.200] [BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0] [IATS(ms)....: 359.2,359.3,0.4,360.6,1.9,362.1,0.5,0.5,3.6,359.7,357.1,3.3,369.2,32.8,2.8,400.5,15.0,3.3,382.0,38.0,403.1,2.4,369.1,37.0,438.8,4139.7,3.3,4544.3,34.1,398.8,1152.6] - [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1306,541,66,1494,235,66,1239,443,66,264,1306,541,66,1002,66,1306,541,66,1003,66,1234] + [PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1480,221,52,1225,429,52,250,1292,527,52,988,52,1292,527,52,989,52,1220] + [ENTROPIES...: 4.6,5.1,5.0,5.9,5.1,6.8,5.1,7.6,5.0,6.3,6.0,7.8,7.5,5.2,7.9,7.1,5.1,7.8,7.4,5.2,7.1,7.8,7.5,5.2,7.8,5.0,7.9,7.6,5.2,7.8,5.0,7.9] analyse: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.384| 0.466| 0.827|684250.497| 0.000] - [PKTLEN......: 66.000| 8291.000| 760.100| 1463.300|2141136.500| 3.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.384| 0.466| 0.827| 684250.497| 3.400] + [PKTLEN......: 52.000| 8277.000| 746.100| 1463.300| 2141136.500| 3.600] [BINS(c->s)..: 9,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,1] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,0,0,0] [IATS(ms)....: 353.8,353.8,953.1,1178.1,225.0,127.7,4.4,132.2,0.5,0.4,0.6,0.6,1.5,362.2,361.1,371.0,4.6,375.1,3.3,3.3,3017.9,3.3,3383.9,31.2,409.0,7.4,382.2,34.6,434.3,1926.0,3.4] - [PKTLENS.....: 74,74,66,304,74,66,66,1494,66,1494,66,326,66,192,117,1153,1494,1494,66,8291,66,1306,541,66,1377,1239,443,66,264,66,1306,541] + [PKTLENS.....: 60,60,52,290,60,52,52,1480,52,1480,52,312,52,178,103,1139,1480,1480,52,8277,52,1292,527,52,1363,1225,429,52,250,52,1292,527] + [ENTROPIES...: 4.7,5.2,5.0,5.9,5.2,5.0,5.2,6.8,5.0,7.5,5.0,7.2,5.0,6.4,6.0,7.8,7.9,7.9,5.0,8.0,5.0,7.8,7.6,5.1,7.9,7.8,7.5,5.1,7.0,5.0,7.8,7.5] analyse: [....13] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54058] [TLS][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 11.774| 2.195| 3.338|11139408.724| 0.000] - [PKTLEN......: 66.000| 1254.000| 412.500| 492.500|242574.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 11.774| 2.195| 3.338| 11139408.724| 3.800] + [PKTLEN......: 52.000| 1240.000| 398.500| 492.500| 242574.800| 4.000] [BINS(c->s)..: 8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0] [IATS(ms)....: 0.1,1713.3,2033.8,5.9,326.4,805.5,1165.4,11414.5,11774.4,393.6,716.6,9325.0,9648.0,1906.3,2225.8,6.4,325.8,425.7,784.5,2983.4,3342.3,487.8,806.7,9.2,328.1,421.5,782.1,1181.7,1542.3,420.6,740.0] - [PKTLENS.....: 264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66,264,66,1254,66] + [PKTLENS.....: 250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52] + [ENTROPIES...: 7.2,5.1,7.8,5.2,7.1,5.0,7.8,5.1,7.1,5.1,7.8,5.1,7.2,5.2,7.8,5.1,7.1,5.0,7.8,5.1,7.0,5.1,7.8,5.1,7.1,5.1,7.8,5.1,7.0,5.1,7.9,5.1] update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] update: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] @@ -116,32 +120,35 @@ detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] analyse: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 6.862| 1.014| 1.948|3793749.017| 0.000] - [PKTLEN......: 66.000| 1754.000| 510.000| 523.800|274414.800| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 6.862| 1.014| 1.948| 3793749.017| 3.100] + [PKTLEN......: 52.000| 1740.000| 496.000| 523.800| 274414.800| 4.200] [BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0] [IATS(ms)....: 362.7,362.7,0.7,359.8,0.7,359.7,1.8,1.8,3.2,360.0,358.1,7.2,373.9,64.6,431.4,4.5,369.6,40.0,442.3,4042.2,3.3,4448.9,74.4,439.2,6493.5,3.3,6862.2,32.1,397.5,4719.1,3.2] - [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1234,535,66,297,1306,541,66,1002,66,1234,525,66,297,66,1306,541,66,1003,66,1234,530] + [PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1220,521,52,283,1292,527,52,988,52,1220,511,52,283,52,1292,527,52,989,52,1220,516] + [ENTROPIES...: 4.7,5.2,5.1,5.9,5.1,6.8,5.0,7.6,4.9,6.4,6.0,7.8,7.6,5.1,7.2,7.8,7.6,5.0,7.8,5.1,7.8,7.5,4.9,7.2,5.0,7.8,7.6,5.2,7.8,5.0,7.8,7.5] analyse: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.001| 6.095| 1.335| 2.042|4168801.845| 0.000] - [PKTLEN......: 66.000| 1754.000| 451.700| 521.000|271486.500| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.001| 6.095| 1.335| 2.042| 4168801.845| 3.500] + [PKTLEN......: 52.000| 1740.000| 437.700| 521.000| 271486.500| 4.100] [BINS(c->s)..: 9,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1] [IATS(ms)....: 346.8,346.9,899.5,1092.8,193.2,160.5,1.8,162.3,0.6,0.5,2.9,351.9,387.2,4178.9,3.3,4577.7,29.2,386.6,5733.7,3.7,6095.0,83.0,440.7,5485.5,3.3,5845.9,30.2,387.3,1889.1,2.7,2250.0] - [PKTLENS.....: 74,74,66,304,74,66,66,1494,66,1754,66,192,117,66,1306,541,66,1003,66,1234,522,66,297,66,1306,541,66,1003,66,1234,527,66] + [PKTLENS.....: 60,60,52,290,60,52,52,1480,52,1740,52,178,103,52,1292,527,52,989,52,1220,508,52,283,52,1292,527,52,989,52,1220,513,52] + [ENTROPIES...: 4.8,5.2,5.0,5.9,5.3,5.1,5.1,6.8,5.0,7.6,4.9,6.4,5.9,5.0,7.8,7.6,5.0,7.8,5.0,7.8,7.6,5.1,7.2,5.1,7.8,7.5,5.1,7.8,5.1,7.8,7.6,5.1] analyse: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 45.056| 5.827| 15.097|227916113.773| 0.000] - [PKTLEN......: 66.000| 1484.000| 267.200| 422.200|178253.900| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 45.056| 5.827| 15.097| 227916113.773| 2.000] + [PKTLEN......: 52.000| 1470.000| 253.200| 422.200| 178253.900| 3.700] [BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1] [IATS(ms)....: 48.2,48.2,0.2,52.5,0.7,53.0,2.4,2.4,0.5,0.5,4.5,7.9,13.6,51.2,2.8,0.1,28.0,0.3,26.1,2.8,10.1,38.9,0.4,0.8,0.2,45.4,2.8,45043.9,45047.5,45056.0,45052.9] - [PKTLENS.....: 74,74,66,288,66,1484,66,1484,66,1442,66,151,111,895,336,114,100,66,96,66,96,572,66,104,104,100,66,66,66,66,66,66] + [PKTLENS.....: 60,60,52,274,52,1470,52,1470,52,1428,52,137,97,881,322,100,86,52,82,52,82,558,52,90,90,86,52,52,52,52,52,52] + [ENTROPIES...: 4.6,5.3,4.9,5.7,5.0,6.4,4.9,7.1,4.9,7.4,4.9,6.1,5.9,7.7,7.1,6.0,5.8,4.9,5.7,5.0,5.6,7.6,4.9,5.9,5.7,5.6,5.0,5.0,4.9,5.0,4.9,5.0] new: [....28] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] detected: [....28] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] [IGMP][Network][Acceptable] new: [....29] [ip4][....2] [..192.168.1.100] -> [.....224.0.0.22] @@ -176,36 +183,39 @@ detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] new: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] analyse: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.469| 0.183| 0.190|36094.243| 0.000] - [PKTLEN......: 66.000| 1754.000| 605.500| 612.000|374517.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.469| 0.183| 0.190| 36094.243| 4.000] + [PKTLEN......: 52.000| 1740.000| 591.500| 612.000| 374517.100| 4.200] [BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,1,1,0,1,1,0] [IATS(ms)....: 366.1,366.2,0.5,368.6,0.8,368.9,8.2,8.2,3.1,367.9,365.6,3.2,378.7,92.7,2.0,469.4,27.8,1.7,407.1,30.0,408.6,3.8,397.8,10.9,404.7,396.0,0.8,396.2,0.5,1.2,1.8] - [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1306,541,66,1494,344,66,1239,443,66,264,1239,443,66,264,1154,1494,1494,66,1494,1494,66] + [PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1480,330,52,1225,429,52,250,1225,429,52,250,1140,1480,1480,52,1480,1480,52] + [ENTROPIES...: 4.7,5.1,4.8,5.8,5.2,6.8,5.1,7.6,5.0,6.2,6.0,7.8,7.5,5.1,7.9,7.3,5.0,7.8,7.4,5.0,7.0,7.8,7.4,5.1,7.1,7.8,7.9,7.8,4.9,7.9,7.9,5.0] detected: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] analyse: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.647| 0.130| 0.182|33080.510| 0.000] - [PKTLEN......: 66.000| 3134.000| 831.600| 861.600|742326.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.647| 0.130| 0.182| 33080.510| 3.500] + [PKTLEN......: 52.000| 3120.000| 817.600| 861.600| 742326.200| 4.200] [BINS(c->s)..: 11,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,2] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1] [IATS(ms)....: 360.8,360.9,1.1,320.2,2.0,321.1,0.8,0.8,0.5,0.5,2.5,331.8,329.8,339.6,0.8,339.8,0.5,4.5,5.1,2.5,2.5,1.1,1.1,271.4,646.7,0.8,376.1,0.5,0.9,1.5,0.5] - [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1154,1494,1494,66,1494,1494,66,2922,66,3134,66,1154,1494,1494,66,1494,1494,66,1494] + [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1140,1480,1480,52,1480,1480,52,2908,52,3120,52,1140,1480,1480,52,1480,1480,52,1480] + [ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,6.8,5.1,7.5,5.0,7.3,5.0,6.4,5.8,7.9,7.9,7.9,5.1,7.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8,7.9,7.9,5.0,7.9,7.9,5.1,7.9] detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] analyse: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.952| 0.213| 0.233|54375.543| 0.000] - [PKTLEN......: 66.000| 1754.000| 557.300| 599.100|358890.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.952| 0.213| 0.233| 54375.543| 4.000] + [PKTLEN......: 52.000| 1740.000| 543.300| 599.100| 358890.200| 4.100] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,1,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,1,0,0,1,0,1,0,1] [IATS(ms)....: 378.9,379.0,0.4,354.0,2.4,356.0,2.8,2.8,1.0,367.4,367.3,4.4,365.8,31.1,394.9,3.2,367.9,55.9,2.8,420.1,17.9,0.8,381.3,34.8,434.3,543.1,951.7,371.6,0.5,0.5,1.3] - [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1239,443,66,264,1306,541,66,1494,230,66,1239,443,66,264,66,1154,1494,66,1494,66,1494] + [PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1225,429,52,250,1292,527,52,1480,216,52,1225,429,52,250,52,1140,1480,52,1480,52,1480] + [ENTROPIES...: 4.7,5.2,5.1,5.9,5.1,6.8,5.0,7.6,5.0,6.4,6.1,7.8,7.4,5.1,7.1,7.8,7.6,5.1,7.9,7.0,5.0,7.8,7.4,5.1,7.1,5.0,7.8,7.9,5.1,7.9,5.1,7.9] guessed: [.....1] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54084] [TLS][Web][Safe] end: [.....1] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54084] guessed: [....15] [ip4][..tcp] [..192.168.1.103][54085] -> [203.205.151.162][..443] [TLS][Web][Safe] @@ -262,14 +272,15 @@ new: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun] analyse: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 6.615| 0.560| 1.552|2408711.979| 0.000] - [PKTLEN......: 66.000| 1494.000| 492.200| 547.100|299293.400| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 6.615| 0.560| 1.552| 2408711.979| 2.600] + [PKTLEN......: 52.000| 1480.000| 478.200| 547.100| 299293.400| 4.100] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,1,1,0,0,1,1] [IATS(ms)....: 315.2,315.3,0.4,318.4,1.9,319.8,0.5,0.5,1.1,1.1,2.6,316.6,315.1,4.6,327.3,29.7,2.7,353.9,21.7,4.6,350.0,32.2,392.6,18.0,3.3,380.6,36.9,359.5,6259.0,6615.4,265.6] - [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1306,541,66,1494,126,66,1239,443,66,264,66,1306,541,66,1003,66,1127,66,1494] + [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,250,52,1292,527,52,989,52,1113,52,1480] + [ENTROPIES...: 4.7,5.2,5.0,5.9,5.2,6.8,5.1,7.5,5.1,7.3,5.1,6.3,6.0,7.8,7.6,5.1,7.9,6.3,5.0,7.8,7.4,5.1,7.0,5.0,7.8,7.6,5.2,7.8,5.1,7.8,5.1,7.9] detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun] RISK: Weak TLS Cipher detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun] @@ -296,32 +307,35 @@ update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Web][Acceptable] analyse: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 7.807| 0.648| 1.839|3381034.746| 0.000] - [PKTLEN......: 66.000| 1494.000| 459.300| 494.600|244586.200| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 7.807| 0.648| 1.839| 3381034.746| 2.500] + [PKTLEN......: 52.000| 1480.000| 445.300| 494.600| 244586.200| 4.200] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0] [IATS(ms)....: 325.2,325.3,0.5,328.0,0.7,328.2,0.4,0.4,3.9,3.9,2.7,325.9,324.6,3.2,337.6,77.1,411.9,3.8,340.3,28.0,402.7,7430.7,3.8,7807.0,79.9,412.5,2.9,0.4,340.1,30.3,405.8] - [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1234,538,66,297,1306,541,66,1002,66,1234,533,66,297,66,1306,541,66,1003,66] + [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1220,524,52,283,1292,527,52,988,52,1220,519,52,283,52,1292,527,52,989,52] + [ENTROPIES...: 4.7,5.2,4.9,5.8,5.1,6.8,5.0,7.5,5.1,7.2,5.0,6.4,5.9,7.8,7.5,5.1,7.2,7.8,7.6,5.1,7.8,5.0,7.8,7.5,5.1,7.1,5.1,7.8,7.5,5.1,7.8,5.0] analyse: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 183.801| 12.094| 33.303|1109122757.951| 0.000] - [PKTLEN......: 82.000| 82.000| 82.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 183.801| 12.094| 33.303| 1109122757.951| 2.600] + [PKTLEN......: 68.000| 68.000| 68.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 0.3,1000.4,2000.4,14687.4,0.3,1000.2,2000.4,21831.6,0.4,1000.5,2000.8,26318.9,0.4,1000.3,2000.5,41917.2,0.4,1000.2,2000.7,183800.6,0.4,1000.9,2001.0,33299.7,0.4,1000.7,2000.5,29037.0,0.3,1000.2,2000.7] - [PKTLENS.....: 82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82,82] + [PKTLENS.....: 68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68] + [ENTROPIES...: 4.3,4.3,4.3,4.2,4.3,4.3,4.3,4.3,4.3,4.3,4.3,4.3,4.2,4.2,4.2,4.3,4.3,4.3,4.2,4.3,4.3,4.2,4.2,4.3,4.3,4.3,4.3,4.3,4.3,4.3,4.2,4.2] analyse: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 183.800| 12.094| 33.303|1109120811.794| 0.000] - [PKTLEN......: 102.000| 102.000| 102.000| 0.000| 0.000| 5.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 183.800| 12.094| 33.303| 1109120811.794| 2.600] + [PKTLEN......: 88.000| 88.000| 88.000| 0.000| 0.000| 5.000] [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 0.3,1000.4,2000.4,14687.4,0.3,1000.3,2000.4,21831.5,0.4,1000.6,2000.8,26318.9,0.4,1000.4,2000.5,41917.1,0.3,1000.2,2000.8,183800.4,0.3,1001.0,2001.0,33299.7,0.4,1000.7,2000.5,29036.9,0.3,1000.3,2000.7] - [PKTLENS.....: 102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102] + [PKTLENS.....: 88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88] + [ENTROPIES...: 3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8] new: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] new: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] detected: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] @@ -335,14 +349,15 @@ RISK: Unsafe Protocol update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] analyse: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 7.133| 0.619| 1.664|2769657.004| 0.000] - [PKTLEN......: 66.000| 1494.000| 492.200| 547.100|299307.700| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 7.133| 0.619| 1.664| 2769657.004| 2.700] + [PKTLEN......: 52.000| 1480.000| 478.200| 547.100| 299307.700| 4.100] [BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,1,1,0] [IATS(ms)....: 356.2,356.2,0.4,353.3,0.7,353.6,0.7,0.7,0.3,0.3,2.4,365.6,364.5,5.6,381.3,26.7,2.8,403.9,13.5,5.0,378.8,57.2,418.9,4.2,370.5,28.2,433.2,6695.6,7132.7,143.5,540.7] - [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1306,541,66,1494,126,66,1239,443,66,263,1306,541,66,1003,66,1127,66,1494,66] + [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,249,1292,527,52,989,52,1113,52,1480,52] + [ENTROPIES...: 4.6,5.1,4.8,5.8,5.0,6.8,5.0,7.5,4.9,7.2,4.9,6.3,5.9,7.8,7.5,5.1,7.9,6.2,4.8,7.8,7.5,5.1,7.1,7.8,7.6,5.1,7.8,4.9,7.8,5.0,7.9,4.9] guessed: [....37] [ip4][..tcp] [..192.168.1.103][54109] -> [203.205.151.162][..443] [TLS][Web][Safe] end: [....37] [ip4][..tcp] [..192.168.1.103][54109] -> [203.205.151.162][..443] guessed: [....38] [ip4][..tcp] [..192.168.1.103][54110] -> [203.205.151.162][..443] [TLS][Web][Safe] @@ -367,14 +382,15 @@ detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] analyse: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 2.509| 0.286| 0.565|319614.583| 0.000] - [PKTLEN......: 66.000| 1754.000| 551.900| 561.400|315202.600| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.509| 0.286| 0.565| 319614.583| 3.400] + [PKTLEN......: 52.000| 1740.000| 537.900| 561.400| 315202.600| 4.200] [BINS(c->s)..: 7,0,0,1,0,0,0,1,0,0,0,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0] [IATS(ms)....: 266.6,266.7,0.4,272.2,1.3,273.1,0.6,0.6,2.9,271.8,269.6,3.2,281.4,29.7,327.6,3.2,299.6,37.4,350.9,50.9,3.2,368.6,30.2,307.1,2227.6,3.2,2508.5,50.9,328.7,16.1,3.1] - [PKTLENS.....: 74,74,66,304,66,1494,66,1754,66,192,117,1306,541,66,1371,1239,443,66,264,66,1306,541,66,1004,66,1306,541,66,1381,66,1239,443] + [PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1357,1225,429,52,250,52,1292,527,52,990,52,1292,527,52,1367,52,1225,429] + [ENTROPIES...: 4.7,5.3,5.1,5.9,5.1,6.8,5.0,7.6,5.0,6.3,5.9,7.8,7.5,5.1,7.8,7.8,7.4,5.1,7.1,5.0,7.8,7.6,5.1,7.8,4.9,7.8,7.6,5.1,7.9,4.9,7.8,7.4] guessed: [....41] [ip4][..tcp] [..192.168.1.103][54106] -> [203.205.151.162][..443] [TLS][Web][Safe] end: [....41] [ip4][..tcp] [..192.168.1.103][54106] -> [203.205.151.162][..443] update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] @@ -444,14 +460,15 @@ detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] analyse: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.577| 0.182| 0.352|123851.137| 0.000] - [PKTLEN......: 66.000| 1494.000| 559.600| 599.000|358844.300| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.577| 0.182| 0.352| 123851.137| 3.200] + [PKTLEN......: 52.000| 1480.000| 545.600| 599.000| 358844.300| 4.100] [BINS(c->s)..: 7,0,0,1,0,0,0,1,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,5,0,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,0,0] [IATS(ms)....: 268.3,268.4,0.5,270.4,0.8,270.7,0.4,0.4,1.0,1.0,2.8,273.1,271.4,0.2,0.0,0.0,0.0,0.0,1.2,289.4,22.8,22.4,9.7,380.7,1255.6,5.0,1577.0,73.3,351.0,6.0,3.3] - [PKTLENS.....: 74,74,66,304,66,1494,66,1494,66,326,66,192,117,1246,1494,1494,1494,1494,1494,329,66,66,66,157,66,1234,527,66,297,66,1306,541] + [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1232,1480,1480,1480,1480,1480,315,52,52,52,143,52,1220,513,52,283,52,1292,527] + [ENTROPIES...: 4.7,5.2,4.9,5.8,5.0,6.8,4.8,7.5,4.8,7.2,4.9,6.3,5.9,7.8,7.9,7.9,7.9,7.9,7.9,7.2,5.0,4.8,4.9,6.4,5.0,7.8,7.5,5.1,7.2,4.9,7.8,7.5] detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] detected: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] detection-update: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] diff --git a/test/results/flow-info/weibo.pcap.out b/test/results/flow-info/weibo.pcap.out index 1dde002ab..4ab19300c 100644 --- a/test/results/flow-info/weibo.pcap.out +++ b/test/results/flow-info/weibo.pcap.out @@ -23,14 +23,15 @@ new: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [MIDSTREAM] detection-update: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] analyse: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.482| 0.042| 0.114|12948.299| 0.000] - [PKTLEN......: 66.000| 2938.000| 462.100| 693.400|480801.900| 3.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.482| 0.042| 0.114| 12948.299| 2.500] + [PKTLEN......: 52.000| 2924.000| 448.100| 693.400| 480801.900| 3.700] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 29.2,29.2,0.3,28.2,454.5,482.4,0.1,0.1,13.2,13.2,0.1,0.0,0.0,0.0,8.4,8.4,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,15.4,15.4,68.3,68.3,0.1,0.0,54.8] - [PKTLENS.....: 74,74,66,516,66,71,78,1502,78,1502,78,68,86,1078,78,72,78,2938,78,294,86,68,86,1502,78,819,66,72,66,1502,66,1502] + [PKTLENS.....: 60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488] + [ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,5.1,5.1,7.9,5.1,7.9,5.1,5.1,5.1,7.8,5.1,5.2,5.1,7.9,5.1,7.2,5.1,5.1,5.2,7.8,5.1,5.8,5.1,5.2,5.0,7.9,4.9,7.9] new: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] @@ -44,23 +45,25 @@ new: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.314| 0.038| 0.072| 5116.345| 0.000] - [PKTLEN......: 66.000| 2938.000| 710.700| 831.300|691142.800| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.314| 0.038| 0.072| 5116.345| 3.500] + [PKTLEN......: 52.000| 2924.000| 696.700| 831.300| 691142.800| 4.000] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,2] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 26.8,26.8,0.2,31.4,283.1,314.3,2.6,2.6,16.7,16.7,12.8,12.8,0.1,0.0,45.7,45.8,5.1,5.0,71.0,71.0,5.5,5.5,32.3,32.3,43.0,43.0,3.2,3.2,2.5,2.5,2.8] - [PKTLENS.....: 74,74,66,498,66,580,66,1502,66,2938,66,1502,66,1078,78,1502,66,893,66,580,78,2938,78,1502,78,1502,78,1502,78,1502,78,1502] + [PKTLENS.....: 60,60,52,484,52,566,52,1488,52,2924,52,1488,52,1064,64,1488,52,879,52,566,64,2924,64,1488,64,1488,64,1488,64,1488,64,1488] + [ENTROPIES...: 4.6,5.2,5.0,5.9,5.2,5.7,4.9,7.8,4.9,7.9,5.0,7.9,4.9,7.8,5.0,7.9,4.9,7.7,5.0,5.7,5.0,7.9,5.0,7.8,5.1,7.9,5.1,7.9,5.1,7.9,5.0,7.9] analyse: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.401| 0.041| 0.093| 8612.838| 0.000] - [PKTLEN......: 66.000| 4374.000| 847.800| 1162.900|1352437.000| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.401| 0.041| 0.093| 8612.838| 3.200] + [PKTLEN......: 52.000| 4360.000| 833.800| 1162.900| 1352437.000| 3.800] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 26.7,26.8,0.2,28.2,372.4,400.5,6.7,6.7,6.6,6.6,15.5,15.5,6.6,6.6,9.2,9.2,23.4,23.4,49.3,49.3,71.7,71.7,3.3,3.3,2.9,2.9,2.8,2.8,5.5,5.5,3.7] - [PKTLENS.....: 74,74,66,486,66,581,66,1502,66,4374,66,1502,66,4374,66,2938,66,581,78,581,78,1502,66,1502,66,1502,78,1502,78,1502,78,1502] + [PKTLENS.....: 60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488] + [ENTROPIES...: 4.6,5.1,4.9,5.9,5.0,5.7,4.8,7.8,4.9,8.0,4.9,7.9,4.8,8.0,4.9,7.9,4.9,5.7,5.0,5.7,5.0,7.9,4.9,7.9,4.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8] new: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] new: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] @@ -109,32 +112,35 @@ new: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] new: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443] analyse: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.439| 0.087| 0.119|14239.990| 0.000] - [PKTLEN......: 66.000| 1502.000| 528.000| 578.700|334896.400| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.439| 0.087| 0.119| 14239.990| 3.800] + [PKTLEN......: 52.000| 1488.000| 514.000| 578.700| 334896.400| 4.100] [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 26.8,26.8,0.3,31.4,276.1,307.3,6.9,6.9,153.9,153.9,2.9,2.9,375.9,438.8,4.4,67.2,2.9,3.0,31.5,31.4,138.5,138.5,6.1,6.1,4.5,4.5,193.5,193.5,28.8,28.7,2.7] - [PKTLENS.....: 74,74,66,476,66,577,66,1026,66,577,78,1026,78,525,66,494,66,1502,66,494,78,1502,66,1502,66,1502,66,1502,78,1502,66,1502] + [PKTLENS.....: 60,60,52,462,52,563,52,1012,52,563,64,1012,64,511,52,480,52,1488,52,480,64,1488,52,1488,52,1488,52,1488,64,1488,52,1488] + [ENTROPIES...: 4.7,5.1,5.0,5.9,5.0,5.8,5.0,7.8,5.0,5.7,5.0,7.8,5.0,5.9,5.1,5.8,5.0,6.4,5.1,5.8,5.1,7.7,5.1,7.7,5.1,7.7,5.1,7.7,5.2,7.7,5.1,7.7] analyse: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.184| 0.031| 0.055| 2983.622| 0.000] - [PKTLEN......: 66.000| 1502.000| 647.200| 674.000|454231.700| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.184| 0.031| 0.055| 2983.622| 3.400] + [PKTLEN......: 52.000| 1488.000| 633.200| 674.000| 454231.700| 4.100] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 62.2,62.2,0.1,161.1,22.7,183.7,5.7,5.7,2.6,2.5,10.5,10.6,5.2,5.3,3.2,3.2,2.5,2.4,5.5,5.5,2.9,2.9,2.6,2.6,4.8,4.8,162.1,162.1,26.3,26.3,3.1] - [PKTLENS.....: 74,74,66,550,66,493,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,493,78,1502,66,1502] + [PKTLENS.....: 60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488] + [ENTROPIES...: 4.7,5.2,5.0,5.8,5.1,5.8,5.0,7.8,5.0,7.8,5.1,7.7,5.1,7.7,5.1,7.8,5.0,7.6,5.1,7.9,5.1,7.8,5.1,7.9,5.0,7.8,5.1,5.8,5.1,7.9,5.0,7.8] analyse: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.252| 0.036| 0.056| 3089.619| 0.000] - [PKTLEN......: 66.000| 1502.000| 647.700| 673.800|454044.400| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.252| 0.036| 0.056| 3089.619| 3.800] + [PKTLEN......: 52.000| 1488.000| 633.700| 673.800| 454044.400| 4.100] [BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 50.2,50.2,0.1,181.5,70.9,252.2,2.7,2.7,2.6,2.5,4.2,4.3,31.8,31.8,8.1,8.1,11.4,11.4,8.7,8.7,2.6,2.6,7.1,7.1,13.6,13.6,66.3,66.3,92.4,92.4,2.8] - [PKTLENS.....: 74,74,66,539,66,507,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,1502,66,507,78,1502,66,1502] + [PKTLENS.....: 60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488] + [ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,5.8,5.0,7.3,5.0,7.9,5.1,7.9,5.0,7.9,5.0,7.8,5.0,7.9,5.0,7.9,5.1,7.9,4.9,7.9,4.9,7.9,5.0,5.8,5.1,7.9,5.1,7.9] idle: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] guessed: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] [HTTP][Web][Acceptable] idle: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] diff --git a/test/results/flow-info/whatsapp_login_call.pcap.out b/test/results/flow-info/whatsapp_login_call.pcap.out index 6cbeecb72..3f868017e 100644 --- a/test/results/flow-info/whatsapp_login_call.pcap.out +++ b/test/results/flow-info/whatsapp_login_call.pcap.out @@ -30,39 +30,42 @@ detected: [....16] [ip4][..tcp] [....192.168.2.4][49193] -> [..17.110.229.14][.5223] [ApplePush][Cloud][Acceptable] detected: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Chat][Acceptable] analyse: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.712| 0.120| 0.179|32210.293| 0.000] - [PKTLEN......: 54.000| 1494.000| 446.900| 595.100|354099.200| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.712| 0.120| 0.179| 32210.293| 3.400] + [PKTLEN......: 40.000| 1480.000| 432.900| 595.100| 354099.200| 3.800] [BINS(c->s)..: 9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1] [IATS(ms)....: 281.8,283.2,8.7,294.4,1.1,0.0,286.0,0.8,0.5,0.6,39.8,0.2,0.3,326.4,1.4,0.4,3.0,289.9,5.8,0.5,0.0,317.5,1.9,68.9,0.6,382.6,405.2,0.7,0.0,712.5,2.0] - [PKTLENS.....: 78,66,54,244,1494,1494,585,54,54,54,54,321,60,91,54,54,54,97,54,1494,1494,167,54,54,1494,1210,54,1494,1494,167,54,54] + [PKTLENS.....: 64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40] + [ENTROPIES...: 4.5,4.9,4.7,5.6,7.2,7.4,6.9,4.9,4.9,4.9,4.8,7.2,4.8,5.7,4.8,4.8,4.8,5.8,4.9,7.9,7.9,6.7,4.7,4.7,7.9,7.8,4.9,7.9,7.8,6.7,4.8,4.8] detection-update: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Web][Safe] RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] analyse: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.709| 0.199| 0.171|29317.118| 0.000] - [PKTLEN......: 66.000| 267.000| 116.800| 60.800| 3698.600| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.709| 0.199| 0.171| 29317.118| 4.400] + [PKTLEN......: 52.000| 253.000| 102.800| 60.800| 3698.600| 4.800] [BINS(c->s)..: 9,0,2,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,1,0] [IATS(ms)....: 153.9,242.2,244.8,708.1,709.4,35.6,213.2,0.3,145.7,325.0,262.8,250.3,148.2,98.4,249.4,163.4,164.5,351.1,174.0,178.0,0.0,178.3,0.3,171.7,0.0,302.7,0.3,301.9,0.0,204.0] - [PKTLENS.....: 78,74,66,66,232,144,87,66,66,267,98,85,87,66,241,98,66,132,98,198,98,98,200,66,99,99,266,66,99,99,99,132] + [PKTLENS.....: 64,60,52,52,218,130,73,52,52,253,84,71,73,52,227,84,52,118,84,184,84,84,186,52,85,85,252,52,85,85,85,118] + [ENTROPIES...: 4.5,5.3,5.3,5.1,6.6,6.2,5.4,5.2,5.2,7.1,5.8,5.8,5.7,5.2,7.1,5.8,5.2,6.3,5.8,6.8,5.8,5.7,6.8,5.3,5.9,5.9,7.0,5.3,5.9,5.8,5.8,6.3] detected: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.246| 0.057| 0.089| 7910.915| 0.000] - [PKTLEN......: 54.000| 1494.000| 303.300| 408.500|166890.900| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.246| 0.057| 0.089| 7910.915| 3.400] + [PKTLEN......: 40.000| 1480.000| 289.300| 408.500| 166890.900| 3.900] [BINS(c->s)..: 9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0] [IATS(ms)....: 139.3,206.5,8.2,215.7,0.1,2.7,195.5,0.8,0.3,0.0,1.9,0.3,2.1,191.6,2.4,13.1,3.7,6.4,14.7,0.0,200.9,0.3,63.3,0.3,2.2,246.3,5.3,14.9,0.0,241.0,0.2] - [PKTLENS.....: 78,66,54,281,54,146,91,54,54,60,91,1494,531,610,54,54,54,54,54,1002,400,54,54,1494,540,610,54,54,1002,400,54,54] + [PKTLENS.....: 64,52,40,267,40,132,77,40,40,46,77,1480,517,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40] + [ENTROPIES...: 4.5,4.8,4.7,6.0,4.7,6.0,5.7,4.9,4.9,4.7,5.6,7.8,7.6,7.6,4.8,4.8,4.7,4.8,4.7,7.8,7.4,4.8,4.8,7.9,7.6,7.6,4.6,4.7,7.8,7.5,4.8,4.8] new: [....18] [ip4][..tcp] [....192.168.2.4][49192] -> [...93.186.135.8][...80] [MIDSTREAM] new: [....19] [ip4][..tcp] [....192.168.2.4][49191] -> [..17.172.100.49][..443] [MIDSTREAM] new: [....20] [ip4][..tcp] [....192.168.2.4][49182] -> [..17.172.100.52][..443] [MIDSTREAM] @@ -100,14 +103,15 @@ detected: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.352| 0.131| 0.070| 4931.355| 0.000] - [PKTLEN......: 64.000| 351.000| 213.000| 98.800| 9763.600| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.352| 0.131| 0.070| 4931.355| 4.700] + [PKTLEN......: 50.000| 337.000| 199.000| 98.800| 9763.600| 4.800] [BINS(c->s)..: 1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1] [IATS(ms)....: 85.5,95.2,66.1,60.4,102.7,208.4,184.1,159.6,139.1,188.5,352.4,23.4,152.9,55.1,31.1,91.6,0.1,141.2,0.0,163.2,159.2,188.6,161.9,163.6,162.1,156.8,164.9,143.2,181.6,163.3,123.9] - [PKTLENS.....: 86,86,342,86,86,315,225,311,248,315,220,148,64,249,199,148,137,68,260,68,274,134,351,117,315,117,319,243,320,331,329,305] + [PKTLENS.....: 72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291] + [ENTROPIES...: 5.6,5.7,7.3,5.6,5.6,7.3,6.9,7.2,7.0,7.3,6.9,6.5,5.1,7.0,6.8,6.4,6.4,5.2,7.1,5.1,7.1,6.4,7.3,6.1,7.4,6.1,7.3,7.0,7.3,7.3,7.3,7.2] new: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] detected: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Network][Acceptable] new: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] @@ -159,14 +163,15 @@ detected: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port analyse: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.307| 0.114| 0.086| 7398.241| 0.000] - [PKTLEN......: 68.000| 320.000| 155.000| 58.800| 3453.300| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.307| 0.114| 0.086| 7398.241| 4.500] + [PKTLEN......: 54.000| 306.000| 141.000| 58.800| 3453.300| 4.900] [BINS(c->s)..: 1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0] [IATS(ms)....: 304.3,307.4,8.4,89.9,31.9,6.5,226.2,154.2,0.0,188.0,0.3,163.9,163.4,160.1,21.8,153.7,0.1,168.1,122.6,138.9,158.5,186.7,16.2,65.9,114.2,83.7,193.2,164.5,1.3,77.1,55.4] - [PKTLENS.....: 86,86,86,86,86,148,138,320,181,68,246,148,242,226,117,148,165,68,186,170,175,186,170,148,128,154,219,154,223,68,148,185] + [PKTLENS.....: 72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171] + [ENTROPIES...: 5.6,5.6,5.6,5.5,5.6,6.3,6.4,7.3,6.7,5.2,7.0,6.6,7.1,7.0,6.2,6.5,6.6,5.2,6.7,6.6,6.7,6.7,6.7,6.4,6.3,6.5,6.9,6.5,6.9,5.2,6.6,6.7] update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][VoIP][Acceptable] RISK: Known Proto on Non Std Port update: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Network][Acceptable] @@ -194,14 +199,15 @@ detection-update: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] RISK: TLS (probably) Not Carrying HTTPS analyse: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.272| 0.058| 0.092| 8444.798| 0.000] - [PKTLEN......: 54.000| 1494.000| 303.300| 408.500|166876.700| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.272| 0.058| 0.092| 8444.798| 3.300] + [PKTLEN......: 40.000| 1480.000| 289.300| 408.500| 166876.700| 3.900] [BINS(c->s)..: 9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0] [IATS(ms)....: 139.9,225.1,4.2,228.9,0.1,2.7,200.7,0.3,1.4,0.2,2.3,0.3,0.4,198.2,1.0,14.2,4.7,5.0,13.2,0.0,199.9,0.3,34.7,0.4,0.1,217.0,5.8,16.0,0.0,271.8,0.3] - [PKTLENS.....: 78,66,54,281,54,146,91,54,54,60,91,1494,530,610,54,54,54,54,54,1002,400,54,54,1494,540,610,54,54,1002,400,54,54] + [PKTLENS.....: 64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40] + [ENTROPIES...: 4.5,4.8,4.7,5.9,4.8,6.0,5.8,4.9,4.9,4.8,5.7,7.9,7.6,7.7,4.8,4.9,4.9,4.8,4.8,7.8,7.5,4.9,4.9,7.9,7.6,7.7,4.8,4.9,7.8,7.4,4.9,4.9] guessed: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] [HTTP][Web][Acceptable] end: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] guessed: [.....5] [ip4][..tcp] [....192.168.2.4][49173] -> [..93.186.135.82][...80] [HTTP][Web][Acceptable] diff --git a/test/results/flow-info/whatsapp_login_chat.pcap.out b/test/results/flow-info/whatsapp_login_chat.pcap.out index 6a7b66c3b..0dc6548a7 100644 --- a/test/results/flow-info/whatsapp_login_chat.pcap.out +++ b/test/results/flow-info/whatsapp_login_chat.pcap.out @@ -11,14 +11,15 @@ new: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.Apple][Web][Safe] analyse: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.Apple][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 3.031| 0.229| 0.711|505750.847| 0.000] - [PKTLEN......: 54.000| 1494.000| 529.600| 518.700|269058.200| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.031| 0.229| 0.711| 505750.847| 2.000] + [PKTLEN......: 40.000| 1480.000| 515.600| 518.700| 269058.200| 4.200] [BINS(c->s)..: 4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0] [BINS(s->c)..: 9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0] [IATS(ms)....: 0.3,0.1,156.1,6.0,20.6,0.0,205.0,0.2,59.6,0.4,0.1,237.8,6.4,13.7,0.0,246.4,0.2,2803.2,0.7,0.1,0.2,0.2,0.1,3030.6,5.8,14.0,0.0,0.0,10.3,10.4,268.2] - [PKTLENS.....: 1494,531,610,54,54,1000,400,54,54,1494,538,610,54,54,1002,400,54,54,1494,531,610,1494,1254,1254,54,54,1002,400,54,54,54,127] + [PKTLENS.....: 1480,517,596,40,40,986,386,40,40,1480,524,596,40,40,988,386,40,40,1480,517,596,1480,1240,1240,40,40,988,386,40,40,40,113] + [ENTROPIES...: 7.8,7.6,7.7,4.9,4.8,7.8,7.3,4.8,4.9,7.9,7.6,7.6,4.8,4.9,7.8,7.4,4.9,4.9,7.9,7.6,7.7,7.9,7.8,7.9,4.9,4.9,7.8,7.4,4.8,4.8,4.8,6.4] new: [.....5] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] detected: [.....5] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] new: [.....6] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] diff --git a/test/results/flow-info/whatsapp_voice_and_message.pcap.out b/test/results/flow-info/whatsapp_voice_and_message.pcap.out index 86421c6e4..c01ea41cb 100644 --- a/test/results/flow-info/whatsapp_voice_and_message.pcap.out +++ b/test/results/flow-info/whatsapp_voice_and_message.pcap.out @@ -20,27 +20,29 @@ new: [.....9] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.73.48][.3478] detected: [.....9] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.73.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][35480] -> [.184.173.179.46][..443] [WhatsApp][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 10.749| 0.839| 2.600|6759456.965| 0.000] - [PKTLEN......: 54.000| 469.000| 107.400| 97.600| 9526.400| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.749| 0.839| 2.600| 6759456.965| 2.200] + [PKTLEN......: 40.000| 455.000| 93.400| 97.600| 9526.400| 4.500] [BINS(c->s)..: 9,2,4,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,0,1,0] [IATS(ms)....: 61.0,61.1,147.7,147.9,346.8,397.2,0.1,50.5,310.1,310.1,199.8,397.9,0.1,198.2,50.5,50.6,386.7,386.7,54.1,104.5,50.5,50.4,398.3,400.0,10696.7,10748.9,0.3,0.2,0.2,0.3,0.2] - [PKTLENS.....: 74,54,54,231,54,132,54,84,54,77,54,223,54,86,54,104,54,410,54,77,54,75,54,469,54,133,54,133,54,133,54,133] + [PKTLENS.....: 60,40,40,217,40,118,40,70,40,63,40,209,40,72,40,90,40,396,40,63,40,61,40,455,40,119,40,119,40,119,40,119] + [ENTROPIES...: 4.4,4.5,4.7,6.6,4.6,6.1,4.7,5.6,4.6,5.2,4.6,6.9,4.7,5.7,4.6,5.9,4.6,7.4,4.6,5.4,4.7,5.3,4.7,7.5,4.6,6.3,4.6,6.3,4.6,6.3,4.6,6.3] new: [....10] [ip4][..tcp] [.......10.8.0.1][44819] -> [...158.85.58.42][.5222] detected: [....10] [ip4][..tcp] [.......10.8.0.1][44819] -> [...158.85.58.42][.5222] [WhatsApp][Chat][Acceptable] new: [....11] [ip4][..tcp] [.......10.8.0.1][42241] -> [173.192.222.189][.5222] detected: [....11] [ip4][..tcp] [.......10.8.0.1][42241] -> [173.192.222.189][.5222] [WhatsApp][Chat][Acceptable] analyse: [....11] [ip4][..tcp] [.......10.8.0.1][42241] -> [173.192.222.189][.5222] [WhatsApp][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.458| 0.064| 0.104|10787.211| 0.000] - [PKTLEN......: 54.000| 559.000| 102.200| 100.300|10067.600| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.458| 0.064| 0.104| 10787.211| 3.700] + [PKTLEN......: 40.000| 545.000| 88.200| 100.300| 10067.600| 4.400] [BINS(c->s)..: 10,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,0] [IATS(ms)....: 1.3,2.4,29.8,31.2,401.5,457.9,56.4,0.2,0.1,0.2,50.5,50.4,0.2,112.5,112.8,50.8,57.3,6.5,0.3,0.2,50.4,50.5,0.1,50.4,131.0,50.4,131.2,0.1,50.5,50.6,0.8] - [PKTLENS.....: 74,54,54,228,54,132,54,559,84,54,54,77,54,54,79,54,76,135,54,299,54,76,78,54,108,54,72,105,54,223,54,54] + [PKTLENS.....: 60,40,40,214,40,118,40,545,70,40,40,63,40,40,65,40,62,121,40,285,40,62,64,40,94,40,58,91,40,209,40,40] + [ENTROPIES...: 4.5,4.7,4.8,6.6,4.6,6.1,4.7,7.6,5.6,4.6,4.6,5.4,4.6,4.8,5.5,4.6,5.3,6.3,4.6,7.2,4.5,5.4,5.5,4.6,5.9,4.7,5.4,5.9,4.6,7.0,4.8,4.7] update: [.....5] [ip4][..udp] [.......10.8.0.1][53620] -> [..173.252.121.1][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] update: [.....6] [ip4][..udp] [.......10.8.0.1][53620] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] update: [.....2] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.84.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] @@ -52,14 +54,15 @@ new: [....12] [ip4][..tcp] [.......10.8.0.1][49721] -> [..158.85.58.109][.5222] detected: [....12] [ip4][..tcp] [.......10.8.0.1][49721] -> [..158.85.58.109][.5222] [WhatsApp][Chat][Acceptable] analyse: [....12] [ip4][..tcp] [.......10.8.0.1][49721] -> [..158.85.58.109][.5222] [WhatsApp][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.768| 0.148| 0.316|100094.116| 0.000] - [PKTLEN......: 54.000| 308.000| 99.100| 70.400| 4957.000| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.768| 0.148| 0.316| 100094.116| 3.400] + [PKTLEN......: 40.000| 294.000| 85.100| 70.400| 4957.000| 4.600] [BINS(c->s)..: 11,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0] [IATS(ms)....: 2.0,2.6,34.1,34.8,390.3,440.9,50.6,0.2,0.1,50.4,50.5,139.3,139.3,0.1,50.5,50.4,0.1,51.2,51.1,0.2,0.1,77.8,128.3,50.9,179.2,229.7,260.6,260.6,50.5,50.5,1768.4] - [PKTLENS.....: 74,54,54,228,54,132,54,308,84,54,77,54,79,54,76,135,54,76,299,54,54,54,223,112,54,113,54,179,54,76,54,90] + [PKTLENS.....: 60,40,40,214,40,118,40,294,70,40,63,40,65,40,62,121,40,62,285,40,40,40,209,98,40,99,40,165,40,62,40,76] + [ENTROPIES...: 4.5,4.7,4.7,6.8,4.7,6.1,4.7,7.2,5.5,4.7,5.6,4.7,5.5,4.7,5.5,6.4,4.7,5.5,7.2,4.7,4.9,4.9,6.9,6.1,4.7,6.0,4.8,6.7,4.8,5.4,4.8,5.7] update: [.....5] [ip4][..udp] [.......10.8.0.1][53620] -> [..173.252.121.1][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] update: [.....6] [ip4][..udp] [.......10.8.0.1][53620] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] update: [.....2] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.84.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] diff --git a/test/results/flow-info/whatsappfiles.pcap.out b/test/results/flow-info/whatsappfiles.pcap.out index cd4f7ef00..b19582f3c 100644 --- a/test/results/flow-info/whatsappfiles.pcap.out +++ b/test/results/flow-info/whatsappfiles.pcap.out @@ -6,26 +6,28 @@ detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] analyse: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 24.640| 0.846| 4.345|18880535.724| 0.000] - [PKTLEN......: 66.000| 1464.000| 343.100| 491.800|241822.200| 3.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 24.640| 0.846| 4.345| 18880535.724| 0.500] + [PKTLEN......: 52.000| 1450.000| 329.100| 491.800| 241822.200| 3.800] [BINS(c->s)..: 9,4,0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0] [BINS(s->c)..: 5,1,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,0,0] [IATS(ms)....: 90.0,91.9,3.0,95.6,1.4,1.2,0.0,95.9,1.0,78.9,282.8,460.9,0.0,97.9,0.0,4.0,7.0,1.0,0.0,0.0,115.1,0.0,1.2,0.0,102.9,1.0,41.1,24639.8,5.0,6.0,3.0] - [PKTLENS.....: 78,74,66,309,66,1464,1464,478,66,66,66,192,324,147,66,66,119,116,108,249,104,66,104,66,176,66,66,66,289,1464,1464,1464] + [PKTLENS.....: 64,60,52,295,52,1450,1450,464,52,52,52,178,310,133,52,52,105,102,94,235,90,52,90,52,162,52,52,52,275,1450,1450,1450] + [ENTROPIES...: 4.4,5.2,5.0,5.6,5.2,6.9,7.3,7.4,5.1,5.1,4.9,6.3,7.1,6.4,5.0,5.0,5.6,5.7,5.4,6.9,5.4,5.2,5.9,5.2,6.6,5.0,5.1,5.2,7.0,7.9,7.8,7.9] new: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] detected: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] detection-update: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] analyse: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.108| 0.019| 0.031| 953.946| 0.000] - [PKTLEN......: 66.000| 1464.000| 499.400| 599.200|359069.100| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.108| 0.019| 0.031| 953.946| 3.300] + [PKTLEN......: 52.000| 1450.000| 485.400| 599.200| 359069.100| 4.000] [BINS(c->s)..: 6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 56.7,61.0,1.0,66.0,0.1,65.0,1.0,5.0,0.0,1.0,0.0,59.9,51.0,0.0,7.3,0.0,4.1,0.1,11.0,0.0,86.4,107.5,0.0,1.4,0.9,1.4,1.2,1.2,1.0,1.2,1.2] - [PKTLENS.....: 78,74,66,583,66,212,66,117,119,116,108,290,147,66,104,66,104,66,108,66,66,66,1464,234,1464,1282,1464,1464,1464,1464,1464,1464] + [PKTLENS.....: 64,60,52,569,52,198,52,103,105,102,94,276,133,52,90,52,90,52,94,52,52,52,1450,220,1450,1268,1450,1450,1450,1450,1450,1450] + [ENTROPIES...: 4.5,5.2,5.1,6.5,5.3,6.5,5.1,5.5,5.8,5.7,5.5,7.1,6.5,5.1,5.5,5.2,6.1,5.3,6.0,5.1,5.1,5.3,7.9,7.1,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9] end: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] idle: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/wireguard.pcap.out b/test/results/flow-info/wireguard.pcap.out index 08c965af7..9303688fe 100644 --- a/test/results/flow-info/wireguard.pcap.out +++ b/test/results/flow-info/wireguard.pcap.out @@ -4,14 +4,15 @@ new: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] detected: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] [WireGuard][VPN][Acceptable] analyse: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] [WireGuard][VPN][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 5.526| 0.606| 1.489|2218508.681| 0.000] - [PKTLEN......: 138.000| 842.000| 260.000| 181.000|32764.000| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 5.526| 0.606| 1.489| 2218508.681| 2.500] + [PKTLEN......: 124.000| 828.000| 246.000| 181.000| 32764.000| 4.700] [BINS(c->s)..: 0,0,0,6,7,0,0,0,0,1,1,0,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,7,1,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,0,1] [IATS(ms)....: 0.0,0.2,13.3,82.4,23.4,0.1,92.8,0.7,114.4,124.5,0.2,238.5,14.3,86.0,36.4,0.1,108.2,0.8,113.6,3087.0,3060.6,97.5,183.7,5525.9,0.0,5525.9,16.5,88.0,44.4,0.1,115.9] - [PKTLENS.....: 842,186,138,314,138,330,186,138,298,138,666,186,138,314,138,362,186,138,298,138,186,154,186,154,698,186,138,314,138,570,186,138] + [PKTLENS.....: 828,172,124,300,124,316,172,124,284,124,652,172,124,300,124,348,172,124,284,124,172,140,172,140,684,172,124,300,124,556,172,124] + [ENTROPIES...: 7.7,6.5,6.1,7.3,6.1,7.2,6.5,6.1,7.2,6.0,7.6,6.6,6.1,7.2,6.0,7.3,6.6,6.2,7.2,6.1,6.5,6.3,6.6,6.3,7.7,6.6,6.1,7.2,6.1,7.6,6.6,6.2] update: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] [WireGuard][VPN][Acceptable] update: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] [WireGuard][VPN][Acceptable] update: [.....1] [ip4][..udp] [139.162.192.157][51820] -> [...192.168.0.14][36116] [WireGuard][VPN][Acceptable] diff --git a/test/results/flow-info/youtube_quic.pcap.out b/test/results/flow-info/youtube_quic.pcap.out index e30a05ab2..59acb8ff0 100644 --- a/test/results/flow-info/youtube_quic.pcap.out +++ b/test/results/flow-info/youtube_quic.pcap.out @@ -6,14 +6,15 @@ new: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] detected: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Media][Fun] analyse: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.047| 0.007| 0.013| 177.503| 0.000] - [PKTLEN......: 73.000| 1392.000| 865.500| 620.100|384534.200| 4.500] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.047| 0.007| 0.013| 177.503| 3.300] + [PKTLEN......: 59.000| 1378.000| 851.500| 620.100| 384534.200| 4.500] [BINS(c->s)..: 0,8,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] [BINS(s->c)..: 1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1] [IATS(ms)....: 43.7,0.6,47.4,0.3,0.2,0.0,22.6,22.3,0.0,41.9,0.1,4.3,1.2,5.2,1.0,1.2,2.1,1.0,1.2,2.2,1.1,0.9,2.0,1.3,1.0,2.3,0.9,1.3,2.3,0.6,7.7] - [PKTLENS.....: 1392,1392,1392,1392,459,177,178,77,1392,73,83,83,1392,1392,80,1392,1392,80,1392,1392,80,1392,1392,80,1392,1392,80,1392,1392,80,1030,1392] + [PKTLENS.....: 1378,1378,1378,1378,445,163,164,63,1378,59,69,69,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1016,1378] + [ENTROPIES...: 2.5,7.5,2.6,5.5,7.5,6.7,6.7,5.2,7.9,5.3,5.5,5.6,7.8,7.8,5.6,7.9,7.9,5.6,7.9,7.9,5.5,7.9,7.9,5.6,7.9,7.9,5.6,7.9,7.9,5.5,7.8,7.9] new: [.....3] [ip4][..udp] [....192.168.1.7][53859] -> [..216.58.205.66][..443] detected: [.....3] [ip4][..udp] [....192.168.1.7][53859] -> [..216.58.205.66][..443] [QUIC.Google][Advertisement][Acceptable] idle: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Media][Fun] diff --git a/test/results/flow-info/youtubeupload.pcap.out b/test/results/flow-info/youtubeupload.pcap.out index cf6412560..679195203 100644 --- a/test/results/flow-info/youtubeupload.pcap.out +++ b/test/results/flow-info/youtubeupload.pcap.out @@ -10,14 +10,15 @@ new: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443] detected: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] analyse: [.....1] [ip4][..udp] [...192.168.2.27][51925] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.883| 0.207| 0.510|259988.193| 0.000] - [PKTLEN......: 58.000| 1392.000| 781.800| 621.300|386013.800| 4.400] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.883| 0.207| 0.510| 259988.193| 2.400] + [PKTLEN......: 44.000| 1378.000| 767.800| 621.300| 386013.800| 4.400] [BINS(c->s)..: 0,6,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0] [BINS(s->c)..: 4,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,1,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 56.1,1.0,59.8,1.8,0.4,60.9,0.1,57.5,0.4,30.7,1096.9,0.5,1126.8,0.7,1825.8,1883.1,71.2,0.1,128.5,3.3,2.8,0.4,0.7,1.0,1.1,1.2,1.1,1.2,1.1,1.2,1.2] - [PKTLENS.....: 1392,1392,1392,80,1392,424,1392,73,83,80,72,58,611,83,77,344,78,154,58,83,387,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392,1392] + [PKTLENS.....: 1378,1378,1378,66,1378,410,1378,59,69,66,58,44,597,69,63,330,64,140,44,69,373,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378] + [ENTROPIES...: 2.6,7.5,7.4,5.3,4.6,7.4,7.9,5.4,5.7,5.8,5.5,5.0,7.7,5.6,5.7,7.3,5.5,6.6,5.0,5.7,7.5,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.9] idle: [.....2] [ip4][..tcp] [...192.168.2.27][57452] -> [.172.217.23.111][..443] idle: [.....1] [ip4][..udp] [...192.168.2.27][51925] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] idle: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] diff --git a/test/results/flow-info/zcash.pcap.out b/test/results/flow-info/zcash.pcap.out index 95c6559ad..7311f74f9 100644 --- a/test/results/flow-info/zcash.pcap.out +++ b/test/results/flow-info/zcash.pcap.out @@ -5,14 +5,15 @@ detected: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Mining][Unsafe] RISK: Known Proto on Non Std Port, Unsafe Protocol analyse: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 50.191| 6.014| 12.034|144808530.149| 0.000] - [PKTLEN......: 66.000| 369.000| 156.600| 98.900| 9779.100| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 50.191| 6.014| 12.034| 144808530.149| 3.200] + [PKTLEN......: 52.000| 355.000| 142.600| 98.900| 9779.100| 4.700] [BINS(c->s)..: 9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1] [IATS(ms)....: 82.7,82.7,0.2,82.6,1.5,84.0,12149.8,12261.6,111.7,2618.8,2732.4,113.5,6931.2,7044.0,112.8,7848.9,7848.9,48786.2,308.4,320.0,608.0,50191.4,0.1,0.0,41.7,210.6,4833.2,4833.2,8034.7,8116.9,41.4] - [PKTLENS.....: 74,74,66,326,66,369,66,249,129,66,249,129,66,249,129,66,319,66,249,249,249,249,78,78,78,129,66,319,66,249,66,129] + [PKTLENS.....: 60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115] + [ENTROPIES...: 4.8,5.3,5.2,6.2,5.2,5.3,5.1,5.5,5.5,5.1,5.5,5.5,5.2,5.6,5.5,5.1,5.3,4.9,5.4,5.4,5.5,5.4,5.1,5.2,5.2,5.5,5.0,5.3,5.2,5.5,5.2,5.6] DAEMON-EVENT: [Processed: 87 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] idle: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Mining][Unsafe] diff --git a/test/results/flow-info/zoom.pcap.out b/test/results/flow-info/zoom.pcap.out index 95be0cdc5..1e01c9419 100644 --- a/test/results/flow-info/zoom.pcap.out +++ b/test/results/flow-info/zoom.pcap.out @@ -58,14 +58,15 @@ detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] analyse: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.211| 0.038| 0.059| 3527.760| 0.000] - [PKTLEN......: 54.000| 1506.000| 677.000| 660.100|435695.100| 4.200] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.211| 0.038| 0.059| 3527.760| 3.300] + [PKTLEN......: 40.000| 1492.000| 663.000| 660.100| 435695.100| 4.200] [BINS(c->s)..: 11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0] [IATS(ms)....: 112.4,112.5,31.1,144.0,1.8,0.2,0.0,114.8,0.2,0.2,7.2,2.9,121.9,111.9,4.3,0.0,116.6,98.0,0.5,0.0,210.7,0.0,0.2,0.1,0.2,0.1,0.1,0.2,0.1,0.0,0.1] - [PKTLENS.....: 78,66,54,571,60,1506,1506,1506,54,1306,54,54,245,105,54,745,864,60,1506,1506,1506,54,54,1506,1506,54,1506,1506,54,1506,459,54] + [PKTLENS.....: 64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40] + [ENTROPIES...: 4.4,4.9,4.5,4.1,4.5,7.1,7.3,7.3,4.7,7.6,4.6,4.7,6.9,5.7,4.7,7.7,7.7,4.5,7.9,7.9,7.9,4.7,4.6,7.9,7.9,4.7,7.9,7.9,4.6,7.9,7.5,4.6] detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] new: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621] detected: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable] @@ -114,28 +115,30 @@ detection-update: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.156| 0.028| 0.040| 1628.090| 0.000] - [PKTLEN......: 66.000| 1506.000| 434.500| 552.400|305116.100| 4.000] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.156| 0.028| 0.040| 1628.090| 3.800] + [PKTLEN......: 52.000| 1492.000| 420.500| 552.400| 305116.100| 3.900] [BINS(c->s)..: 10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0] [IATS(ms)....: 31.6,31.8,0.2,32.7,2.0,0.1,0.0,34.5,0.0,10.5,0.0,10.6,60.1,93.9,33.8,0.4,31.3,30.9,4.6,0.0,36.6,6.2,38.2,156.1,156.1,0.1,0.0,0.1,10.6,59.1,3.1] - [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,66,66,1506,93,66,192,308,66,206,132,66,1506,547,66,104,66,1331,66,1506,160,66,104,216,237] + [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,52,52,1492,79,52,178,294,52,192,118,52,1492,533,52,90,52,1317,52,1492,146,52,90,202,223] + [ENTROPIES...: 4.4,5.3,5.0,4.3,5.2,7.1,7.3,7.3,5.0,5.1,7.6,5.6,5.1,6.6,7.1,5.1,6.9,6.3,5.1,7.9,7.6,5.1,5.9,5.1,7.9,5.1,7.9,6.6,5.1,5.8,6.9,7.0] new: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] detected: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable] ERROR-EVENT: Unknown packet type new: [....32] [ip4][..udp] [..192.168.1.117][60620] -> [..109.94.160.99][.8801] detected: [....32] [ip4][..udp] [..192.168.1.117][60620] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable] analyse: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.036| 0.010| 0.009| 72.691| 0.000] - [PKTLEN......: 55.000| 1071.000| 886.800| 383.700|147246.200| 4.800] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.036| 0.010| 0.009| 72.691| 4.500] + [PKTLEN......: 41.000| 1057.000| 872.800| 383.700| 147246.200| 4.800] [BINS(c->s)..: 1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 32.0,0.0,32.2,4.7,35.6,13.8,10.3,10.2,10.0,0.1,10.1,10.3,10.0,10.0,0.1,9.9,10.2,10.3,10.3,0.1,10.1,10.0,10.1,10.5,0.0,10.0,10.3,9.7,10.3,0.4,9.8] - [PKTLENS.....: 149,77,60,55,105,85,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071,1071] + [PKTLENS.....: 135,63,46,41,91,71,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057] + [ENTROPIES...: 5.9,4.8,4.4,4.6,5.1,4.8,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5] new: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] detected: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable] idle: [....17] [ip4][.icmp] [..192.168.1.117] -> [..162.255.38.14] [ICMP][Network][Acceptable] diff --git a/test/results/flow-info/zoom2.pcap.out b/test/results/flow-info/zoom2.pcap.out index 7b81c5e98..677e3364f 100644 --- a/test/results/flow-info/zoom2.pcap.out +++ b/test/results/flow-info/zoom2.pcap.out @@ -9,48 +9,52 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.199| 0.059| 0.083| 6897.605| 0.000] - [PKTLEN......: 66.000| 1506.000| 464.300| 547.400|299645.500| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.199| 0.059| 0.083| 6897.605| 3.400] + [PKTLEN......: 52.000| 1492.000| 450.300| 547.400| 299645.500| 4.000] [BINS(c->s)..: 11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] [BINS(s->c)..: 3,1,1,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,1,0,1,0,0,1,0,1,1] [IATS(ms)....: 174.7,174.8,0.6,174.0,1.3,0.0,0.0,0.0,175.4,0.0,0.0,23.6,1.3,198.6,173.1,0.3,174.5,174.1,5.8,0.0,187.6,0.7,0.0,182.4,0.1,0.1,0.1,0.9,0.8,0.5,0.0] - [PKTLENS.....: 78,74,66,583,66,1506,1506,1282,828,66,66,66,66,192,117,66,222,141,66,1506,781,66,1506,456,66,214,66,116,1344,66,1344,270] + [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,814,52,52,52,52,178,103,52,208,127,52,1492,767,52,1492,442,52,200,52,102,1330,52,1330,256] + [ENTROPIES...: 4.3,5.2,5.1,4.4,5.1,7.2,7.4,7.5,7.6,5.0,5.0,5.0,5.0,6.5,5.8,4.9,6.8,6.3,5.0,7.9,7.7,5.1,7.9,7.5,5.0,6.7,5.0,6.0,7.9,5.0,7.9,6.9] new: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] analyse: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.167| 0.025| 0.040| 1639.456| 0.000] - [PKTLEN......: 60.000| 1078.000| 718.700| 464.600|215864.300| 4.600] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.167| 0.025| 0.040| 1639.456| 3.600] + [PKTLEN......: 46.000| 1064.000| 704.700| 464.600| 215864.300| 4.600] [BINS(c->s)..: 0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] [IATS(ms)....: 101.4,166.6,0.0,73.0,12.3,100.4,0.0,101.8,73.0,11.9,4.9,10.9,10.5,10.1,0.2,9.2,10.4,10.3,11.4,0.0,0.3,9.4,8.6,5.4,4.9,0.1,10.8,10.0,10.5,9.4,0.2] - [PKTLENS.....: 165,165,86,60,170,170,86,60,170,102,102,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,102,1078,1078,1078,1078,1078,1078,1078] + [PKTLENS.....: 151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064] + [ENTROPIES...: 5.8,5.8,4.9,4.2,5.4,5.6,4.8,4.3,5.6,4.7,4.7,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,4.8,0.6,0.6,0.6,0.6,0.6,0.6,0.6] guessed: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] detected: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] new: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] new: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] analyse: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.176| 0.043| 0.049| 2389.122| 0.000] - [PKTLEN......: 60.000| 203.000| 143.000| 35.800| 1279.800| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.176| 0.043| 0.049| 2389.122| 4.100] + [PKTLEN......: 46.000| 189.000| 129.000| 35.800| 1279.800| 4.900] [BINS(c->s)..: 0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1] [IATS(ms)....: 98.5,176.4,0.1,85.5,9.5,94.8,0.0,99.9,94.2,12.3,1.9,12.4,20.6,17.0,20.1,168.4,18.0,3.6,10.9,10.3,19.4,32.1,20.9,115.3,0.0,17.8,18.7,20.1,20.2,21.5,85.5] - [PKTLENS.....: 165,165,86,60,170,170,86,60,170,102,102,175,178,168,163,159,130,102,163,106,157,158,148,149,180,203,130,164,162,157,158,130] + [PKTLENS.....: 151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116] + [ENTROPIES...: 5.8,5.8,4.9,4.4,5.6,5.6,4.8,4.4,5.5,4.7,4.7,6.0,6.0,5.9,5.8,5.7,5.1,4.7,5.8,4.7,5.7,5.7,5.6,5.6,6.0,6.2,5.3,5.7,5.7,5.7,5.7,5.2] guessed: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] detected: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] analyse: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.188| 0.047| 0.043| 1844.784| 0.000] - [PKTLEN......: 60.000| 185.000| 105.100| 44.600| 1993.400| 4.900] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.188| 0.047| 0.043| 1844.784| 4.300] + [PKTLEN......: 46.000| 171.000| 91.100| 44.600| 1993.400| 4.800] [BINS(c->s)..: 7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0] [IATS(ms)....: 102.1,187.6,0.0,105.6,0.1,93.5,0.0,87.6,70.7,0.1,106.0,0.0,21.5,32.8,59.0,0.0,48.4,5.5,49.5,50.2,0.0,0.0,55.2,45.7,56.3,52.4,0.0,59.8,52.1,47.7,58.6] - [PKTLENS.....: 167,167,86,60,177,177,86,60,177,177,177,117,117,69,69,185,69,69,117,69,117,117,69,69,69,69,117,69,69,69,69,69] + [PKTLENS.....: 153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55] + [ENTROPIES...: 5.8,5.9,4.8,4.3,5.5,5.5,4.8,4.4,5.6,5.5,5.6,4.4,4.5,3.6,3.9,5.5,3.6,3.9,4.5,3.7,4.5,4.5,3.9,3.7,4.0,3.7,4.5,3.9,3.7,3.9,3.9,3.7] guessed: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] detected: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Video][Acceptable] new: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154] |